Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1724
Views
0
Helpful
4
Replies

asa 5512 ipsec Invalid Hostname

lijianwei652
Level 1
Level 1

‎03-15-2021 06:30 PM

hi everyone:

       i have some trouble ,Because when I configure the device,i have meet some trouble,my ipsec peer`s ip address is ddns like lijianweixxx.oicp.net,when i type it ,reback error like this:

---------------------------------------------------

configure mode commands/options:
connection-type Specify connection-type for site-site connection based
on this entry
df-bit Set IPsec DF policy
ikev1 Configure IKEv1 policy
ikev2 Configure IKEv2 policy
nat-t-disable Disable nat-t negotiation for connections based on this
entry
peer Set IP address of peer
pfs Specify pfs settings
reverse-route Enable reverse route injection for connections based on
this entry
security-association Security association duration
tfc-packets Configure TFC packets to mask a tunnel's traffic
profile
trustpoint Specify trustpoint that defines the certificate to be
used while initiating a connection based on this entry
validate-icmp-errors Set Validate ICMP Errors
ciscoasa(config)# crypto map mymap 1 set pe
ciscoasa(config)# crypto map mymap 1 set peer ?

configure mode commands/options:
Hostname or A.B.C.D IP address
Hostname or X:X:X:X::X IPv6 address
ciscoasa(config)# crypto map mymap 1 set peer lijianwei652.oicp.net
^
ERROR: % Invalid Hostname
ciscoasa(config)#

-------------------------------------------

device version

ciscoasa(config)# show ver

Cisco Adaptive Security Appliance Software Version 9.12(4)13
SSP Operating System Version 2.6(1.220)
Device Manager Version 7.15(1)150

-------------------------------------------

what should i do ?

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎03-15-2021 06:53 PM 

ciscoasa(config)# crypto map mymap 1 set peer lijianwei652.oicp.net

as suggested command syntax should be hostname or IP address - not FQDN, 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

lijianwei652
Level 1
Level 1
In response to balaji.bandi

‎03-15-2021 07:41 PM

thank you ,but i want do like this,Can you give me some advice?

https://community.cisco.com/t5/security-documents/dynamic-ip-to-dynamic-ip-ipsec-vpn-tunnel/ta-p/3122900

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to lijianwei652

‎03-16-2021 04:32 AM

That is most case of the router - i do not believe or deployed myself using ASA - personally think not possible.

 

i may read some documents later let you know if that possible, or wait for other member who did the same to help you.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Sheraz.Salim
VIP Alumni
VIP Alumni

‎03-16-2021 04:37 AM - edited ‎03-16-2021 04:43 AM

I just test the command only allow you to put a ip address v4 or v6 or only hostname

 

 crypto map mymap 1 set peer ?

configure mode commands/options:
  Hostname or A.B.C.D     IP address
  Hostname or X:X:X:X::X  IPv6 address

find a similar post might help you

https://community.cisco.com/t5/vpn/vpn-group-using-names/td-p/1632102

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card