11-01-2008 04:01 PM - edited 02-21-2020 04:01 PM
Hi guys,
I am using RSA nonces for peer authentication with IPSec site2site VPN connection.
My routers do not support authentication rsa-encr so what is the difference really between rsa-encr and rsa-sig?
I generated rsa usage keys and all works good with authentication rsa-sig however i am not sure if that's the correct way for doing so.
Thanks a lot for any suggestions.
Remi
11-06-2008 07:34 PM
rsa-sig - specifies that certificates and a Certificate Authority (CA) are used for authentication.(digital signature)
Specifies Rivest, Shamir, and Adelman (RSA) signatures as the authentication method.
rsa-encr - specifies that RSA encrypted nonces are used.(public key cryptography).
The VPN Acceleration Module (VAM) or VPN Acceleration Module 2 (VAM2) does not support this authentication method
11-06-2008 09:24 PM
Hi and thanks for the explanation. When I use CA for rsa-sig authentication, do the routers contact CA and download certificates each time they build IPSec tunnel or it happens just once during the router preparation for rsa-sig?
Many thanks for your help.
PS. I am trying to build s2s IPSec tunnel between 2 peers but authenticating as hostnames (dynamic IPs). Pre-share doesn't work even with crypto isakmp identity hostname.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide