Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN IPsec using certificate between Cisco & Nortel

We have configure a Lan-to-lan IPsec connexion using digital certificate between a VPN Cisco 3000 and a Nortel Contivity.

We have test with success the configuration on both side and we have try to replicate this in production environment.

But the tunnel is not active and we have the message in the Cisco log :

142 01/04/2007 11:11:17.270 SEV=5 IKE/79 RPT=4 144.36.239.xxx

Group [144.36.239.xxx]

Validation of certificate successful

(CN=MiDC12xxx, SN=74D7B50900000000xxxx)

144 01/04/2007 11:11:17.270 SEV=7 IKEDBG/0 RPT=179 144.36.239.xxx

Group [144.36.239.xxx]

peer ID type 9 received (DER_ASN1_DN)

145 01/04/2007 11:11:17.270 SEV=3 IKE/0 RPT=6 144.36.239.xxx

Group [144.36.239.xxx]

IKE Identity DN does not match peer cert DN

Could you explain to me the last sentence : which identity DN ? who is the peer as I'm log on the Cisco ?

We have reinstall identity certificate on both side and we have the same problem.

2 REPLIES

Re: VPN IPsec using certificate between Cisco & Nortel

Hi,

Check the Group's "DN Field" setings, under Group-> IPSEC.

Or, check the "Configuration | Policy Management | Certificate Group Matching"

See http://cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00801f1dbb.html#1450058

Please rate if this helped.

Regards,

Daniel

Community Member

Re: VPN IPsec using certificate between Cisco & Nortel

Hi,

thanks for your answer.

We have no rules or policy defined for Group Matching. I had already check this part before.

I will try different configuration for the DN field and see if it's working.

386
Views
2
Helpful
2
Replies
CreatePlease to create content