This is my topology and i could establised a VPN session from HQ to Branch with using Pre-shared key on IKE phase-1. It worked fine....
Then I changed both router's config to use "rsa-sig" as the authentication and also setup both routers to receive certificates from my win2003 server. Now I even could receives certificates from the CA, I couldn't establise a VPN session from HQ to Branch.
Debug says,
ISAKMP:(0:8:SW:1): processing CERT payload. message ID = 0
ISAKMP:(0:8:SW:1): processing a CT_X509_SIGNATURE cert
ISAKMP:(0:8:SW:1): peer's pubkey isn't cached
ISAKMP:(0:8:SW:1): Unable to get DN from certificate!
ISAKMP:(0:8:SW:1): Cert presented by peer contains no OU field.
ISAKMP:(0:8:SW:1): processing SIG payload. message ID = 0
ISAKMP (134217736): sa->peer.name = , sa->peer_id.id.id_fqdn.fqdn = HQ.ciscokeshara.com
CRYPTO-3-IKMP_QUERY_KEY: Querying key pair failed.
Can anyone give me a solution fo this.????
HELP please..../ BR, keshara from Sri Lanka.