09-09-2008 10:07 AM - edited 02-21-2020 03:55 PM
Hello,
I try to established Site-to-Site VPN between two 2811 with static IP addresses.
I think there some problem with the certificates of the routers. It seems like the peer try to get a valid certificate from a domain controller in one of the LAN's.
There is Router and Router2 in LAN and LAN2.
Router_Public_IP - the public IP address of âRouterâ.
Route2r_Public_IP- the public IP address of âRouter2â.
In the LAN of âRouterâ there is a domain controller servidor.cuenca.plainsa.local with the role of CA. I don't know way the Router ask this server for the certificate? There is no any configuration in âRouterâ about this server.
Thank you much!
09-16-2008 06:16 AM
Certification authority (CA) interoperability is provided by the ISM in support of the IPSec standard. It permits Cisco IOS devices and CAs to communicate so that Cisco IOS device can obtain and use digital certificates from the CA. Although IPSec can be implemented in network without the use of a CA, using a CA provides manageability and scalability for IPSec.
Here is the URL for the site-to-site VPN. Follow the configuration guide it will help you :
http://www.cisco.com/en/US/docs/security/vpn_modules/6342/configuration/guide/6342site3.html
09-17-2008 10:07 AM
Thank you much!
I will read this documents now.
I made the configuration via SDM and nowhere is configured to search the certificate from the domain controler. Therewhere not undarstand why the router is searching for the domain controler?
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide