access-list 101 permit ip 192.168.7.0 0.0.0.255 10.0.1.0 0.0.0.255
dialer-list 1 protocol ip permit
Some specific questions:
1) on the SRP in the example's I have used (and I have a few SRP->SRP VPN's that work) I see you need to enter the preshared key, I'm not seeing in the examples I have used anything about the IKE preshared key on the IOS box. Does anyone have any examples where you use the preshared key for IKE? I wonder if this is my primary issue as it states clearly in the log that there is no Preshared key :|
2) I have used a mish mash of names between the various sections as on the SRP the naming convention isnt the same; ie: which parts of the IPSEC negotiation come from the IKE policy section and which from the IPSEC policy section. Do the names really matter across different ends of the VPN?
3) I notice when I perform this command in the(config-crypto-map)#:
set peer FQDN
It is converted to:
set peer XXX.XXX.XXX.XXX
Is this expected? I want the device to look at the FQDN as this particular host is using DDNS and not use a static IP address.
I could ask a million questions but I will leave it for there, if someone can see anything that sticks out (or can answer Q1 in particular) please let me know.
Thanks in advance for your time and assistance folks.
So I pulled my hair out awhile. Seems I did have the policy details above in my config, it just doesnt show the algorithm, hash or DH group in the conf.
When I did then reread and see the last bit (facepalm) I changed to using a host address and all of a sudden it worked.
Does this mean that you cannot use the FQDN to make ISAKMP work? The documentation seems to indicate it does but the config it makes is not consistent with that. I have a few sites that use DDNS and I would prefer not to upgrade the access plans for those remote sites to include static addresses.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...