Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Creating certificates and choosing isakmp identity for VPN client


I'm using certificate authentication for VPN tunnels between a Cisco VPN client and an IOS router. It works OK, if I set my router with 'crypto isakmp identity dn' as I seem to have matched the certificates correctly.

Should I continue using this method, or would it be better to identify using 'hostname', or 'address' (which is dynamic)?

I'm not sure which is best in terms of security, or if it makes any difference.

Also I can't get hostname to work, as I get an error in the VPN client log saying that the remote FQDN is invalid...

442 11:25:14.850 05/23/06 Sev=Warning/3 IKE/0xE3000081

Invalid remote certificate id: ID_FQDN: ID =, Certificate = [NULL]

443 11:25:14.850 05/23/06 Sev=Warning/3 IKE/0xE3000058

The peer's certificate doesn't match Phase 1 ID

Any help would be most appreciated,

Cheers, Michael

  • VPN