[c-nsp] 2800 for VPN Server site-to-site and remote
Tolstykh, Andrew
ATolstykh at integrysgroup.com
Tue Jul 8 01:52:05 EDT 2008
Add no-xauth for all defined isakmp pre-shared keys
On 7/7/08 7:14 PM, "Nic Passmore" <nic.passmore at gmail.com> wrote:
> Am having a similiar problem here. I find when I apply the dynamic map at
> the end of the crypto map that is applied to the interface, the existing
> site to site tunnels do not come up.
>
> Haven't had a chance to do any actual diagnostics yet this morning, but was
> under the impression it might have something to do with the following
> configuration line:
>
> crypto map somemap client configuration address respond
>
> Anyone have any tips?
>
> Cheers,
>
> Nic.
>
> --------------------------------------------
> Message: 2
> Date: Mon, 07 Jul 2008 12:55:45 -0500
> From: "Tolstykh, Andrew" <ATolstykh at integrysgroup.com>
> Subject: Re: [c-nsp] 2800 for VPN Server site-to-site and remote
> access
> To: <moua0100 at umn.edu>, "'Everton Diniz'" <notrevebr at gmail.com>,
> "'cisco-nsp'" <cisco-nsp at puck.nether.net>
> Message-ID:
> <C497C2D1.50A3%ATolstykh at integrysgroup.com<C497C2D1.50A3%25ATolstykh at integrysg
> roup.com>
>>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Use multiple statements within a single crypto map configuration:
>
> crypto map iosvpn 5 ipsec-isakmp
> set peer X.X.X.X
> set security-association lifetime seconds 28800
> set transform-set aes-sha
> match address vpn_XXXgard5
> reverse-route
> crypto map iosvpn 15 ipsec-isakmp
> set peer X.X.X.X
> set security-association lifetime seconds 28800
> set transform-set aes-sha
> match address vpn_XXXgard15
> reverse-route
> crypto map iosvpn 25 ipsec-isakmp
> set peer X.X.X.X
> set security-association lifetime seconds 28800
> set transform-set aes-sha
> match address vpn_XXXgard25
> reverse-route
> crypto map iosvpn 35 ipsec-isakmp
> set peer X.X.X.X
> set security-association lifetime seconds 28800
> set transform-set aes-sha
> match address vpn_XXXgard35
> reverse-route
> crypto map iosvpn 100 ipsec-isakmp dynamic dyn
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
More information about the cisco-nsp
mailing list