ASA5510 & SCEP enrollement with Name, Serial and IP

Unanswered Question
Sep 24th, 2007

hi,

I have a problem when I try to enroll my new ASA 5510 (no problem with all my PIX in 6.3)

I configured ASA like this :

crypto ca trustpoint Test

revocation-check crl

enrollment retry count 5

enrollment url http://aaa.bbb.ccc.ddd:80/xxxxxxxxx

serial-number

ip-address eee.fff.ggg.hhh

password *

so all is ok except enrollement... it seems to me that ASA doesn't add IP address in demand to CA... I tested different thing... still same problem

On CA side, I have that in log :

UNSTRUCTUREDNAME = name.domain.fr,

UNSTRUCTUREDADDRESS = ,

SERIALNUMBER = zzzzzzzzz

-> UNAUTHORIZED SCEP Request

there is no IP address...

if one of you has an idea... or if this problem is known...

Thanks

Nicolas

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gchaideyrou Mon, 10/01/2007 - 08:06

yep... already read...

and no more...

problem is IOS I think... because problem is there on ASA and PIX

without IP authentication... all is ok... but in my case... I need IP+ all the rest

Nico

Actions

This Discussion