Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
445
Views
0
Helpful
2
Replies

How to use different pre-shared keys for each site ?

guillerm
Level 1
Level 1

‎07-03-2004 03:00 AM - edited ‎03-09-2019 07:56 AM

PIX 515, V6.3.3 at central site ;

LinkSys BEFVP41 routers at remote sites ;

all remote site LinkSys routers establish site-to-site VPN with the central PIX thru ADSL connections ;

all these remote sites have non-fixed IP address;

so, the only way to define the ISAKMP peer and the associated pre-shared key is done as follows :

isakmp key secret address 0.0.0.0 netmask 0.0.0.0

So, the preshared key is the same for all remote sites;

Question : How can I do to associate a different pre-shared key for each remote site ?

I have looked at the ISAKMP IDENTITY HOSTNAME command (defaulted on the PIX) and also at the ISAKMP IDENTITY IDENTITY KEY-ID ;

but, I don't understand how the HOSTNAME of the remote LinkSys peer can be declared on the PIX ;

on the LinkSys router, I can define a HOSTNAME but, I cannot know if this HOSTNAME is sent as the ISAKMP identity by this LinkSys router;

I can also define a USERNAME, but this seems to be used only when establishing a VPN from the LinkSys to a SonicWall firewall (to identify the IPSEC SA)

Any help would be appreciated

Labels:
0 Helpful
2 Replies 2

crojas
Level 1
Level 1

‎07-07-2004 10:49 AM

You could do that with an Cisco EZ VPN compatible device on the other end. Even though Linksys is now a Cisco product, I'm not sure it supports it yet.

The trick is the vpngroup command, which allows you to define multiple vpn groups, each associated with its own set of rules and settings, including its own pre-shared key.

Usage: vpngroup password

vpngroup address-pool

vpngroup dns-server []

vpngroup wins-server []

vpngroup default-domain

vpngroup split-tunnel

vpngroup split-dns domain_name1 [domain_name2 ... domain_name8]

vpngroup backup-server {{ [ ... ]} | clear-client-cfg}

vpngroup pfs

vpngroup idle-time

vpngroup max-time

vpngroup secure-unit-authentication

vpngroup authentication-server

vpngroup user-authentication

vpngroup user-idle-timeout

vpngroup device-pass-through

0 Helpful

guillerm
Level 1
Level 1

‎07-08-2004 09:48 AM

Unfortunatly, the LinkSys BEFVP41 router does not support the Esay VPN features with VPNGROUP parameters ;

it is why I asked my question

0 Helpful
Customers Also Viewed These Support Documents