Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1280
Views
0
Helpful
0
Replies

CRYPTO-3-IKMP_QUERY_KEY: Querying key pair failed.

krs4keshara
Level 1
Level 1

‎06-12-2013 03:19 AM

Site-to-Site VPN.png

This is my topology and i could establised a VPN session from HQ to Branch with using Pre-shared key on IKE phase-1. It worked fine....

Then I changed both router's config to use "rsa-sig" as the authentication and also setup both routers to receive certificates from my win2003 server. Now I even could receives certificates from the CA, I couldn't establise a VPN session from HQ to Branch.

Debug says,

ISAKMP:(0:8:SW:1): processing CERT payload. message ID = 0

ISAKMP:(0:8:SW:1): processing a CT_X509_SIGNATURE cert

ISAKMP:(0:8:SW:1): peer's pubkey isn't cached

ISAKMP:(0:8:SW:1): Unable to get DN from certificate!

ISAKMP:(0:8:SW:1): Cert presented by peer contains no OU field.

ISAKMP:(0:8:SW:1): processing SIG payload. message ID = 0

ISAKMP (134217736): sa->peer.name = , sa->peer_id.id.id_fqdn.fqdn = HQ.ciscokeshara.com

CRYPTO-3-IKMP_QUERY_KEY: Querying key pair failed.

Can anyone give me a solution fo this.????

HELP please..../ BR, keshara from Sri Lanka.

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents