Ok, I have done some research and I keep coming up with different answers and no examples. I have read that the ASA (or pix 7+) will allow you to do site to site VPNs using hostnames for peers rather then IPs. What I would like to know is how to do this, and a little explination of why it seems so difficult to find any documentation on it. I am running an ASA 8.0.4(16), and when i attempt to enter the command "crypto map xxx 10 set peer xxx.xx.xxx" I get "invalid hostname", unless I specify a name to IP mapping using the name command. I need some clarrification here!
AFAIK the only way to allow this to happen is either of these:
1. Have your remote peer configured as aggressive mode and have your ASA to be configured with dynamic crypto maps. Defining the tunnel group with the FQDN will allow the ISAKMP completion and the dynamic crypto map will not require you to define a peer address.
2. Have your ASA to use CERTIFICATES authentication using FQDN and dynamic crypto maps.
Thank you for your response. Doesnt 7+ code still force them into using the remote access tunnel group instead of the L2L one? Every time i have tried this before, defining a tunnel group L2L the connections come in and I get an error message in the console about the defaltRA group.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :