VPN3000 identity certificate problem off internal Microsoft CA

Unanswered Question
Nov 2nd, 2007
User Badges:

I have been sent a replacement VPN3000 concentrator due to an intermittent (unknown) fault and appear to have a problem with it's identity certificate. We use the VPN3000 for IPSec clients using RSA certificates, IPSec LAN2LAN using pre-shared-keys and WebVPN using an SSL certificate. We use Microsoft certificate services.

In order to replace the concentrator I exported the SSL Thawtre certificate to the new device and the Thawtre CA's, I installed our organisations CA certificate and enrollled with the CA to obtain an identity certificate. The WebVPN works fine but the VPN clients do not authenticate. I have checked through the config of both concentrators (as I am still using the old one) and there is no difference in the setup at all.

Cann anyone help me ?

I have attached a log from the VPN concentrator and the client when attempting to make a connection.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tstanik Wed, 11/07/2007 - 12:46
User Badges:
  • Bronze, 100 points or more

Are you able to connect with the same client using a pre-shared key instead of Certificates? If you are then try and reinstall the certificate. You could also try to use IPSec over UDP on the client and check IPSec overNAT-T on the concentrator and make sure that UDP 4500 is allowed through the device the client is connecting through.


This Discussion