09-24-2007 02:22 AM - edited 03-11-2019 04:15 AM
hi,
I have a problem when I try to enroll my new ASA 5510 (no problem with all my PIX in 6.3)
I configured ASA like this :
crypto ca trustpoint Test
revocation-check crl
enrollment retry count 5
enrollment url http://aaa.bbb.ccc.ddd:80/xxxxxxxxx
serial-number
ip-address eee.fff.ggg.hhh
password *
so all is ok except enrollement... it seems to me that ASA doesn't add IP address in demand to CA... I tested different thing... still same problem
On CA side, I have that in log :
UNSTRUCTUREDNAME = name.domain.fr,
UNSTRUCTUREDADDRESS = ,
SERIALNUMBER = zzzzzzzzz
-> UNAUTHORIZED SCEP Request
there is no IP address...
if one of you has an idea... or if this problem is known...
Thanks
Nicolas
09-28-2007 08:44 AM
You might want to take a look at the following configuration guide
http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/selected_procedures/asdmcer.html
10-01-2007 08:06 AM
yep... already read...
and no more...
problem is IOS I think... because problem is there on ASA and PIX
without IP authentication... all is ok... but in my case... I need IP+ all the rest
Nico
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: