Site to Site Cisco VPN issue

MWahl | December 5, 2009 | 2:24 pm

We recently came accross and issue while creating a new site to site vpn with a Cisco Pix 515 IOS 6.3(4) and a new ASA 5505 IOS 7.2(4) We were able to resolve the issue by removing peer-id-validate nocheck by issuing simple  peer-id-validate nocheck

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpngrp.html

Specify whether to validate the identity of the peer using the peer’s certificate:

hostname(config-ipsec)# peer-id-validate option
The available options are req (required), cert (if supported by certificate), and nocheck (do not check). The default is req. For example, the following command sets the peer-id-validate option to nocheck:

hostname(config-ipsec)# peer-id-validate nocheck

Categories
Networking

« »

One Response to “Site to Site Cisco VPN issue”

  1. Mike Blackaller says:
    March 6, 2010 at 1:51 am

    Thanks for this post, answers a bunch of questions I was having.