Hi
I am not quite sure about site to site using digital signatures. I have
following 2 doubts:
1) When we use digital signatures for authentication the IKE id must match the
subject name in the certificate. BUt what if i want to use a random string as
the IKE ID and the subject name is say something else?
2) ASA uses the concept of tunnel groups for matching phase 1 connection. It
first checks OU field in the cert,then the IKE id and finally ip address. What
about IOS router? What does it do?
Please help to clarify these concepts.
Thanks and regards
Yogesh
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
