We have three Cisco 1710 security access routers, all with the same problem.
We found various times when they certification authority would fall apart and connections would be refused. We did a lot of googling, found it to be a common problem, with the resolution being to add
to the trustpoint.
This worked when building a new router. However, when trying to add the line to existing trustpoints, you would type exactly "crl optional" in the trustpoint definition and then to a show run, you would see
crl optional optional
Somehow, the running config became something that's not valid. (It's not.. run the command and see the error).
Works every time just like the above, though strangely seems to solve the problem. Issue is when you "copy run start", it copies the incorrect line to startup-config, which then fails to load on reboot. I have tested copying it to a tftp server, then copying it straight back to running-config. It fails. By editing the text file to remove the extra occurance of the wor d"optional", then loading it back to running-config, we have a correctly working backup.
How to get it in startup config, and thus survive hte reboot however, has us stumped. More importantly, why is it doubling that word up in the first place?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :