ikev2 with cisco Router using certificate problem

Reply
Highlighted
L0 Member

ikev2 with cisco Router using certificate problem

 

after I finished the ikev2 configuration(using Distinguished Name (Subject) from PAN and Cisco Router using identity local dn ), I got this isse:

 

received ID_I (type dn [CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org]) does not match peers id

 

after this:

 

IKEv2 IKE SA negotiation is failed as responder

 

any ideas?

 

regards

 

Luping

 

 

Highlighted
L6 Presenter

@LupingThere seems to be mismatch in the DN name you have configured under IKE gateway and the certificate present under certificate profile. Also verify IKE version configuration at both ends.



Mayur
Highlighted
L0 Member

I changed the configuration using preshare for Ikev2, it works. Just if I change to certificate, it show me this error message. it should no IKE missconfigure...

and DN, I just use the subject-name CN, you can see both find the same DN "externalrouter.robinlab.org".

 

"CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org" --- what is "unstructuredName"?

 

PKI Configuration from Router:

 

crypto pki trustpoint CA
enrollment terminal
serial-number none
fqdn externalrouter.robinlab.org
ip-address none
subject-name CN=externalrouter.robinlab.org
revocation-check none
rsakeypair sslkey

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!