Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1074
Views
0
Helpful
1
Replies

VPN Dynamic Crypto Map not working

john.graves
Level 1
Level 1

‎12-08-2005 02:31 PM - edited ‎02-21-2020 02:08 PM

I am forced by the ISP to configure an agressive mode VPN. I am now being told by a cisco tech that I cannot do this.

I left the VPN configuration on the remote end alone...I confirmed that the remote PIX ipsec SA DOES contain the current ip address of the outside interface.

The tech said that I should not have a transform-set definition in the dynamic map but the guide says to do so??? Is this the problem??

John G.

Labels:
0 Helpful
1 Reply 1

aacole
Level 5
Level 5

‎12-10-2005 11:35 AM

John,

What device are you trying to configure, I read your message as saying you are trying to make a VPN to a remote PIX. But I'm sure the PIX only supports IKE main mode, not aggressive mode.

If its a PIX then the transform set is applied as shown in this configuration snipit.

crypto ipsec transform-set VPN-CLIENT esp-aes-256 esp-md5-hmac

crypto dynamic-map CLIENT-MAP 10 set transform-set VPN-CLIENT

crypto map VPNMAP 10 ipsec-isakmp dynamic CLIENT-MAP

crypto map VPNMAP interface outside

Andy

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents