Hi guys, if I would like to check the field in peer's certificate, is it enough to have this "isakmp-profile > match certificate" map construct?
! crypto pki certificate map CERTMAP2 10 subject-name co ou = juniper ! crypto isakmp identity dn crypto isakmp profile ISAKMP ca trust-point R6 match certificate CERTMAP2 ! crypto ipsec profile CRYPTO set transform-set TS set isakmp-profile ISAKMP ! It's sVTI VPN PKI solution which without this (and even with this false checking) works good. I cant see nothing relevant in crypto isakmp | pki debugs about checking this subject field. Thank you Radim
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
