Solved: Re: problem with certificates on ASA

v-naughton · ‎10-27-2005

Hi,

I am trying to set up\a remote access tunnell with an ASA that is natted behind a Checkpoint firewall. Shared key works perfectly but when I try it with certificates the client drops the connection because;

482 16:30:34.581 10/27/05 Sev=Warning/3 IKE/0xE3000080

Invalid remote certificate id: ID_IPV4_ADDR: ID = 0x02001EAC, Certificate = 0x00000000

It is seeing the private address 172.30.0.2 instead of the external address. I have tried to add the ip address in the enrollment process but it will not do it. Th CA is an enterprise MS CA. the template is an ipsec offline cert. i have tried to add the IP address to the fqdn, changing the cn to the ip address but to no avail. I suspect I need to add the ability of adding the ip address to the microsoft template but not sure how to do this......any ideas appreciated

Thanks,

Vincent

wyatts · ‎10-27-2005

isakmp identify auto

Identity automatically determined by the connection type: IP address for preshared key and Cert DN for Cert based connections

That should do it.

View solution in original post

wyatts · ‎10-27-2005

isakmp identify auto

Identity automatically determined by the connection type: IP address for preshared key and Cert DN for Cert based connections

That should do it.

v-naughton · ‎10-27-2005

Thanks Wyatt that worked.....

I should have remembered that I had set isakmp identity address for shared key access.