Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN3000 identity certificate problem off internal Microsoft CA

I have been sent a replacement VPN3000 concentrator due to an intermittent (unknown) fault and appear to have a problem with it's identity certificate. We use the VPN3000 for IPSec clients using RSA certificates, IPSec LAN2LAN using pre-shared-keys and WebVPN using an SSL certificate. We use Microsoft certificate services.

In order to replace the concentrator I exported the SSL Thawtre certificate to the new device and the Thawtre CA's, I installed our organisations CA certificate and enrollled with the CA to obtain an identity certificate. The WebVPN works fine but the VPN clients do not authenticate. I have checked through the config of both concentrators (as I am still using the old one) and there is no difference in the setup at all.

Cann anyone help me ?

I have attached a log from the VPN concentrator and the client when attempting to make a connection.


Re: VPN3000 identity certificate problem off internal Microsoft

Are you able to connect with the same client using a pre-shared key instead of Certificates? If you are then try and reinstall the certificate. You could also try to use IPSec over UDP on the client and check IPSec overNAT-T on the concentrator and make sure that UDP 4500 is allowed through the device the client is connecting through.