Cisco PIX 500 Series Configuration Manual page 591

Chapter 27 Configuring IPSec and ISAKMP
hostname(config-isakmp-policy)# authentication crack
If you are using digital certificates for client authentication, perform the following additional steps:
Step 1 Configure the trustpoint and remove the requirement for a fully qualified domain name. The trustpoint
might be NSSM or some other CA. In this example, the trustpoint is named CompanyVPNCA:
hostname(config)# crypto ca trustpoint CompanyVPNCA
hostname(config-ca-trustpoint)# fqdn none
To configure the identity of the ISAKMP peer, perform one of the following steps:
Step 2
Use the crypto isakmp identity command with the hostname keyword. For example:
a.
hostname(config)# crypto isakmp identity hostname
–or–
b. Use the crypto isakmp identity command with the auto keyword to configure the identity to be
automatically determined from the connection type. For example:
hostname(config)# crypto isakmp identity auto
Note
To learn more about the Nokia services required to support the CRACK protocol on Nokia clients, and
to ensure they are installed and configured properly, contact your local Nokia representative.
OL-12172-03
If you use the crypto isakmp identity auto command, you must be sure that the DN attribute
order in the client certificate is CN, OU, O, C, St, L.
Cisco Security Appliance Command Line Configuration Guide
Supporting the Nokia VPN Client
27-29