I've been attempting to setup a Pix VPN with L2TP and IPSec on win2k clients with a pix/w2k-CA/PDC. I've installed the CA services, generated the appropriate keys and configured the algorithm and hash types on both sides.
as follows isakmp enable outside isakmp peer ip 192.168.1.247 no-xauth isakmp policy 2 authentication rsa-sig isakmp policy 2 encryption des isakmp policy 2 hash md5 isakmp policy 2 group 2 isakmp policy 2 lifetime 86400 ca identity pdc 192.168.1.247:/certsrv/mscep/mscep.dll when attempting the auth/enroll the following errors occur: redfish(config)# ca auth pdc E2BA67F2537C1E110306A611F5B1A399F7AECB54 CI thread sleeps! Crypto CA thread wakes up! CRYPTO_PKI: http connection opened redfish(config)# CRYPTO_PKI: transaction GetCACert completed Crypto CA thread sleeps! CI thread wakes up! redfish(config)# ca enroll pdc % % Start certificate enrollment .. % The subject name in the certificate will be: redfish.themunicenter.com CI thread sleeps! Crypto CA thread wakes up! % Certificate request sent to Certificate Authority % The certificate request fingerprint will be displayed. redfish(config)# CI thread wakes up! CRYPTO_PKI: transaction PKCSReq completed CRYPTO_PKI: status: Crypto CA thread sleeps! CRYPTO_PKI: can not find peer root public key. CRYPTO_PKI: status = 65535: failed to set up peer auth context CRYPTO_PKI: status = 65535: fail to send out pkcsreq CRYPTO_PKI: All sockets are closed. PKI: key process suspended and continued Insert Selfsigned Certificate: 30 82 01 c3 30 82 01 6d 02 20 30 63 34 63 64 62 35 65 37 33 64 65 64 65 34 63 65 39 65 61 39 38 34 64 35 37 34 61 64 37 61 66 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 5d 31 5b 30 0f 06 03 55 04 05 13 08 31 38 32 61 31 36 64 66 30 20 06 03 55 04 03 13 19 72 65 64 66 69 73 68 2e 74 68 65 6d 75 6e 69 63 65 6e 74 65 72 2e 63 6f 6d Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24873&t=24873 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
