Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4948
Views
0
Helpful
7
Replies

Site to Site vpn UC 500

suraj12345
Level 1
Level 1

‎05-22-2009 02:14 AM - edited ‎03-21-2019 01:07 AM

Hi,

I need to configure site to site vpn using UC 500 , in one side, i have static ip the other end it is dynamic , what is best way to set up a connection using this scenario , EZVPN_GROUP_1 is configured , clients can access the system, but I cannot configure the two UC for communicating each other .


Please advise me what way I can connect these systems.


Regards

Suraj kumar

Labels:
0 Helpful
7 Replies 7

Steven DiStefano
VIP Alumni
VIP Alumni

‎05-22-2009 06:41 AM

Look at Page 3.

https://supportforums.cisco.com/docs/DOC-9488

0 Helpful

suraj12345
Level 1
Level 1

‎05-22-2009 07:11 AM

UC 520 in the main site

When I configure using as per the doc

My main site UC is having static ip in WANfor ex xxx.xxx.xxx.xxxx 255.255.255.248

Lan ip is 172.32.0.0 /24

Well the other site

Have Dyanmic ip in wan site

Lan side 192.168.10.0 /24

When I ceate the isakmp policy in the main router having static IP

Crypto isakmp policy 1

Encr 3des

Hash md5

Authentication pre-share

Group2

Crypto isakmp key sbcs address ( the remote site ip is dynamic I have dyndnshostname , but it is not accepting)

What can I do here?

Please advise.

0 Helpful

Steven DiStefano
VIP Alumni
VIP Alumni
In response to suraj12345

‎05-22-2009 09:43 AM

what is the CLI rejection saying exactly?

0 Helpful

suraj12345
Level 1
Level 1
In response to Steven DiStefano

‎05-22-2009 10:15 AM

Cisco (config)#Crypto isakmp key sbcs address aaa.dyndns.org

                                                                                     ^

% Invalid input detected at '^' marker.

                                                                              

When I try a host name instead of ip address  the system says invalid input .The host name which I posted is not  a real hostname (just an example).If I put my real hostname also the result is the same.

0 Helpful

Steven DiStefano
VIP Alumni
VIP Alumni
In response to suraj12345

‎05-22-2009 10:45 AM

Try Hostname parameter instead?

SBCS-Mobility(config)#crypto isakmp key ?
  0     Specifies an UNENCRYPTED password will follow
  6     Specifies an ENCRYPTED password will follow
  WORD  The UNENCRYPTED (cleartext) user password

SBCS-Mobility(config)#crypto isakmp key key123 ?
  address   define shared key with IP address
  hostname  define shared key with hostname

SBCS-Mobility(config)#crypto isakmp key key123

0 Helpful

suraj12345
Level 1
Level 1
In response to Steven DiStefano

‎05-22-2009 12:11 PM


CISCO(config)#crypto map multisite 1 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
CISCO(config-crypto-map)#

Please advise me which acl i have to define her

0 Helpful

Marcos Hernandez
Level 8
Level 8
In response to suraj12345

‎05-24-2009 10:09 AM

You can normalize your config by following the steps in his app note as well:

https://supportforums.cisco.com/docs/DOC-9692

Esentially, the same on as Steve's.


Thanks,


Marcos

0 Helpful
Customers Also Viewed These Support Documents