Did you upgrade to version 5.2? It is required for the win2k CA.
-Ryan
----- Original Message -----
From: "Christopher Larson" <[EMAIL PROTECTED]>
To: "Horvath, Russell" <[EMAIL PROTECTED]>; "'Asbjorn Hojmark'"
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "'Jason1'"
<[EMAIL PROTECTED]>; "'Jim Bond'" <[EMAIL PROTECTED]>
Sent: Friday, September 22, 2000 3:45 AM
Subject: Re: CA in IPSec
> One other thing to note, we are still unsuccessfull in getting certs from
> Microsoft to the PIX. According to CCO it will only work with entrust and
> Verisign. I was told that is because at the time the docs were written
those
> 2 CA's were the only ones doing SCEP and that since Microsoft is using
SCEP
> you might get it work. We are still unsuccessful in this regard.
>
>
> ----- Original Message -----
> From: "Horvath, Russell" <[EMAIL PROTECTED]>
> To: "'Chris Larson'" <[EMAIL PROTECTED]>; "'Asbjorn Hojmark'"
> <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "'Jason1'"
> <[EMAIL PROTECTED]>; "'Jim Bond'" <[EMAIL PROTECTED]>
> Sent: Friday, September 22, 2000 4:16 AM
> Subject: RE: CA in IPSec
>
>
> > Just a quick question regarding CA's on windows2000.
> >
> > I am currently looking at this for our network but in the labs. This
said
> we
> > are looking at using the windows2000 one as its the cheapest.
> >
> > Has anyone actually set up the CA for windows2000?
> > Are there any 'GOTCHAS' I need to be aware of when using with cisco IOS
> 12.1
> > and above?.
> > Is there a limitation with the size of network you can use it on?
> >
> > regards Russ
> >
> > > ----------
> > > From: Asbjorn Hojmark[SMTP:[EMAIL PROTECTED]]
> > > Reply To: Asbjorn Hojmark
> > > Sent: 21 September 2000 23:09
> > > To: 'Chris Larson'
> > > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; 'Jason1'; 'Jim Bond'
> > > Subject: RE: CA in IPSec
> > >
> > > > We will secure by having the root CA off-line and walking
> > > > the ROOT Cert to the RA. Also, the CA cert will remain
> > > > pending until the security admin issues it to the router.
> > >
> > > You should note that IOS currently doesn't currently support
> > > cert chaining (subordinate CAs). I learned this the hard way.
> > >
> > > TAC tells me, however, that DE is testing two-level hierar-
> > > chies and that they expect it to ship with 12.1(4)T or maybe
> > > first with 12.2.
> > >
> > > HTH,
> > > -A
> > > --
> > > Heroes: Vint Cerf & Bob Kahn, Leonard Kleinrock, Robert Metcalfe
> > > Links : http://www.hojmark.org/networking/
> > >
> > >
> > > _______________________________________________________
> > > To unsubscribe from the CCIELAB list, send a message to
> > > [EMAIL PROTECTED] with the body containing:
> > > unsubscribe ccielab
> > >
> >
> > **NOTE: New CCNA/CCDA List has been formed. For more information go to
> > http://www.groupstudy.com/list/Associates.html
> > _________________________________
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _______________________________________________________
> To unsubscribe from the CCIELAB list, send a message to
> [EMAIL PROTECTED] with the body containing:
> unsubscribe ccielab
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
