Hello!

Do anyone have successful experience with CRACK authentication on ASA? tell pls versions and coonfigurations.

on asa version 8.0.4 authentication fails on certificate verification stage.

debug after successful ike policy verification:

Mar 15 19:18:09 [IKEv1]: IP = 192.168.0.169, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + CERT_REQ (7) + VENDOR (13) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 403
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing ke payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing ISA_KE payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing nonce payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing cert request payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing VID payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, Received Nokia Client Vid VID
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing NAT-Discovery payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, computing NAT Discovery hash
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, processing NAT-Discovery payload
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, computing NAT Discovery hash
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, CRACK processing is initiated...
Mar 15 19:18:09 [IKEv1]: IP = 192.168.0.169, Unable to find the requested certificate
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, CRACK processing is completed...
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, IKE MM Responder FSM error history (struct &0xc9118840)  <state>, <event>:  MM_DONE, EV_ERROR-->MM_CRACK_DONE, EV_ERROR-->MM_CRACK_BLD_MSG4, EV_UPDATE_CERT-->MM_CRACK_BLD_MSG4, EV_DO_CRACK-->MM_BLD_MSG4, EV_TEST_CRACK-->MM_BLD_MSG4, EV_SECRET_KEY_OK-->MM_BLD_MSG4, NullEvent-->MM_BLD_MSG4, EV_GEN_SECRET_KEY
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, IKE SA MM:50b15acd terminating:  flags 0x0100c002, refcnt 0, tuncnt 0
Mar 15 19:18:09 [IKEv1 DEBUG]: IP = 192.168.0.169, sending delete/delete with reason message

Cert on ASA is signed and CA cert is available on the nokia E51 phone