Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Basic IPSEC authentication Question

Hello All

I have some basic questions regarding ISAKMP Certificate based authentication between

cisco routers. Specifically when two peers exchange certificates during the authentication

phase and establish the fact that these come from a mutually trusted Authority, do they perform any

additional checks?

Do they verify that the identity provided by the peer is also the one encoded in the subject

of the certificate that was provided by this peer? (like in SSL where the URL of the server

must be encoded in the subject of the certificate)

Or just the fact the certificate comes from a trusted Authority is considered enough and

the authetication is successful regardless of the identity supplied by the peer???

Can anyone provide some link describing the mechanism used certificate-based authentication

for isakmp in cisco-routers?

Any help is wellcomed


Re: Basic IPSEC authentication Question

If certificates are used the peer will not perform any other identity check, however, this can be seen as the role of the certificate authority (who has assigned the certificate) to validate the certificate owners identity. Hence if the device trusts the certificate authority and the certificate authority validates the peers identity; the peer is taken as valid by the device and no other check is required.

CreatePlease to create content