Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec from Cisco router to Contivity

I'm trying to create some IPSec VPNs from Cisco routers on remote sites having dynamic IP address assigned to them (real) to a central site having a static IP address on a Contivity (Nortel). I'm able to bring the IPSec up when I set the "Initiator ID" to the IP address of the remote site but since the remote sites are using dynamic IP address this is not a solution I can sustain.

My question is, did anyone know if it is possible to set a parameter on the Cisco such that the Contivity can have a "string" for the InitiatorID?

I tried the "crypto isakmp identity hostname" and trying it to use the hostname as the InitiatorID but seems this is not what this command does.

I have a very simple configuration on the remote site:

!

crypto isakmp policy 20

authentication pre-share

!

crypto isakmp key mysharekey address <remote-ip>

!

crypto ipsec transform-set mytest esp-des esp-md5-hmac

crypto isakmp identity hostname

!

crypto map test 20 ipsec-isakmp

set peer <remote-ip>

set transform-set mytest

match address 101

!

interface Ethernet0

...

crypto map test

!

As I said before, this works if I set the remote site IP address as the "Initiator ID" but I need a solution for "dynamic IP"

Any help is welcomed.

Thanks in advance,

-William

1 REPLY
Silver

Re: IPSec from Cisco router to Contivity

DNS names resolution for remote IPSec peers will work only if they are used as an initiator. The first packet that is to be encrypted will trigger a DNS lookup; after the DNS lookup is complete, subsequent packets will trigger IKE

159
Views
4
Helpful
1
Replies