Just to let you guys know... do not use this version of code on the ASA5510
with L2L VPN config with RSA-SIG!! It would keep telling you on the debugs
that:
%ASA-7-717025: Validating certificate chain containing 1 certificate(s).
%ASA-7-717029: Identified client certificate within certificate chain.
serial number: 1FF247D7000000000110, subject name:
hostname=R5.ccie.com<http://r5.ccie.com/>
.
%ASA-7-717030: Found a suitable trustpoint CCIECA to validate certificate.
%ASA-3-717009: Certificate validation failed. Peer certificate key usage is
invalid, serial number: 1FF247D7000000000110, subject name: hostname=
R5.ccie.com <http://r5.ccie.com/>.
%ASA-3-717027: Certificate chain failed validation. Certificate chain is
either invalid or not authorized.
%ASA-5-713904: Group = R5.ccie.com <http://r5.ccie.com/>, IP = 150.1.5.5,
Peer Certificate authentication failed: General Error
This is all when you have EVERYTHING configured absolutely correct! All i
did was downgrade the appliance to 7.2(4) and it works!
Does anyone know whats going on here? :-)
-- CCIE #19963 Blogs and organic groups at http://www.ccie.netReceived on Thu Apr 30 2009 - 18:12:19 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:13 ART