Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
1
Replies

IOS 12.2(8)T5 - isakmp and dynamic crypto map w/ or w/o xauth

m.brabec
Level 1
Level 1

‎09-02-2002 11:59 PM - edited ‎03-09-2019 12:09 AM

We use an IOS Router for VPN Termination and we have some remote SOHOs equipped with routers (dynamic IP) and others equipped with VPN Client 3.x.

So we have to specify a wildcard pre-shared key for the routers with no-xauth keyword appended. But after this entry the VPN 3.x client users are not able to connect, because xauth is deactivated with above entry.

Is it a bug or per design? Any workaround for this?

Labels:
0 Helpful
1 Reply 1

cjacinto
Cisco Employee
Cisco Employee

‎09-05-2002 05:02 PM

looks like a bug, CSCdx35000. Workaround is to have xauth and non-xauth devices on separate crypto maps that is if it is possible to have different crypto map and you have different interfaces you apply them, or

take out the no-xauth if possible.

0 Helpful
Customers Also Viewed These Support Documents