Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1382
Views
0
Helpful
2
Replies

VPN Connection with FVRF IVRF and Hostnames

dieter.goetzl
Level 1
Level 1

‎03-29-2010 08:42 AM

Hello,

knows anybody the solution:

I would connect a site-to-site connections with a another Firewall in a F-VRF/I-VRF Scenario.

When i use the commands with the IP Address, it works fine.

The IPsec Connection comes not up, when i will use hostnames.

Example with the keyring: I got the error, there is no Pre-Shared Key for the remote-peer, when only the hostname is used.With the IP Adress of peer, it works fine.

The problem in the profile is the same. With hostname, the connections can not esthablisd. With the IP Adress, the IP Sec Connections comes up.

DNS resolution works.

Has anybody an idea, to use hostnames in a F-VRF and I-VRF Scenario.

Best regards

Dieter

Labels:
0 Helpful
2 Replies 2

David Williams
Level 1
Level 1

‎05-27-2010 12:02 PM

Hi Dieter,

Did you ever find a solution for this?  I think we are trying to do the same thing.  Setting up a site to site IPSEC tunnel using IPs works fine.  As soon as I try to change to using hostnames the tunnel fails to establish.  It looks like the fvrf ivrf side of this tunnel is still looking for phase one policies using IP information.  I did add the self-identity fqdn command to the crypto isakmp profile but that didn't seem to make any difference.

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to David Williams

‎05-27-2010 07:38 PM

It might have to do with the IKE ID youre specifying with the "isakmp identity" command

PK

0 Helpful
Customers Also Viewed These Support Documents