Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

e.l
New Member

Netscreen-VPN3000 certificate-base VPN interoperability

Dear All,

Does anyone success to configure certificate-base VPN between NetScreen and VPN3000 ? We got the IKE (Phase1) established but no Phase2 session. Seems like there is an issue with the cert (we are using Entrust to generate cerficates). Would be very appreciate for any help

Best Regards,

  • Other Security Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: Netscreen-VPN3000 certificate-base VPN interoperability

Hi there,

Cert checking/validation is a part of IKE phase 1. If you are passing phase1, then cert should not be an issue

You should enable IKE, IKEDBG,IPSEC

Jazib

3 REPLIES
Bronze

Re: Netscreen-VPN3000 certificate-base VPN interoperability

Hi there,

Cert checking/validation is a part of IKE phase 1. If you are passing phase1, then cert should not be an issue

You should enable IKE, IKEDBG,IPSEC

Jazib

e.l
New Member

Re: Netscreen-VPN3000 certificate-base VPN interoperability

Thanks, we are able to pinpoint the problem. It was something wrong with the cert. After we create a new cert and import it to both devices, they can negotiate the VPN without problem. The configuration is very simple, just a plain certificate-base VPN LAN2LAN.

Best Regards,

Engelhard

New Member

Re: Netscreen-VPN3000 certificate-base VPN interoperability

Hi, I'm also having similar problems. Can you please send me the details of how you did the config.

Thanks,

Naveen

115
Views
0
Helpful
3
Replies
This widget could not be displayed.