I have an IPSec tunnel up and running with no issues using a staic IP for the peer in the IKE gateway, but it won't work when I set it to Dynamic and use the FQDN (hostname).
When I ping from the command line it translates to the correct IP, and replies with no issue, but the tunnel will not come up.
Are there some FQDN or DNS settings I need to change or is there a way to verify it works? Or am I putting the FQDN in using an incorrect format? ( name.domain.com )
When you say you "use FQDN" please confirm if you you have an FQDN in the "local/peer identifdication"? of the IKE gateway? If yes: local/peer identification will need to be configured on peer end.
If it does not work after configuring this, could you ascertain detailed logs from:
>tail follow yes mp-log ikemgr.log
I think your issue is what @LukeBullimore is getting at. When you configure the initiator or the responder to use FQDN in the peer identification it really doesn't matter what you put here as long as it matches. I can configure the Peer Identification as FQDN with the value 'SEN19' on my responder as long as my initiator has the local identification as FQDN and matches 'SEN19'. If these values don't match this will fail. The FQDN you enter doesn't matter at all, as long as the configured FQDN value matches on either end it doesn't need to resolve to anything or be the actual hostname of the device.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!