IPSec tunnel with RSA-nonces

Unanswered Question
Oct 15th, 2007
User Badges:


We are trying to establish a VPN tunnel between two Cisco 2821 routers with RSA-nonces authentication.

Each test fails. In the debug crypto isakmp we can see the message "%CRYPTO-6-IKMP_CRYPT_FAILURE: IKE (connection id 268435471) unable to decrypt (w/RSA private key) packet" .

He have checked the RSA public keys for 3 times and they seems to be correct.

Could you please help me with this problem. I would be greatful for any help.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Fri, 10/19/2007 - 11:04
User Badges:
  • Silver, 250 points or more

Try to create a key manually and use it for RSA signatures. This can be accomplished by Configuring a domain name, use crypto key generate rsa general-keys . View the keys generated using show crypto key mypubkey rsa. Copy the hex data from "General Purpose Key". Manually enter RSA keys crypto key pubkey-chain rsa named-key Chef.cisco.com address key-string . Configure ISAKMP policy for rsa-sig authentication

lukaszkhalil Sun, 10/21/2007 - 22:53
User Badges:


Thanks. We found out the same solution but it seems to be a workaround for rsa-enc authentication problems.


This Discussion