I am fairly new to GETVPN and I hit a brick wall at the moment. I am hoping somene will be able to help me...
In attachement I will put a visio of my design in which I want to enable GETVPN.
I want to enable GETVPN on my testnetwork but I want to perform ISAKMP authentication by using PKI in stead of pre-shared keys. And I want the GETVPN key server to be the CA server also (and the COOP KS must be the backup CA server but this I haven't tried yet as I don't manage the KS to be CA).
To dismiss any connectivity issues in advance: when I use pre-shared keys, GETVPN operates as it should.
Can someone point me towards a document that explains clearly how and why I have to configure certain things?
I used following documents already:
- GETVPN design & implementation guide.
- GET VPN solution deployment guide
- Configure and enroll a cisco router to another cisco router configured as CA server
However without success at this point.
I am looking for some pointers: What should I configure first? Why (so I can understand what I did/do wrong), What second, etc...
The core is MPLS
GETVPN works when using ISAKMP pre-shared keys
WAN adresses are not known to the Customer, so the GETVPN uses the LAN addresses to authenticate en encrypt (with the crypto map Customer1 local-address "LAN interface" comand).
Crypto map is applied to WAN interface (172.16.0.x)
I also tried to make it work on an easier network R1-----SW1----R2
But I did not manage to make it work like this either.
If you need more info, I'll be glad to provide you with this. (Configs I can not provide at this moment as I am not at my lab).