HOW to configure local and remote ID on Cisco ASA for Aggresive mode IKE ?
The ID must have a '@' symbol in it as required by other peer. I coulod not have this symbol in hostname of ASA like mycisco@branch ?
do i need to remove the peer IP address from crypto map in order to alolw it in aggressive mode ?
how to getrid of its outside private IP as a peer ID going to other end ? i want its ID as mycisco@branch
Below is a picture of my topology
HQ has cisco ASA behind the peplink-360 which is in VPN passthrough mode and forwarding all the VPN request/response/traffic through it. Branch has only peplink-310. Site-to-site VPN are terminating at ciscoASA and peplink-310.
HQ Peplink-360 has a static IP and Branch peplink-310 has PPPoE dialer but a fixed IP. As the Cisco ASA on HQ has a private address 172.16.1.2 on outside public interface and its gateway is 172.16.1.1(which is LAN of HQ Peplink-360)
things are not looking good as there is a double NAT here and a private IP on the ASA. troubleshooting results shows that on Branch Peplink-310: The peer ID is coming in as 172.16.1.2 (which is Cisco ASA outside and have crypto maps), and we require the ID to be 220.127.116.11(WAN IP on HQ Peplink-360) as per your configuration.
HQ Pepelink-360(which is in PASS through mode and has cisco ASA behind it for vpn termination)has a static IP. BUT the Branch Peplink-310(where VPN terminates) has a PPPoE dialer but a fixed IP address(can we count a fixed IP as a static IP and can have aggressive mode?)
I tried main mode for IKE1 but failed now configured the Branch Peplink-2 in aggressive mode but need assistance to configure ASA for Aggresive mode and dont know how to give it local/remote IDs...NO Success
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :