07-11-2007 06:37 PM
I got this error:
Router1(config)#crypto ca authenticate SCIS-E36A410855
% Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0
Any ideas?
Thanks
Here?s the config:
Router1#show run
hostname Router-Main
!
clock timezone GMT 8
!
ip domain name routermain.com
ip host certserver 192.168.50.3
!
crypto ca trustpoint SCIS-E36A410855
enrollment retry count 3
enrollment retry period 5
enrollment mode ra
enrollment url http://192.168.50.30:80/certsrv/mscep/mscep.dll
crl optional
!
interface FastEthernet0/0
ip address 192.168.50.1 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.100.1 255.255.255.0
!
router rip
network 192.168.50.0
network 192.168.100.0
07-13-2007 03:26 AM
Hi,
Please make sure the following things..
1. Check whether CA server moule is up at the url http://192.168.50.30:80/certsrv/mscep/mscep.dll
2. The machine with the ip 192.168.50.30 is accessible form the router.
If aboube things are perfect, then enable the command 'debug crypto pki transactions'on the router and try to authenticate the CA server. It will give you some sort of debugging mesage.
Post the debug message.
--Jaffer
07-16-2007 01:49 AM
Hi Jaffar,
Thank you for your reply. Ive managed to bypass the CA server stage and now facing another problem, its got to do with configuring an IOS Router Site-to-Site VPN Using Digital Certificates
Could some one please give me a hand?
Here is my network topology:
R1------R2-------R3
|
VPNCA
I got this error message when enable debug:
R1# Jul 15 22:07:10.651: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /255.255.255.255, src_addr= 192.168.10.2, prot= 17
I could ping from R1 to R3 without crypto map and ACL.
Attacched is my show run and debug configs for the 2 routers.
Thanks in advance,
07-17-2007 05:10 PM
Nobody can (or want) help?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide