Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
276
Views
0
Helpful
0
Replies

IPSEC ikev2

mark-halls
Level 1
Level 1

‎05-09-2015 06:49 AM - edited ‎03-05-2019 01:25 AM

Hi, I have a question regarding IPSEC VPN using IKEv2 and certificates.

 

i have a standalone RootCA and subordinateCA that I have setup for my ASA 5500-x and I am trying to achieve setting up a VPN community using asdm 7.1. I have setup the VPN between two asa's with no problems, however, when I change the phases from ikev1 to ikev2 only and using my device certificate, my VPN drops. 

 

I have added two trust points for my root and sub, followed by a device certificate. When I run crypto ca trust points it shows me the installed Certs for the root and sub but the device one shows as not authenticated and I am also getting authentication messages from the debug.

now, I know that phase1 will create the authentication  bn between the two peers, however, am I able to remove ikev1 option or will I always need this. Only, I need to use certificates for the ikev2 and thought I should remove ike1 as a business requirement.

 

can anyone help?

 

thanks 

mark

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents