L2TP/IPSec with Cisco IOS CA?
- I am trying to create a L2TP/IPSec tunnel using a machine certificate from the Cisco IOS Certificate Authority(CA). The end points are a Windows XP machine and a Cisco IOS Router. This tunnel works perfectly fine if I use a certificate from a Microsoft CA.
I was able to match all the parameters of the certificate and I also placed it in the 'local computer store' with the root certificate.
Unfortunately, the connection still does not work and it fails to find a valid machine certificate. On looking at the debug logs:
6-19: 13:39:59:686:2c8 Source IP Address <removed> Source IP Address Mask 255.255.255.255 Destination IP Address <removed> Destination IP Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr <removed> IKE Peer Addr <removed>
6-19: 13:39:59:686:2c8 Certificate based Identity. Peer Subject Peer SHA Thumbprint 0000000000000000000000000000000000000000 Peer Issuing Certificate Authority Root Certificate Authority My Subject CN=cisco My SHA Thumbprint 7aaa11d0395db589328b88d7dcad51c3f286966b Peer IP Address: <removed>
6-19: 13:39:59:686:2c8 Me
6-19: 13:39:59:686:2c8 No private key associated with machine certificate
6-19: 13:39:59:686:2c8 0x80092004 0x0
On looking up the error number (0x80092004) :
0x80092004 (-2146885628) -- 2148081668 (-2146885628)
Error message text: Cannot find object or property.
This happens even though windows claims that it has the private key associated with that particular certificate.
Any ideas on how to solve this?
Thanks!
Answers
- Hello xeonclub,
This forum provides support for documentation and interoperability questions on open specifications.
The Open Protocol Specifications can be found at: http://msdn2.microsoft.com/en-us/library/cc203350.aspx.
Your post does not appear to be related to the Open Protocols Specifications documentation set.
You may want to try one of our technet forums to get you started finding what you need. You may also want to check with Cisco. Here is the technet forum I would suggest you start with from a Microsoft perspective:
http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2networking/threads
Although its a WIndows Server 2008 forum it does deal with other aspects of networking.
Thanks
John Dunning
Senior Escalation Engineer Microsoft Corporation
US-CSS DSC PROTOCOL TEAM- Marked As Answer byJohn DunningMSFT, ModeratorWednesday, July 08, 2009 9:59 PM
All Replies
- Hello xeonclub,
This forum provides support for documentation and interoperability questions on open specifications.
The Open Protocol Specifications can be found at: http://msdn2.microsoft.com/en-us/library/cc203350.aspx.
Your post does not appear to be related to the Open Protocols Specifications documentation set.
You may want to try one of our technet forums to get you started finding what you need. You may also want to check with Cisco. Here is the technet forum I would suggest you start with from a Microsoft perspective:
http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2networking/threads
Although its a WIndows Server 2008 forum it does deal with other aspects of networking.
Thanks
John Dunning
Senior Escalation Engineer Microsoft Corporation
US-CSS DSC PROTOCOL TEAM- Marked As Answer byJohn DunningMSFT, ModeratorWednesday, July 08, 2009 9:59 PM
