Configuring Digital Certificates between a hardware client and EZVPN Server

Unanswered Question
Jun 26th, 2007

Dear all,

I'd like to ask whether someone knows how to configure the hardware client using CA?

Normally when using pre-shared key, in the hardware client we only need to configure crypto ipsec client ezvpn <name> and specify the ezvpn group underneath. But I couldn't find a place to configure the group without setting up the key.

Thanks in advance.


James Ren

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smahbub Mon, 07/02/2007 - 05:53

Issue the certificate generate request command on the VPN 5000 Concentrator. Type certificate generate request ? in order to see available options. The VPN Concentrator takes a few moments to generate the request and the length of time depends on key length. The show certificate generator command displays the status of the request generation. If you are logged into the console, the "Certificate request is ready" message appears when the generation is complete

James.Ren Wed, 07/04/2007 - 06:05


Thanks very much for your reply. Indeed the EZVPN Server here I meant was any type of VPN devices including VPN concentrator. I've figured the problem out through the and if the trustpoint is used between the hardware client and the EZVPN Server endpoints, there is no need to configure group on the client side. But the ou in the certificate must be exactly the same with the group configured on the EZVPN Server.


James Ren


This Discussion