Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
0
Helpful
1
Replies

ISAKMP Identity Issue

plgingembre
Level 1
Level 1

‎06-19-2009 05:34 AM - edited ‎02-21-2020 03:31 AM

Hi,

I'm trying to get working concurent VPN Remote Access connections and VPN L2L connections with different isakmp identities.

RA VPN clients should connect using PKI (certificates) and L2L equipments with PSK. The issue is:

- When I use crypto isakmp identity dn, RA VPN users get connected but remote non-cisco routers or firewalls don't !

- When I try crypto isakmp identity address, RA VPN users are unable to connect but remote non-cisco equipment yes.

How is it possible to have the two options ???

Thanks for your help.

--

Pierre-Louis

CCIE #22862

0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎06-20-2009 07:52 AM

Pierre,

AFAIK - You can only have one or the other, if you are going to certificates, then the RA users & the remote ends need certs, see the below URL's for Client & L2L config examples:-

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080aa5be1.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008092d8f1.shtml

Otherwise you are just going to use the external IP of the VPN as the ident.

HTH>

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card