reply to ke4pym
said by ke4pym:Never tried this with an ASA, but on a 1811 I've never been able to bring up a tunnel using a FQDN even if I point both 1811's to a private DNS box with appropriate A records for each side. It only seems to like listing an IP address for a peer under the crypto.
DNS services like dyndns.org are your friend.
For the typical residential customer who probably runs a Linksys behind their bridge, IPsec VPN access is probably a non-issue.
Correct. Cisco (IOS and ASA) will resolve the address on the spot instead of storing the name and resolving it every time it needs to use it. This is very annoying to people who don't know it does this.