Hi All, I am trying to build a l2l-vpn with aggressive mode. here is the config on my two vpn endpoints. Rack1R1 is the initiator. Based on my isakmp policies priority, i was expecting policy-1(with rsa-sig) to be selected. However , for some reason it selects PSK instead. Now, if i remove 'crypto isakmp key cisco address 136.1.122.2' command on the initiator, RSA-AUTH is selected. Whats happening here? is this expected? or am i making a mistake somewhere else?
Rack1R1#show run | sec isakmp crypto isakmp policy 1 encr 3des hash md5 group 2 crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco address 136.1.122.2 crypto isakmp nat keepalive 10 crypto isakmp profile ISAKMPprofile1 crypto map CMMAP isakmp-profile ISAKMPprofile1 self-identity fqdn keyring default crypto map CMMAP 10 ipsec-isakmp set peer 136.1.122.2 set transform-set TS1 match address ACLcrypto12 Rack1R2#show run | sec isakmp crypto isakmp policy 1 encr 3des hash md5 group 2 crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp nat keepalive 10 crypto isakmp key cisco hostname Rack1R1.cisco.com crypto map CMMAP 10 ipsec-isakmp dynamic CMDYN Thanks for you help, Karthik
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
