Hi Guys,
Anybody has been done VPN site-to-site between ASA and Router with certificate authentication by using another router action as PKI Server?
In my case:
|
R4(NTP/PKI Servers)
|
|
(dmz)
|-----R1------- (inside) ASA (outside) --------R3-------R2----|
Tested:
- NTP is synchronized all Router and ASA
- The authenticate/enroll process has been done and got the certificate
- VPN site-to-site between R2 and R3 worked fine with certificate authentication
- ISAKMP policy and IPSEC transform-set is the same all Router and ASA
- The Routing traffic between Routers and ASA are OK.
I had some issue for the VPN traffic between ASA and R3 and I didn’t know why?
- The certificate was successfully validated between ASA and R3 but the Phase 1 is not completed ...and I saw a trackback on ASA:
%ASA-7-711002: Task ran for 18 msec, Process = IKE Daemon, PC = 810ae25, Traceback =
%ASA-7-711002: Task ran for 18 msec, Process = IKE Daemon, PC = 810ae25, Traceback = 0x0810AE25 0x0814C6E6 0x084F269C 0x08491A32 0x084929FE 0x0925A6DF 0x0849206B 0x084A1879 0x084A2408 0x08062413
Anybody has been done this case before? Please let me know
Regards,
Tran