First, get a copy of SCEP at
http://corporate.windowsupdate.microsoft.com/en/default.asp. Search "scep"
under Win2K. Setup your CA as Standalone CA, install IIS & SCEP. If you
need, type "certutil -vroot" to generate web pages. When you successfully
setup SCEP, you should be able to see the CA fingerprint and password for
your SCEP session at http://ca_server/certsrv/mscep/mscep.dll. This is also
the enrollment URL you should type in your router.
Follow the Cisco guide to request cert and authenticate. You will need to
check your cert password at the URL above. Make sure few things:
1. Clock is set to GMT and both clocks on CA and router match.
2. You need "enrollment mode ra" and "crloptional" on the router.
3. You may need http://ca_server:80/certcrv/mscep/mscep.dll, the port 80 on
older 12.0 IOS.
HTH
Gary
CCIE#8256
""NKP"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi ,
>I am trying to get a Win2K Advanced Server with a CA server installed
> in it to generate a key from its CAuthority.
> It generates key for any request that is coming from any Microsoft
> client on the LAN , but it is not accepting any request from Cisco Router
,
> with the IOS of Ipsec , is there any configuration or any additional
> utiltity .
>
> I have given the commands of :
>
> ip host cert-author 10.19.54.46
> cry key gen rsa usage
>
> as given in details on :
>
> http://www.cisco.com/warp/customer/707/19.html
>
> Could anyone guide me if I am missing anything as I am new on Cico
Security
>
> thanks in advance
>
> Navin Parwal
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27150&t=27147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
