The task won't hint us. We need to be aware off when to use it. Both ASA and VPN client, strictly validate the cert and hence when you have L2L between ASA and IOS or connect VPN client to ASA or IOS server, then you need to have it configured.
With regards Kings On Tue, Aug 24, 2010 at 10:24 AM, Johan Bornman <[email protected]> wrote: > Thanks, Kings. > > > > Is the command compulsory when the VPN client or an ASA is involved? > > How will the task read in any other scenario where the VPN client/ASA is > not involved? > > > > *From:* Kingsley Charles [mailto:[email protected]] > *Sent:* 24 August 2010 06:45 AM > *To:* Yogesh Gawankar > *Cc:* OSL Security; Johan Bornman > *Subject:* Re: [OSL | CCIE_Security] Vol 1 Task 4.6 > > > > This command sends the complete subject name in your cert. Very important > command when you use digital certs that too when you the have > VPN client or ASA on one of the remote peers. > > > With regards > Kings > > On Tue, Aug 24, 2010 at 6:54 AM, Yogesh Gawankar <[email protected]> > wrote: > > If am not mistaken this command sends the certificate as the IKE ID so as > to prevent PKI from breaking. > > > > I dont know what the question says but I am guessing it asks for rsa > signatures as authentication methid (maybe L2L with certficates).You can use > any IKE id as long as it appears in the certificate. > > > > Cheers > > > > Yogesh Gawankar > > > --- On *Tue, 8/24/10, Johan Bornman <[email protected]>* wrote: > > > From: Johan Bornman <[email protected]> > > > Subject: [OSL | CCIE_Security] Vol 1 Task 4.6 > > To: "'OSL Security'" <[email protected]> > Date: Tuesday, August 24, 2010, 4:56 AM > > > > Why this command in the solution and what in the task asks for it? > > > > crypto isakmp identity dn > > > -----Inline Attachment Follows----- > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
