Hi,
I got a problem after I have established the connection from Client to Router. The connection will just disconnect itself with the following debug error:-
"death by retransmission P2" after a series of "incrementing error counter on sa: retransmit phase 2"
I am using isakmp with authentication rsa-sig. The client can connect to the router with no visible problem but with the debug, the above error occurs and after a few seconds, the "show crypto isakmp sa" will have no entries. But "show crypto ipsec sa" will have entries. Then after a while, The client will auto-disconnect itself even traffic is running thru the tunnel.
Then when I switch to authentication pre-shared, there is NO problem at all. No errors on the debug. I only added a key to the group profile and on the policy just add "authentication preshare". And it works. No problem like the above.
I believe it is not a configuration problem. Maybe it is a bug with authentication rsa-sig. Can anyone tell me why? Could it be a CA problem. I am using Microsoft 2000 server and my CA. I installed mscep on it. My clients and router uses url to enroll the certificates. Not a problem with that.
Please give me some advice on this because I do not want to do authentication pre-share.
Thanks
adrian
