Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

fqdn error but crypto session still goes up

Hi,

I can see on my dmvpn hub ruoter these logs: CRYPTO-6-IKMP_NO_ID_CERT_FQDN_MATCH.

The error points to a fqdn mismatch.

Checking further I discovered the the hostname on the certificate provided by the spoke does not match the actual hostname of the spoke.

The weird thing is the crypto session still eventually goes up.

Can anybody explain this?

Thanks for your help in advance.

1 REPLY
New Member

fqdn error but crypto session still goes up

Hi,

Just to follow up, I saw on another thread a lab scenario where the user changed the hostname of his router and still the ipsec session went through even after clearing the isa and ipsec sessions.

Is it reasonable to deduce that so long as the signed certificate is successfully decrypted by the root ca's pub key then the remote peer is authenticated?

437
Views
0
Helpful
1
Replies
CreatePlease to create content