With the EZVPN remote on the router and with certs the IOS are happy to use
FQDN and work without configuring self identity on the profile or crypto
isakmp identity dn globally.
Sep 7 12:38:46.303: ISAKMP:(1023):SA is doing RSA signature authentication
plus XAUTH using id *type ID_FQDN*
Sep 7 12:38:46.303: ISAKMP (0:1023): ID payload
next-payload : 6
type : 2
FQDN name : Rack1R3.cisco.com
protocol : 17
port : 500
length : 25
On Fri, Sep 7, 2012 at 12:31 PM, GuardGrid <[email protected]> wrote:
> All,
>
> I was trying to lab this and used the 12.4 doc example to map to my setup.
> But for some reason I could not get this to work without the "crypto isakmp
> identity dn" on the server.
>
> I could do an EZVPN server to remote with two IOS devices with certs and
> did not need to set the identity dn on the routers.
>
> Is it safe to assume that if it is not IOS to IOS we need to explicitly
> set the isakmp identity dn on the server side especially for per user PKI?
>
> -Srikant
>
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
