IPsec tunnel terminating on HSRP address with certificate authentication
I want so setup a hub and spoke ipsec tunnel topology with a redundant hub (hsrp based). I wonder how to implement certificate based authentication in this case as both router share the same ip address?
Do they need to have the same keys and certificate or what is the best practise in this situation?
Re: IPsec tunnel terminating on HSRP address with certificate au
The point is that certificates are bound to ip addresses or names. As there is no way to transfer private keys from one router to another, both router will have different certificates. From the remote site's point of view there is only one ip address and therefore only one certificate. So authentication will be a problem as I would have to configure two certificates on the remote site router for one single identifier (ip address).
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...