Hi
I have created a rule which looks like: "CERTUSER <-- issuer-o="siemens".
I can verify, that my certificate contains this "o" field. In matching policy I activitad "match group from rules".
Even though the client can't connect to my vpn3k. In log I can not see, that the vpn3k tries to check the rule.
I see only:
----- cut -----
164 04/25/2003 12:09:26.080 SEV=5 IKE/21 RPT=5 213.3.254.62
No Group found by matching IP Address of Cert peer 213.3.254.62
165 04/25/2003 12:09:26.080 SEV=5 CERT/103 RPT=5
Cert group from OU feature is disabled
166 04/25/2003 12:09:26.080 SEV=5 CERT/104 RPT=3
Cert connect to default group feature is disabled
167 04/25/2003 12:09:26.080 SEV=4 IKE/95 RPT=3 213.3.254.62
No Group found for Cert-based peer
---- cut -----
When I activate "the default group=CERTUSER", then it works fine.
Any suggestions ?
Thanks, Eva