J C
asked on
Can multiple vpn connections on a cisco pix have individual pre-shared keys?
I have a cisco pix 506 at our corp office and a pix 501e at one of our remote sites. Is the pre-shared key for the vpn connections defined system-wide or can you use a different key for each site? I can't get the vpn up at the new location. I configured a different site only a few months ago and did not run into these problems. Here is the pertinent part of the config for both routers. Any help would be greatly appreciated.
Corp Pix:
pdm location 192.168.16.0 255.255.255.0 outside (remote subnet)
crypto map to_remotes 90 ipsec-isakmp
crypto map to_remotes 90 match address remotesite
crypto map to_remotes 90 set peer xxx.xxx.xxx.xxx (xxx=remote ip)
crypto map to_remotes 90 set transform-set strong
isakmp key ******** address xxx.xxx.xxx.xxx netmask 255.255.255.255
isakmp keepalive 10 5
isakmp policy 8 authentication pre-share
isakmp policy 8 encryption 3des
isakmp policy 8 hash sha
isakmp policy 8 group 1
isakmp policy 8 lifetime 86400
remote pix:
pdm location 192.168.1.0 255.255.255.0 outside (corp subnet)
crypto map corpsite 90 ipsec-isakmp
crypto map corpsite 90 match address 150
crypto map corpsite 90 set peer xxx.xxx.xxx.xxx (ip of corp pix)
crypto map corpsite 90 set transform-set strong
crypto map corpsite interface outside
isakmp key wathen address xxx.xxx.xxx.xxx netmask 255.255.255.255 (corp pix)
isakmp policy 9 authentication pre-share
isakmp policy 9 encryption 3des
isakmp policy 9 hash sha
isakmp policy 9 group 1
isakmp policy 9 lifetime 86400
Could the pre-shared key hanging me up? I know the key for these two sites are matching on both ends but I don't think they are the password that was being used for the other locations.
Corp Pix:
pdm location 192.168.16.0 255.255.255.0 outside (remote subnet)
crypto map to_remotes 90 ipsec-isakmp
crypto map to_remotes 90 match address remotesite
crypto map to_remotes 90 set peer xxx.xxx.xxx.xxx (xxx=remote ip)
crypto map to_remotes 90 set transform-set strong
isakmp key ******** address xxx.xxx.xxx.xxx netmask 255.255.255.255
isakmp keepalive 10 5
isakmp policy 8 authentication pre-share
isakmp policy 8 encryption 3des
isakmp policy 8 hash sha
isakmp policy 8 group 1
isakmp policy 8 lifetime 86400
remote pix:
pdm location 192.168.1.0 255.255.255.0 outside (corp subnet)
crypto map corpsite 90 ipsec-isakmp
crypto map corpsite 90 match address 150
crypto map corpsite 90 set peer xxx.xxx.xxx.xxx (ip of corp pix)
crypto map corpsite 90 set transform-set strong
crypto map corpsite interface outside
isakmp key wathen address xxx.xxx.xxx.xxx netmask 255.255.255.255 (corp pix)
isakmp policy 9 authentication pre-share
isakmp policy 9 encryption 3des
isakmp policy 9 hash sha
isakmp policy 9 group 1
isakmp policy 9 lifetime 86400
Could the pre-shared key hanging me up? I know the key for these two sites are matching on both ends but I don't think they are the password that was being used for the other locations.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER