I want to test that IPSec Between PIX and Cisco VPN Client Using ca certificate.But pix can not get the certificate from CA server with Microsoft Windows 2003 Enterprise Server.I install the Simple Certificate Enrollment Protocol(SCEP) add-on for Certificate Service in CA Server.Connection test using command Ping between pix and CA server is ok.
Ip address of CA server is 192.168.22.167/24
ip address outside 192.168.22.166 255.255.255.0
clock timezone beijing +8
CA Server and pix located in the same timezone.
pix1(config)# ca generate rsa key 512
Keypair generation process begin.
pix1(config)# sh ca mypubkey rsa
% Key pair was generated at: 17:54:34 beijing Oct 8 2006
I am sure that I configure the same timezone on pix515 and CA server.
But the way, I add a router 2811 to my experiment and the router can get a certificate from CA server.Vpn client(version 4.6.01) also got a certificate from CA server.But vpn client can not dial-in with rsa-sig authentication.Attachments are configuration of router and debug information.
I can not find the reason now.Could anybody else do the same experiment and give me some suggestion.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :