Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
622
Views
0
Helpful
0
Replies

IPSEC Site to Site IKEv2 using Self signed certs ?

stetroke
Level 1
Level 1

‎08-30-2017 06:14 AM - edited ‎03-12-2019 04:30 AM

Hi All,

 

Is it possible to create a site to site IKEv2 IPSec tunnel using self signed certs ?

 

ive created the self signed cert on ASA1 and imported it as an identity cert on ASA2 and vice versa.

I know this tunnel config works as if i switch to PSK it works fine!

 

Hardware is 2x5516-x's

 

but debugging just shows :

 

IKEv2-PROTO-2: (108): Verify peer's policy
IKEv2-PROTO-2: (108): Peer's policy verified
IKEv2-PROTO-5: (108): Matching certificate found

IKEv2-PROTO-2: (108): Get peer's authentication method
IKEv2-PROTO-2: (108): Peer's authentication method is 'RSA'
IKEv2-PLAT-2: (108): Certificate validation queued
IKEv2-PROTO-2: (108):
IKEv2-PLAT-2: Certificate validation completed
IKEv2-PROTO-5: (108): Failed to verify certificate.
IKEv2-PROTO-2: (108): Verify cert failed
IKEv2-PROTO-2: (108): Verification of peer's authentication data FAILED
IKEv2-PROTO-2: (108): Sending authentication failure notify

 

i just wondered if what im actually trying is possible ?

 

thanks in advance!

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents