[c-nsp] ASA EZVPN config
Christian Zeng
christian at zengl.net
Mon Apr 30 04:02:29 EDT 2007
* Ahmad Cheikh-Moussa <acm at netuse.de> wrote:
>
>> When I add vpnclient management clear to my vpnclient config, then everything
>> works. Is this a new feature ?
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008068dabe.html#wp1001074
>One another question. The output of the show crypto isakmp sa has changed.
>With 6.x, if a tunnel is established, the state were QM_Idle.
>Now with 7.x it is AM_Active. On an IOS Router it is still QM_Idle.
AM denotes Aggressive Mode exchange, QM means Quick Mode. Depending on
what the initiator proposes and what the resonder is willing to accept,
AM may be used for establishing IKE SA. This may be the case when you
want to establish Lan-2-Lan tunnels with preshared keys when the remote
end has dynamic IP addresses.
IOS spokes dont establish AM by default, iirc.
More information about the cisco-nsp
mailing list