04-25-2008 12:16 AM
Hi,
I have configured a PIX506E to use certificates from a Microsoft CA for a site-to-site VPN. Gernerating RSA keys, either General or Usage, work. Authenticating the CA and enrolling the PIX with the CA have no problems. I save the certificates and write the configuration to memory. VPN works without any problems. However after enrolling with the CA, connectivity to the PIX Device Manager (PDM) is lost. If I zeroize the RSA keys, I regain connectivity to the PDM, but loose the VPN!
Both the PIX and PDM are the latest software releases the PIX 506E support.
Any suggestions?
05-02-2008 06:16 AM
Do you have MS SCEP addon installed? It is required for enrollment.SCEP can be configured to use Challenge passwords during enrollment (as security feature).If so, then you should get a challenge string (using web link to SCEP page on CA server)
05-02-2008 05:20 PM
CA support was working fine. The problem was that I was using an Enterprise CA not a stand alone CA. The new certificates were causing the SSL to fail when loading the certificates.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide