Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSec VPN between PIX and Router with digital certificates

Hi,

I'm trying to build a IPSec VPN between a PIX (v6.3) and a router (IOS 12.4.3a) with digital certificates. I have enroll both of my equipment with a Microsoft CA Server (with scep addon). When trying to build the tunnel, the debug on the router tells me " %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from 192.168.1.1 is bad: CA request failed!". I followed the example available on the CCO : http://www.cisco.com/en/US/customer/tech/tk583/tk372/technologies_configuration_example09186a00800946c0.shtml

but no chance to get it working.

Any help will be appreciated !

Regards

Francois

  • VPN
4 REPLIES
Silver

Re: IPSec VPN between PIX and Router with digital certificates

Try by using pre-shared keys instead of digital certificates if it is working fine.Then the problem is communication between the Router and CA server.So,replace the CA server with new one.

New Member

Re: IPSec VPN between PIX and Router with digital certificates

Hi Francois,

Are you CRL checking at all? Also i take it the time on the equipment matches the time and date on the CA Server? Can you highlight the order of events you did when enrolling these devices and obtained the certificates?

That would be great :-)

Andy

New Member

Re: IPSec VPN between PIX and Router with digital certificates

Hi,

It seems to be a IOS issue when running 12.4.3a on the 2821. I tried exactly the same configuration with a 2600 running 12.2.15T and all was fine. Do you know if we have to add some "new" options with version 12.4 ? I didn't found any bugs in the release notes concerning this.

Concerning the date/time, the CA Server and the two routers were syncronized.

Francois

New Member

Re: IPSec VPN between PIX and Router with digital certificates

Hi Francois,

Any chance you can post the configs with private info etc masked?

thanks :-)

Andy

239
Views
0
Helpful
4
Replies