I would be grateful if someone could give me a little pointer here please.
I have several routers all working fine with a DMVPN Hub (4331) acting as my CA. One spoke router however is stuck in MM_KEY_EXCH. It seems to me like the self signed cert is messing things up (CISCO_IDEVID_SUDI). I removed it and my VPN went to QM IDLE. A reload re-instates the cert as has been pointed out on several posts I reviewed.
I've been googling for an answer but I'm still none the wiser if there is a simple fix, profile, cert map etc.
*Jun 24 16:03:12.210: ISAKMP: (2045):using the CISCO_IDEVID_SUDI trustpoint's keypair to sign
*Jun 24 16:03:14.362: ISAKMP-PAK: (2045):sending packet to X.X.X.X my_port 500 peer_port 500 (I) MM_KEY_EXCH
*Jun 24 16:03:14.362: ISAKMP: (2045):Sending an IKE IPv4 Packet.
*Jun 24 16:03:14.362: ISAKMP: (2045):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Jun 24 16:03:14.362: ISAKMP: (2045):Old State = IKE_I_MM4 New State = IKE_I_MM5
Would appreciate it if anyone has a tip. Happy to upgrade my IOS if needed.