VPN 3000 concentrator and invalid certificates

Document

Mon, 10/12/2009 - 04:01
Oct 8th, 2009
User Badges:

I am troubleshooting certificate issues on our VPN 3000 series concentrator:


I have two laptops set up with the Cisco VPN client, both using the same VPN certificate.


One laptop can log in successfully to the VPN, the other attempts to connect but fails before the username/password prompt even appears.


The following entry is found on the VPN concentrator for the failed connection:


18275 10/08/2009 09:46:53.150 SEV=5 IKE/79 RPT=3174 62.252.24.xxx
Group [Contractors]
Validation of certificate successful
(CN=A. Marshall, SN=1FCB63DA0000000000AB)


18277 10/08/2009 09:46:53.290 SEV=5 IKE/68 RPT=130 62.252.24.xxx
Group [Contractors]
Received non-routine Notify message: Invalid certificate (20)


18279 10/08/2009 09:46:53.290 SEV=5 IKE/50 RPT=2083 62.252.24.xxx
Group [Contractors]
Connection terminated for peer .
Reason: Peer Terminate, Administratively Disconnected.
Remote Proxy N/A, Local Proxy N/A



Can anyone point me in the right direction for troubleshooting this?

Loading.
Satheshkumar Na... Mon, 10/12/2009 - 04:01
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

Hi Mathew,


Thank you for your posting and interest in the Cisco Support Community.  For best practices on posting documents in this community you can refer to

https://supportforums.cisco.com/docs/DOC-6022#Can_I_use_documents_to_post_technical_questions


For technical questions related to a Cisco Product or Technology, we encourage you to post on the Network Professionals Forum (NetPro). For your question on <specify Cisco Product or technology> you can go to <put the link to the specific forum, e.g. if the question is related to VPN how to troubleshoot firewall, put the post in VPN


Actions

This Document

Related Content