I need help for this problem: I am using a Cisco 877 router to build IPSec/GRE tunnel over Internet to a Nokia firewall / Checkpoint VPN-1 NG box. We used to build the IPSec tunnel using pre-shared key at both ends, which works well. But this time the Nokia firewall end does not allow it, and always request "ISAKMP: auth RSA sig" instead (got it from debug crypto ISAKMP). There is a way to fix the problem by changing global settings for the firewall, but it is not allowed because other IPSec tunnels already terminated on that box.
So we have to use the router's self signed cert instead of pre-shared key for crypto. But I don't know what parameters to specify when configing "crypto key public-chain rsa". What information do I need to ask the Nokia firewall admin for? and what he has to do to manually generate/exchange the cert? I wonder if anyone has done this before, and please help if you do.
Thanks in advance