Hello Tek-tips,
Is there a way to disable the "proxy id" on a VPN configured on a Cisco 3000 VPN concentrator?
It seems that these VPN's are configured similar to the old "policy based" VPN's on the Netscreens where the phase 2 proxy id is determined by what object(s)(source/dest.addrs and/or services) are defined in the policy. If the Cisco is
configured with address lists for it's protected network, the VPN fails phase 2. If it's configured with just a single network defined, the negotiation complete phase 2 and can pass traffic through the tunnel.
>
>Does anyone have a work around for this or does anyone know if there's a way to configure the VPN on the Cisco similar to Netscreens "route-based" VPN's where phase 1 and phase 2 are completely independent of the policy and the objects defined in that policy?
Is there a way to disable the "proxy id" on a VPN configured on a Cisco 3000 VPN concentrator?
It seems that these VPN's are configured similar to the old "policy based" VPN's on the Netscreens where the phase 2 proxy id is determined by what object(s)(source/dest.addrs and/or services) are defined in the policy. If the Cisco is
configured with address lists for it's protected network, the VPN fails phase 2. If it's configured with just a single network defined, the negotiation complete phase 2 and can pass traffic through the tunnel.
>
>Does anyone have a work around for this or does anyone know if there's a way to configure the VPN on the Cisco similar to Netscreens "route-based" VPN's where phase 1 and phase 2 are completely independent of the policy and the objects defined in that policy?