IPSec authentication with RSA nonces

Unanswered Question
Nov 1st, 2008
User Badges:

Hi guys,


I am using RSA nonces for peer authentication with IPSec site2site VPN connection.


My routers do not support authentication rsa-encr so what is the difference really between rsa-encr and rsa-sig?


I generated rsa usage keys and all works good with authentication rsa-sig however i am not sure if that's the correct way for doing so.


Thanks a lot for any suggestions.


Remi

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

rsa-sig - specifies that certificates and a Certificate Authority (CA) are used for authentication.(digital signature)

Specifies Rivest, Shamir, and Adelman (RSA) signatures as the authentication method.


rsa-encr - specifies that RSA encrypted nonces are used.(public key cryptography).


The VPN Acceleration Module (VAM) or VPN Acceleration Module 2 (VAM2) does not support this authentication method


remi-reszka Thu, 11/06/2008 - 21:24
User Badges:

Hi and thanks for the explanation. When I use CA for rsa-sig authentication, do the routers contact CA and download certificates each time they build IPSec tunnel or it happens just once during the router preparation for rsa-sig?


Many thanks for your help.


PS. I am trying to build s2s IPSec tunnel between 2 peers but authenticating as hostnames (dynamic IPs). Pre-share doesn't work even with crypto isakmp identity hostname.

Actions

This Discussion