IPSec authentication with RSA nonces

Unanswered Question
Nov 1st, 2008
User Badges:

Hi guys,

I am using RSA nonces for peer authentication with IPSec site2site VPN connection.

My routers do not support authentication rsa-encr so what is the difference really between rsa-encr and rsa-sig?

I generated rsa usage keys and all works good with authentication rsa-sig however i am not sure if that's the correct way for doing so.

Thanks a lot for any suggestions.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

rsa-sig - specifies that certificates and a Certificate Authority (CA) are used for authentication.(digital signature)

Specifies Rivest, Shamir, and Adelman (RSA) signatures as the authentication method.

rsa-encr - specifies that RSA encrypted nonces are used.(public key cryptography).

The VPN Acceleration Module (VAM) or VPN Acceleration Module 2 (VAM2) does not support this authentication method

remi-reszka Thu, 11/06/2008 - 21:24
User Badges:

Hi and thanks for the explanation. When I use CA for rsa-sig authentication, do the routers contact CA and download certificates each time they build IPSec tunnel or it happens just once during the router preparation for rsa-sig?

Many thanks for your help.

PS. I am trying to build s2s IPSec tunnel between 2 peers but authenticating as hostnames (dynamic IPs). Pre-share doesn't work even with crypto isakmp identity hostname.


This Discussion