Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

strange problem with digital certs with vpn 3005

i am having a strange problem with vpn 3005 using digital certificates. i am using digital certificates for the vpn 3005 and also with the vpn clint using digital certificates.

both the entities have received their certs from a ca which are valid.

now the OU field in the identity cert of the vpn 3005 is ENGG. and the OU field in the vpn client;s cert is sales.

i have created a remote-access group with the name as cisco which is not matching the OU of the vpn client.

still the user is able to connect via certs. in the matching group policy also i have set to match the OU from the cert.

in 4.1.5 code it worked properly as the way it should. i upgraded it to 4.7.2 but now it;s working even with the wrong groupname.

i tried the same scenario with a router and vpn client it worked properly as the way it should. when the group name was different than the OU field of the client cert it disconnected.

has anyone before has faced the samed problem.

regards

sebastan

2 REPLIES
Silver

Re: strange problem with digital certs with vpn 3005

The OU field should be the same between the server and the client. If the OU field is SA connection will not be established between the server and the client.

New Member

Re: strange problem with digital certs with vpn 3005

hi thomas u are right. even i know that if the ou fields are different then the sa should not be established. but here it is working.

in 4.1.5 release it worked fine but in the new 4.7.2 . it;s working anyways. could be a bug in the ios.

regards

sebastan

99
Views
0
Helpful
2
Replies