I have ASA 5505 with dual-isp working, central and couple of branch offices. One of this branch offices has a ADSL with NAT for isp backup, it means backup ASA interface has a reserved IP and adsl modem use a NAT. All ipsec connections have NAT-T enabled, I'm using preshared keys for them.
When the connection has to be established over backup line behind NAT, it always fails in phase 1 on identity mismatch.
I could not change identity to hostname, because of on ASA is no "ip host " command, suppose that with "ip" missing, host should be mispelled with a "hostname" shortcut :-((
Whats worse, it looks like identity "hostname" is not supported without agressive mode. Agressive mode is not supported for initializing mode, just
for response :-)
Is there any chance how to use a static ip - host name pairs on ASA 5505 ?
I really don wont to use a certificates for a gw-gw IPSEC ...
If You have some idea, I prefered an e-mail contact