Hello All, I am experiencing an issue when trying to enroll a juniper certificate with a Cisco CA. I get the following from debug. Has anyone seen this and how did you resolve it? Thanks!CRYPTO_CS: received a SCEP GetCACert requestCRYPTO_CS: CA ...
Hello,
I developed a DMVPN solution in my company's lab and all worked well. I am now rolling it out to the production network and I am seeing an attribute I never encountered in the lab. The Hub shows the connection as up with an attribute of DN...
Hey guys,
I have been searching for information relating to migrating from IKEv1 to IKEv2. We use DMVPN with IKEv1/PSK and would like to transtion to IKEv2/PKI. We are creating a second tunnel that will be configured with IKEv2/PSK so that we can...
Hello,
I have gotten my DMVPN tunnels up, but I am having trouble with geting PKI authentication to work. I am able to get the Ikev2 profile to work when I sent the hub and spoke to communicate with Pre shared key so I know that it has to be the...
Hello All,
What I would like to do is have a hub that has dual DMVPN tunnels to the spokes. The ultimate goal of our network is to have the spokes authenticate to each other using PKI with IKEv2 on the tunnel. Right now, I can get the the spok...
Hello again, I did some more research and it appears that Juniper only supports certificates from Entrust, Versign, and Microsoft. This may be why the Cisco CA was unable to open the CSR from the Juniper even though the Juniper was able to success...
Hi, The CA server is a Cisco 4451 with IOS XE version 16.06.05. Part of the juniper enrollment process is to request the CA certificate. I do this and the certificate is received as evidenced by the verified fingerprints. The CA certificate is tied t...
The current plan was to use the same hub and have both IKE versions until the transition was complete. Never considered using another hub. I will run that by team. So, I keep the current tunnel, tunnel 0, that has IKEv1. Create a second tunnel, t...
I wanted to give information for anyone who comes after me. Setting the revocation-check to none did solve my issue, but it wasn't what I needed. A requirement for my network was that crl checks were done. I had reached out to Cisco concerning thi...