Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
4
Helpful
1
Replies

IPSec from Cisco router to Contivity

william.caban
Level 5
Level 5

‎08-07-2006 01:50 PM - edited ‎02-21-2020 02:34 PM

I'm trying to create some IPSec VPNs from Cisco routers on remote sites having dynamic IP address assigned to them (real) to a central site having a static IP address on a Contivity (Nortel). I'm able to bring the IPSec up when I set the "Initiator ID" to the IP address of the remote site but since the remote sites are using dynamic IP address this is not a solution I can sustain.

My question is, did anyone know if it is possible to set a parameter on the Cisco such that the Contivity can have a "string" for the InitiatorID?

I tried the "crypto isakmp identity hostname" and trying it to use the hostname as the InitiatorID but seems this is not what this command does.

I have a very simple configuration on the remote site:

!

crypto isakmp policy 20

authentication pre-share

!

crypto isakmp key mysharekey address <remote-ip>

!

crypto ipsec transform-set mytest esp-des esp-md5-hmac

crypto isakmp identity hostname

!

crypto map test 20 ipsec-isakmp

set peer <remote-ip>

set transform-set mytest

match address 101

!

interface Ethernet0

...

crypto map test

!

As I said before, this works if I set the remote site IP address as the "Initiator ID" but I need a solution for "dynamic IP"

Any help is welcomed.

Thanks in advance,

-William

Labels:
0 Helpful
1 Reply 1

didyap
Level 6
Level 6

‎08-11-2006 08:34 AM

DNS names resolution for remote IPSec peers will work only if they are used as an initiator. The first packet that is to be encrypted will trigger a DNS lookup; after the DNS lookup is complete, subsequent packets will trigger IKE

Customers Also Viewed These Support Documents