×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

2851 ISR w vpnclient and rsa-encr

Unanswered Question
Nov 9th, 2006
User Badges:

I am working on getting Easy VPN Server to work with vpnclient over pub internet. We dont want to use a preshared key or a CA, so im setting authentication with 'authentication rsa-encr' in the IKE policy. I am to understand this can setup public and private keys without actually needing a CA.


I know what I want to do but I am finding it hard to find a config example for both the server and the vpnclient software. I somehow need to generate pub/priv keys on both sides and get the other access to the pub key. Im new to cisco vpn and the ISR router, so Im having trouble with exactly how to setup the key generation between the client and router and get this working.


shared-key does work for me. I have one 2851 ISR router and want to allow home based users the ability to access the corporate WAN with a digital certificate on both sides. I have read several documents from Cisco, but I dont have a CA.


I can use openssl if needed, and did have one key accepted into cut and past but the vpn failed to connect because of a bad key error.


Does anyone have info on this particular setup?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
m.sir Fri, 11/10/2006 - 00:00
User Badges:
  • Gold, 750 points or more

Hi I am affraid that preshared keys and CA are only two supported methods for EZ VPN server.. There is no support for rsa-encrypted nonces

M.

Actions

This Discussion