Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN 3000 concentrator's PKCS#10 form

In the PKCS#10 form of vpn 3000 series concentrator the OU field must match the group name otherwise that group can't connect to the vpn concrator . If you don't fill the group field then by default which field overwrites the group field ?

2 REPLIES
Silver

Re: VPN 3000 concentrator's PKCS#10 form

I was told that the OU field of the certificate of the Concentrator had to match the OU field of the Client Certificate. However I remember testing my setup with different OU in the concentrator certificate and things seemed to work fine.

New Member

Re: VPN 3000 concentrator's PKCS#10 form

By default you have Configuration->Policy Management->Group Matching->Policy->Obtain Group from OU box checked.

It's more flexible to uncheck this box and, then check Match Group from Rules. After, you need to configure one or more rules. In rules you are able to select from Subject of from issuer what Distinguished Name you want. I have a complex configuration based on that and works very nice.

247
Views
0
Helpful
2
Replies
CreatePlease to create content