03-15-2021 06:30 PM
hi everyone:
i have some trouble ,Because when I configure the device,i have meet some trouble,my ipsec peer`s ip address is ddns like lijianweixxx.oicp.net,when i type it ,reback error like this:
---------------------------------------------------
configure mode commands/options:
connection-type Specify connection-type for site-site connection based
on this entry
df-bit Set IPsec DF policy
ikev1 Configure IKEv1 policy
ikev2 Configure IKEv2 policy
nat-t-disable Disable nat-t negotiation for connections based on this
entry
peer Set IP address of peer
pfs Specify pfs settings
reverse-route Enable reverse route injection for connections based on
this entry
security-association Security association duration
tfc-packets Configure TFC packets to mask a tunnel's traffic
profile
trustpoint Specify trustpoint that defines the certificate to be
used while initiating a connection based on this entry
validate-icmp-errors Set Validate ICMP Errors
ciscoasa(config)# crypto map mymap 1 set pe
ciscoasa(config)# crypto map mymap 1 set peer ?
configure mode commands/options:
Hostname or A.B.C.D IP address
Hostname or X:X:X:X::X IPv6 address
ciscoasa(config)# crypto map mymap 1 set peer lijianwei652.oicp.net
^
ERROR: % Invalid Hostname
ciscoasa(config)#
-------------------------------------------
device version
ciscoasa(config)# show ver
Cisco Adaptive Security Appliance Software Version 9.12(4)13
SSP Operating System Version 2.6(1.220)
Device Manager Version 7.15(1)150
-------------------------------------------
what should i do ?
03-15-2021 06:53 PM
ciscoasa(config)# crypto map mymap 1 set peer lijianwei652.oicp.net
as suggested command syntax should be hostname or IP address - not FQDN,
03-15-2021 07:41 PM
thank you ,but i want do like this,Can you give me some advice?
03-16-2021 04:32 AM
That is most case of the router - i do not believe or deployed myself using ASA - personally think not possible.
i may read some documents later let you know if that possible, or wait for other member who did the same to help you.
03-16-2021 04:37 AM - edited 03-16-2021 04:43 AM
I just test the command only allow you to put a ip address v4 or v6 or only hostname
crypto map mymap 1 set peer ? configure mode commands/options: Hostname or A.B.C.D IP address Hostname or X:X:X:X::X IPv6 address
find a similar post might help you
https://community.cisco.com/t5/vpn/vpn-group-using-names/td-p/1632102
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide