08-20-2020 04:56 AM
after I finished the ikev2 configuration(using Distinguished Name (Subject) from PAN and Cisco Router using identity local dn ), I got this isse:
received ID_I (type dn [CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org]) does not match peers id
after this:
IKEv2 IKE SA negotiation is failed as responder
any ideas?
regards
Luping
08-20-2020 05:54 AM - edited 08-20-2020 05:57 AM
@LupingThere seems to be mismatch in the DN name you have configured under IKE gateway and the certificate present under certificate profile. Also verify IKE version configuration at both ends.
08-20-2020 06:05 AM
I changed the configuration using preshare for Ikev2, it works. Just if I change to certificate, it show me this error message. it should no IKE missconfigure...
and DN, I just use the subject-name CN, you can see both find the same DN "externalrouter.robinlab.org".
"CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org" --- what is "unstructuredName"?
PKI Configuration from Router:
crypto pki trustpoint CA
enrollment terminal
serial-number none
fqdn externalrouter.robinlab.org
ip-address none
subject-name CN=externalrouter.robinlab.org
revocation-check none
rsakeypair sslkey
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
