I have a site-to-site VPN that works when using static IP. I tried to use host name instead and it can't connect. The remote side where I made the change is an ASA 5505. The local side is an ASA 5520.
On the remote 5505 I made it a DNS client on the outside interface to the ISP's DNS. The remote 5505 can resolve the host name of the 5520.
On the remote 5505 I re-created the connection profile using the host name for the 5520. When I applied it, the message displays "...L2L tunnel-groups that have names which are not an IP address may only be used if the tunnel authentication method is Digitial Certificates and/or The peer is configured to use Aggressive Mode"
Since the IKE Negotiation options for Main or Agressive mode are removed from the ASDM GUI, I assume the 5505 is forced into Agressive mode. On the local 5520 side I changed the connection profile for IKE Negotiation to Agressive mode. (not sure if that was necessary)
When I ping from a host on the remote 5505 side I see this mesage on the 5505;
IKE Initiator unable to find policy: Intf NP Identity Ifc, inside, Src: 172.16.201.20, Dst: 192.168.1.50
I've deleted and re-created the profile, rebooted the 5505, turned off PFS, nothing.
Anyone know what I'm missing?
And, is the above (using a host name instead of IP address) only possible using certificates?