07-29-2012 08:56 AM - edited 02-21-2020 06:14 PM
HOW to configure local and remote ID on Cisco ASA for Aggresive mode IKE ?
The ID must have a '@' symbol in it as required by other peer. I coulod not have this symbol in hostname of ASA like mycisco@branch ?
do i need to remove the peer IP address from crypto map in order to alolw it in aggressive mode ?
how to getrid of its outside private IP as a peer ID going to other end ? i want its ID as mycisco@branch
Below is a picture of my topology
HQ has cisco ASA behind the peplink-360 which is in VPN passthrough mode and forwarding all the VPN request/response/traffic through it. Branch has only peplink-310. Site-to-site VPN are terminating at ciscoASA and peplink-310.
HQ Peplink-360 has a static IP and Branch peplink-310 has PPPoE dialer but a fixed IP. As the Cisco ASA on HQ has a private address 172.16.1.2 on outside public interface and its gateway is 172.16.1.1(which is LAN of HQ Peplink-360)
GOAL:
things are not looking good as there is a double NAT here and a private IP on the ASA. troubleshooting results shows that on Branch Peplink-310: The peer ID is coming in as 172.16.1.2 (which is Cisco ASA outside and have crypto maps), and we require the ID to be 41.10.161.45(WAN IP on HQ Peplink-360) as per your configuration.
HQ Pepelink-360(which is in PASS through mode and has cisco ASA behind it for vpn termination)has a static IP. BUT the Branch Peplink-310(where VPN terminates) has a PPPoE dialer but a fixed IP address(can we count a fixed IP as a static IP and can have aggressive mode?)
I tried main mode for IKE1 but failed now configured the Branch Peplink-2 in aggressive mode but need assistance to configure ASA for Aggresive mode and dont know how to give it local/remote IDs...NO Success
Thank you in advance.