Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec VPN on Cisco ASA as Aggressive Mode

HOW to configure local and remote ID on Cisco ASA for Aggresive mode IKE ?

The ID must have a '@' symbol in it as required by other peer. I coulod not have this symbol in hostname of ASA like mycisco@branch ?

do i need to remove the peer IP address from crypto map in order to alolw it in aggressive mode ?

how to getrid of its outside private IP as a peer ID going to other end ? i want its ID as mycisco@branch

Below is a picture of my topology


HQ has cisco ASA behind the peplink-360 which is in VPN passthrough mode and forwarding all the VPN request/response/traffic through it. Branch has only peplink-310. Site-to-site VPN are terminating at ciscoASA and peplink-310.


HQ Peplink-360 has a static IP and Branch peplink-310 has PPPoE dialer but a fixed IP. As the Cisco ASA on HQ has a private address 172.16.1.2 on outside public interface and its gateway is 172.16.1.1(which is LAN of HQ Peplink-360)


GOAL:

things are not looking good as there is a double NAT here and a private IP on the ASA. troubleshooting results shows that on Branch Peplink-310: The peer ID is coming in as 172.16.1.2 (which is Cisco ASA outside and have crypto maps), and we require the ID to be 41.10.161.45(WAN IP on HQ Peplink-360) as per your configuration.

HQ Pepelink-360(which is in PASS through mode and has cisco ASA behind it for vpn termination)has a static IP. BUT the Branch Peplink-310(where VPN terminates) has a PPPoE dialer but a fixed IP address(can we count a fixed IP as a static IP and can have aggressive mode?)


I tried main mode for IKE1 but failed now configured the Branch Peplink-2 in aggressive mode but need assistance to configure ASA for Aggresive mode and dont know how to give it local/remote IDs...NO Success

Thank you in advance.

1683
Views
0
Helpful
0
Replies
CreatePlease login to create content