From: Daniel Kutchin (daniel@kutchin.com)
Date: Thu Dec 04 2008 - 16:10:52 ARST
Was the Cert enrollment really complete?
sh cry ca cert | i Status, or
sh cry pki cert | i Status
Daniel
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tomi
Amao
Sent: Donnerstag, 4. Dezember 2008 15:31
To: ccielab@groupstudy.com
Subject: IPSec problem using CA server
i have an issue nd this is it i hope to get help from any1 as soon as
possible thx.
i have 2 routers on a LAN and a CA also on that LAN
the 2 routers have authenticated the CA nd then enrolled with the CA
the 2 routers have generated rsa keys (1024)
when i create interesting traffic on the routers that match the proxy ACL
the traffic never gets encrypted
isakmp phase 1 attributes are acceptable
but along the line durin the debug crypto isakmp and debug crypto ipsec i
get
the following error message:
%CRYPTO-5-IKMP_INVAL_CERT: Certificate received from x.x.x.x is bad:
CArequest
failed
i've read tht time on the cisco routers could be a problem but tht is
properly
sorted out the 2 routers are synched up
with proper time and they are also synched up with proper time from the CA
i really can't guess again wat the problem could be any help would really be
appreciated urgently
thx
Tomi Amao
CCIE#19627
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:07 ARST