ASA5510 & SCEP enrollement with Name, Serial and IP

Unanswered Question
Sep 24th, 2007
User Badges:

hi,


I have a problem when I try to enroll my new ASA 5510 (no problem with all my PIX in 6.3)


I configured ASA like this :

crypto ca trustpoint Test

revocation-check crl

enrollment retry count 5

enrollment url http://aaa.bbb.ccc.ddd:80/xxxxxxxxx

serial-number

ip-address eee.fff.ggg.hhh

password *


so all is ok except enrollement... it seems to me that ASA doesn't add IP address in demand to CA... I tested different thing... still same problem


On CA side, I have that in log :

UNSTRUCTUREDNAME = name.domain.fr,

UNSTRUCTUREDADDRESS = ,

SERIALNUMBER = zzzzzzzzz

-> UNAUTHORIZED SCEP Request


there is no IP address...


if one of you has an idea... or if this problem is known...


Thanks


Nicolas

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gchaideyrou Mon, 10/01/2007 - 08:06
User Badges:

yep... already read...

and no more...

problem is IOS I think... because problem is there on ASA and PIX

without IP authentication... all is ok... but in my case... I need IP+ all the rest


Nico

Actions

This Discussion