Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RSA-SIG Auth for ISAKMP

Hi all, I have a question regarding authentication for ISAKMP/IKE. I'd like to use RSA-SIG as the most secure option, however my client doesn't have any CA available and doesn't want one! I've read some conflicting information from Cisco docs, some seem to say that you can generate a local RSA key pair and use that for the RSA-SIG auth. Other docs seem to suggest that you can only do this when enrolling a full certificate. This will be a Pix to Pix L2L tunnel. My question is this, can I use only the local keypairs so that I can utilise the RSA-SIG auth or will I need to enrole a full certificate?? Also, can I generate a local certificate or do I need a CA??

Any help would be really appreciated.

Thanks in advance

1 REPLY
Silver

Re: RSA-SIG Auth for ISAKMP

I believe this document might help you and clarify your doubt. It has some good information on RSA key pair generation.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00801541cf.html#wp1027195

195
Views
0
Helpful
1
Replies
CreatePlease login to create content