[c-nsp] VPN Client with Certificate's

Andy Allison aallison at lycos.co.uk
Thu Feb 23 09:08:15 EST 2006


Hi All,
 
We currently terminate VPN's on a 7206 with a VAM. We are looking at
integrating this with a CA Server. We can carry out the certificate
enrollement on the router & the VPN client, however when we try to connect
it is not successful. We have created 2 crypto isakmp policy's see below.
 

crypto isakmp policy 10

 encr 3des

 hash md5

 authentication pre-share

 group 2

!

crypto isakmp policy 20

 encr 3des

 hash md5

 authentication rsa-sig

 group 2

 

We have also removed the key from under crypto isakmp client configuration
group.

The OU within the certificate match's the group name.

 

Has any one got a sample config's or any pointer's.

 

Thanks in advance

Andy.



More information about the cisco-nsp mailing list