cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
340
Views
0
Helpful
2
Replies

rsa-sig problem after Phase1

drenaud
Level 1
Level 1

I recently updated about 70 routers from preshared key to certificate authentication. The most part of them works fine but I'm still searching to resolve a problem on 3 of them.

When I use preshared key the isakmp and ipsec phases complete successfully, but when I use certificates, the Phase 1 complete well and after devices seems to ignore each other.

The VPN is initiate from a Cisco 831 or 871 behind nat to a PIX 515.

Attached debug example of 831

2 Replies 2

willdavi129
Level 1
Level 1

I've seen something like this once before. check you NTP server and verify both devices have the same time stamp. It appears that one device is ahead of the other.

Hello, thanks for your quick response.

All devices are correctly synchronized on UTC.

I really don't know what can affect the ipsec build when the Phase 1 is finished.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: