I'm going through an MPLS cloud to connect to a remote Router.I therefore want to configure IPSec with CA support to secure my VPN link. After the configuration of the IPSec and CA. i noticed that the CA server is not issing a new certificate to the routers but give it own's (server) certificate and hence the IPSec in not encrypting traffic.What could i be doing wrong find attched the config of Routers
Re: Configuring Site to Site IPSec with CA support
Your configuration looks like an interesting blend of authentication options. You say that you want to use certificates, so here goes:
1 In your isakmp policy, you shouldn't need to specify an authentication method, because certificates are the default.
2 If you are using certificates, there are two processes that you need to complete with the CA, the authentication phase (crypto ca authenticate domain.name) and an enrollment phase (crypto ca enroll domain.name) When you complete the first phase, you receive the ca certificate as appears in your key chain, you won't receive your routers own certificate until you complete the enrollment phase.
Like I said, I'm a little concerned that you have a mix of authentication commands on your router. If you are looking at a single point-point encrypted link, then encrypted nonces may be a better option than certificates, as it doesn't require any trust in a third party (the CA)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :