I've been really struggling with the pc certificate request/enrollment trying various versions of Cisco VPN CLient 4.6,4.8,5.0. I've tried every combination of scep and/or file binary/file base 64 without any promise of avoiding errors all leading me to believe a bad certificate was created.
I'm using Cisco's IOS 12.4(13b) as CA server and have tried to connect to both RA and CA.
Common enrollment error at router IOS:
--------------------------------------
Aug 2 16:10:10.910: CRYPTO_CS: received an enrollment request
Aug 2 16:10:10.918: E ../cert-c/source/certobj.c(691) : Error #705h
Aug 2 16:10:10.918: CRYPTO_CS: failed to set the cert object
Aug 2 16:10:21.888: CRYPTO_CS: Granting enrollment request 15
Aug 2 16:10:21.892: CRYPTO_CS: added CDP extension
Aug 2 16:10:21.892: CRYPTO_CS: added key usage extension
Aug 2 16:10:22.809: CRYPTO_CS: serial number 0x10 written.
Aug 2 16:10:22.914: CRYPTO_CS: reqID=15 granted, fingerprint=8D150C0D95F736A76D
92EED700924315
A client enroll error is:
-------------------------
1 10:58:49.362 08/02/07 Sev=Warning/3 CERT/0xA360000C
Certificate import failed - ImportMyCertAndKey: 1797
2 10:58:49.362 08/02/07 Sev=Warning/3 CERT/0xA360000C
Certificate import failed - ImportCertFromPkcs12File fail: 1797
I've attached a file of the run-time error from the IOS which is similar to the clients run-time below, but much more imformative:
-------------------------------------------------------
1 16:28:30.598 08/01/07 Sev=Warning/3 IKE/0xE3000081
Invalid remote certificate id: ID_FQDN: ID = vpn-end.gplops.org, Certificate = [NULL]
2 16:28:30.598 08/01/07 Sev=Warning/3 IKE/0xE3000058
The peer's certificate doesn't match Phase 1 ID
3 16:28:30.618 08/01/07 Sev=Warning/2 IKE/0xE30000A5
Unexpected SW error occurred while processing Identity Protection (Main Mode) negotiator:(Navigator:2202)
What other products are inexpensive yet dependable, because need a low cost approach to roll it out. Small shop, planned # of vpn users is less than 25.
Help...