after I finished the ikev2 configuration(using Distinguished Name (Subject) from PAN and Cisco Router using identity local dn ), I got this isse:
received ID_I (type dn [CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org]) does not match peers id
IKEv2 IKE SA negotiation is failed as responder
@LupingThere seems to be mismatch in the DN name you have configured under IKE gateway and the certificate present under certificate profile. Also verify IKE version configuration at both ends.
I changed the configuration using preshare for Ikev2, it works. Just if I change to certificate, it show me this error message. it should no IKE missconfigure...
and DN, I just use the subject-name CN, you can see both find the same DN "externalrouter.robinlab.org".
"CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org" --- what is "unstructuredName"?
PKI Configuration from Router:
crypto pki trustpoint CA
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!