cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1256
Views
0
Helpful
2
Replies

IPSec tunnel with RSA-nonces

lukaszkhalil
Level 1
Level 1

Hello

We are trying to establish a VPN tunnel between two Cisco 2821 routers with RSA-nonces authentication.

Each test fails. In the debug crypto isakmp we can see the message "%CRYPTO-6-IKMP_CRYPT_FAILURE: IKE (connection id 268435471) unable to decrypt (w/RSA private key) packet" .

He have checked the RSA public keys for 3 times and they seems to be correct.

Could you please help me with this problem. I would be greatful for any help.

Regards

Lukas

2 Replies 2

irisrios
Level 6
Level 6

Try to create a key manually and use it for RSA signatures. This can be accomplished by Configuring a domain name, use crypto key generate rsa general-keys . View the keys generated using show crypto key mypubkey rsa. Copy the hex data from "General Purpose Key". Manually enter RSA keys crypto key pubkey-chain rsa named-key Chef.cisco.com address key-string . Configure ISAKMP policy for rsa-sig authentication

Hi

Thanks. We found out the same solution but it seems to be a workaround for rsa-enc authentication problems.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: