ASA5510 & SCEP enrollement with Name, Serial and IP - Cisco Community

473

Views

0

Helpful

2

Replies

hi,

I have a problem when I try to enroll my new ASA 5510 (no problem with all my PIX in 6.3)

I configured ASA like this :

crypto ca trustpoint Test

revocation-check crl

enrollment retry count 5

enrollment url http://aaa.bbb.ccc.ddd:80/xxxxxxxxx

serial-number

ip-address eee.fff.ggg.hhh

password *

so all is ok except enrollement... it seems to me that ASA doesn't add IP address in demand to CA... I tested different thing... still same problem

On CA side, I have that in log :

UNSTRUCTUREDNAME = name.domain.fr,

UNSTRUCTUREDADDRESS = ,

SERIALNUMBER = zzzzzzzzz

-> UNAUTHORIZED SCEP Request

there is no IP address...

if one of you has an idea... or if this problem is known...

Thanks

Nicolas

2 Replies 2

You might want to take a look at the following configuration guide

http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/selected_procedures/asdmcer.html

yep... already read...

and no more...

problem is IOS I think... because problem is there on ASA and PIX

without IP authentication... all is ok... but in my case... I need IP+ all the rest

Nico

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking products for a $25 gift card