cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
297
Views
0
Helpful
1
Replies

IOS 12.2(8)T5 - isakmp and dynamic crypto map w/ or w/o xauth

m.brabec
Level 1
Level 1

We use an IOS Router for VPN Termination and we have some remote SOHOs equipped with routers (dynamic IP) and others equipped with VPN Client 3.x.

So we have to specify a wildcard pre-shared key for the routers with no-xauth keyword appended. But after this entry the VPN 3.x client users are not able to connect, because xauth is deactivated with above entry.

Is it a bug or per design? Any workaround for this?

1 Reply 1

cjacinto
Cisco Employee
Cisco Employee

looks like a bug, CSCdx35000. Workaround is to have xauth and non-xauth devices on separate crypto maps that is if it is possible to have different crypto map and you have different interfaces you apply them, or

take out the no-xauth if possible.