Real-Time Resolution for IPSec Tunnel Peer

Answered Question
Oct 31st, 2008
User Badges:


There is a document on Cisco website

explaining that while configuring a static crypto map and peers instead of peer IP address we can specify a FQDN following with "dynamic" command. I have been trying this option and no luck. My VPN endpoint (routers 2611XM and 831) do resolve each other name with a DNS server but when it's coming to apllying crypto maps to the interfaces I get the following error message:

ISAKMP: callback: no SA found for [vrf 0]

So to speak no SAs are being established and IPSec tunnel failes to come up.

Anybody tried that and had the same problem? I'd appreciate your help on that.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
remi-reszka Fri, 11/14/2008 - 07:35
User Badges:

Exactly, I was using pre-share key authentication. I am in process of deploying certs to see how it's gonna work.

Thanks for your help.



This Discussion