Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1165
Views
0
Helpful
3
Replies

ASA IPSEC peer using DNS name

sticano
Level 1
Level 1

‎08-23-2006 04:06 AM - edited ‎02-21-2020 02:35 PM

I have a 5510 running 7.2 code. For some reason I am unable to set a lan-to-lan peer using dns resolution. This used to work for PIX peers. Does anyone know the way to do this?

Labels:
0 Helpful
3 Replies 3

irisrios
Level 6
Level 6

‎08-29-2006 06:28 AM

Probably,it is related to config changes.Try with following steps

1) DNS for sbs server was not able to resolve

2) took access of asa and connected vpn client to asa

3) checked the config and added split-dns

0 Helpful

balinem
Level 1
Level 1

‎08-31-2006 04:23 PM

In 7.x, the name of the tunnel group MUST be the IP address of the remote peer.

tunnel-group 172.16.10.10 type ipsec-l2l

You can provide any name you want for the group if it is type ipsec-ra, but for l2l, the name must be the IP address. I believe this is because the ASA borrows its VPN foundation from the VPN3k, where the rules are the same.

Thanks,

Matt

0 Helpful

sticano
Level 1
Level 1
In response to balinem

‎09-01-2006 04:52 AM

This is true unless you are using agressive mode IKE or certificates. Although even when I tried agressive mode it still fails to allow it. This seems like a step backwards. The PIX was able to do this.

0 Helpful
Customers Also Viewed These Support Documents