Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
402
Views
0
Helpful
2
Replies

Configuring Digital Certificates between a hardware client and EZVPN Server

James.Ren
Level 1
Level 1

‎06-26-2007 04:44 AM

Dear all,

I'd like to ask whether someone knows how to configure the hardware client using CA?

Normally when using pre-shared key, in the hardware client we only need to configure crypto ipsec client ezvpn <name> and specify the ezvpn group underneath. But I couldn't find a place to configure the group without setting up the key.

Thanks in advance.

Regards,

James Ren

Labels:
0 Helpful
2 Replies 2

smahbub
Level 6
Level 6

‎07-02-2007 05:53 AM

Issue the certificate generate request command on the VPN 5000 Concentrator. Type certificate generate request ? in order to see available options. The VPN Concentrator takes a few moments to generate the request and the length of time depends on key length. The show certificate generator command displays the status of the request generation. If you are logged into the console, the "Certificate request is ready" message appears when the generation is complete

0 Helpful

James.Ren
Level 1
Level 1
In response to smahbub

‎07-04-2007 06:05 AM

Hi,

Thanks very much for your reply. Indeed the EZVPN Server here I meant was any type of VPN devices including VPN concentrator. I've figured the problem out through the cisco.com and if the trustpoint is used between the hardware client and the EZVPN Server endpoints, there is no need to configure group on the client side. But the ou in the certificate must be exactly the same with the group configured on the EZVPN Server.

Cheers,

James Ren

0 Helpful
Customers Also Viewed These Support Documents