Router-to-PIX Site-to-Site VPN using CA

Unanswered Question
Apr 22nd, 2008


I have a router and PIX in my lab and I am trying to setup site-to-site VPN between both using CA for authentication.

The router is my CA and the PIX is an agent to it. This certificate between both were generated and shared successfully.

However, the VPN is failing to establish and I can see debug errors on the router, however I dont see any debug output on the PIX when enabling the "debug crypto isakmp and debug crypto ipsec" commands.

It looks like the VPN is failing at phase I but I am not able to know where exactly is the problem.

What is also surprising is, although I am configuring "auth rsa-sig" on both the router and the PIX in the isakmp policy, when doing show run from the router I dont see this listed there!

Please find attached both the router and PIX configs with the debug output from the router.

I would appreciate you looking into my problem and helping me in sorting it out.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion