VPN3030 - No Group found by matching IP Address of Cert Peer
The above error message keeps on appearing in the syslog everytime a user logs in(in fact, its the very first message of every login). I have checked my group matching configuration and confirmed that I only asked to obtain group from the OU and not to match any IP address. Does anybody knows why and how it can be stopped?
Re: VPN3030 - No Group found by matching IP Address of Cert Peer
I believe that this message is occuring because when a client comes in to the concentrator, it starts looking at the matching criteria in order. The IP address criteria is the first one it checks, so if you do not have that criteria checked when configuring the certificate it will give the message that you included. This URL should assist you more http://www.cisco.com/warp/public/471/vpn3k-cert-match.html.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...