cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
239
Views
0
Helpful
1
Replies

Site-to-Site VPN with Microsoft CA

paulowillys
Level 1
Level 1

Hi All,

I am building a site-to-site VPN using Microsoft CA. One end is Cisco 2811 router and the other end is PIX 6.3(4). The Microsoft CA is the Sub-CA with a 4096 bit root cert. I use SCEP to obtain certificate. It's work on the 2811 router but failed on the PIX.

ca generate rsa key 1024

ca identity dsisca1 192.168.5.208:/certsrv/mscep/mscep.dll

ca configure dsisca1 ra 1 20 crl

ca authen dsisca1

and it couldn't be authenticated successfully.

Attached is the debug crypto ca message, is there any limitation on the PIX?

Thanks in advance!!

1 Reply 1

wong34539
Level 6
Level 6

Why don't you use RMC? RMC support PKI, RMC will make it a very simple task, for example if needed trust relationship will be deduced and provisioned automatically etc..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: