06-22-2009 10:10 PM
Hi,
When I entered the command below on the router:
crypto isakmp peer hostname www.cisco.com
The router automatically changes the command to:
crypto isakmp peer address 198.133.219.25
Is it possible to keep the hostname in the configure?
Thanks,
Wei
07-01-2009 03:08 PM
You can able to configure the host name in the aggressive mode.
The following example shows how to initiate aggressive mode using RADIUS tunnel attributes:
crypto isakmp peer ip-address 209.165.200.230 vrf vpn1
set aggressive-mode client-endpoint user-fqdn user@cisco.com
set aggressive-mode password cisco123
07-01-2009 03:21 PM
Thanks. I got the same conclusion too. The problem is that you can only use IP address for the "crypto isakmp peer" command. Even though it has the hostname option, the router will automatically convert it to IP address. This defeats the main purpose which is to setup LAN-2-LAN VPN without reference to IP address.
In summary, at this point of time, I don't think it is possible to use hostname for LAN-2-LAN VPN on Cisco router/ASA alone, if preshared key authentication is used.
The alternation option is to use certificate for authentication, or use third party router as the aggressive mode initiator.
Regards,
Wei
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide