11-01-2008 04:01 PM - edited 02-21-2020 04:01 PM
Hi guys,
I am using RSA nonces for peer authentication with IPSec site2site VPN connection.
My routers do not support authentication rsa-encr so what is the difference really between rsa-encr and rsa-sig?
I generated rsa usage keys and all works good with authentication rsa-sig however i am not sure if that's the correct way for doing so.
Thanks a lot for any suggestions.
Remi
11-06-2008 07:34 PM
rsa-sig - specifies that certificates and a Certificate Authority (CA) are used for authentication.(digital signature)
Specifies Rivest, Shamir, and Adelman (RSA) signatures as the authentication method.
rsa-encr - specifies that RSA encrypted nonces are used.(public key cryptography).
The VPN Acceleration Module (VAM) or VPN Acceleration Module 2 (VAM2) does not support this authentication method
11-06-2008 09:24 PM
Hi and thanks for the explanation. When I use CA for rsa-sig authentication, do the routers contact CA and download certificates each time they build IPSec tunnel or it happens just once during the router preparation for rsa-sig?
Many thanks for your help.
PS. I am trying to build s2s IPSec tunnel between 2 peers but authenticating as hostnames (dynamic IPs). Pre-share doesn't work even with crypto isakmp identity hostname.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: