testing RA VPNs to the SPA-IPSEC-2G in IOSs ver 12.2(33)SXI3 and when I initiate client connection it fails. I'm using third party certificates with revocation checks via ocsp. Debug output is as follows:
CRYPTO_PKI: http connection opened CRYPTO_PKI: OCSP response status - successful E ../crypto/ca/provider/revoke/ocsp/ocsputil.c(328) : Error #708h CRYPTO_PKI: failed to verify OCSP response - 1800 CRYPTO_PKI: Certificate not validated 5CRYPTO-5-IKMP_INVAL_CERT: Certificate received from X.X.X.X is bad: certificate invalid
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...