Hello!
Do anyone have successful experience with CRACK authentication on ASA? tell pls versions and coonfigurations.
on asa version 8.0.4 authentication fails on certificate verification stage.
debug after successful ike policy verification:
Mar 15 19:18:09 [IKEv1]: IP = 192.168.0.169, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + CERT_REQ (7) + VENDOR (13) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 403
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing ke payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing ISA_KE payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing nonce payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing cert request payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing VID payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, Received Nokia Client Vid VID
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing NAT-Discovery payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, computing NAT Discovery hash
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing NAT-Discovery payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, computing NAT Discovery hash
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, CRACK processing is initiated...
Mar 15 19:18:09 [IKEv1]: IP = 192.168.0.169, Unable to find the requested certificate
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, CRACK processing is completed...
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, IKE MM Responder FSM error history (struct &0xc9118840) <state>, <event>: MM_DONE, EV_ERROR-->MM_CRACK_DONE, EV_ERROR-->MM_CRACK_BLD_MSG4, EV_UPDATE_CERT-->MM_CRACK_BLD_MSG4, EV_DO_CRACK-->MM_BLD_MSG4, EV_TEST_CRACK-->MM_BLD_MSG4, EV_SECRET_KEY_OK-->MM_BLD_MSG4, NullEvent-->MM_BLD_MSG4, EV_GEN_SECRET_KEY
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, IKE SA MM:50b15acd terminating: flags 0x0100c002, refcnt 0, tuncnt 0
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, sending delete/delete with reason message
Cert on ASA is signed and CA cert is available on the nokia E51 phone