I'm trying to create some IPSec VPNs from Cisco routers on remote sites having dynamic IP address assigned to them (real) to a central site having a static IP address on a Contivity (Nortel). I'm able to bring the IPSec up when I set the "Initiator ID" to the IP address of the remote site but since the remote sites are using dynamic IP address this is not a solution I can sustain.
My question is, did anyone know if it is possible to set a parameter on the Cisco such that the Contivity can have a "string" for the InitiatorID?
I tried the "crypto isakmp identity hostname" and trying it to use the hostname as the InitiatorID but seems this is not what this command does.
I have a very simple configuration on the remote site:
DNS names resolution for remote IPSec peers will work only if they are used as an initiator. The first packet that is to be encrypted will trigger a DNS lookup; after the DNS lookup is complete, subsequent packets will trigger IKE
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...