Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
[toc:faq]1. IntroductionPurpose of this blog post is to have one point at wchich you will find information about what is going in which packet of IKEv2 negotation. IKEv2 establishing contains three main phases:- IKE_SA_INIT- IKE_AUTH- CREATE_CHILD_SA...
Hi Mohammad,Regarding to routing when using crypto map I think the best is just to remember that you need to have route to remote LAN going out of the interface on which you have crypto map attached.In your case as an example on R3 you could have:ip ...
Hi,Please refer to the bug CSCtl97326 which was feature request for EKU in PKI Server:http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtl97326Based on this information it is added in: 15.1(1)SY 15.2(0....
Hi Han,I don't see myself possibility to do that. You can limit data transferred in one IPSEC SPI before renegotiation using crypto ipsec security-association but this is not what you are looking for.I guess if you really want to achieve it you woul...
Hi Filip,You need in certificate that is used by HTTP Server (SSLVPN) to have Extended Key Usage (EKU) value of 'Server Authentication' .You can use for it Cisco CA on IOS for some time already.Example PKI Server configuration:crypto pki server CAgr...
