srh-net-1111-105# Certificate mapping found for webvpn group SRHVPN CERT_API: PKI session 0x08ed7dd7 open Successful with type SSL CERT_API: Authenticate session 0x08ed7dd7, non-blocking cb=0x00000000017b25c0 CERT API thread wakes up! CERT_API: process msg cmd=0, session=0x08ed7dd7 CERT_API: Async locked for session 0x08ed7dd7 CRYPTO_PKI: Checking to see if an identical cert is already in the database... CRYPTO_PKI: looking for cert in handle=0x00007ffedd75e680, digest= 6c 03 21 82 dc f0 95 a2 29 05 ca e8 c4 8d ce d7 | l.!.....)....... CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND CRYPTO_PKI: Cert not found in database. CRYPTO_PKI: Looking for suitable trustpoints for connection type SSL CRYPTO_PKI: Failed to create name objects to compare DNs. status = 1795 CRYPTO_PKI: Failed to create name objects to compare DNs. status = 1795 CRYPTO_PKI: Found suitable tp CRYPTO_PKI: Found suitable tp CRYPTO_PKI: Storage context locked by thread CERT API CRYPTO_PKI: Found a suitable authenticated trustpoint ASDM_TrustPoint2. CRYPTO_PKI(make trustedCerts list) CRYPTO_PKI: Certificate validation: Successful, status: 0 CRYPTO_PKI: bypassing revocation checking based on policy configuration CRYPTO_PKI:Certificate validated. serial number: 039F, subject name: cn=everyone EMAIL CA-31,ou=PKI,ou=vpn,o=national,c=US. CRYPTO_PKI: Storage context released by thread CERT API CRYPTO_PKI: Certificate validated without revocation check CRYPTO_PKI: Checking to see if an identical cert is already in the database... CRYPTO_PKI: looking for cert in handle=0x00007ffedd75e680, digest= 91 84 98 92 ef b6 69 51 ab 83 90 26 7c b7 98 26 | ......iQ...&|..& CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND CRYPTO_PKI: Cert not found in database. CRYPTO_PKI: Storage context locked by thread CERT API CRYPTO_PKI: Found a suitable authenticated trustpoint ASDM_TrustPoint2. CRYPTO_PKI: Certificate validation: Successful, status: 0 CRYPTO_PKI: bypassing revocation checking based on policy configuration CRYPTO_PKI:Certificate validated. serial number: 3CC672, subject name: cn=thatguy.12345678,ou=OTHER,ou=PKI,ou=vpn,o=national,c=US. CRYPTO_PKI: Storage context released by thread CERT API CRYPTO_PKI: Certificate validated without revocation check CERT_API: calling user callback=0x00000000017b25c0 with status=0 CERT_API: Close session 0x08ed7dd7 asynchronously CERT_API: Async unlocked for session 0x08ed7dd7 CERT_API: process msg cmd=1, session=0x08ed7dd7 CERT_API: Async locked for session 0x08ed7dd7 CERT_API: Async unlocked for session 0x08ed7dd7 CERT API thread sleeps! CRYPTO_PKI: Attempting to find tunnel group for cert with serial number: 3CC672, subject name: cn=thatguy.12345678,ou=OTHER,ou=PKI,ou=vpn,o=national,c=US, issuer_name: cn=everyone EMAIL CA-31,ou=PKI,ou=vpn,o=national,c=US. CRYPTO_PKI: Processing map rules for CERT-MAP. CRYPTO_PKI: certificate contains 9 extensions. CRYPTO_PKI: certificate contains extension OID: 55 1d 23 CRYPTO_PKI: certificate contains extension OID: 55 1d 1f CRYPTO_PKI: certificate contains extension OID: 55 1d 0f CRYPTO_PKI: certificate contains extension OID: 55 1d 20 CRYPTO_PKI: certificate contains extension OID: 55 1d 0e CRYPTO_PKI: certificate contains extension OID: 2b 06 01 05 05 07 01 01 CRYPTO_PKI: certificate contains extension OID: 55 1d 11 CRYPTO_PKI: certificate contains extension OID: 55 1d 09 CRYPTO_PKI: certificate contains extension OID: 55 1d 25 CRYPTO_PKI: Processing map CERT-MAP sequence 10... CRYPTO_PKI: Match of issuer-name field