Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

VPN Connection with FVRF IVRF and Hostnames

Hello,

knows anybody the solution:

I would connect a site-to-site connections with a another Firewall in a F-VRF/I-VRF Scenario.

When i use the commands with the IP Address, it works fine.

The IPsec Connection comes not up, when i will use hostnames.

Example with the keyring: I got the error, there is no Pre-Shared Key for the remote-peer, when only the hostname is used.With the IP Adress of peer, it works fine.

The problem in the profile is the same. With hostname, the connections can not esthablisd. With the IP Adress, the IP Sec Connections comes up.

DNS resolution works.

Has anybody an idea, to use hostnames in a F-VRF and I-VRF Scenario.

Best regards

Dieter

Everyone's tags (4)
2 REPLIES
Community Member

Re: VPN Connection with FVRF IVRF and Hostnames

Hi Dieter,

Did you ever find a solution for this?  I think we are trying to do the same thing.  Setting up a site to site IPSEC tunnel using IPs works fine.  As soon as I try to change to using hostnames the tunnel fails to establish.  It looks like the fvrf ivrf side of this tunnel is still looking for phase one policies using IP information.  I did add the self-identity fqdn command to the crypto isakmp profile but that didn't seem to make any difference.

Cisco Employee

Re: VPN Connection with FVRF IVRF and Hostnames

It might have to do with the IKE ID youre specifying with the "isakmp identity" command

PK

1022
Views
0
Helpful
2
Replies
CreatePlease to create content