I've been trying to create a more streamlined configuration for a 2851 I'm using to establish IPSEC tunnels with a remote site that moves around.
As part of this I wanted to change the allocation of pre-shared keys from using addresses to hostnames. To this end, I started by defining a hostname entry:
ip host remote-host 1.2.3.4
I then issued the following commands:
no crypto isakmp key dunkin address 1.2.3.4 crypto isakmp key dunkin hostname remote-host
After doing this, the IPSEC tunnel stopped working until I carried out the following:
no crypto isakmp key dunkin hostname remote-host crypto isakmp key dunkin address 1.2.3.4
It appears as though the option of defining a pre-shared key for a hostname entry either doesn't work, or I've misunderstood what it does. I can obviously workaround this, but it stops my 'automated' IP change script from working.
If anyone has any experience here, I'd appreciate comments...
Cheers, Chris