Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
0
Helpful
2
Replies

ios vpn aggressive mode with hostname

wei.hu
Level 1
Level 1

‎06-22-2009 10:10 PM

Hi,

When I entered the command below on the router:

crypto isakmp peer hostname www.cisco.com

The router automatically changes the command to:

crypto isakmp peer address 198.133.219.25

Is it possible to keep the hostname in the configure?

Thanks,

Wei

Labels:
0 Helpful
2 Replies 2

tstanik
Level 5
Level 5

‎07-01-2009 03:08 PM

You can able to configure the host name in the aggressive mode.

The following example shows how to initiate aggressive mode using RADIUS tunnel attributes:

crypto isakmp peer ip-address 209.165.200.230 vrf vpn1

set aggressive-mode client-endpoint user-fqdn user@cisco.com

set aggressive-mode password cisco123

0 Helpful

wei.hu
Level 1
Level 1
In response to tstanik

‎07-01-2009 03:21 PM

Thanks. I got the same conclusion too. The problem is that you can only use IP address for the "crypto isakmp peer" command. Even though it has the hostname option, the router will automatically convert it to IP address. This defeats the main purpose which is to setup LAN-2-LAN VPN without reference to IP address.

In summary, at this point of time, I don't think it is possible to use hostname for LAN-2-LAN VPN on Cisco router/ASA alone, if preshared key authentication is used.

The alternation option is to use certificate for authentication, or use third party router as the aggressive mode initiator.

Regards,

Wei

0 Helpful
Customers Also Viewed These Support Documents