Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1355
Views
0
Helpful
2
Replies

IPSec tunnel with RSA-nonces

lukaszkhalil
Level 1
Level 1

‎10-15-2007 02:10 AM - edited ‎02-21-2020 03:19 PM

Hello

We are trying to establish a VPN tunnel between two Cisco 2821 routers with RSA-nonces authentication.

Each test fails. In the debug crypto isakmp we can see the message "%CRYPTO-6-IKMP_CRYPT_FAILURE: IKE (connection id 268435471) unable to decrypt (w/RSA private key) packet" .

He have checked the RSA public keys for 3 times and they seems to be correct.

Could you please help me with this problem. I would be greatful for any help.

Regards

Lukas

Labels:
0 Helpful
2 Replies 2

irisrios
Level 6
Level 6

‎10-19-2007 11:04 AM

Try to create a key manually and use it for RSA signatures. This can be accomplished by Configuring a domain name, use crypto key generate rsa general-keys . View the keys generated using show crypto key mypubkey rsa. Copy the hex data from "General Purpose Key". Manually enter RSA keys crypto key pubkey-chain rsa named-key Chef.cisco.com address key-string . Configure ISAKMP policy for rsa-sig authentication

0 Helpful

lukaszkhalil
Level 1
Level 1
In response to irisrios

‎10-21-2007 10:53 PM

Hi

Thanks. We found out the same solution but it seems to be a workaround for rsa-enc authentication problems.

0 Helpful
Customers Also Viewed These Support Documents