HOW to configure local and remote ID on Cisco ASA for Aggresive mode IKE ?
The ID must have a '@' symbol in it as required by other peer. I coulod not have this symbol in hostname of ASA like mycisco@branch ?
do i need to remove the peer IP address from crypto map in order to alolw it in aggressive mode ?
how to getrid of its outside private IP as a peer ID going to other end ? i want its ID as mycisco@branch
Below is a picture of my topology
HQ has cisco ASA behind the peplink-360 which is in VPN passthrough mode and forwarding all the VPN request/response/traffic through it. Branch has only peplink-310. Site-to-site VPN are terminating at ciscoASA and peplink-310.
HQ Peplink-360 has a static IP and Branch peplink-310 has PPPoE dialer but a fixed IP. As the Cisco ASA on HQ has a private address 172.16.1.2 on outside public interface and its gateway is 172.16.1.1(which is LAN of HQ Peplink-360)
things are not looking good as there is a double NAT here and a private IP on the ASA. troubleshooting results shows that on Branch Peplink-310: The peer ID is coming in as 172.16.1.2 (which is Cisco ASA outside and have crypto maps), and we require the ID to be 220.127.116.11(WAN IP on HQ Peplink-360) as per your configuration.
HQ Pepelink-360(which is in PASS through mode and has cisco ASA behind it for vpn termination)has a static IP. BUT the Branch Peplink-310(where VPN terminates) has a PPPoE dialer but a fixed IP address(can we count a fixed IP as a static IP and can have aggressive mode?)
I tried main mode for IKE1 but failed now configured the Branch Peplink-2 in aggressive mode but need assistance to configure ASA for Aggresive mode and dont know how to give it local/remote IDs...NO Success
Get more with Firepower 6.6.1 – Cisco’s latest suggested release
The latest suggested release for Firepower delivers a Modernized UI, faster eventing, improved usability, and compatibility with the Cisco SecureX platform
In September 2020, Cisco of...
This is a work in progress. I will be working as the SME for pxGrid to update some questions, answers and general information here as time permits.
In my setup I see pending approvals under Web clients but also All Client?
In pxGrid 1.0, we have “Dynam...
I am not able to login to the ASAv device on AWS. I get the following message when I try from another EC2 (ubuntu 16.04) no matching key exchange method found. Their offer: diffie-hellman-group14-sha256 When I try from my Mac - I just get n...
Question. Our legal folks have asked if it is possible to add a footer to outbound email if it went out via TLS. So if it successfully negotiates TLS, can we add a footer that says "Sent successfully via TLS 1.2". Is this possible? ...
Segmentation Strategy - An ISE Prescriptive Guide
For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print, Print to PDF or copy and paste to any other document ...