Results 1 to 2 of 2
  1. #1
    Newbie
    Join Date
    Sep 2013
    Posts
    1

    Default IPSEC using Cisco Router as CA Server

    Hello

    I am using 2 Cisco Routers for ipsec tunnel and third Cisco router as CA server .
    It seems as the routers recive the certificates from the CA Router but no Traffic between them (fails on phase 1 ).

    Following important Router configuration and I can send also debug messages:

    R1:


    crypto pki server cisco1
    issuer-name CN=cisco1.cisco.com L=RTP C=US
    cdp-url http://192.168.252.254/cisco1cdp.cisco1.crl
    !
    crypto pki trustpoint cisco1
    revocation-check crl
    rsakeypair cisco1
    !
    !
    crypto pki certificate chain cisco1
    certificate ca 01
    308201A0 3082014A A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    26312430 22060355 0403131B 63697363 6F312E63 6973636F 2E636F6D 204C3D52
    54502043 3D555330 1E170D31 33303930 38313031 3231335A 170D3136 30393037
    31303132 31335A30 26312430 22060355 0403131B 63697363 6F312E63 6973636F
    2E636F6D 204C3D52 54502043 3D555330 5C300D06 092A8648 86F70D01 01010500
    034B0030 48024100 C4D81725 37AE4F29 868F6A6C 8DD005AC 68B5876D D4AC89FD
    4CE1800C 6BB5A601 9C5AB866 6EE0338E E66BE612 49FC0A9D 562B9D9F ABBAC04C
    320F6750 081BDCD7 02030100 01A36330 61300F06 03551D13 0101FF04 05300301
    01FF300E 0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 16801456
    F091F770 16A63F89 B46900B1 3E67198B 0D548E30 1D060355 1D0E0416 041456F0
    91F77016 A63F89B4 6900B13E 67198B0D 548E300D 06092A86 4886F70D 01010405
    00034100 52FBD15E 39D75563 BA2EBD8B 6C2C9CD7 732A0871 F9A85E65 F2A0C6EA
    490A31FE 0F92BE14 8AFD1764 509E9AE1 312A121A B3A9E92C 6A1A9904 39A482F4 CEE786
    50
    quit

    interface GigabitEthernet0/0
    ip address 192.168.252.254 255.255.255.0
    duplex auto
    speed auto
    media-type rj45


    !



    R3 (similiar to R2):

    crypto pki trustpoint cisco
    enrollment retry count 5
    enrollment retry period 3
    enrollment url http://192.168.252.254:80
    usage ike
    usage ssl-server
    usage ssl-client
    serial-number
    revocation-check crl
    !
    !
    crypto pki certificate chain cisco
    certificate ca 01
    308201A0 3082014A A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    26312430 22060355 0403131B 63697363 6F312E63 6973636F 2E636F6D 204C3D52
    54502043 3D555330 1E170D31 33303930 38313031 3231335A 170D3136 30393037
    31303132 31335A30 26312430 22060355 0403131B 63697363 6F312E63 6973636F
    2E636F6D 204C3D52 54502043 3D555330 5C300D06 092A8648 86F70D01 01010500
    034B0030 48024100 C4D81725 37AE4F29 868F6A6C 8DD005AC 68B5876D D4AC89FD
    4CE1800C 6BB5A601 9C5AB866 6EE0338E E66BE612 49FC0A9D 562B9D9F ABBAC04C
    320F6750 081BDCD7 02030100 01A36330 61300F06 03551D13 0101FF04 05300301
    01FF300E 0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 16801456
    F091F770 16A63F89 B46900B1 3E67198B 0D548E30 1D060355 1D0E0416 041456F0
    91F77016 A63F89B4 6900B13E 67198B0D 548E300D 06092A86 4886F70D 01010405
    00034100 52FBD15E 39D75563 BA2EBD8B 6C2C9CD7 732A0871 F9A85E65 F2A0C6EA
    490A31FE 0F92BE14 8AFD1764 509E9AE1 312A121A B3A9E92C 6A1A9904 39A482F4 CEE78650
    quit
    !
    !
    archive
    log config
    hidekeys
    !
    !
    crypto isakmp policy 1
    hash md5
    group 2
    !
    !
    crypto ipsec transform-set ts_1 esp-des esp-md5-hmac
    !
    crypto map map_1 1 ipsec-isakmp
    set peer 10.0.0.1
    set transform-set ts_1
    match address 100
    !
    !
    !
    ip ssh version 1
    !
    !
    !
    !
    interface GigabitEthernet0/0
    no ip address
    shutdown
    duplex auto
    speed auto
    media-type rj45
    !
    interface GigabitEthernet0/1
    ip address 192.168.252.253 255.255.255.0
    duplex auto
    speed auto
    media-type rj45
    !
    interface FastEthernet1/0
    ip address 10.0.0.2 255.255.255.0
    duplex auto
    speed auto
    crypto map map_1
    !
    interface FastEthernet1/1
    no ip address
    duplex auto
    speed auto
    !
    ip forward-protocol nd
    no ip http server
    no ip http secure-server
    !
    !
    !
    access-list 100 permit icmp any any
    !





    Attached the Setup,

    Appreciate your assitance and I will send any required information .

    thanks
    Roee
    Attached Images Attached Images

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,469

    Default

    I don't see Untangle in the picture, this probably isn't the best place to ask for help?
    If you think I got Grumpy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2