hi Guys, I have 2 questions for IOS vpn site to site using DVTI in Head office to SVTI in remote office with "identity hostname"
you will found in follow the configuration but it doesn't work router 1: HEAD OFFICE /********************************************************************* crypto keyring key-VPN pre-shared-key hostname router_b.domain.com key test1234 crypto isakmp profile Profile-VPN keyring key-VPN match identity host router_b.domain.com virtual-template 6 crypto ipsec transform-set TRANSFORM esp-3des esp-sha-hmac crypto ipsec profile IPSEC_3DES_SHA-HMAC set security-association lifetime seconds 28800 set transform-set TRANSFORM interface Virtual-Template6 type tunnel ip vrf forwarding VRF_A ip unnumbered Loopback0 ip virtual-reassembly in tunnel source GigabitEthernet0/0 tunnel mode ipsec ipv4 tunnel protection ipsec profile IPSEC_3DES_SHA-HMAC interface GigabitEthernet0/0 ip address 1.1.1.1 255.255.255.240 duplex auto speed auto end interface Loopback0 ip vrf forwarding VRF_A ip address 192.168.1.1 255.255.255.248 end ********************************************************************/ router 2: BRANCHE /******************************************************************** interface Tunnel0 ip address 192.168.1.2 255.255.255.248 tunnel source 2.2.2.2 tunnel mode ipsec ipv4 tunnel destination 1.1.1.1 tunnel protection ipsec profile IPSEC_3DES_SHA-HMAC crypto ipsec transform-set TRANSFORM esp-3des esp-sha-hmac crypto ipsec profile IPSEC_3DES_SHA-HMAC set security-association lifetime seconds 28800 set transform-set TRANSFORM crypto isakmp key test1234 address 1.1.1.1 crypto isakmp identity hostname ip host router_b 2.2.2.2 *********************************************************************/ question 1: do I need to configure agressive mode in the Head office because I use : match identity host router_b.domain.com ps: I know in the asa we must configure it with aggressive mode to work fine Question2: What's missing in my configuration for the "identity hostname" because it's not working thanks!!!!
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
