Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2997
Views
45
Helpful
17
Replies

VPN messages

Go to solution
benolyndav
Level 4
Level 4

‎09-09-2021 12:43 PM

Hi 

We have a Static VPN betwen 2 Routers and the tunnel is up and down, I consoled onto one of the routers and ran a debug crypto ipsec and saw this message.

 

*Sep  9 15:20:32.787: %IKEV2-3-NEG_ABORT: Negotiation aborted due to ERROR: Failed to build certificate payload

 

 

i then issued the show crypto pki certificate verbose and noticed that one of the certs had expired.

 

Is this what cause the error message.???

Labels:
0 Helpful
17 Replies 17

Go to solution
Rob Ingram
VIP
VIP
In response to benolyndav

‎09-11-2021 06:37 AM - edited ‎09-11-2021 06:38 AM

@benolyndav the certificate would auto-renew if the router was configured to do so and the initial cert with enrolled via SCEP. If the certificate was enrolled using terminal (copy and paste), then no it would not auto renew.

Go to solution
benolyndav
Level 4
Level 4
In response to Rob Ingram

‎09-11-2021 07:52 AM

Hi Rob

So we have the branch router configured has CA, so when we install new routers we just point to the Branch router before we take to site And request a cert, SCEP uses a serVER dosent it??

 

thanks

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to benolyndav

‎09-11-2021 08:00 AM

@benolyndav 

Do you mean a branch router is the CA, running SCEP?

 

The router requesting the certificate would have a trustpoint configured with "enrollment url http://x.x.x.x"  where x.x.x.x is the IP address of the router acting as the CA. Obviously the rotuers would need to be able to communicate between each other for the scep request to be sent/received.

 

This link might help you using SCEP

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents