Hi all I am trying to bring up a site to site VPN between an IOS router (2800) and ASA. With pre-shared keys, the tunnel comes up but if I switch over to certificates it fails. I am using an IOS CA server.
The "debug crypto isakmp" error displays the following error: "Unable to compare IKE ID against peer cert Subject Alt Name Initiator FSM error history (struct &0xc937a298) <state>, <event>: MM_DONE, EV_ERROR-->MM_I_DONE_H, EV_COMPARE_IDS-->MM_I_DONE_H, EV_CERT_OK-->MM_I_DONE_H, N ullEvent-->MM_I_DONE_H, EV_VALIDATE_CERT-->MM_I_DONE_H, EV_TEST_CERT-->MM_I_DONE _H, EV_CHECK_NAT_T-->MM_I_DONE_H, EV_GROUP_LOOKUP" On the ASA side, I have configured following that is necessary: crypto map mine 1 set trustpoint <name> tunnel-group X.X.X.X ipsec-attributes trust-point <name> Is there anything else that I need to configure? Please give your inputs. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
