Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Site-to-Site between 2811 - not VPN up


I try to established Site-to-Site VPN between two 2811 with static IP addresses.

I think there some problem with the certificates of the routers. It seems like the peer try to get a valid certificate from a domain controller in one of the LAN's.

There is Router and Router2 in LAN and LAN2.

Router_Public_IP - the public IP address of “Router”.

Route2r_Public_IP- the public IP address of “Router2”.

In the LAN of “Router” there is a domain controller servidor.cuenca.plainsa.local with the role of CA. I don't know way the Router ask this server for the certificate? There is no any configuration in “Router” about this server.

Thank you much!


Re: VPN Site-to-Site between 2811 - not VPN up

Certification authority (CA) interoperability is provided by the ISM in support of the IPSec standard. It permits Cisco IOS devices and CAs to communicate so that Cisco IOS device can obtain and use digital certificates from the CA. Although IPSec can be implemented in network without the use of a CA, using a CA provides manageability and scalability for IPSec.

Here is the URL for the site-to-site VPN. Follow the configuration guide it will help you :

New Member

Re: VPN Site-to-Site between 2811 - not VPN up

Thank you much!

I will read this documents now.

I made the configuration via SDM and nowhere is configured to search the certificate from the domain controler. Therewhere not undarstand why the router is searching for the domain controler?

Thank you.

CreatePlease to create content