Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

RA VPNs to the SPA-IPSEC-2G

testing RA VPNs to the SPA-IPSEC-2G in IOSs ver 12.2(33)SXI3 and when I initiate client connection it fails. I'm using third party certificates with revocation checks via ocsp. Debug output is as follows: 

CRYPTO_PKI: http connection opened
CRYPTO_PKI: OCSP response status -  successful
E ../crypto/ca/provider/revoke/ocsp/ocsputil.c(328) :  Error #708h
CRYPTO_PKI: failed to verify OCSP response - 1800
CRYPTO_PKI:  Certificate not validated
5CRYPTO-5-IKMP_INVAL_CERT: Certificate  received from X.X.X.X is bad: certificate invalid

the same certificate is validated to the ASA.

any assistance is appreciated.

Thanks!

278
Views
0
Helpful
0
Replies
CreatePlease to create content