Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

rsa-sig problem after Phase1

I recently updated about 70 routers from preshared key to certificate authentication. The most part of them works fine but I'm still searching to resolve a problem on 3 of them.

When I use preshared key the isakmp and ipsec phases complete successfully, but when I use certificates, the Phase 1 complete well and after devices seems to ignore each other.

The VPN is initiate from a Cisco 831 or 871 behind nat to a PIX 515.

Attached debug example of 831

New Member

Re: rsa-sig problem after Phase1

I've seen something like this once before. check you NTP server and verify both devices have the same time stamp. It appears that one device is ahead of the other.

New Member

Re: rsa-sig problem after Phase1

Hello, thanks for your quick response.

All devices are correctly synchronized on UTC.

I really don't know what can affect the ipsec build when the Phase 1 is finished.

CreatePlease login to create content