Solved: Re: Peer ID configuration on Router

True Warrior · ‎03-30-2020

Hi All,

We are in the proceed of building a S2S VPN between a ASA and a iOS router. The ISAKMP status sits at MSG6 on my ASA and we verified that the PSK is working fine, we even re-did the tunnel group.

I would want my client to set my isakmp peer ID on his iOS router , I reviewed the link but not sure how to set my peer ID on his VPN tunnel. Any help on this please?

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-c4.html#wp3880782430

Cristian Matei · ‎03-31-2020

Hi,

For IKEv1 use "crypto isakmp identity address/dn/hostname" or "self-identity" command under ISAKMP profile

For IKEv2 you configure "identity local address/dn/e-mail/fqdn" under your IKEv2 profile.

Regards,

Cristian Matei.

View solution in original post

Cristian Matei · ‎03-30-2020

Hi,

Use this document as a reference for building a S2S between IOS and ASA. Once you made the configuration, see if he tunnel comes up, if not, let us know what the problem is. You should be using IKE ID of IP address, which is the default anyways for PSK authentication, so you don't need to configure the IKE ID manually.

Regards,

Cristian Matei.

True Warrior · ‎03-31-2020

Hi,

Thank you for your response. Can you please let me know on how to set a IKE ID manually for a peer?

Cristian Matei · ‎03-31-2020

Hi,

For IKEv1 use "crypto isakmp identity address/dn/hostname" or "self-identity" command under ISAKMP profile

For IKEv2 you configure "identity local address/dn/e-mail/fqdn" under your IKEv2 profile.

Regards,

Cristian Matei.

True Warrior · ‎04-02-2020

Thank you.