About nickmsv8

nickmsv8 · 05-17-2023

Hello guys!I have had multiple attempts on establishing a L2L IPsec tunnel using certs that I installed on both ASA firewalls using NDES SCEP from a Windows Server 2019 AD CS VM. The certs are RSA 2048 based with SHA 512 signature. I tried both IKEv1...

nickmsv8 · 05-20-2023

Using the command debug crypto ca 255 I found the real problem:CRYPTO_PKI: Found a suitable authenticated trustpoint server.pki.roCRYPTO_PKI: ExtendedKeyUsage OID = 1.3.6.1.5.5.8.2.2, NOT acceptable for usage type IPSEC VPN PeerCRYPTO_PKI:check_key_u...

nickmsv8 · 05-20-2023

Same result unfortunately. I have to say I tried 2048 bits pki, 1024 bits pki with both SHA2 and SHA1, same results. If I switch to PSK it will work instantly.

nickmsv8 · 05-20-2023

Hello, this what i get when using debug crypto ikev2 protocol 255:IKEv2-PROTO-4: (430): Get peer's authentication methodIKEv2-PROTO-4: (430): Peer's authentication method is 'RSA'IKEv2-PROTO-7: (430): SM Trace-> SA: I_SPI=9C4E1179A56E3186 R_SPI=1A351...

nickmsv8 · 05-19-2023

I generate certificates with Windows server 2019 ADCS and get them in ASA using NDES, which is based on SCEP

nickmsv8 · 05-19-2023

This is what happens in wireshark:If I change to PSK it will work perfectly. Also, crl nocheck is deprecated, I tried with revocation check none and still same result. Also, all 3 devices, 2 ASAs and the windows server are using EVE-NG NTP so they ar...

Member Since	‎05-17-2023 11:18 AM
Date Last Visited	‎07-15-2023 12:04 AM
Posts	7

User Statistics

User Activity

ASA-ASA ISAKMP auth fails with ADCS certs

Re: ASA-ASA ISAKMP auth fails with ADCS certs

Re: ASA-ASA ISAKMP auth fails with ADCS certs

Re: ASA-ASA ISAKMP auth fails with ADCS certs

Re: ASA-ASA ISAKMP auth fails with ADCS certs

Re: ASA-ASA ISAKMP auth fails with ADCS certs