From: 2nd CCIE (doubleccie@yahoo.com)
Date: Fri Jan 13 2006 - 09:23:53 GMT-3
guys ; i am trying to connect my cisco VPN client 4.6 to Cisco 3005 concentrator using certification ,
I installed (manually )the root and identity certificate on both client and concentrator successfully
I created a group called traininga on the concentrator and configured the group matching policy to map the OU field of the certificate ...till here everything looks ok from the live event log of the concentrator
however , it the connection does not go through because of authentication faild message ? the client does not prompt me to enter a username and password ( is that what is supposed to happen here ?)
I am using authentication = radius on the concentrator group configuration and and the IKE proposal is RSA (xauth ) .
any suggestions ???
see the log of the concentrator attached
325 01/13/2006 16:16:45.390 SEV=5 IKE/21 RPT=18 200.1.1.11
No Group found by matching IP Address of Cert peer 200.1.1.11
326 01/13/2006 16:16:45.390 SEV=5 CERT/110 RPT=15
Group match for cert peer 200.1.1.11 succeeded using rule
ou="training1"
327 01/13/2006 16:16:45.390 SEV=5 CERT/105 RPT=15
Group [training1] found for cert peer 200.1.1.11 by group match rule
ou="training1"
329 01/13/2006 16:16:45.510 SEV=5 IKE/79 RPT=17 200.1.1.11
Group [training1]
Validation of certificate successful
(CN=client-identity, SN=1388696B000000000005)
332 01/13/2006 16:16:46.640 SEV=5 IKE/68 RPT=14 200.1.1.11
Group [training1]
Received non-routine Notify message: Authentication failed (24)
334 01/13/2006 16:16:46.640 SEV=5 IKE/50 RPT=15 200.1.1.11
Group [training1]
Connection terminated for peer .
Reason: Peer Terminate, Disconnected by Administrator.
Remote Proxy N/A, Local Proxy N/A
---------------------------------
Yahoo! Photos
Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.
This archive was generated by hypermail 2.1.4 : Wed Feb 01 2006 - 07:45:48 GMT-3