I have a problem that I think is pointing back to the isakmp identity being set to hostname on an ASA.

I have configured ezvpn on a router, but it won't connect to an ASA. I can use the same groupname and password that I'm using in the router in the software client and it works fine. I configured another ASA with the crypto isakmp identity hostname, and the same thing happens. It says that none of the policies match. If I change the identity to address on the test ASA, I can connect with no problems.

I haven't changed the isakmp identity on the production one because I have sites that are connecting to us via ASAs and software clients (vendors and users). I have a domain name that resolves to two public addresses for vpn connectivity, and this is why I believe hostname was used. The ASA has a public address, but it can be natted to another address via a Fatpipe. Is there any workaround that I can do on the router, and if not, is there any bad effect on changing the identity on the ASA to address being that the public address could be natted to a different public address?

I've got a tac case opened on this, but they haven't been able to help me.

Thanks,

John