I try to set up a remote access vpn using certificate authentication. We have a vpn3030 (4.7.2.L) on the central site and windows xp laptops with vpn client (4.8.02.0010). We also have a Microsoft CA structure with a root and a sub CA. Both laptop and concentrator enroll to the sub CA (scep) and get their identity certificates ok. When the laptop tries to connect and after the concentrator validates the laptop certificate ok:
1376 07/17/2007 10:58:55.360 SEV=5 IKE/79 RPT=35 xxx.xxx.xxx.xxx
Validation of certificate successful
it closes the communication with the following error message:
1394 07/17/2007 10:58:56.470 SEV=5 IKE/68 RPT=19 xxx.xxx.xxx.xxx
Received non-routine Notify message: Invalid certificate (20)
What do you think?