Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSec authentication with RSA nonces

Hi guys,

I am using RSA nonces for peer authentication with IPSec site2site VPN connection.

My routers do not support authentication rsa-encr so what is the difference really between rsa-encr and rsa-sig?

I generated rsa usage keys and all works good with authentication rsa-sig however i am not sure if that's the correct way for doing so.

Thanks a lot for any suggestions.



Re: IPSec authentication with RSA nonces

rsa-sig - specifies that certificates and a Certificate Authority (CA) are used for authentication.(digital signature)

Specifies Rivest, Shamir, and Adelman (RSA) signatures as the authentication method.

rsa-encr - specifies that RSA encrypted nonces are used.(public key cryptography).

The VPN Acceleration Module (VAM) or VPN Acceleration Module 2 (VAM2) does not support this authentication method

New Member

Re: IPSec authentication with RSA nonces

Hi and thanks for the explanation. When I use CA for rsa-sig authentication, do the routers contact CA and download certificates each time they build IPSec tunnel or it happens just once during the router preparation for rsa-sig?

Many thanks for your help.

PS. I am trying to build s2s IPSec tunnel between 2 peers but authenticating as hostnames (dynamic IPs). Pre-share doesn't work even with crypto isakmp identity hostname.