I have a problem with VPN configuration of our PIX Firewall.
We use this configuration:
PIX 515E (3 interfaces) running the latest 8.0(3) firmware.
We are using an L2TP IPSec VPN with certificates from our Microsoft CA and using the native Windows XP client. This setup was running O.K. with the old firmware (6.x), but after upgrading our PIX to 8.0(3) the VPN clients cannot connect anymore. We tried to debug our configuration and found the following errors:
5|Jan 11 2008|09:22:46|713904|||Group = DefaultRAGroup, IP = 126.96.36.199, Peer Certificate authentication failed: General Error
3|Jan 11 2008|09:22:46|717027|||Certificate chain failed validation. Certificate chain is either invalid or not authorized.
3|Jan 11 2008|09:22:46|717009|||Certificate validation failed. Peer certificate key usage is invalid, serial number: 13780BA600000000027B, subject name: ea=[email protected],cn=AleÅ¡ Hybner,ou=UIT,o=SVAS,l=Kladno,st=Kladno,c=CR.
Can anybody help?