It is suffice but even for me that doesn't work sometimes. You can try associating the cert map to the trustpoint.
With regards Kings CCNA,CCSP,CCNP,CCIP,CCIE 35914 (Security) On Fri, Oct 12, 2012 at 12:36 AM, Radim Jurica <[email protected]>wrote: > Hi guys, > if I would like to check the field in peer's certificate, is it enough to > have this "isakmp-profile > match certificate" map construct? > > ! > crypto pki certificate map CERTMAP2 10 > subject-name co ou = juniper > ! > crypto isakmp identity dn > crypto isakmp profile ISAKMP > ca trust-point R6 > match certificate CERTMAP2 > ! > crypto ipsec profile CRYPTO > set transform-set TS > set isakmp-profile ISAKMP > ! > > It's sVTI VPN PKI solution which without this (and even with this false > checking) works good. > > I cant see nothing relevant in crypto isakmp | pki debugs about checking > this subject field. > > Thank you > > Radim > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
