This section contains some troubleshooting issues that are slightly more uncommon than those contained in the main section on troubleshooting IPSec VPNs.
Topics covered in this section include CA server authentication and enrollment issues, together with VPN client IKE negotiation issues.
CA Authentication or Enrollment Fails
If you are using a certificate server for certificate distribution, you will need to authenticate the CA server and then enroll your router with the CA to obtain a certificate. A number of issues can, however, cause authentication or enrollment to fail.
In this case study, the network administrator at the Tokyo site is attempting to obtain a certificate for the local router.
In Example 8-98, the administrator ...