Quantcast
Channel: IEOC - INE's Online Community
Viewing all articles
Browse latest Browse all 10744

IKEv1 L2L Between IOS and ASA with PSK in Aggressive Mode

$
0
0

I have a question. Does anyone able to make this to work using SG solution?

I seem can't get the vpn to come up using SG solution.  Got below error message on asa:

"[IKEv1]Group = 192.168.70.22, IP = 192.168.70.22, Can't find a valid tunnel group, aborting...!" 

Note: I am using my own ip addressing scheme. 192.168.70.22 is asa's ikev1 interface;

To make it work, in addition to SG configs, I added below commands on R3

crypto isakmp peer address 192.168.70.12
 set aggressive-mode password CISCO
 set aggressive-mode client-endpoint fqdn R3.ine.com

Once configs are in place, vpn came up and working ok.

%ASA-7-713906: IP = 192.168.70.22, Connection landed on tunnel_group R3.ine.com

Is it a valid solution?  It sounds like "aggressive-mode" need to be configured on both sides of devices, comment?

 


Viewing all articles
Browse latest Browse all 10744

Trending Articles