From: Mark Cairns (m.a.cairns@gmail.com)
Date: Thu Dec 04 2008 - 12:49:28 ARST
Tomi,
Make sure you are not set for CRL checking during any testing, just to take
that out of the picture. Also, I have encountered a bug that can cause this
error in 12.4(15)T6.
Mark
#17755, Security
On Thu, Dec 4, 2008 at 9:31 AM, Tomi Amao <tomiground@hotmail.com> wrote:
> i have an issue nd this is it i hope to get help from any1 as soon as
> possible thx.
>
> i have 2 routers on a LAN and a CA also on that LAN
> the 2 routers have authenticated the CA nd then enrolled with the CA
> the 2 routers have generated rsa keys (1024)
>
> when i create interesting traffic on the routers that match the proxy ACL
> the traffic never gets encrypted
>
> isakmp phase 1 attributes are acceptable
> but along the line durin the debug crypto isakmp and debug crypto ipsec i
> get
> the following error message:
>
> %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from x.x.x.x is bad:
> CArequest
> failed
>
> i've read tht time on the cisco routers could be a problem but tht is
> properly
> sorted out the 2 routers are synched up
> with proper time and they are also synched up with proper time from the CA
>
> i really can't guess again wat the problem could be any help would really
> be
> appreciated urgently
>
> thx
> Tomi Amao
> CCIE#19627
> _________________________________________________________________
> Explore the seven wonders of the world
> http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:07 ARST