Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN3K L2L Netscreen with X.509

Hi all,

we try to establish a site-to-site vpn with VPN3015 and Netscreen Firewall with

RSA Certificates.The tunnel comes up, if it is initiated by the side of Netscreen,

but it fails when the VPN3K tries to open it.Here is what we see in the Netscreenlog :

IKE<-.-.-.- > Process [ID]:

IKE<-.-.-.- > ID received: type=ID_DER_ASN1_DN, DN = Email=... CN=...,OU=...,O=...,C=..., port = 0, protocol=0

IKE<-.-.-.-> Received incorrect ID payload: ID type mismatch.

IKE<-.-.-.-> ID processed. return 1. sa->p1_state = 2.

IKE<-.-.-.-> Error processing ID

IKE<-.-.-.- > Phase 1: Main mode

negotiations have failed.

The Netscreen is awaiting to get the ID type ID_FQDN,but the VPN3K sends the ID ID_DER_ASN1_DN. We also changed the value of the DN Field in Configuration|Usermanagement|Groups|IPSec,but nothing changed.How will it possible to send the right ID to Netscreen ?

Thanks and regards

Volker

1 REPLY
Silver

Re: VPN3K L2L Netscreen with X.509

Try using ip address instead of DN and see if it works.

228
Views
0
Helpful
1
Replies
CreatePlease login to create content