Yes Tyson, it works. On Fri, Oct 16, 2009 at 5:19 AM, Tyson Scott <[email protected]> wrote:
> Kingsley this is in Lab12 Question 4.4. You need to configure aggressive > mode in order to use hostnames for pre-shared keys. > > > > ip host ciscoasa x.x.x.x > > crypto isakmp peer hostname ciscoasa > > set aggressive client-endpoint fqdn ciscoasa > > set aggressive password cisco > > > > You would then need to configure aggressive mode on the ASA. I am not sure > off the top of my head for how to do this. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > > Telephone: +1.810.326.1444 > Cell: +1.248.504.7309 > Fax: +1.810.454.0130 > Mailto: [email protected] > > > > Join our free online support and peer group communities: > http://www.IPexpert.com/communities <http://www.ipexpert.com/communities> > > > > IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On > Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, > CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE > Storage Lab Certifications. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Thursday, October 15, 2009 10:06 AM > *To:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] IOS IPSec VPNs with hostname for > pre-shared keys > > > > The concept of using hostname on IOS router is different from ASA. > > > > On the ASA, hostname means the FQDN that is being sent in IKE message. ASA > checks for the name is the IKE and matches to the tunnel name for aggreesive > mode or with certificates. > > > > > > With IOS, hostname is not related to IKE message FQDN ID rather it is > local. The FQDN is resolved either using DNS or static mapping using "ip > host". > > > > > http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c4.html#wp1046469 > > > > > > > > With regards > > Kings > > On Thu, Oct 15, 2009 at 7:18 PM, Kingsley Charles < > [email protected]> wrote: > > Hi all > > > > I am trying to bring up a site to site VPN between ASA and IOS router with > pre-shared keys. On the IOS router, I am using hostname not the address. > > > > I tried two different ways: > > > > *Way 1* > > > > > > Configured "crypto isakmp identity hostname" on the ASA. The hostname sends > the FQDN to the IOS router. > > > > Here on the IOS router, I have configured the "crypto isakmp key cisco > hostname ciscoasa". ciscoasa is FQDN that the asa is sending to the IOS > router. > > > > The error thrown on the IOS router states that "no pre-shared key found for > the peer". > > > > > > *Way 2* > > > > I have configured hostname to IP address mapping on the IOS router and then > configured the hostname under crypto map peer and for the pre-shared key. > > > > > > The hostname in the crypto map gets resolved and I see the IP address under > the crypto map. > > > > But with the "crypto isakmp key cisco hostname ciscoasa" just stays without > getting resolved. > > > > Even for this tunnel doesn't comes up. > > > > > > > > How do I use "crypto isakmp key cisco hostname"? > > > > > > With regards > > Kings > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
