02-24-2003 02:07 AM - edited 02-21-2020 12:22 PM
hi,
I have Microsoft CA server with latest SCEP support and pix 501 that gets digital certificate. I also get certificate to Cisco client, but VPN does not work
In IPSec Log Viewer i constantly get "CM_IKE_ESTABLISH_FAIL"
This worked fine before Win2k server was completely updated with latest patches.
The configuration on pix is the same as in article http://www.cisco.com/warp/public/471/configipsecsmart.html
I reinstall standalone CA server and SCEP support but had no luck.
what could be wrong ?
Solved! Go to Solution.
02-28-2003 07:57 AM
This looks like IKE establisment problem. Make DH as group 2 for ISAKMP policy.
Check this link:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/ipsec/exvpncl.htm
02-28-2003 07:57 AM
This looks like IKE establisment problem. Make DH as group 2 for ISAKMP policy.
Check this link:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/ipsec/exvpncl.htm
04-16-2003 04:56 AM
hi there:
i also failed with the same scenerio as you, i managed to enroll cert with MS CA but the client failed wtih "CM_IKE_ESTABLISH_FAIL" Do you manage to solve it?
04-23-2003 08:27 AM
it realy was the isakmp policy problem
the hash has to be md5 with client 3.6.3
tnx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide