I have a couple of questions, first I have some branches whose certificates already expired. And since my IOSCA is set to manual granting of certificates, and I was not able to grant them before the certificate expired, the branches lost their dmvpn connection to the Hub. The problem is when I try to reconfigure/authenticate the trustpoint to try to re enroll, I am presented with this error "Error in connection to Certificate Authority: status = FAIL". I can ping the CA from the spoke so I don't think this is a connectivity issue. The show crypto pki server shows that the ca server is enabled. Any ideas?
For my second question, I have auto-rollover configured on my IOS CA, do I have to configure any more commands so that the new CA cert can be propagated to the spokes, aside from the autorollover command itself?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...