04-29-2007 02:47 AM - edited 02-21-2020 03:00 PM
Hi
I am using IOS CA server, a 1710 router as an Eazy VPN server and VPN client version 5.0.00.0340. The CA cert and user cert was installed ( manually ) fine to the client, and SCEP worked fine from the 1710 to the CA server.
PSK auth connections are fine. But not rsa-sig.
I see the below error in the VPN client log:
296 12:26:33.375 04/29/07 Sev=Warning/3 IKE/0xE3000082
Invalid remote certificate id: ID_FQDN: ID = host2.x.com, Certificate = [NULL]
297 12:26:33.375 04/29/07 Sev=Warning/3 IKE/0xE3000059
The peer's certificate doesn't match Phase 1 ID
298 12:26:33.375 04/29/07 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Identity Protection (Main Mode)
I have tried a number of previous versions of VPN client in case of a caveat, but receive the same error message.
I cant find a good explanation of what causes this error to be honest.
Would anyone be able to assist?
Many thanks
Alastair
05-04-2007 10:34 AM
I think that the ike phase 1 id is not matching. You need to use isakmp identity auto. Also to set the Phase 2 ID to be sent to the peer, use the isakmp identity command in global configuration mode, it may help you.
05-08-2007 04:11 AM
Hi Ebreniz
Thank you for the response. On the IOS running ( C2801-ADVENTERPRISEK9-M) the options are:
rtr2801(config)#cry isakmp identity ?
address Use the IP address of the interface for the identity
dn Use the distinguished name of the router cert for the identity
hostname Use the hostname of the router for the identity
And the DN option worked.
Many thanks for your input
Alastair
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: