[c-nsp] CRYPTO-3-IKMP_QUERY_KEY : Querying key pair failed ?
matthew zeier
mrz at velvet.org
Wed Feb 27 14:38:01 EST 2008
Fix was:
crypto isakmp policy 20
authentication pre-share
group 2
Which enables the negotiation using pre share keys. If not the default
on the router is to use certificates.
matthew zeier wrote:
> Trying to setup a VTI IPSEC VPN between a 3845 and an 1841. The 3845
> has a couple vpns already up and working, one of which is a VTI to a 2800.
>
> The log just spits out:
>
>
> CRYPTO-3-IKMP_QUERY_KEY : Querying key pair failed.
>
> Cisco says -
>
> Explanation: A public key or private key query attempt that used a
> subject name has failed.
>
> Recommended Action: Check the subject name in the certificate.
>
> I'm not sure what cert it's talking about or how to fix that. The 1841
> does have
>
> crypto pki trustpoint TP-self-signed-2501804736
> enrollment selfsigned
> subject-name cn=IOS-Self-Signed-Certificate-2501804736
> revocation-check none
> rsakeypair TP-self-signed-2501804736
>
> crypto pki certificate chain TP-self-signed-2501804736
> ...
>
> Neither of those exist on any of my other routers and I'm not familiar
> with them.
>
> Any clues?
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list