I am trying to set up\a remote access tunnell with an ASA that is natted behind a Checkpoint firewall. Shared key works perfectly but when I try it with certificates the client drops the connection because;
482 16:30:34.581 10/27/05 Sev=Warning/3 IKE/0xE3000080
Invalid remote certificate id: ID_IPV4_ADDR: ID = 0x02001EAC, Certificate = 0x00000000
It is seeing the private address 172.30.0.2 instead of the external address. I have tried to add the ip address in the enrollment process but it will not do it. Th CA is an enterprise MS CA. the template is an ipsec offline cert. i have tried to add the IP address to the fqdn, changing the cn to the ip address but to no avail. I suspect I need to add the ability of adding the ip address to the microsoft template but not sure how to do this......any ideas appreciated
isakmp identify auto
Identity automatically determined by the connection type: IP address for preshared key and Cert DN for Cert based connections
That should do it.