04-04-2007 08:08 AM
I recently updated about 70 routers from preshared key to certificate authentication. The most part of them works fine but I'm still searching to resolve a problem on 3 of them.
When I use preshared key the isakmp and ipsec phases complete successfully, but when I use certificates, the Phase 1 complete well and after devices seems to ignore each other.
The VPN is initiate from a Cisco 831 or 871 behind nat to a PIX 515.
Attached debug example of 831
04-04-2007 08:46 AM
I've seen something like this once before. check you NTP server and verify both devices have the same time stamp. It appears that one device is ahead of the other.
04-04-2007 11:48 PM
Hello, thanks for your quick response.
All devices are correctly synchronized on UTC.
I really don't know what can affect the ipsec build when the Phase 1 is finished.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: