cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
358
Views
0
Helpful
1
Replies

Router-to-PIX Site-to-Site VPN using CA

haithamnofal
Level 3
Level 3

Hi,

I have a router and PIX in my lab and I am trying to setup site-to-site VPN between both using CA for authentication.

The router is my CA and the PIX is an agent to it. This certificate between both were generated and shared successfully.

However, the VPN is failing to establish and I can see debug errors on the router, however I dont see any debug output on the PIX when enabling the "debug crypto isakmp and debug crypto ipsec" commands.

It looks like the VPN is failing at phase I but I am not able to know where exactly is the problem.

What is also surprising is, although I am configuring "auth rsa-sig" on both the router and the PIX in the isakmp policy, when doing show run from the router I dont see this listed there!

Please find attached both the router and PIX configs with the debug output from the router.

I would appreciate you looking into my problem and helping me in sorting it out.

Thanks,

Haitham

1 Reply 1

aghaznavi
Level 5
Level 5

Troubleshoot and Alerts Select Your Technology- >security and VPN

http://www.cisco.com/web/psa/technologies/tsd_technology_support_troubleshoot_and_alerts.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: