Real-Time Resolution for IPSec Tunnel Peer

Answered Question
Oct 31st, 2008
User Badges:

Hi,


There is a document on Cisco website

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrlres.html


explaining that while configuring a static crypto map and peers instead of peer IP address we can specify a FQDN following with "dynamic" command. I have been trying this option and no luck. My VPN endpoint (routers 2611XM and 831) do resolve each other name with a DNS server but when it's coming to apllying crypto maps to the interfaces I get the following error message:


ISAKMP: callback: no SA found for 0.0.0.0/0.0.0.0 [vrf 0]


So to speak no SAs are being established and IPSec tunnel failes to come up.


Anybody tried that and had the same problem? I'd appreciate your help on that.


Thanks,

Remi

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
remi-reszka Fri, 11/14/2008 - 07:35
User Badges:

Exactly, I was using pre-share key authentication. I am in process of deploying certs to see how it's gonna work.


Thanks for your help.


Remi

Actions

This Discussion