VPN Problems on Cisco 800 Series Routers

Discussion in 'Cisco' started by animedreamer, Jun 6, 2006.

  1. animedreamer

    animedreamer Guest

    I was having difficulties maintaining a VPN connection between two of
    our customer's stores. For reference, I have included the IPSEC
    configuration on the Cisco router at the bottom of this post. Notice
    that I am using hostnames and not IP addresses in this configuation. I
    have had mixed results with this type of configuration and this is
    related to my current problem. The router kept giving me the following
    error in the debug output: IPSEC: Peer myhostname.no-ip.biz's A record
    not found, lookup failure. What would cause such an error? I tried
    doing an nslookup from the command prompt on the myhostname.no-ip.biz
    address and it resolved fine. Is this a quirk of the Cisco router or
    is there something wrong with my configuration. Does anyone have any
    opinions on using hostnames versus static IP addresses in the IPSEC
    configuration? As an aside, I added the static IP address that
    myhostname.no-ip.biz currently resolves to as one of my peers and the
    VPN came up instantly. Any and all help is appreciated. Thank you.

    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    lifetime 82800
    crypto isakmp key 123 address
    crypto isakmp key 123 hostname myhostname.no-ip.biz no-xauth
    crypto isakmp identity hostname
    crypto isakmp keepalive 60 5 periodic
    crypto isakmp peer address
    crypto ipsec security-association lifetime seconds 82800
    crypto ipsec transform-set ESP esp-3des esp-sha-hmac
    crypto map mymap 10 ipsec-isakmp
    set peer myhostname.no-ip.biz dynamic
    set transform-set ESP
    match address 101
    animedreamer, Jun 6, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.