Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
0
Helpful
1
Replies

dynamic ip for a pix 501 to create a vpn to a 3005

hewryf
Level 1
Level 1

‎08-07-2002 01:01 PM - edited ‎02-21-2020 11:59 AM

I've try setting up the pix 501 with the ezvpn to the 3005 but kept getting a no acceptable IKE SA on the concentrator.

The samples shows the pix 501 with only vpnclient statements as show below:

vpnclient vpngroup hwclient password <password>

vpnclient server <ip address>

vpnclient mode network-extension-mode

Does the pix 501 require any other statements?

Labels:
0 Helpful
1 Reply 1

paqiu
Level 1
Level 1

‎08-07-2002 04:20 PM

Hi,

The PIX 501, that is the only command you need.

Is that your PIX only have DES encryption key?

If in that situation, I think in the 3005 , you shoose"IKE-DES-MD5" is the IPSEC SA in the group settings.

Please goto "Configuration | System | Tunneling Protocols | IPSec | IKE Proposals | Modify"

Modify "IKE-DES-MD5"

Change "Diffie-Hellman Group" from group 1 to group 2

Because easy VPN client using group 2, VPN 3000 concentrator default for DES is group 1, for 3DES is group 2.

If you do not change it for DES, it will fail in the ISAKMP negotiation.

Best Regards,

0 Helpful
Customers Also Viewed These Support Documents