Hello!
I'm trying to configure manual IPSec map using destination fqdn, instead of IP address, on WLC running ArubaOS 8.6.0.19. The configuration seems to be ok; if I change the destination fqdn to IP address the IPSec tunnel is established. But... in case of fqdn it fails and datapath doesn't reveal any packets towards the destination.
Example message from security log:
Peer ip is not configured or resolved for map <map-name>
I checked the DNS functionality and WLC is able to resolve the destination fqdn ("ping fqdn" works).
Any ideas what I'm doing wrong?
Below some configuration snippet:
crypto isakmp policy 9999
encryption aes128
authentication pre-share
lifetime 86400
...
crypto-local isakmp key "******" fqdn <peer-fqdn-removed>
...
crypto ipsec transform-set test-transform-set esp-null esp-md5-hmac
...
crypto-local ipsec-map <map-name> 100
set ikev1-policy 9999
peer-fqdn fqdn-id <peer-fqdn-removed>
local-fqdn <my-fqdn-removed>
vlan <vlan-id>
src-net any
dst-net any
set transform-set "test-transform-set"
set security-association lifetime seconds 86400
pre-connect
trusted
force-natt
------------------------------
gone fishing.
------------------------------