02-16-2004 11:27 PM - edited 02-21-2020 01:02 PM
I'm going through an MPLS cloud to connect to a remote Router.I therefore want to configure IPSec with CA support to secure my VPN link. After the configuration of the IPSec and CA. i noticed that the CA server is not issing a new certificate to the routers but give it own's (server) certificate and hence the IPSec in not encrypting traffic.What could i be doing wrong find attched the config of Routers
02-22-2004 07:10 PM
Could you find what was wrong? thanks
02-22-2004 09:54 PM
Your configuration looks like an interesting blend of authentication options. You say that you want to use certificates, so here goes:
1 In your isakmp policy, you shouldn't need to specify an authentication method, because certificates are the default.
2 If you are using certificates, there are two processes that you need to complete with the CA, the authentication phase (crypto ca authenticate domain.name) and an enrollment phase (crypto ca enroll domain.name) When you complete the first phase, you receive the ca certificate as appears in your key chain, you won't receive your routers own certificate until you complete the enrollment phase.
Like I said, I'm a little concerned that you have a mix of authentication commands on your router. If you are looking at a single point-point encrypted link, then encrypted nonces may be a better option than certificates, as it doesn't require any trust in a third party (the CA)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide