Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec VPN on Cisco ASA as Aggressive Mode

HOW to configure local and remote ID on Cisco ASA for Aggresive mode IKE ?

The ID must have a '@' symbol in it as required by other peer. I coulod not have this symbol in hostname of ASA like mycisco@branch ?

do i need to remove the peer IP address from crypto map in order to alolw it in aggressive mode ?

how to getrid of its outside private IP as a peer ID going to other end ? i want its ID as mycisco@branch

Below is a picture of my topology

HQ has cisco ASA behind the peplink-360 which is in VPN passthrough mode and forwarding all the VPN request/response/traffic through it. Branch has only peplink-310. Site-to-site VPN are terminating at ciscoASA and peplink-310.

HQ Peplink-360 has a static IP and Branch peplink-310 has PPPoE dialer but a fixed IP. As the Cisco ASA on HQ has a private address on outside public interface and its gateway is is LAN of HQ Peplink-360)


things are not looking good as there is a double NAT here and a private IP on the ASA. troubleshooting results shows that on Branch Peplink-310: The peer ID is coming in as (which is Cisco ASA outside and have crypto maps), and we require the ID to be IP on HQ Peplink-360) as per your configuration.

HQ Pepelink-360(which is in PASS through mode and has cisco ASA behind it for vpn termination)has a static IP. BUT the Branch Peplink-310(where VPN terminates) has a PPPoE dialer but a fixed IP address(can we count a fixed IP as a static IP and can have aggressive mode?)

I tried main mode for IKE1 but failed now configured the Branch Peplink-2 in aggressive mode but need assistance to configure ASA for Aggresive mode and dont know how to give it local/remote IDs...NO Success

Thank you in advance.

CreatePlease login to create content