VPN Site-to-Site between 2811 - not VPN up

kirilkoltchakov · ‎09-09-2008

Hello,

I try to established Site-to-Site VPN between two 2811 with static IP addresses.

I think there some problem with the certificates of the routers. It seems like the peer try to get a valid certificate from a domain controller in one of the LAN's.

There is Router and Router2 in LAN and LAN2.

Router_Public_IP - the public IP address of â€œRouterâ€.

Route2r_Public_IP- the public IP address of â€œRouter2â€.

In the LAN of â€œRouterâ€ there is a domain controller servidor.cuenca.plainsa.local with the role of CA. I don't know way the Router ask this server for the certificate? There is no any configuration in â€œRouterâ€ about this server.

Thank you much!

amritpatek · ‎09-16-2008

Certification authority (CA) interoperability is provided by the ISM in support of the IPSec standard. It permits Cisco IOS devices and CAs to communicate so that Cisco IOS device can obtain and use digital certificates from the CA. Although IPSec can be implemented in network without the use of a CA, using a CA provides manageability and scalability for IPSec.

Here is the URL for the site-to-site VPN. Follow the configuration guide it will help you :

http://www.cisco.com/en/US/docs/security/vpn_modules/6342/configuration/guide/6342site3.html

kirilkoltchakov · ‎09-17-2008

Thank you much!

I will read this documents now.

I made the configuration via SDM and nowhere is configured to search the certificate from the domain controler. Therewhere not undarstand why the router is searching for the domain controler?

Thank you.