Jimmy. Yes, That option defines the alternative name.
Regards,
Brandon Carroll - CCIE #23837
Senior Technical Instructor - IPexpert
Mailto: [email protected]
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
::Message Sent from iPhone::
IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA
(R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice,
Security & Service Provider) Certification Training with locations
throughout the United States, Europe and Australia. Be sure to check
out our online communities at www.ipexpert.com/communities and our
public website at www.ipexpert.com.
On Feb 22, 2010, at 2:35 AM, Kingsley Charles <[email protected]
> wrote:
Hi Brandon
I did see that option of specifying FQDN both in router and ASA. But
is thst the Alternate Subject name?
With regads
Kings
On Mon, Feb 22, 2010 at 5:07 AM, Brandon Carroll <[email protected]
> wrote:
Kings- have you tried this:
ciscoasa(config-ca-trustpoint)# fqdn webvpn.cisco.com
! Specifies the FQDN (DNS:) to be used as the subject alternative
name.
I think this may be what you're looking for.
Regards,
Brandon Carroll - CCIE #23837
Senior Technical Instructor - IPexpert
Mailto: [email protected]
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA
(R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice,
Security & Service Provider) Certification Training with locations
throughout the United States, Europe and Australia. Be sure to check
out our online communities at www.ipexpert.com/communities and our
public website at www.ipexpert.com.
On Sat, Feb 20, 2010 at 10:13 AM, Kingsley Charles
<[email protected]> wrote:
> I have raised for the following reason:
>
>
> I am trying to bring L2L VPN between IOS router ASA. On the ASA, I
get the
> following error message:
>
>
> Feb 20 01:57:42 [IKEv1]: Group = R3, IP = 162.1.13.3, Unable to
compare IKE
> ID against peer cert Subject Alt Name
>
>
>
> If I have "peer id validate" with certificate, the tunnel comes
up. It seems
> the ASA is trying to match the Alt name with the IKE. Since, there
is no ALT
> name, the validation fails.
>
>
> The I tried adding CN as the hostname in the router during
enrollment and
> then the tunnel came up without the need of peer id validate" with
> certificate on the ASA.
>
>
>
>
>
> With regards
> Kings
> On Sat, Feb 20, 2010 at 5:07 PM, Kingsley Charles
> <[email protected]> wrote:
>>
>> Hi all
>>
>> I have did it before but it's not striking ne now. When you
enroll an IOS
>> router or ASA to a CA server, how do we include an Alternate name?
>>
>> Is CN and Atl Name the same?
>>
>>
>>
>> With regards
>> Kings
>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training,
please
> visit www.ipexpert.com
>
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
