cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Site to site vpn using SUDI

spikon
Beginner
Beginner

Can a site to site vpn be created between two 4000 series routers using Secure Unique Device Identifier (SUDI) and no preshared keys. Is there a sample configuration ?

As for the security, can the SUDI certificate and key be extracted from the router ?

1 ACCEPTED SOLUTION

Accepted Solutions

Shakti Kumar
Cisco Employee
Cisco Employee

Hi ,

 

Currently this is an enhacement , so currently not possible

 

CSCvd76136

 

Thanks

Shakti

View solution in original post

2 REPLIES 2

Shakti Kumar
Cisco Employee
Cisco Employee

Hi ,

 

Currently this is an enhacement , so currently not possible

 

CSCvd76136

 

Thanks

Shakti

jakerby
Cisco Employee
Cisco Employee

 I am using the SUDI cert to authenticate a device to a Cisco EST CA. The CA returns an a certificate that is used for both VPN and DMVPN tunnels. I am also using the SUDI cert to authenticate to an NSO PnP server. It is working very well with IOS, however, I have recently discovered that NSO cisco-pnp 1.8.0 does not have the CA chain for IOS-XE SUDI certs (High Assurance SUDI CA -> Cisco Root CA 2099) as we moved our CVO's to 1100's with IOS-XE.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: