Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
430
Views
0
Helpful
1
Replies

Basic IPSEC authentication Question

victor.lyapunov
Level 1
Level 1

‎12-22-2008 11:13 AM - edited ‎02-21-2020 04:06 PM

Hello All

I have some basic questions regarding ISAKMP Certificate based authentication between

cisco routers. Specifically when two peers exchange certificates during the authentication

phase and establish the fact that these come from a mutually trusted Authority, do they perform any

additional checks?

Do they verify that the identity provided by the peer is also the one encoded in the subject

of the certificate that was provided by this peer? (like in SSL where the URL of the server

must be encoded in the subject of the certificate)

Or just the fact the certificate comes from a trusted Authority is considered enough and

the authetication is successful regardless of the identity supplied by the peer???

Can anyone provide some link describing the mechanism used certificate-based authentication

for isakmp in cisco-routers?

Any help is wellcomed

Labels:
0 Helpful
1 Reply 1

Not applicable

‎12-29-2008 07:55 AM

If certificates are used the peer will not perform any other identity check, however, this can be seen as the role of the certificate authority (who has assigned the certificate) to validate the certificate owners identity. Hence if the device trusts the certificate authority and the certificate authority validates the peers identity; the peer is taken as valid by the device and no other check is required.

0 Helpful
Customers Also Viewed These Support Documents