Hi,
I am posting a stupid question I supposed, I hope you can help me.
I have a remote site trying to connect back to our PIX VPN box using md5 to set up the VPN tunnel as they cannot configure their VPN box (GNAT ) with "sha" algorithm which I am using for other remote sites.
I am trying to add the following set of command to my PIX box, however, it doesn't seem to work, what could have I done wrong?
crypto ipsec transform-set Australand esp-3des esp-md5-hmac
crypto dynamic-map pixtognat 23 set transform-set Australand
crypto map capitaland 24 ipsec-isakmp dynamic pixtognat
isakmp policy 24 authentication pre-share
isakmp policy 24 encryption 3des
isakmp policy 24 hash md5
isakmp policy 24 group 2
isakmp policy 24 lifetime 86400
my existing VPN config is as append:
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set test esp-3des esp-sha-hmac
crypto ipsec transform-set UK esp-des
crypto ipsec security-association lifetime seconds 86400
crypto dynamic-map pixosw 10 set transform-set test
crypto map spooky 20 ipsec-isakmp dynamic pixosw
crypto map spooky 60 ipsec-manual
crypto map spooky 60 match address 160
crypto map spooky 60 set peer 62.49.221.118
crypto map spooky 60 set transform-set UK
crypto map spooky 60 set security-association lifetime seconds
28800 kilobytes 4608000
crypto map spooky 60 set session-key inbound esp 300 cipher
C43AF3903808B3D0
crypto map spooky 60 set session-key outbound esp 300 cipher
C43AF3903808B3D0
crypto map spooky interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
Thank you very much.