Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-to-Site VPN with Microsoft CA

Hi All,

I am building a site-to-site VPN using Microsoft CA. One end is Cisco 2811 router and the other end is PIX 6.3(4). The Microsoft CA is the Sub-CA with a 4096 bit root cert. I use SCEP to obtain certificate. It's work on the 2811 router but failed on the PIX.

ca generate rsa key 1024

ca identity dsisca1 192.168.5.208:/certsrv/mscep/mscep.dll

ca configure dsisca1 ra 1 20 crl

ca authen dsisca1

and it couldn't be authenticated successfully.

Attached is the debug crypto ca message, is there any limitation on the PIX?

Thanks in advance!!

1 REPLY
Silver

Re: Site-to-Site VPN with Microsoft CA

Why don't you use RMC? RMC support PKI, RMC will make it a very simple task, for example if needed trust relationship will be deduced and provisioned automatically etc..

117
Views
0
Helpful
1
Replies
CreatePlease login to create content