Firewall Wizards mailing list archives

RE: Pix501 - Concentrator

From: "Luc Billot (lbillot)" <lbillot () cisco com>
Date: Mon, 9 Feb 2004 15:48:48 -0000

Hello Frank,

The default config of the VPN 3000 concentrator does not include DES
proposal,
In order to activate it using the GUI :
Menu config, then @tunneling and security@, then @ipsec@, then @ike
proposal@
Then shift the @ike-DES-MD5@ proposal from inactive to active. 

ON the PIX side using PDM, configure the PIX using the EZVPN wizard.

If you want to have some examples please have a look to :
http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Hardware:Cisco
_VPN_3000_Concentrator&s=Software_Configuration#Software_Samples_and_Tip
s

Best Regards
Luc BILLOT


Message: 5
FMessage: 8
Date: Fri, 6 Feb 2004 14:43:29 -0800
From: =?us-ascii?Q?Frank_Delle?= <fdelle () finaplex com>
To: <firewall-wizards () honor icsalabs com>
Subject: [fw-wiz] Pix501 - Concentrator

Hello,=20

I thought giving this group a try and see if there is (there must be..)
an expert on compatability with Pix501 and Concentrator 3005. I am
trying desperately not to pull my remaining hair out, so you folks are
my last hope :-)=20

Setup: Concentrator 3005 (4.0.4) and Pix501 DES license only (6.3/PDM
3.0.1)=20
Goal: setup a VPN (what else)=20
Problem: Concentrator not accepting SA/IKE proposal=20

The setup couldn't any simpler, but the concentrator complains "All
IPSec SA proposals found unacceptable!" and then next logn: "QM FSM
error (P2 struct &0x1e5c120, mess id 0xe9af52c5)!"=20


Pix501 side: uses 2 standard transform sets (esp-des esp-md5/sha-hmac),
crypto map applied to outside interface. ACL's are checked. IKE: des
md5/sha, DH 1, key: pre-share=20

Concentrator: Auth: ESP/MD5/HMAC-128 Encryp: DES-56. IKE Proposal:
pre-shared keys Auth Alg: MD5/HMAc-128, Enc Alg: DES-56, DH group: 1
(all matching the settings on the Pix.=20

I must be missing something and any help is very much appreciated.=20


Frank Delle - IT Manager
Finaplex (www.finaplex.com)
email: fdelle () finaplex com


--__--__--

_______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Pix501 - Concentrator Frank Delle (Feb 07)
- <Possible follow-ups>
- RE: Pix501 - Concentrator Melson, Paul (Feb 09)
- RE: Pix501 - Concentrator Frank Dellé (Feb 09)
- RE: Pix501 - Concentrator Luc Billot (lbillot) (Feb 09)