ASA Error in IPsec Remote Access VPN configuration - Cisco Community

1012

Views

0

Helpful

6

Replies

After initializing the ASA settings, an error was output when the following settings were submitted. Could you please tell us the cause and how to configure it?

(config)# crypto ikev2 remote-access trustpoint XXXXX
ERROR: Trustpoint not enrolled. Please enroll trustpoint and try again.

(config)# crypto ca trustpoint XXXXX
(config-ca-trustpoint)# keypair XXXXX
ERROR: Keypair XXXXX doesn't exist.

(config)# crypto ca certificate chain XXXXX
(config-cert-chain)# certificate
Enter the certificate in hexadecimal representation....

<skip>

(config-pubkey)# quit
ERROR: Public key contained in the device certificate doesn't match the device's
public key <Default-RSA-Key> configured for trustpoint XXXXX.

6 Replies 6

@YEH you don't appear to have the trustpoint configured correctly. Refer to this guide to create the trustpoint

Thank you. I will refer to the guide.

Looks you dont have trust point

can you post

#show crypto ca certificate

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I can't post the output of the command, but I did check it and found the following

#show crypto ca certificate

<No applicable trust points>

#show crypto ca trustpoints

Trustpoint XXXXX:
Not authenticated.

If the certificate is not properly installed on the ASA, you cannot bind the trustpoint to the IKEv2 configuration.

Evidently, the certificate is not installed/missed based on the outputs shown above.

Please generate CSR and install the certificate and then bind to ikev2 configuration

You need to generate key then use it for trustpoint.

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community