SITE to SITE Tunnel with FQDN

Unanswered Question
Jul 20th, 2009
User Badges:

Hi


I want LAN to LAN tunnel between ASA and 1800 with FQDN i.e peer=ccde.vpn.com for 1800 and support.vpn.com for ASA rather than using peer ip addresses in 'set peer .. ".Is this possible to use FQDN for tunnel peers ratehr than ip addresses ?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Mon, 07/20/2009 - 11:22
User Badges:
  • Purple, 4500 points or more

Yes it's possible but there are a couple of caveats. The name must be resolvable and the ASA can not use DNS so you will need to use a static name command (kind of defeats the purpose of using a name). Other than set set the peer to the name instead of the IP. You will also have to set the identity to hostname under your isakmp profile.


Hope that helps.

CCDECCDE9 Tue, 07/21/2009 - 07:18
User Badges:

Hi Collin


i am looking for the name to be resolved over an internet if my peer is your router at your location then I have to put colin.vpn.com and I have no clue what ip it has and it is possible they may change the ip from time to time...so static name command doesn't really help

Collin Clark Tue, 07/21/2009 - 07:25
User Badges:
  • Purple, 4500 points or more

I agree, but that's the only way an ASA can resolve names (that I know of).

Collin Clark Tue, 07/21/2009 - 09:05
User Badges:
  • Purple, 4500 points or more

I just ran across something-


dns domain-lookup inside

dns server-group DefaultDNS

name-server 10.101.1.50

name-server 10.101.1.53

domain-name mylocal.lan


Looks like it can do DNS.

Actions

This Discussion