Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Spaces in IPSec Main Mode ID for RV 120W? (Windows IPSec VPN)

I'm attempting to configure a Cisco RV 120W to connect to a remote network using an IPSec VPN hosted from a Windows Server 2003 machine, using certificates for authentication.  I have been able to configure OpenSwan to connect from a Linux machine, so I can confirm that the IPSec connection is functional and working.  However, I have had no success with the RV 120W.  The problem is that I am unable to specify the Main Mode ID in a way that the RV 120W will accept.  In all configurations I have tried, I receive the following messages in the logs:

2010-11-21 20:41:08: [BILGCS01] [IKE] ERROR:  mismatched ID was returned.
2010-11-21 20:41:08: [BILGCS01] [IKE] INFO:  Sending Informational Exchange: notify payload[ATTRIBUTES-NOT-SUPPORTED]
2010-11-21 20:41:08: [BILGCS01] [IKE] ERROR:  Phase2 negotiation failed for XXX.XXX.XXX.XXX[4500].

Using the debugging output of OpenSwan, I know that the Main Mode ID provided by the Windows server is the DER ASN1 DN from the certificate (e.g. "C=US, ST=MT, ...").  However, I am unable to specify this in the RV 120W configuration because the Remote Identifier field in the IKE Policy gives me the error Empty Space, Single Quote and Double Quote characters are not supported for this field.  But, to my knowledge, it is not possible to change the Main Mode ID on the Windows side... so what do I do?

1 REPLY
Cisco Employee

Re: Spaces in IPSec Main Mode ID for RV 120W? (Windows IPSec VPN

Hi,

since this question is about a product in the Cisco Small Business / Linksys range, I suggest you move it to the Small Business - Security community, where you will have a better chance of getting expert advice.

I hope this helps.

Best regards,

Herbert

490
Views
0
Helpful
1
Replies
CreatePlease to create content