[c-nsp] CRYPTO-3-IKMP_QUERY_KEY : Querying key pair failed ?
matthew zeier
mrz at velvet.org
Wed Feb 27 11:44:45 EST 2008
Trying to setup a VTI IPSEC VPN between a 3845 and an 1841. The 3845
has a couple vpns already up and working, one of which is a VTI to a 2800.
The log just spits out:
CRYPTO-3-IKMP_QUERY_KEY : Querying key pair failed.
Cisco says -
Explanation: A public key or private key query attempt that used a
subject name has failed.
Recommended Action: Check the subject name in the certificate.
I'm not sure what cert it's talking about or how to fix that. The 1841
does have
crypto pki trustpoint TP-self-signed-2501804736
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2501804736
revocation-check none
rsakeypair TP-self-signed-2501804736
crypto pki certificate chain TP-self-signed-2501804736
...
Neither of those exist on any of my other routers and I'm not familiar
with them.
Any clues?
More information about the cisco-nsp
mailing list