time appears to be within milliseconds from each other, and all date and timezone type info matches as well. UTC, Fri, March 1st 2002...
my brain hurts. seems like i've done this a million times while studying / testing, and now it won't work any more. Jason On Wed, Sep 19, 2012 at 8:35 PM, Fawad Khan <[email protected]> wrote: > So check time and time zone. This happened to me but I found the time zone > was not > Matching properly. > > > On Wednesday, September 19, 2012, Fawad Khan wrote: > >> Check the time on all devices. >> >> On Wednesday, September 19, 2012, Jason Madsen wrote: >> >>> Hi Group, >>> >>> I'm having a brain fart at the moment, or else ran into more GNS3 >>> weirdness. I setup a router as a CA and get the following message every >>> time I try to enroll from an ASA: >>> >>> The certificate enrollment request failed! >>> >>> Routers can authenticate and enroll with the IOS CA just fine...just >>> cannot from an ASA. Anything need to be done differently on the ASA when >>> enrolling other than what's needed on routers when enrolling? Here are >>> the basic steps I went through: >>> >>> *IOS CA:* >>> >>> hostname R1 >>> ip domain name blah.com >>> ntp master >>> ip http server >>> crypto key gen rsa mod 1024 R1-CA >>> ! >>> crypto pi trust R1-CA >>> rsakeypair R1-CA 1024 >>> rev none >>> ! >>> crypto pki server R1-CA >>> data level complete >>> data archi pem >>> data url pem flash: >>> grant auto >>> cdp- http://19.19.19.1/cgi-bin/pkiclient.exe?operation=GetCRL >>> issue CN = R1.blah.com, ST = CA, C = US >>> no shut >>> ! >>> >>> *ASA* >>> >>> hostname ASA >>> domain-name blah.com >>> ntp server 19.19.19.1 >>> ! >>> cryp key gen rsa mod 1024 >>> cryp ca trust R1 >>> enroll url http://19.19.19.1:80 >>> rev none >>> ! >>> crypt ca authe R1 >>> (works fine...able to authenticate) >>> crypt ca enroll R1 >>> (serial number: no, get cert: yes...get "enrollment request failed" each >>> time or a similar error message) >>> >>> I can debug on the CA and it looks as though a cert' is sent to the ASA >>> when I do the "crypto ca enroll" command. Not sure what's going on. NTP >>> was sync'd before any key / cert creation etc. Did not change hostnames or >>> domain names after creating keys / certs. I've tried specifying FQDN >>> wtihin trustpoints etc, and modifying other parameters. >>> >>> Either I've forgotten a key step along the way, or else this is GNS >>> specific. >>> >>> Any ideas / thoughts? >>> >>> Thanks, >>> Jason >>> >>> >>> >> >> -- >> FNK, CCIE Security#35578 >> > > > -- > FNK, CCIE Security#35578 >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
