03-29-2010 08:42 AM
Hello,
knows anybody the solution:
I would connect a site-to-site connections with a another Firewall in a F-VRF/I-VRF Scenario.
When i use the commands with the IP Address, it works fine.
The IPsec Connection comes not up, when i will use hostnames.
Example with the keyring: I got the error, there is no Pre-Shared Key for the remote-peer, when only the hostname is used.With the IP Adress of peer, it works fine.
The problem in the profile is the same. With hostname, the connections can not esthablisd. With the IP Adress, the IP Sec Connections comes up.
DNS resolution works.
Has anybody an idea, to use hostnames in a F-VRF and I-VRF Scenario.
Best regards
Dieter
05-27-2010 12:02 PM
Hi Dieter,
Did you ever find a solution for this? I think we are trying to do the same thing. Setting up a site to site IPSEC tunnel using IPs works fine. As soon as I try to change to using hostnames the tunnel fails to establish. It looks like the fvrf ivrf side of this tunnel is still looking for phase one policies using IP information. I did add the self-identity fqdn command to the crypto isakmp profile but that didn't seem to make any difference.
05-27-2010 07:38 PM
It might have to do with the IKE ID youre specifying with the "isakmp identity" command
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide