From: Mark Snow (mark@ipexpert.com)
Date: Fri Feb 23 2007 - 19:51:42 ART
Have you setup NTP on all three devices and verified time-sync?
Mark Snow
CCIE Instructor / Developer - IPexpert, Inc.
CCIE #14073 (Voice, Security)
URL: http://www.IPexpert.com
Toll Free: +1.866.225.8064
International: +1.810.326.1444
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Anthony Bonilla
Sent: Friday, February 23, 2007 4:00 PM
To: ccielab@groupstudy.com
Subject: IPSec problem using CA server
All,
I am currently testing IPSec to work with a CA server. I have configured
two routers (connected via a LAN connection) and have retrieved certificates
on both routers successfully but when I try to bring up the tunnel by
pinging one router from the other, I get the following message:
%CRYPTO-5-IKMP_INVAL_CERT: Certificate received from x.x.x.x is bad: CA
request failed
Can someone pls let me know what could be a common cause - if I remove
crypto map from the interfaces, things start to work. BTW, I have
configured a tunnel interface using the physical LAN connection between the
routers and have crypto map applied to both tunnel and lan interfaces.
TIA
Tony.
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:48 ART