Unanswered Question
Apr 25th, 2008
User Badges:


I have configured a PIX506E to use certificates from a Microsoft CA for a site-to-site VPN. Gernerating RSA keys, either General or Usage, work. Authenticating the CA and enrolling the PIX with the CA have no problems. I save the certificates and write the configuration to memory. VPN works without any problems. However after enrolling with the CA, connectivity to the PIX Device Manager (PDM) is lost. If I zeroize the RSA keys, I regain connectivity to the PDM, but loose the VPN!

Both the PIX and PDM are the latest software releases the PIX 506E support.

Any suggestions?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Fri, 05/02/2008 - 06:16
User Badges:

Do you have MS SCEP addon installed? It is required for enrollment.SCEP can be configured to use Challenge passwords during enrollment (as security feature).If so, then you should get a challenge string (using web link to SCEP page on CA server)

moinseoul Fri, 05/02/2008 - 17:20
User Badges:

CA support was working fine. The problem was that I was using an Enterprise CA not a stand alone CA. The new certificates were causing the SSL to fail when loading the certificates.


This Discussion