I've been trying to create a more streamlined configuration for a 2851 I'm using to establish IPSEC tunnels with a remote site that moves around.
As part of this I wanted to change the allocation of pre-shared keys from using addresses to hostnames. To this end, I started by defining a hostname entry:
ip host remote-host 188.8.131.52
I then issued the following commands:
no crypto isakmp key dunkin address 184.108.40.206 crypto isakmp key dunkin hostname remote-host
After doing this, the IPSEC tunnel stopped working until I carried out the following:
no crypto isakmp key dunkin hostname remote-host crypto isakmp key dunkin address 220.127.116.11
It appears as though the option of defining a pre-shared key for a hostname entry either doesn't work, or I've misunderstood what it does. I can obviously workaround this, but it stops my 'automated' IP change script from working.
If anyone has any experience here, I'd appreciate comments...