Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Client certifacte issue /// Connection landed on tunnel_group DefaultRAGroup

Hi,

 

I am having issue with VPN client after adding new certificate on client. Client were working with old certificate we just added new certificate after old is expired. No changes are done on ASA.

None of the clients are able to connect VPN.

Below are the errors are seen when we debug on ACA..

Sep 17 2014 14:58:58: %ASA-7-715047: IP = 217.33.194.129, processing notify payload
Sep 17 2014 14:58:58: %ASA-6-713172: IP = 217.33.194.129, Automatic NAT Detection Status:     Remote end   IS   behind a NAT device     This   end   IS   behind a NAT device
Sep 17 2014 14:58:58: %ASA-7-713906: IP = 217.33.194.129, Trying to find group via OU...
Sep 17 2014 14:58:58: %ASA-3-713020: IP = 217.33.194.129, No Group found by matching OU(s) from ID payload:   Unknown
Sep 17 2014 14:58:58: %ASA-7-713906: IP = 217.33.194.129, Trying to find group via default group...
Sep 17 2014 14:58:58: %ASA-7-713906: IP = 217.33.194.129, Connection landed on tunnel_group DefaultRAGroup
Sep 17 2014 14:58:58: %ASA-3-713226: Connection failed with peer '217.33.194.129', no trust-point defined for tunnel-group 'DefaultRAGroup'

let me know if more logs are required.

Can anyone tell me step-by-step changes on client PC & ASA for adding new cert ?

Thanks,

AD

1 REPLY
New Member

Hi, Are you sure whether the

Hi,

 

Are you sure whether the certificates to the client is issues from the same CA? can you please get the below debugs along with some outputs:

 

deb cry ca 127

deb cry ca me 127

deb cry ca transac 127

 

Show outputs:

Show cry ca certificates

 

Regards,

Altaf

74
Views
0
Helpful
1
Replies