05-21-2007 05:15 AM - edited 02-21-2020 01:31 AM
Hi,
I'm trying to setup a PIX501 as an EasyVPN client. This device has been used to test some stuff with dedicated ipsec connections but now I want it back to an EasyVPN connection.
When I fill in all the EasyVPN settings
vpnclient server 213.x.x.x
vpnclient vpngroup xxx password yyy
vpnclient username xxx password yyy
vpnclient mode network-extension-mode
As soon as I hit "vpnclient enable" I get the following error:
A pre-shared key for address 213.x.x.x netmask 255.255.255.255 already exists!
ERROR: PIX Easy VPN Remote configuration failed. Required parameters are not configured.
I've search on the internet and tried to remove the key:
no isakmp key *** address 213.x.x.x
which gives the error:
Pre-shared key not found for address 213.x.x.x netmask 255.255.255.255
Then I tried "clear mem" resetup everything, still the same.
How can I clear this preshared key which I cannot see in the running-configuration...
Please help!
05-21-2007 06:07 PM
Have you tried to reboot the PIX firewall and then issue the command "vpnclient enable"
Make sure you do not have the command starting with "isakmp", if you do - please take them out and "sh cry isakmp"
Cheers
Gilbert
05-22-2007 12:33 AM
Thanks for your suggestions, but "show crypto isakmp" returns nothing (there are no isakmp lines in the config at all!) and I've probably reloaded the PIX over a hundred times ;)
05-22-2007 01:26 AM
How about you change the IP address on the vpnclient server command and then issue vpnclient enable.
I am sure the PIX will take that command, now remove the whole config of the vpnclient and then re-add with the proper server IP.
Let me know how it goes.
Regards,
Gilbert
05-22-2007 01:51 AM
Tried that, and true the PIX doesn't complain upon chainging IP address. after that, it did a "no vpnclient (vpngroup/server/username/mode)" (so "show vpnclient" reported nothing, save the configuration and reloaded the pix. Set it up again, and as soon as I do the "vpnclient enable" same error.
05-22-2007 02:01 AM
Weird!! - Lets try this...
Copy and paste the config in note pad, except for the password.
Would it be possible if you do could "wr erase" & reload. Copy and paste the config from notepad to the PIX.
Make sure you are on console - wr erase will disable telnet or ssh access. :)
Then try your vpnclient command, see how it works out.
Or you even tried this scenario ?
Cheers
Gilbert
05-22-2007 02:16 AM
I've already did a write erase, and reload back to default configuration. Updated all configuration options and still the same error.
So I've got no idea at all why it still keeps complaining about this error. Maybe some file in the flash is broken or...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide