[c-nsp] VPN Client with Certificate's

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Fri Feb 24 01:52:52 EST 2006


can you please post your complete config (or send them unicast if you
don't want to sanitize it) and send "deb cry isakmp" and "deb crypto
ipsec" when one of your cert-peers connects?  

tx,
	oli

Andy Allison <> wrote on Thursday, February 23, 2006 3:08 PM:

> Hi All,
> 
> We currently terminate VPN's on a 7206 with a VAM. We are looking at
> integrating this with a CA Server. We can carry out the certificate
> enrollement on the router & the VPN client, however when we try to
> connect it is not successful. We have created 2 crypto isakmp
> policy's see below. 
> 
> 
> crypto isakmp policy 10
> 
>  encr 3des
> 
>  hash md5
> 
>  authentication pre-share
> 
>  group 2
> 
> !
> 
> crypto isakmp policy 20
> 
>  encr 3des
> 
>  hash md5
> 
>  authentication rsa-sig
> 
>  group 2
> 
> 
> 
> We have also removed the key from under crypto isakmp client
> configuration group.
> 
> The OU within the certificate match's the group name.
> 
> 
> 
> Has any one got a sample config's or any pointer's.
> 
> 
> 
> Thanks in advance
> 
> Andy.
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list