I enabled Local Certificate Authority Services on ASA5500 V8.02, VPN is working when I use Pre-share key to authenticate client logon. but it doesn't work when I use the Certificate.
The following is ASA 5500 debug log, VPN client log and ASA 5500 Config. Can someone advise me what's wrong on the config and how to get it work with local certificate authority on ASA 5500. Thank you so much for your help.
ASA 5500 Debug Log when IPSec Remote Client connect to ASA5500 using Certificate (Through ASA5500 Local Certificate Authority)
113019|||Group = , Username = , IP = 0.0.0.0, Session disconnected. Session Type: , Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Unknown
713903|||Group = TestRemoteVPN, IP = 184.108.40.206, Error: Unable to remove PeerTblEntry
713902|||Group = TestRemoteVPN, IP = 220.127.116.11, Removing peer from peer table failed, no match!
713050|||Group = TestRemoteVPN, IP = 18.104.22.168, Connection terminated for peer . Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
713068|||Group = TestRemoteVPN, IP = 22.214.171.124, Received non-routine Notify message: Authentication failed (24)
713068|||Group = TestRemoteVPN, IP = 126.96.36.199, Received non-routine Notify message: Invalid signature (25)
717028|||Certificate chain was successfully validated with warning, revocation status was not checked.
717022|||Certificate was successfully validated. serial number: 02, subject name: cn=test1.
302015|188.8.131.52|ASA5500-WAN-IP-Address|Built inbound UDP connection 826 for WAN:Remote Peer IP Address/2971 to NP Identity Ifc:ASA5500 WAN IP Address/500