I've been really struggling with the pc certificate request/enrollment trying various versions of Cisco VPN CLient 4.6,4.8,5.0. I've tried every combination of scep and/or file binary/file base 64 without any promise of avoiding errors all leading me to believe a bad certificate was created.

I'm using Cisco's IOS 12.4(13b) as CA server and have tried to connect to both RA and CA.

Common enrollment error at router IOS:

--------------------------------------

Aug 2 16:10:10.910: CRYPTO_CS: received an enrollment request

Aug 2 16:10:10.918: E ../cert-c/source/certobj.c(691) : Error #705h

Aug 2 16:10:10.918: CRYPTO_CS: failed to set the cert object

Aug 2 16:10:21.888: CRYPTO_CS: Granting enrollment request 15

Aug 2 16:10:21.892: CRYPTO_CS: added CDP extension

Aug 2 16:10:21.892: CRYPTO_CS: added key usage extension

Aug 2 16:10:22.809: CRYPTO_CS: serial number 0x10 written.

Aug 2 16:10:22.914: CRYPTO_CS: reqID=15 granted, fingerprint=8D150C0D95F736A76D

92EED700924315

A client enroll error is:

-------------------------

1 10:58:49.362 08/02/07 Sev=Warning/3 CERT/0xA360000C

Certificate import failed - ImportMyCertAndKey: 1797

2 10:58:49.362 08/02/07 Sev=Warning/3 CERT/0xA360000C

Certificate import failed - ImportCertFromPkcs12File fail: 1797

I've attached a file of the run-time error from the IOS which is similar to the clients run-time below, but much more imformative:

-------------------------------------------------------

1 16:28:30.598 08/01/07 Sev=Warning/3 IKE/0xE3000081

Invalid remote certificate id: ID_FQDN: ID = vpn-end.gplops.org, Certificate = [NULL]

2 16:28:30.598 08/01/07 Sev=Warning/3 IKE/0xE3000058

The peer's certificate doesn't match Phase 1 ID

3 16:28:30.618 08/01/07 Sev=Warning/2 IKE/0xE30000A5

Unexpected SW error occurred while processing Identity Protection (Main Mode) negotiator:(Navigator:2202)

What other products are inexpensive yet dependable, because need a low cost approach to roll it out. Small shop, planned # of vpn users is less than 25.

Help...