Solved: Re: l2l VPN using FQDN as peer and any as remote networks

Henrik.Kamsvag · ‎03-17-2021

So I'm building a VPN to a Checkpoint harmony solution and have been given a suggested configuration from Harmony.

The config I'm supposed to enter has a FQDN address as peer and any as remote network. The problem right now is that the ASA5545(version9.1(7.23)) do not accept the peer FQDN as it replies 'unrecognized command' ..
I've entered the 'crypto isakmp identity hostname' command.

Below command causes error in cli.

crypto dynamic-map <outside_dyn_map_name> <priority> set peer <FQDN>

Anyone who has a decent guide for setting up VPN to checkpoint Harmony?

Sheraz.Salim · ‎03-17-2021

Use the crypto isakmp identity command with the auto keyword to configure the identity to be automatically determined from the connection type. For example:

hostname(config)# crypto isakmp identity auto

Note If you use the crypto isakmp identity auto command, you must be sure that the DN attribute order in the client certificate is CN, OU, O, C, St, L.

Just a side note why dont you upgrade you ASA code 9.1(7.23) is old code with vulnerabitliy consider upgrading the software on ASA.

please do not forget to rate.

View solution in original post

Sheraz.Salim · ‎03-17-2021

Use the crypto isakmp identity command with the auto keyword to configure the identity to be automatically determined from the connection type. For example:

hostname(config)# crypto isakmp identity auto

Note If you use the crypto isakmp identity auto command, you must be sure that the DN attribute order in the client certificate is CN, OU, O, C, St, L.

Just a side note why dont you upgrade you ASA code 9.1(7.23) is old code with vulnerabitliy consider upgrading the software on ASA.

please do not forget to rate.