IPSec authentication with RSA nonces

remi-reszka · ‎11-01-2008

Hi guys,

I am using RSA nonces for peer authentication with IPSec site2site VPN connection.

My routers do not support authentication rsa-encr so what is the difference really between rsa-encr and rsa-sig?

I generated rsa usage keys and all works good with authentication rsa-sig however i am not sure if that's the correct way for doing so.

Thanks a lot for any suggestions.

Remi

wong34539 · ‎11-06-2008

rsa-sig - specifies that certificates and a Certificate Authority (CA) are used for authentication.(digital signature)

Specifies Rivest, Shamir, and Adelman (RSA) signatures as the authentication method.

rsa-encr - specifies that RSA encrypted nonces are used.(public key cryptography).

The VPN Acceleration Module (VAM) or VPN Acceleration Module 2 (VAM2) does not support this authentication method

remi-reszka · ‎11-06-2008

Hi and thanks for the explanation. When I use CA for rsa-sig authentication, do the routers contact CA and download certificates each time they build IPSec tunnel or it happens just once during the router preparation for rsa-sig?

Many thanks for your help.

PS. I am trying to build s2s IPSec tunnel between 2 peers but authenticating as hostnames (dynamic IPs). Pre-share doesn't work even with crypto isakmp identity hostname.