08-23-2006 04:06 AM - edited 02-21-2020 02:35 PM
I have a 5510 running 7.2 code. For some reason I am unable to set a lan-to-lan peer using dns resolution. This used to work for PIX peers. Does anyone know the way to do this?
08-29-2006 06:28 AM
Probably,it is related to config changes.Try with following steps
1) DNS for sbs server was not able to resolve
2) took access of asa and connected vpn client to asa
3) checked the config and added split-dns
08-31-2006 04:23 PM
In 7.x, the name of the tunnel group MUST be the IP address of the remote peer.
tunnel-group 172.16.10.10 type ipsec-l2l
You can provide any name you want for the group if it is type ipsec-ra, but for l2l, the name must be the IP address. I believe this is because the ASA borrows its VPN foundation from the VPN3k, where the rules are the same.
Thanks,
Matt
09-01-2006 04:52 AM
This is true unless you are using agressive mode IKE or certificates. Although even when I tried agressive mode it still fails to allow it. This seems like a step backwards. The PIX was able to do this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide