Hi Guys,
We do have a dmvpn with IPSEC profile which certificate is being used for authentication and Would like to ask about how FQDN is being built, used and being presented to other routers?
- By default does Cisco IOS uses its hostname and ip domain name?
- Once you have successfully completed the auth/enrollement process. Tho the fqdn that is configured below is being presented to other router for authentication.. If the peer router has configured "match identity host domain test**.com** " so it needs to match the test.com domain from certicate fqdn?
crypto pki trustpoint TESTPKI
enrollment url http://x.x.x.x:80
fqdn rtrhostname.test.com
<cut>
3. How to show/check the fqdn being used for the router? Is this the correct command?
spoke1#show crypto pki certificates
Certificate
<>
Issuer:
cn=xyz
Subject:
Name: rtrhostname.test.com
hostname=rtrhostname.test.com
cn=xyz
4. From below logs from peer router why the fqdn present is different from the assigned fqdn on the certification "TESTPKI"?
ISAKMP:(2015):My ID configured as IPv4 Addr, but Addr not in Cert!
ISAKMP:(2015):Using FQDN as My ID
ISAKMP:(2015):SA is doing RSA signature authentication using id type ID_FQDN
ISAKMP (2015): ID payload
next-payload : 6
type : 2
FQDN name : spoke1 <------- Router hostname is presented by the router?Why?
Thanks