Hi Brandon I did see that option of specifying FQDN both in router and ASA. But is thst the Alternate Subject name?
With regads Kings On Mon, Feb 22, 2010 at 5:07 AM, Brandon Carroll <[email protected]>wrote: > Kings- have you tried this: > > > ciscoasa(config-ca-trustpoint)# fqdn webvpn.cisco.com > > ! Specifies the FQDN (DNS:) to be used as the subject alternative > name. > > I think this may be what you're looking for. > > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA > (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, > Security & Service Provider) Certification Training with locations > throughout the United States, Europe and Australia. Be sure to check > out our online communities at www.ipexpert.com/communities and our > public website at www.ipexpert.com. > > > > > On Sat, Feb 20, 2010 at 10:13 AM, Kingsley Charles > <[email protected]> wrote: > > I have raised for the following reason: > > > > > > I am trying to bring L2L VPN between IOS router ASA. On the ASA, I get > the > > following error message: > > > > > > Feb 20 01:57:42 [IKEv1]: Group = R3, IP = 162.1.13.3, Unable to compare > IKE > > ID against peer cert Subject Alt Name > > > > > > > > If I have "peer id validate" with certificate, the tunnel comes up. It > seems > > the ASA is trying to match the Alt name with the IKE. Since, there is no > ALT > > name, the validation fails. > > > > > > The I tried adding CN as the hostname in the router during enrollment and > > then the tunnel came up without the need of peer id validate" with > > certificate on the ASA. > > > > > > > > > > > > With regards > > Kings > > On Sat, Feb 20, 2010 at 5:07 PM, Kingsley Charles > > <[email protected]> wrote: > >> > >> Hi all > >> > >> I have did it before but it's not striking ne now. When you enroll an > IOS > >> router or ASA to a CA server, how do we include an Alternate name? > >> > >> Is CN and Atl Name the same? > >> > >> > >> > >> With regards > >> Kings > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
