IAS Auth not working on Concentrator 3020 (-> MS-IAS on 2003)

Unanswered Question
Jun 3rd, 2009

Aborting: No identity cert specified in IPSec SA (Payload malformed)!

User ([email protected]) not member of group (111.company.com), authe

ntication failed.


we got Cisco concentrator 3005 (Rel4.1.7H) running.

Mixed user groups:

- some authenticated in TACACS

- some authenticated in MS-IAS/Radius (AD) on 2003

After HW upgrade to concentrator 3020 (config.-file copied 3005 -> 3020) above error message apears for all MS-IAS authentications, while TACACS works fine

Pls. any idea is more then welcome and urgently appreaciated

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
s.jankowski Tue, 06/09/2009 - 06:33

Aborting: No identity cert specified in IPSec SA (Payload malformed)!

This could be for several reasons regarding the cert (cert expired on one of them) or it may be because of try that the user did. So please ensure your certificate is valid.

aodermatt Tue, 06/09/2009 - 07:06

thank you for that reply. Unfortunately, the authentication is based on "shared secret". I ckecked all:on the new plattform: IKE proposal, IPSEC_SA proposals, but could not find the problem

Any other idea?


This Discussion