First, get a copy of SCEP at http://corporate.windowsupdate.microsoft.com/en/default.asp. Search "scep" under Win2K. Setup your CA as Standalone CA, install IIS & SCEP. If you need, type "certutil -vroot" to generate web pages. When you successfully setup SCEP, you should be able to see the CA fingerprint and password for your SCEP session at http://ca_server/certsrv/mscep/mscep.dll. This is also the enrollment URL you should type in your router. Follow the Cisco guide to request cert and authenticate. You will need to check your cert password at the URL above. Make sure few things: 1. Clock is set to GMT and both clocks on CA and router match. 2. You need "enrollment mode ra" and "crloptional" on the router. 3. You may need http://ca_server:80/certcrv/mscep/mscep.dll, the port 80 on older 12.0 IOS.
HTH Gary CCIE#8256 ""NKP"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi , > I am trying to get a Win2K Advanced Server with a CA server installed > in it to generate a key from its CAuthority. > It generates key for any request that is coming from any Microsoft > client on the LAN , but it is not accepting any request from Cisco Router , > with the IOS of Ipsec , is there any configuration or any additional > utiltity . > > I have given the commands of : > > ip host cert-author 10.19.54.46 > cry key gen rsa usage > > as given in details on : > > http://www.cisco.com/warp/customer/707/19.html > > Could anyone guide me if I am missing anything as I am new on Cico Security > > thanks in advance > > Navin Parwal Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27150&t=27147 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
