by identity server you mean the CA server or ? the base config for a CA should be ( correct me if i m wrong ) . Set Clock ip domain-name cisco.comcrypto key generate rsa 1024crypto pki server ciscogrant autono shutip http server
I did this config today on rack rentals to make sure its not an emulation issue and enrolled from the client and got same error . I saw the debug message on vpn client software Could not find data portion of HTTP response from CEP server. Contact your CA administrtator for further instructions . from the VPN Client machine I can telnet on port 80 of that router easily which makes clear that connectivity is good . Time is also synced , I even tried moving the clock 30 minutes more but that also didnt helped . Any clues ?Date: Sat, 8 Oct 2011 12:14:31 +0200 Subject: Re: [OSL | CCIE_Security] VPN Client and CA From: [email protected] To: [email protected] CC: [email protected] Hi, It seems you don't have Identity certificate on the router. Also, you should use DN as an identity. I'm not seeing group configuration too. Key size on the client is by default 2k so I don't see any problem with that. Regards, Piotr 2011/10/8 Hussain Arsalan Ali <[email protected]> I have been having this issue for a few days from now . Finally the certificate got enrolled properly but when I dial towards that VPN Server it doesnt happen . I did some debugs on the router and found out that the Cert is being rejected . Clock and timezone are same on both the devices and when I click Verify on VPN Client it says that the certificate is valid . The only problem I am thinking about is that when i created the keys on IOS device they were 1024 in size however when I requested certififate it shows 2048 . This could be a possible keysize mismatch , other than that I cant think of any . Can you please let me know if you have faced simillar problem where the IOS device is set for 1024 size and Client autometically gets 2048 size . Please check attachments. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
