Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

DN certificate group matching doesn't work

Hi

I have created a rule which looks like: "CERTUSER <-- issuer-o="siemens".

I can verify, that my certificate contains this "o" field. In matching policy I activitad "match group from rules".

Even though the client can't connect to my vpn3k. In log I can not see, that the vpn3k tries to check the rule.

I see only:

----- cut -----

164 04/25/2003 12:09:26.080 SEV=5 IKE/21 RPT=5 213.3.254.62

No Group found by matching IP Address of Cert peer 213.3.254.62

165 04/25/2003 12:09:26.080 SEV=5 CERT/103 RPT=5

Cert group from OU feature is disabled

166 04/25/2003 12:09:26.080 SEV=5 CERT/104 RPT=3

Cert connect to default group feature is disabled

167 04/25/2003 12:09:26.080 SEV=4 IKE/95 RPT=3 213.3.254.62

No Group found for Cert-based peer

---- cut -----

When I activate "the default group=CERTUSER", then it works fine.

Any suggestions ?

Thanks, Eva

1 REPLY
Bronze

Re: DN certificate group matching doesn't work

Please check if you did this, To specify a policy for group matching by rules, you must define the rules and enable each rule for a selected group that already exists in the configuration.

106
Views
0
Helpful
1
Replies
CreatePlease to create content