from what I remember about this, they will try each policy until a match is amde, otherwise the connection terminates
-----Original Message----- From: Richard Campbell [mailto:[EMAIL PROTECTED] Sent: 02 June 2003 10:30 To: [EMAIL PROTECTED] Subject: multiple isakmp policies question [7:69977] hey.. I have a PIX 515 and have a PIX to PIX connection to London and NY using pre-shared key des, hash sha and dh group 1 and I am going to let VPN3000 client 3.X connect to here as here and I created another isakmp policy 20, with hash md5, dh group 2 as shown below. Can u take a look whether the config is correct? And my question is I have 2 isakmp policies here, how does the PIX-PIX and VPN 3000 3.X client know which isakmp policy to take? crypto ipsec transform-set newset esp-des crypto dynamic-map dynmap 30 set transform-set newset crypto map newmap 10 ipsec-isakmp crypto map newmap 10 match address 101 crypto map newmap 10 set peer nyapix crypto map newmap 10 set transform-set newset crypto map newmap 20 ipsec-isakmp crypto map newmap 20 match address 102 crypto map newmap 20 set peer ldnpix crypto map newmap 20 set transform-set newset crypto map newmap 30 ipsec-isakmp dynamic dynmap crypto map newmap interface outside isakmp enable outside isakmp key ******** address ldnpix netmask 255.255.255.255 isakmp key ******** address nyapix netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash sha isakmp policy 10 group 1 isakmp policy 10 lifetime 86400 isakmp policy 20 authentication pre-share isakmp policy 20 encryption des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 vpngroup CLIENTS address-pool REMOTEIPPOOLS vpngroup CLIENTS dns-server 192.168.1.201 vpngroup CLIENTS wins-server 192.168.1.201 vpngroup CLIENTS default-domain xyz.com vpngroup CLIENTS idle-time 1800 vpngroup CLIENTS password ******** _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69982&t=69977 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
