Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
How to configure a LAN-to-LAN IPSec tunnel with self-signed certificates on the router
Self-signed certificates work only with a Secure Sockets Layer (SSL) connection and fail when IPSec is used.
IPSec LAN-to-LAN tunnels do not work with self-signed certificates on routers.
Once both routers have signed their own certificates (acting as a Certificate Authority (CA) for their own certificates), they do not trust each other because the certificate signing authority is not the same. Self-signed certificates work for SSL connections, but they do not work with the Internet Security Association and Key Management Protocol (ISAKMP) or IPSec Rivest, Shamir, and Adelman (RSA) signature implementation because the CA is required to sign or authenticate the certificates.
Note: A CA is recommended. Otherwise, certificates must be transported to each router manually. This is similar to authentication using RSA encryption, where public keys must be transferred to each router.