Site to Site Cisco VPN issue

admin | December 5, 2009 | 2:24 pm

We recently came accross and issue while creating a new site to site vpn with a Cisco Pix 515 IOS 6.3(4) and a new ASA 5505 IOS 7.2(4) We were able to resolve the issue by removing peer-id-validate nocheck by issuing simple  peer-id-validate nocheck

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpngrp.html

Specify whether to validate the identity of the peer using the peer’s certificate:

hostname(config-ipsec)# peer-id-validate option
The available options are req (required), cert (if supported by certificate), and nocheck (do not check). The default is req. For example, the following command sets the peer-id-validate option to nocheck:

hostname(config-ipsec)# peer-id-validate nocheck

Bookmark and Share
Categories
Networking
Comments rss
Comments rss
Trackback
Trackback

« »

Leave a Reply

Get Adobe Flash playerPlugin by wpburn.com wordpress themes