Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Microsoft Certificate Authority and Ciso vpn client

I installed and configured microsoft certificate authority and configured the cisco pix firewall to get the certificate from the server. From a remote system i browsed the ceritificate authority and installed the certificate on the system. But when i try to connect to the Cisco firewall through vpn i am not getting connected. In the debug command i am seeing that the cisco pix tried 8 times and error message says "atts is not acceptable" Can some one guide me to any link which tells the step by step configuration for this problem.

Thanks in Advance

4 REPLIES
Silver

Re: Microsoft Certificate Authority and Ciso vpn client

The error "attributes are not acceptable" indiate a possible problem with the basic configuration. Please check to see if the attributes (transform sets etc) match on both the ends.

New Member

Re: Microsoft Certificate Authority and Ciso vpn client

My Pix outside ip address is x.x.x.x1 and Certificate authority server is mapped to x.x.x.x2. I configured the Cisco Pix exactly the way the website says like

ca generate rsa 512

ca identity nickname 192.168.20.5:/certsrv/mscep/mscep.dll

ca configure nickname ra 1 20 crloptional

ca authenticate nickname

ca enrol nickname 192.168.20.5(Server ip address)

I mapped 192.168.20.5 for x.x.x.x1 and opened port 80 for the same.

From the client system i gave http://x.x.x.x2/certsrv

and in the advanced request i chose "Submit the Certificate request using CA form" and in the next screen the intended purpose was "Client Authentication purpose" and CSP "Microsoft Base Cryptographic Provider v1.0" and i installed the certificate on the local system.

Now in the Cisco VPN client 4.2 Insead of Group authentication i chose Certificate and selected the installed certificate. Now when i try to connect after ipsec intialization it is trying to connect to x.x.x.x2 which is the CA Server and getting error could not connect. Is there anything i need to do? What should be authentication in pix? Should it be pre-share or rsa-sig? What should be crypto map set be ?

Thanks in Advance

Silver

Re: Microsoft Certificate Authority and Ciso vpn client

I would recommend that before trying to use the certificates, set the connection up for a basic pre-shared key.

This way you can check out the basic ISAKMP and IPSec configuration, I agree with the previous post that indicates this is where the problem is.

New Member

Re: Microsoft Certificate Authority and Ciso vpn client

I tried with out certificate and basic setup with radius authentication and it worked fine. Should i remove radius authentication for certificates?

Thanks

238
Views
0
Helpful
4
Replies
CreatePlease login to create content