G
Guest
What I'm trying to do: Create an IPSEC trust in transport mode, using certificates as the mode of authentication. I'm attempting to do this on a LAN between two hosts. NAT is not an issue
What I've done:
- Successfully created the trust using a preshared secret (password) just to make sure that IPSEC was working. (note: this was just a test step, I am going to disable the preshared pw because I want to use certs
- Used openssl to generate a CA (I used the canned CA.sh script
- Generated certificates for the two hosts
- Imported the CA certificate to each host
- Imported the respective cert to each host
- Changed the authentication mode to certificates
- Assigned the ipsec policies
when I ping, it shows that the nodes are negotiating but never connect (this was working in pw mode). Nor can I use any of the services between the host (http, ftp, etc. -- also working in pw moded).
What could I be forgetting/missing? Also, I can't seem to locate any obvious errors in the event logs --- is there another place I can look for info
Thanks
Dan
What I've done:
- Successfully created the trust using a preshared secret (password) just to make sure that IPSEC was working. (note: this was just a test step, I am going to disable the preshared pw because I want to use certs
- Used openssl to generate a CA (I used the canned CA.sh script
- Generated certificates for the two hosts
- Imported the CA certificate to each host
- Imported the respective cert to each host
- Changed the authentication mode to certificates
- Assigned the ipsec policies
when I ping, it shows that the nodes are negotiating but never connect (this was working in pw mode). Nor can I use any of the services between the host (http, ftp, etc. -- also working in pw moded).
What could I be forgetting/missing? Also, I can't seem to locate any obvious errors in the event logs --- is there another place I can look for info
Thanks
Dan