10-27-2005 08:42 AM
Hi,
I am trying to set up\a remote access tunnell with an ASA that is natted behind a Checkpoint firewall. Shared key works perfectly but when I try it with certificates the client drops the connection because;
482 16:30:34.581 10/27/05 Sev=Warning/3 IKE/0xE3000080
Invalid remote certificate id: ID_IPV4_ADDR: ID = 0x02001EAC, Certificate = 0x00000000
It is seeing the private address 172.30.0.2 instead of the external address. I have tried to add the ip address in the enrollment process but it will not do it. Th CA is an enterprise MS CA. the template is an ipsec offline cert. i have tried to add the IP address to the fqdn, changing the cn to the ip address but to no avail. I suspect I need to add the ability of adding the ip address to the microsoft template but not sure how to do this......any ideas appreciated
Thanks,
Vincent
Solved! Go to Solution.
10-27-2005 11:45 AM
isakmp identify auto
Identity automatically determined by the connection type: IP address for preshared key and Cert DN for Cert based connections
That should do it.
10-27-2005 11:45 AM
isakmp identify auto
Identity automatically determined by the connection type: IP address for preshared key and Cert DN for Cert based connections
That should do it.
10-27-2005 12:58 PM
Thanks Wyatt that worked.....
I should have remembered that I had set isakmp identity address for shared key access.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: