Basic IPSEC authentication Question

Unanswered Question
Dec 22nd, 2008

Hello All

I have some basic questions regarding ISAKMP Certificate based authentication between

cisco routers. Specifically when two peers exchange certificates during the authentication

phase and establish the fact that these come from a mutually trusted Authority, do they perform any

additional checks?

Do they verify that the identity provided by the peer is also the one encoded in the subject

of the certificate that was provided by this peer? (like in SSL where the URL of the server

must be encoded in the subject of the certificate)

Or just the fact the certificate comes from a trusted Authority is considered enough and

the authetication is successful regardless of the identity supplied by the peer???

Can anyone provide some link describing the mechanism used certificate-based authentication

for isakmp in cisco-routers?

Any help is wellcomed

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Mon, 12/29/2008 - 07:55

If certificates are used the peer will not perform any other identity check, however, this can be seen as the role of the certificate authority (who has assigned the certificate) to validate the certificate owners identity. Hence if the device trusts the certificate authority and the certificate authority validates the peers identity; the peer is taken as valid by the device and no other check is required.

Actions

This Discussion