01-08-2007 09:30 AM - edited 02-21-2020 02:48 PM
We have configure a Lan-to-lan IPsec connexion using digital certificate between a VPN Cisco 3000 and a Nortel Contivity.
We have test with success the configuration on both side and we have try to replicate this in production environment.
But the tunnel is not active and we have the message in the Cisco log :
142 01/04/2007 11:11:17.270 SEV=5 IKE/79 RPT=4 144.36.239.xxx
Group [144.36.239.xxx]
Validation of certificate successful
(CN=MiDC12xxx, SN=74D7B50900000000xxxx)
144 01/04/2007 11:11:17.270 SEV=7 IKEDBG/0 RPT=179 144.36.239.xxx
Group [144.36.239.xxx]
peer ID type 9 received (DER_ASN1_DN)
145 01/04/2007 11:11:17.270 SEV=3 IKE/0 RPT=6 144.36.239.xxx
Group [144.36.239.xxx]
IKE Identity DN does not match peer cert DN
Could you explain to me the last sentence : which identity DN ? who is the peer as I'm log on the Cisco ?
We have reinstall identity certificate on both side and we have the same problem.
01-09-2007 12:00 AM
Hi,
Check the Group's "DN Field" setings, under Group-> IPSEC.
Or, check the "Configuration | Policy Management | Certificate Group Matching"
Please rate if this helped.
Regards,
Daniel
01-09-2007 12:36 AM
Hi,
thanks for your answer.
We have no rules or policy defined for Group Matching. I had already check this part before.
I will try different configuration for the DN field and see if it's working.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: