Re: CA in IPSec

From: RyanB (rbenigno@xxxxxxxx)
Date: Fri Sep 22 2000 - 13:13:02 GMT-3

• Next message: Sam Ghalyoun: "RE: The 2948G-L3"
• Previous message: Roger Dellaca: "RE: SNA Filtering Question..."
• Maybe in reply to: Jim Bond: "CA in IPSec"
• Next in thread: Asbjorn Hojmark: "RE: CA in IPSec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Did you upgrade to version 5.2? It is required for the win2k CA.

-Ryan

----- Original Message -----
From: "Christopher Larson" <clarson@pct3.com>
To: "Horvath, Russell" <Russell.Horvath@viatel.com>; "'Asbjorn Hojmark'"
<Asbjorn@Hojmark.ORG>
Cc: <ccielab@groupstudy.com>; <cisco@groupstudy.com>; "'Jason1'"
<jason1@v-labs.net>; "'Jim Bond'" <trycisco@yahoo.com>
Sent: Friday, September 22, 2000 3:45 AM
Subject: Re: CA in IPSec

> One other thing to note, we are still unsuccessfull in getting certs from
> Microsoft to the PIX. According to CCO it will only work with entrust and
> Verisign. I was told that is because at the time the docs were written
those
> 2 CA's were the only ones doing SCEP and that since Microsoft is using
SCEP
> you might get it work. We are still unsuccessful in this regard.
>
>
> ----- Original Message -----
> From: "Horvath, Russell" <Russell.Horvath@viatel.com>
> To: "'Chris Larson'" <clarson@pct3.com>; "'Asbjorn Hojmark'"
> <Asbjorn@Hojmark.ORG>
> Cc: <ccielab@groupstudy.com>; <cisco@groupstudy.com>; "'Jason1'"
> <jason1@v-labs.net>; "'Jim Bond'" <trycisco@yahoo.com>
> Sent: Friday, September 22, 2000 4:16 AM
> Subject: RE: CA in IPSec
>
>
> > Just a quick question regarding CA's on windows2000.
> >
> > I am currently looking at this for our network but in the labs. This
said
> we
> > are looking at using the windows2000 one as its the cheapest.
> >
> > Has anyone actually set up the CA for windows2000?
> > Are there any 'GOTCHAS' I need to be aware of when using with cisco IOS
> 12.1
> > and above?.
> > Is there a limitation with the size of network you can use it on?
> >
> > regards Russ
> >
> > > ----------
> > > From: Asbjorn Hojmark[SMTP:Asbjorn@Hojmark.ORG]
> > > Reply To: Asbjorn Hojmark
> > > Sent: 21 September 2000 23:09
> > > To: 'Chris Larson'
> > > Cc: ccielab@groupstudy.com; cisco@groupstudy.com; 'Jason1'; 'Jim Bond'
> > > Subject: RE: CA in IPSec
> > >
> > > > We will secure by having the root CA off-line and walking
> > > > the ROOT Cert to the RA. Also, the CA cert will remain
> > > > pending until the security admin issues it to the router.
> > >
> > > You should note that IOS currently doesn't currently support
> > > cert chaining (subordinate CAs). I learned this the hard way.
> > >
> > > TAC tells me, however, that DE is testing two-level hierar-
> > > chies and that they expect it to ship with 12.1(4)T or maybe
> > > first with 12.2.
> > >
> > > HTH,
> > > -A
> > > --
> > > Heroes: Vint Cerf & Bob Kahn, Leonard Kleinrock, Robert Metcalfe
> > > Links : http://www.hojmark.org/networking/
> > >
> > >

• Next message: Sam Ghalyoun: "RE: The 2948G-L3"
• Previous message: Roger Dellaca: "RE: SNA Filtering Question..."
• Maybe in reply to: Jim Bond: "CA in IPSec"
• Next in thread: Asbjorn Hojmark: "RE: CA in IPSec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:00 GMT-3