VPN Connection with FVRF IVRF and Hostnames

Unanswered Question
Mar 29th, 2010


knows anybody the solution:

I would connect a site-to-site connections with a another Firewall in a F-VRF/I-VRF Scenario.

When i use the commands with the IP Address, it works fine.

The IPsec Connection comes not up, when i will use hostnames.

Example with the keyring: I got the error, there is no Pre-Shared Key for the remote-peer, when only the hostname is used.With the IP Adress of peer, it works fine.

The problem in the profile is the same. With hostname, the connections can not esthablisd. With the IP Adress, the IP Sec Connections comes up.

DNS resolution works.

Has anybody an idea, to use hostnames in a F-VRF and I-VRF Scenario.

Best regards


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
David Williams Thu, 05/27/2010 - 12:02

Hi Dieter,

Did you ever find a solution for this?  I think we are trying to do the same thing.  Setting up a site to site IPSEC tunnel using IPs works fine.  As soon as I try to change to using hostnames the tunnel fails to establish.  It looks like the fvrf ivrf side of this tunnel is still looking for phase one policies using IP information.  I did add the self-identity fqdn command to the crypto isakmp profile but that didn't seem to make any difference.

Panos Kampanakis Thu, 05/27/2010 - 19:38

It might have to do with the IKE ID youre specifying with the "isakmp identity" command



This Discussion