Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem IPSec / SSL VPN (WebVPN) ASA5550 and Microsoft CA

Hi,

We want to connect by Cisco VPN Client to ASA5550 (IOS 8.0(4)) over VPN witch certificates generated by Microsoft CA (Server 2008 Enterprise).

ASA has own certificate generated by MS CA and client cert are also generated by MS CA.

(link:http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml )

What is wrong ??

Log from Cisco VPN Client:

Cisco Systems VPN Client Version 5.0.02.0090

Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 6.0.6001 Service Pack 1

23 11:49:58.219 05/25/09 Sev=Warning/3 IKE/0xE3000081

Invalid remote certificate id: ID_IPV4_ADDR: ID = 0x3DD827C3, Certificate = 0x00000000

24 11:49:58.219 05/25/09 Sev=Warning/3 IKE/0xE3000059

The peer's certificate doesn't match Phase 1 ID

25 11:49:58.219 05/25/09 Sev=Warning/2 IKE/0xE30000A7

Unexpected SW error occurred while processing Identity Protection (Main Mode) negotiator:(Navigator:2238)

Have You any solution?

The same config on the PIX 515E and the same VPN Client works!!

Additional log from ASA in attachment.

Mateusz

2 REPLIES
Bronze

Re: Problem IPSec / SSL VPN (WebVPN) ASA5550 and Microsoft CA

"Error: Unable to remove PeerTblEntry" Make sure you have license for 3DES.

Also add crypto isakmp nat-traversal 20

Make sure your ISP supports Bridging (a few doesnt in some countries)

Make sure you choose group auth in vpn client and typed TunnelGroup1 in VPN client. Ensure your NAT configuration also.

New Member

Re: Problem IPSec / SSL VPN (WebVPN) ASA5550 and Microsoft CA

633
Views
0
Helpful
2
Replies