Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
0
Helpful
1
Replies

RSA-SIG Auth for ISAKMP

rob_lay
Level 1
Level 1

‎03-30-2006 01:24 AM

Hi all, I have a question regarding authentication for ISAKMP/IKE. I'd like to use RSA-SIG as the most secure option, however my client doesn't have any CA available and doesn't want one! I've read some conflicting information from Cisco docs, some seem to say that you can generate a local RSA key pair and use that for the RSA-SIG auth. Other docs seem to suggest that you can only do this when enrolling a full certificate. This will be a Pix to Pix L2L tunnel. My question is this, can I use only the local keypairs so that I can utilise the RSA-SIG auth or will I need to enrole a full certificate?? Also, can I generate a local certificate or do I need a CA??

Any help would be really appreciated.

Thanks in advance

Labels:
0 Helpful
1 Reply 1

thomas.chen
Level 6
Level 6

‎04-05-2006 07:14 AM

I believe this document might help you and clarify your doubt. It has some good information on RSA key pair generation.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00801541cf.html#wp1027195

0 Helpful
Customers Also Viewed These Support Documents