VPN 3000 concentrator and invalid certificates

Unanswered Question
Oct 19th, 2009
User Badges:

I am troubleshooting certificate issues on our VPN 3000 series concentrator:

I have two laptops set up with the Cisco VPN client, both using the same VPN certificate.

One laptop can log in successfully to the VPN, the other attempts to connect but fails before the username/password prompt even appears.

The following entry is found on the VPN concentrator for the failed connection:

18275 10/08/2009 09:46:53.150 SEV=5 IKE/79 RPT=3174 62.252.24.xxx

Group [Contractors]

Validation of certificate successful

(CN=A. Marshall, SN=1FCB63DA0000000000AB)

18277 10/08/2009 09:46:53.290 SEV=5 IKE/68 RPT=130 62.252.24.xxx

Group [Contractors]

Received non-routine Notify message: Invalid certificate (20)

18279 10/08/2009 09:46:53.290 SEV=5 IKE/50 RPT=2083 62.252.24.xxx

Group [Contractors]

Connection terminated for peer .

Reason: Peer Terminate, Administratively Disconnected.

Remote Proxy N/A, Local Proxy N/A

Can anyone point me in the right direction for troubleshooting this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Wed, 10/28/2009 - 12:59
User Badges:
  • Cisco Employee,

Does this laptop that fails have the root and Id valid?

Ivan Martinon Wed, 10/28/2009 - 13:05
User Badges:
  • Cisco Employee,

Can you get the logs from the client too and post them here

lakkinheit Mon, 01/25/2010 - 03:39
User Badges:

This was traced finally to the fact that the root and issuing authority certificates for our organisation were not being exported with the client certificate, so the client was rejecting the VPN concentrator's certificate.


This Discussion