I am trying to setup a VPN tunnel with a client who is using the Cisco ASA router based on IKEv2 configuration, with the IPSEC Tunnel mode as 'Policy Based'. I checked the logs of the GCP VPN tunnel and I have issue with verifying the identity of the client. GCP cloud VPN uses the public IP address of the client to verify the identity, but the client instead uses the FQDN as a standard to verify its identity. The GCP expects the IP address from client side, but instead it gets the FQDN, which results in a failure to setup the tunnel. Also, I read that GCP cloud VPN does not support IKEv2 FQDN. Is it true? Has anyone used FQDN in the GCP VPN to verify the IKE identity? The client has a strict requirement to verify the identity only via FQDN
Asked
Active
Viewed 129 times
1 Answers
1
GCP Cloud VPN does not support IKEv2 FQDN, the public IP address is used as the IKE identity.
John Hanley
- 74,467
- 6
- 95
- 159
-
Thanks for the answer! But do you why they don't? From what I understood the IKEv2 protocol should support FQDN – Cloude Jun 20 '22 at 21:51
-
@Cloude - I do not know the underlying engineering decisions for feature selection. – John Hanley Jun 20 '22 at 22:37