[strongSwan] Cisco ASA as a client
Noel Kuntze
noel at familie-kuntze.de
Tue May 26 20:46:54 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- --flag serverAuth
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 26.05.2015 um 20:40 schrieb abi:
> Hello.
>
> I have a small issue with Cisco ASA as the client with ikev1 key exchange. Certificates can be validates only with ignore-ipsec-keyusage usage, so looks like it lacks necessary ExtendedKeyUsage bits, but I can't find which one.
> http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/command/reference/cmd_ref/i1.html#wp1687992
>
> The following PKI flags was used for client cert --flag clientAuth --flag ikeIntermediate
>
> What else can be added to please ASA ?
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVZL+cAAoJEDg5KY9j7GZYmGMP/jaPTNqvdmMVgzHLIEVzGm7C
s7QvPjWYPWk4JrdAHV57YnwEyb9vtZq8vk6z1KTxj+V1qbd1HirRRDh2XEcmScEN
IfcUNQfiEeTJr5S8ETuflhurZYD87KnLW3SqVShGXlJd7dt3llUTnEaAMbwLNYOn
e8wBfVYu4y6f5H9NTfVAeI2xfwkfVpjiPmzeD8OVWEd6lnX/9CeyUhGqbAh68ZrE
lE8aIoJc6vYooDdFCIhtDQ+/kD28pcvUas2VAhky8rhWiMAha7v7BZS3KnJTRyT3
REwhrUmOVnlPCE6gOa4FT3lVVl1nVjm97SFJ6wTPgo5zy+2sS7Eb+p4HASuKWrsc
4mxJh13H9IwVixniatC1c0CKoINjyOcAdSlRsNchwaduNXDC3IX7wSsT50411O8E
M10wYKMFMG2N7+Z8vWqBB5k+SY3ggGRaw38Z7NU/NMNKHvDbs8O+chVyxr7LbHU5
NtkHUQRNkSt+HdmX2r6sEPuC+ZExMZsM0/G9eDHP0khZ8SirkRGI/Xz/KxFW9E47
H70X9EmM98L3yjEgSeC4ZjDKgE+IxnJm2NjmO28otYGUUHjH1GZTat+Xz/9bTUfb
M+Fs4TuyDz4kvoW6piv7yVHwm/vGAAAWXLGK7Xv88tC1XgeWQx1xXmIo1y+O2UFN
czYK35H5cbkLmlQuRUYP
=vxtC
-----END PGP SIGNATURE-----
More information about the Users
mailing list