cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
986
Views
0
Helpful
6
Replies

ASA Error in IPsec Remote Access VPN configuration

YEH
Level 1
Level 1

After initializing the ASA settings, an error was output when the following settings were submitted. Could you please tell us the cause and how to configure it?

 

(config)# crypto ikev2 remote-access trustpoint XXXXX
ERROR: Trustpoint not enrolled. Please enroll trustpoint and try again.

(config)# crypto ca trustpoint XXXXX
(config-ca-trustpoint)# keypair XXXXX
ERROR: Keypair XXXXX doesn't exist.

(config)# crypto ca certificate chain XXXXX
(config-cert-chain)# certificate
Enter the certificate in hexadecimal representation....

<skip>

(config-pubkey)# quit
ERROR: Public key contained in the device certificate doesn't match the device's
public key <Default-RSA-Key> configured for trustpoint XXXXX.

6 Replies 6

@YEH you don't appear to have the trustpoint configured correctly. Refer to this guide to create the trustpoint

Thank you. I will refer to the guide.

balaji.bandi
Hall of Fame
Hall of Fame

Looks you dont  have trust point

can you post

#show crypto ca certificate

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

@balaji.bandi 

I can't post the output of the command, but I did check it and found the following

#show crypto ca certificate

<No applicable trust points>


#show crypto ca trustpoints

Trustpoint XXXXX:
Not authenticated.

srpoda
Cisco Employee
Cisco Employee

If the certificate is not properly installed on the ASA, you cannot bind the trustpoint to the IKEv2 configuration.

Evidently, the certificate is not installed/missed based on the outputs shown above. 

Please generate CSR and install the certificate and then bind to ikev2 configuration 

You need to generate key then use it for trustpoint.