Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1026
Views
0
Helpful
2
Replies

IPSec authentication with RSA nonces

remi-reszka
Level 1
Level 1

‎11-01-2008 04:01 PM - edited ‎02-21-2020 04:01 PM

Hi guys,

I am using RSA nonces for peer authentication with IPSec site2site VPN connection.

My routers do not support authentication rsa-encr so what is the difference really between rsa-encr and rsa-sig?

I generated rsa usage keys and all works good with authentication rsa-sig however i am not sure if that's the correct way for doing so.

Thanks a lot for any suggestions.

Remi

Labels:
0 Helpful
2 Replies 2

wong34539
Level 6
Level 6

‎11-06-2008 07:34 PM

rsa-sig - specifies that certificates and a Certificate Authority (CA) are used for authentication.(digital signature)

Specifies Rivest, Shamir, and Adelman (RSA) signatures as the authentication method.

rsa-encr - specifies that RSA encrypted nonces are used.(public key cryptography).

The VPN Acceleration Module (VAM) or VPN Acceleration Module 2 (VAM2) does not support this authentication method

0 Helpful

remi-reszka
Level 1
Level 1
In response to wong34539

‎11-06-2008 09:24 PM

Hi and thanks for the explanation. When I use CA for rsa-sig authentication, do the routers contact CA and download certificates each time they build IPSec tunnel or it happens just once during the router preparation for rsa-sig?

Many thanks for your help.

PS. I am trying to build s2s IPSec tunnel between 2 peers but authenticating as hostnames (dynamic IPs). Pre-share doesn't work even with crypto isakmp identity hostname.

0 Helpful
Customers Also Viewed These Support Documents