Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
557
Views
0
Helpful
0
Replies

DMVPN

Network Pro
Level 1
Level 1

ā€Ž05-15-2017 10:06 AM - edited ā€Ž03-08-2019 10:35 AM

Hi 

i am trying to authenticate dmvpn spoke router to hub router using encryption but cant seem to and i get the following errors

what does these errors means?

000075: May 15 18:00:07.242 GMT: %PKI-4-CRLHTTPFETCHFAIL: CRL Request for trustpoint "dmvpn" returned 404 Not Found
000076: May 15 18:00:07.242 GMT: %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from x.x.x.x is bad: CA request failed!
000077: May 15 18:00:09.254 GMT: %PKI-3-CERTIFICATE_INVALID: Certificate chain validation has failed.
000078: May 15 18:00:09.254 GMT: %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from x.x.x.x is bad: certificate invalid
000079: May 15 18:01:11.613 GMT: %PKI-4-CRLHTTPFETCHFAIL: CRL Request for trustpoint "dmvpn" returned 404 Not Found
000080: May 15 18:01:11.613 GMT: %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from x.x.x.x is bad: CA request failed!
000081: May 15 18:01:13.560 GMT: %PKI-3-CERTIFICATE_INVALID: Certificate chain validation has failed.
000082: May 15 18:01:13.560 GMT: %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from x.x.x.x is bad: certificate invalid
000083: May 15 18:02:17.099 GMT: %PKI-4-CRLHTTPFETCHFAIL: CRL Request for trustpoint "dmvpn" returned 404 Not Found
000084: May 15 18:02:17.103 GMT: %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from x.x.x.x is bad: CA request failed!
000085: May 15 18:02:19.238 GMT: %PKI-3-CERTIFICATE_INVALID: Certificate chain validation has failed.
000086: May 15 18:02:19.238 GMT: %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from x.x.x.x is bad: certificate invalid

this is my config whats wrong?

Hub

crypto pki server dmvpn-ca
database level complete
database archive pem
issuer-name CN=x.x.x.x
hash sha256
lifetime crl 168
lifetime certificate 1825
lifetime ca-certificate 2555
cdp-url http://x.x.x.x/cgi-bin/pkiclient.exeoperation=GetCRL
auto-rollover 365 12
database url flash:/DMVPNMain/
database url crl flash:/DMVPNCRL/
database url pem flash:/DMVPNPEM/
!
crypto pki trustpoint TP-self-signed-337151857
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-337151857
revocation-check none
rsakeypair TP-self-signed-337151857
!
crypto pki trustpoint dmvpn-ca
revocation-check crl
rsakeypair dmvpn-ca-sshkeys
!
crypto pki trustpoint dmvpn
enrollment url http://10.250.11.1:80
serial-number
ip-address none
password 7 x.x.x.x
revocation-check crl
rsakeypair dmvpn-sshkeys

Spoke:

crypto pki trustpoint dmvpn
enrollment url http://x.x.x.x:80
serial-number
ip-address none
password 7 x.x.x.x
revocation-check crl
rsakeypair dmvpn

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card