04-22-2008 03:13 PM - edited 03-11-2019 05:35 AM
Hi,
I have a router and PIX in my lab and I am trying to setup site-to-site VPN between both using CA for authentication.
The router is my CA and the PIX is an agent to it. This certificate between both were generated and shared successfully.
However, the VPN is failing to establish and I can see debug errors on the router, however I dont see any debug output on the PIX when enabling the "debug crypto isakmp and debug crypto ipsec" commands.
It looks like the VPN is failing at phase I but I am not able to know where exactly is the problem.
What is also surprising is, although I am configuring "auth rsa-sig" on both the router and the PIX in the isakmp policy, when doing show run from the router I dont see this listed there!
Please find attached both the router and PIX configs with the debug output from the router.
I would appreciate you looking into my problem and helping me in sorting it out.
Thanks,
Haitham
04-28-2008 12:46 PM
Troubleshoot and Alerts Select Your Technology- >security and VPN
http://www.cisco.com/web/psa/technologies/tsd_technology_support_troubleshoot_and_alerts.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide