Router to PC VPN with device authen only via RSA Sig

Unanswered Question
Jul 31st, 2007

Problem establishing a vpn between a cisco router and a PC based Cisco VPN Client

using version 4.6 (had problems with 4.8 & 5.0). Only trying to accomplish

device authenication with digital certificates without any interest in user

authenication/authorization, so I've eliminated the Xauth from IKE and login

stuff from the client config.

I've got to take about half a dozen users into production asap...

I am thinking the access list may be the problem since the pc client is

expecting to have encrypted communications, but the cisco router is

still doing all it's checks and balances with IKE/ISAKMP to finish device

authenication with one certificate on each. Error message seem straight

forward, but I'm new to the vpn config's and have tested pki for

about 6 months wo/ going into production. Attached are logs with recommended

debug turned on for crypto ike/ipsec/pki/etc.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mmydlowski Tue, 08/07/2007 - 06:53

Thank you for your response!

After further investigation, I'm more concerned about Cisco's IOS 12.4 "Certificate Server" being able to consistently build certificates. Do I need to depend upon a certain Test release like 12.4T because 12.4 isn't ready ....? It's in the 12.4 documentation as though it's ready and I couldn't find any comments in the caveats...

I have tried to build a "request for a certificate" with both with the Cisco VPN Client 4.8/5.0, and Mozilla's add-on to firefox called Key Manager, but both failed.

Just loading base64 instream directly into the IOS crypto cmd to enroll via the terminal fails regularly, besides trying to use SCEP (Cisco's simple certificate enrollment protocol).

I don't care how it gets done, because I like Cisco's architecture so much, but it's got to be reliable.

I don't mind getting involved with Cisco's testing and I believe I can replicate the errors.

Attached is an error of the IOS 12.4 failing...


This Discussion