Hello community,
Here is the configuration from a Branch, that config was autogenerated when we deploy IWAN in the device using APIC-EM:
crypto pki trustpoint sdn-network-infra-iwan
fqdn RTSFA00866P1.grupo.ypf.com
subject-name CN=CISCO2911/K9_FTX1521AJF6_sdn-network-infra-iwan
vrf IWAN-TRANSPORT-1
revocation-check crl
rsakeypair sdn-network-infra-iwan
auto-enroll 80 regenerate
As you can see the VRF IWAN-TRANSPORT-1 is used for certificate enrollment, the problem is: If the interface that is associated with that VRF is down for a time longer than the duration of the certificate, all the encryption is dropped and the branch keeps without service. I need solve this URGENTLY, do you have any suggestion? Any help will be appreciated.
Best Regards,
