Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
2
Replies

IAS Auth not working on Concentrator 3020 (-> MS-IAS on 2003)

aodermatt
Level 1
Level 1

‎06-03-2009 01:49 PM

Aborting: No identity cert specified in IPSec SA (Payload malformed)!

User (aaaa@111.company.com) not member of group (111.company.com), authe

ntication failed.

Situation:

we got Cisco concentrator 3005 (Rel4.1.7H) running.

Mixed user groups:

- some authenticated in TACACS

- some authenticated in MS-IAS/Radius (AD) on 2003

After HW upgrade to concentrator 3020 (config.-file copied 3005 -> 3020) above error message apears for all MS-IAS authentications, while TACACS works fine

Pls. any idea is more then welcome and urgently appreaciated

Labels:
0 Helpful
2 Replies 2

s.jankowski
Level 4
Level 4

‎06-09-2009 06:33 AM

Aborting: No identity cert specified in IPSec SA (Payload malformed)!

This could be for several reasons regarding the cert (cert expired on one of them) or it may be because of try that the user did. So please ensure your certificate is valid.

0 Helpful

aodermatt
Level 1
Level 1
In response to s.jankowski

‎06-09-2009 07:06 AM

thank you for that reply. Unfortunately, the authentication is based on "shared secret". I ckecked all:on the new plattform: IKE proposal, IPSEC_SA proposals, but could not find the problem

Any other idea?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents