Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello guys!I have had multiple attempts on establishing a L2L IPsec tunnel using certs that I installed on both ASA firewalls using NDES SCEP from a Windows Server 2019 AD CS VM. The certs are RSA 2048 based with SHA 512 signature. I tried both IKEv1...
Using the command debug crypto ca 255 I found the real problem:CRYPTO_PKI: Found a suitable authenticated trustpoint server.pki.roCRYPTO_PKI: ExtendedKeyUsage OID = 1.3.6.1.5.5.8.2.2, NOT acceptable for usage type IPSEC VPN PeerCRYPTO_PKI:check_key_u...
Same result unfortunately. I have to say I tried 2048 bits pki, 1024 bits pki with both SHA2 and SHA1, same results. If I switch to PSK it will work instantly.
Hello, this what i get when using debug crypto ikev2 protocol 255:IKEv2-PROTO-4: (430): Get peer's authentication methodIKEv2-PROTO-4: (430): Peer's authentication method is 'RSA'IKEv2-PROTO-7: (430): SM Trace-> SA: I_SPI=9C4E1179A56E3186 R_SPI=1A351...
This is what happens in wireshark:If I change to PSK it will work perfectly. Also, crl nocheck is deprecated, I tried with revocation check none and still same result. Also, all 3 devices, 2 ASAs and the windows server are using EVE-NG NTP so they ar...
