This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec S2S vpn with certificate does not work with ASA

Hi ,
I have Astaro 220 box version 8.305 .
I tried to establish an IPsec S2S vpn with certificate with a cisco ASA 5510.
but it can not be established although I configured all phase 1 and phase 2 policy same in Astaro and ASA and also the lifetime.
-Certificates is issues by external CA.
-IPsec PFS group is enabled in both side.
-No strict policy nor compression configured in both side.
-There is no natting.
-No DPD Nor CRL configured.

-Please note that the same configuration is working but with preshared key.
Kindly find the attached log of the ASTARO and ASA .
Thanks,
Mostafa Aly

This thread was automatically locked due to age.

Parents

0 most_ahdy over 12 years ago

Hi,
The issue is in Certificate as Bob suggest.
I used Astaro as CA and issue certificate for both Astaro and ASA and the tunnel is established successfully .
But the customer use Window 2008 server as CA for issuing certificate for both ASA and Astaro, so I wonder if any one has experience in using Window 2008 server CA to issue certificates for Astaro or ASA?!
I'll create another post for using Window 2008 server CA for issuing certificates for Astaro.
Thanks,
Mostafa Aly
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 most_ahdy over 12 years ago

Hi,
The issue is in Certificate as Bob suggest.
I used Astaro as CA and issue certificate for both Astaro and ASA and the tunnel is established successfully .
But the customer use Window 2008 server as CA for issuing certificate for both ASA and Astaro, so I wonder if any one has experience in using Window 2008 server CA to issue certificates for Astaro or ASA?!
I'll create another post for using Window 2008 server CA for issuing certificates for Astaro.
Thanks,
Mostafa Aly
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data