rsa-sig problem after Phase1

Unanswered Question
Apr 4th, 2007
User Badges:

I recently updated about 70 routers from preshared key to certificate authentication. The most part of them works fine but I'm still searching to resolve a problem on 3 of them.

When I use preshared key the isakmp and ipsec phases complete successfully, but when I use certificates, the Phase 1 complete well and after devices seems to ignore each other.

The VPN is initiate from a Cisco 831 or 871 behind nat to a PIX 515.

Attached debug example of 831

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
willdavi129 Wed, 04/04/2007 - 08:46
User Badges:

I've seen something like this once before. check you NTP server and verify both devices have the same time stamp. It appears that one device is ahead of the other.

drenaud Wed, 04/04/2007 - 23:48
User Badges:

Hello, thanks for your quick response.

All devices are correctly synchronized on UTC.

I really don't know what can affect the ipsec build when the Phase 1 is finished.


This Discussion