ISAKMP IPSec identity change

allan.sydney · ‎10-22-2010

i have a Cisco 2651XM router and is connected behind an ADSL router.

ADSL router has a static public IP Address and my Cisco WAN has 192.168.1.10.

I am trying to setup a VPN tunnel to another company however their internal policies will not allow them to use a private IP as the identity.

my identity currently comes up as 192.168.1.10.

how can i change the isakmp identity to mydomain.com or to my public IP address?

i didnt want to set my adsl router into bridge mode and set my cisco wan with the public IP As i have other devices connected to this side of the cisco.

i use SDM mainly and then alter things i need to afterwards but am happy to change in ios.

i have seen the commands

crypto isakmp identity address

crypto isakmp identity hostname

but do not know how to set these?

Jitendriya Athavale · ‎10-22-2010

think the reason they do not want to use private ip is for security purposes

i dont think there is anyway of changing the crpto identity address to a different ip

i see 2 ways out

make your headend accept hostname (but again i dont htink they would agree to that for security reasons)

use PKI or certificates (which i think they will be ok with because this is the most secure way)

else convince your managment to accept private ip as identity

allan.sydney · ‎10-22-2010

hi Jathaval

thanks for your quick response.

my head end do say that they will accept host name, how do i go about implementing that using myhostname.com?

many thanks

Jitendriya Athavale · ‎10-22-2010

change your hostname to

hostname hostname.com

then enter the command

crypto isakmp identity hostname