Hi Joachim, I ran into problems when my x509v3 certificates had empty extension fields. In my case either "subject alternative name" odr "issuer alternative name" were empty and then the routers did not acceppt theses certificates. Thus I changed the configuration, now my certificates do not have both fields. Concerning the other fields I did not run into any problems until now. Everything worked fine when the certificats had the role VPN_Server One hint I could give you: Always check that your cisco routers do have the correct time, I spent a lot of hours searching for solutions and in the end i found out that my system time was wrong :-) The failure messages from IOS are very often not very helpful.
Kind regards, Matthias On 1/2/07, Joachim Schrod <[EMAIL PROTECTED]> wrote: > > Hello, > > Are there any problems known with Cisco VPN routers and 509v3 > extension fields? (That's for site-to-site VPN connections.) > Any recommendations for best practice? > > Do the Cisco boxes want specific Extended Key Usage fields? > Some of the IPSec values (End System, Tunnel, or User)? > Or do they want no Key Usage fields at all? > > I would appreciate any answer, > > Joachim > > -- > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Joachim Schrod Email: [EMAIL PROTECTED] > Roedermark, Germany > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Openca-Users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openca-users > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
