Folks, One more interesting observation that is more of a question. Any idea why the router sends its ID as an IP address if its ISAKMP identity is set to be hostname.
For example, I have it set as follows - "crypto isakmp identity hostname" Then while doing isakmp debugs on the other end of the tunnel I see that the ID comes as FQDN, here R5.cisco.com is the router in question where I have its identity set as hostname Aug 13 22:12:15 [IKEv1 DEBUG]: IP = 192.168.64.5, processing ID payload Aug 13 22:12:15 [IKEv1 DECODE]: IP = 192.168.64.5, ID_FQDN ID received, len 12 0000: 52352E63 6973636F 2E636F6D R5.cisco.com If I set it as "crypto isakmp identity address" then nothing changes, same ID is seen on the peer: Aug 13 22:17:08 [IKEv1 DEBUG]: IP = 192.168.64.5, processing ID payload Aug 13 22:17:08 [IKEv1 DECODE]: IP = 192.168.64.5, ID_FQDN ID received, len 12 0000: 52352E63 6973636F 2E636F6D R5.cisco.com And only when I set it to "crypto isakmp identity dn" then I clearly see that the router sends its ID in the X.500 format: Aug 13 22:19:02 [IKEv1 DEBUG]: IP = 192.168.64.5, processing ID payload Aug 13 22:19:02 [IKEv1 DECODE]: IP = 192.168.64.5, DER_ASN1_DN ID received, len 73 0000: 30473111 300F0603 55040B13 08434349 0G1.0...U....CCI 0010: 452D4C41 42311530 13060355 0403130C E-LAB1.0...U.... 0020: 52352E63 6973636F 2E636F6D 311B3019 R5.cisco.com1.0. 0030: 06092A86 4886F70D 01090216 0C52352E ..*.H........R5. 0040: 63697363 6F2E636F 6D cisco.com Eugene
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
