The concept of using hostname on IOS router is different from ASA. On the ASA, hostname means the FQDN that is being sent in IKE message. ASA checks for the name is the IKE and matches to the tunnel name for aggreesive mode or with certificates.
With IOS, hostname is not related to IKE message FQDN ID rather it is local. The FQDN is resolved either using DNS or static mapping using "ip host". http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c4.html#wp1046469 With regards Kings On Thu, Oct 15, 2009 at 7:18 PM, Kingsley Charles < [email protected]> wrote: > Hi all > > I am trying to bring up a site to site VPN between ASA and IOS router with > pre-shared keys. On the IOS router, I am using hostname not the address. > > I tried two different ways: > > *Way 1* > > > Configured "crypto isakmp identity hostname" on the ASA. The hostname sends > the FQDN to the IOS router. > > Here on the IOS router, I have configured the "crypto isakmp key cisco > hostname ciscoasa". ciscoasa is FQDN that the asa is sending to the IOS > router. > > The error thrown on the IOS router states that "no pre-shared key found for > the peer". > > > *Way 2* > > I have configured hostname to IP address mapping on the IOS router and then > configured the hostname under crypto map peer and for the pre-shared key. > > > The hostname in the crypto map gets resolved and I see the IP address under > the crypto map. > > But with the "crypto isakmp key cisco hostname ciscoasa" just stays without > getting resolved. > > Even for this tunnel doesn't comes up. > > > > How do I use "crypto isakmp key cisco hostname"? > > > With regards > Kings > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
