ikev2 with cisco Router using certificate problem

Showing results for 
Show  only  | Search instead for 
Did you mean: 

ikev2 with cisco Router using certificate problem

L0 Member


after I finished the ikev2 configuration(using Distinguished Name (Subject) from PAN and Cisco Router using identity local dn ), I got this isse:


received ID_I (type dn [CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org]) does not match peers id


after this:


IKEv2 IKE SA negotiation is failed as responder


any ideas?








Cyber Elite
Cyber Elite

@LupingThere seems to be mismatch in the DN name you have configured under IKE gateway and the certificate present under certificate profile. Also verify IKE version configuration at both ends.


I changed the configuration using preshare for Ikev2, it works. Just if I change to certificate, it show me this error message. it should no IKE missconfigure...

and DN, I just use the subject-name CN, you can see both find the same DN "externalrouter.robinlab.org".


"CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org" --- what is "unstructuredName"?


PKI Configuration from Router:


crypto pki trustpoint CA
enrollment terminal
serial-number none
fqdn externalrouter.robinlab.org
ip-address none
subject-name CN=externalrouter.robinlab.org
revocation-check none
rsakeypair sslkey



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!