I am trying to setup a VPN tunnel with a client who is using the Cisco ASA router based on IKEv2 configuration, with the IPSEC Tunnel mode as 'Policy Based'. I checked the logs of the GCP VPN tunnel and I have issue with verifying the identity of the client. GCP cloud VPN uses the public IP address of the client to verify the identity, but the client instead uses the FQDN as a standard to verify its identity. The GCP expects the IP address from client side, but instead it gets the FQDN, which results in a failure to setup the tunnel. Also, I read that GCP cloud VPN does not support IKEv2 FQDN. Is it true? Has anyone used FQDN in the GCP VPN to verify the IKE identity? The client has a strict requirement to verify the identity only via FQDN
Authenticatication issue while setting up a tunnel between GCP VPN and Cisco ASA
153 Views Asked by Cloude At
1
There are 1 best solutions below
Related Questions in GOOGLE-CLOUD-PLATFORM
- Why do I need to wait to reaccess to Firestore database even though it has already done before?
- Unable to call datastore using GCP service account key json
- Troubleshooting Airflow Task Failures: Slack Notification Timeout
- GoogleCloud Error: Not Found The requested URL was not found on this server
- Kubernetes cluster on GCE connection refused error
- Best way to upload images to Google Cloud Storage?
- Permission 'storage.buckets.get' denied on resource (or it may not exist)
- Google Datastream errors on larger MySQL tables
- Can anyone explain the output of apache-beam streaming pipeline with Fixed Window of 60 seconds?
- Parametrizing backend in terraform on gcp
- Nonsense error using a Python Google Cloud Function
- Unable to deploy to GAE from Github Actions
- Assigned A record for Subdomain in Cloud DNS to Compute Engine VM instance but not propagated/resolved yet
- Task failure in DataprocCreateClusterOperator when i add metadata
- How can I get the long running operation with google.api_core.operations_v1.AbstractOperationsClient
Related Questions in VPN
- Docker container does not find System Daemon of nordvpn after reboot
- how to fix PF on M3?
- I'd like to install and configure the 'Checkpoint VPN' on Linux Mint. How can I do that?
- Unable to correctly configure StrongSwan with site-to-site connection and road warrior
- SSHD fails on reboot when restricting it over VPN
- How to share a hotspot VPN from Android to PC (Windows)?
- VPN versus Azure Virtual desktop - Which is secured to access the server, application and personal data
- How to connect docker container to vpn site to site
- Connect to a specific country using Psiphon vpn from Command line
- To allow IPsec NAT-T traffic to pass through, why does the firewall still need to permit ESP when it already allows UDP 4500?
- Connect to VLESS (VPN protocol) ic C# on Android
- Connect to Outline VPN ic C# on Android
- Issue with wg-easy VPN service and setting up auto reboot using Powershell script on Automation Accounts
- Accessing Self-Hosted Visual Studio Code Server via ZeroTier VPN
- Turn off connectivity checks on android. Error with adb
Related Questions in GOOGLE-CLOUD-VPN
- google cloud classic vpn to onprem. Neeto to NAT to public IP space the internal network
- GCP: how to only use the VPN on some domains
- Cloud VPN Connection Graph Anomaly
- how to viewing VPN Parameters on Google Cloud - Phase 1 and Phase?
- Troubleshoot packet loss over VPN connection to Google Cloud
- Google cloud run egress traffic to cloud VPN
- GCP Multiple VPC networks in same region but different zone need to connect on-premise network
- How to let GKE pods connect to local device
- Using OpenVPN or Cloud VPN to connect to AlloyDB Instance
- How to make Python packages in a Artifact Registry available to Vertex AI Custom Jobs?
- Restrict IP-range in GKE cluster when using VPN?
- Is Google Cloud VPN only compatible with Compute Engine instances?
- Connect a GCP Cloud Function with an instance in a VPN
- installing java on compute engine instance without external ip address
- Authenticatication issue while setting up a tunnel between GCP VPN and Cisco ASA
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
GCP Cloud VPN does not support IKEv2 FQDN, the public IP address is used as the IKE identity.