Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

L2TP and CA pix 515E

Hi

We have a cisco pix firewall ,i ve done every step to configure pix certification for l2tp connection also i've set my clock and timezone to gmt and set the time to ca server time:

hostname mypixfirewall

domain-name saderat.com

ca generate rsa key 512

ca identity myca.saderat.com 10.1.1.5:/certsrv/mscep/mscep.dll

ca configure myca.saderat.com ca 1 20 crloptional

ca authenticate myca.saderat.com

ca enroll myca.saderat.com

% No CA root cert exists. Use "ca authenticate"

I turn on debuging with debug crypto ca and see crypto_fail status 266 when i entered ca authentication .... command.

Do i need any addtional configuration on Ca server i've only installed it and didnt change any configuration i also want to know when i install msecp what kind of encryption and authentication i must use ?

Thanks.

Best Regards bahman mozaffari.

1 REPLY
Bronze

Re: L2TP and CA pix 515E

The security appliance does not establish an L2TP/IPsec tunnel with Windows 2000 if either Cisco VPN Client 3.x or Cisco VPN 3000 Client 2.5 is installed. Disable the Cisco VPN service for Cisco VPN Client 3.x, or the ANetIKE service for Cisco VPN 3000 Client 2.5 from the Services panel in Windows 2000. In order to do this choose Start > Programs > Administrative Tools > Services, restart the IPsec Policy Agent Service from the Services panel, and reboot the machine.

116
Views
0
Helpful
1
Replies