Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

problem with certificates on ASA

Hi,

I am trying to set up\a remote access tunnell with an ASA that is natted behind a Checkpoint firewall. Shared key works perfectly but when I try it with certificates the client drops the connection because;

482 16:30:34.581 10/27/05 Sev=Warning/3 IKE/0xE3000080

Invalid remote certificate id: ID_IPV4_ADDR: ID = 0x02001EAC, Certificate = 0x00000000

It is seeing the private address 172.30.0.2 instead of the external address. I have tried to add the ip address in the enrollment process but it will not do it. Th CA is an enterprise MS CA. the template is an ipsec offline cert. i have tried to add the IP address to the fqdn, changing the cn to the ip address but to no avail. I suspect I need to add the ability of adding the ip address to the microsoft template but not sure how to do this......any ideas appreciated

Thanks,

Vincent

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: problem with certificates on ASA

isakmp identify auto

Identity automatically determined by the connection type: IP address for preshared key and Cert DN for Cert based connections

That should do it.

2 REPLIES
Community Member

Re: problem with certificates on ASA

isakmp identify auto

Identity automatically determined by the connection type: IP address for preshared key and Cert DN for Cert based connections

That should do it.

Community Member

Re: problem with certificates on ASA

Thanks Wyatt that worked.....

I should have remembered that I had set isakmp identity address for shared key access.

309
Views
0
Helpful
2
Replies
CreatePlease to create content