to map PASSED. Peer cert field: = cn=everyone EMAIL CA-31,ou=PKI,ou=vpn,o=national,c=US, map rule: issuer-name co dod. CRYPTO_PKI: Peer cert has been authorized by map: CERT-MAP sequence: 10. CRYPTO_PKI: Tunnel Group Match on map CERT-MAP sequence # 10. Group name is SRHVPN CRYPTO_PKI: certificate contains 9 extensions. CRYPTO_PKI: certificate contains extension OID: 55 1d 23 CRYPTO_PKI: certificate contains extension OID: 55 1d 1f CRYPTO_PKI: certificate contains extension OID: 55 1d 0f CRYPTO_PKI: certificate contains extension OID: 55 1d 20 CRYPTO_PKI: certificate contains extension OID: 55 1d 0e CRYPTO_PKI: certificate contains extension OID: 2b 06 01 05 05 07 01 01 CRYPTO_PKI: certificate contains extension OID: 55 1d 11 CRYPTO_PKI: certificate contains extension OID: 55 1d 09 CRYPTO_PKI: certificate contains extension OID: 55 1d 25 AAA API: In aaa_open AAA session opened: handle = 129 AAA API: In aaa_process_async aaa_process_async: sending AAA_MSG_PROCESS AAA task: aaa_process_msg(0x00007ffecfea2aa0) received message type 0 AAA FSM: In AAA_StartAAATransaction AAA FSM: In AAA_InitTransaction aaai_policy_name_to_server_id(GroupPolicy_SRHVPN) Got server ID 0 for group policy DB Initiating tunnel group policy lookup (Svr Grp: GROUP_POLICY_DB) ------------------------------------------------ AAA FSM: In AAA_BindServer AAA_BindServer: Using server: AAA FSM: In AAA_SendMsg User: GroupPolicy_SRHVPN Resp: grp_policy_ioctl(0x0000000005ffff60, 114698, 0x00007ffecfea2050) grp_policy_ioctl: Looking up GroupPolicy_SRHVPN callback_aaa_task: status = 1, msg = AAA FSM: In aaa_backend_callback aaa_backend_callback: Handle = 129, pAcb = 0x00007ffee1073000 AAA task: aaa_process_msg(0x00007ffecfea2aa0) received message type 1 AAA FSM: In AAA_ProcSvrResp Back End response: ------------------ Tunnel Group Policy Status: 1 (ACCEPT) AAA FSM: In AAA_NextFunction AAA_NextFunction: i_fsm_state = IFSM_TUNN_GRP_POLICY, auth_status = ACCEPT dACL processing skipped: no ATTR_FILTER_ID found AAA_NextFunction: New i_fsm_state = IFSM_DONE, AAA FSM: In AAA_ProcessFinal AAA FSM: In AAA_Callback user attributes: None User Access-Lists: user_acl[0] = { .name="" .number=-1 .list= { } } user_acl[1] = { .name="" .number=-1 .list= { } } user policy attributes: None User Policy Access-Lists: user_acl[0] = { .name="" .number=-1 .list= { } } user_acl[1] = { .name="" .number=-1 .list= { } } tunnel policy attributes: 1 Simultaneous-Logins(4098) 4 3 2 Primary-DNS(4101) 4 IP: 10.10.10.254 3 Secondary-DNS(4102) 4 IP: 0.0.0.0 4 Primary-WINS(4103) 4 IP: 10.10.10.253 5 Secondary-WINS(4104) 4 IP: 0.0.0.0 6 Tunnelling-Protocol(4107) 4 124 7 Group-Policy(4121) 18 "GroupPolicy_SRHVPN" 8 Default-Domain-Name(4124) 15 "sr.vpn.donot.ts" 9 List of address pools to assign addresses from(4313) 6 "SRHVPN" Tunnel Policy Access-Lists: user_acl[0] = { .name="" .number=-1 .list= { } } user_acl[1] = { .name="" .number=-1 .list= { } } aaai_internal_cb: handle is 129, pAcb is 0x00007ffee1073000, pAcb->tq.tqh_first is 0x0000000000000000 AAA API: In aaa_close Checking simultaneous login restriction (max allowance=3) for user thatguy.12345678 AAA task: aaa_process_msg(0x00007ffecfea2aa0) received message type 3 In aaai_close_session (129) Private archive directives retrieved from cache for index 2. Public archive directives retrieved from cache for index 2. webvpn_allocate_auth_struct: net_handle = 0x00007ffed140aaf0 webvpn_session.c:webvpn_update_idle_time[1832] webvpn_free_auth_struct: net_handle = 0x00007ffed140aaf0 webvpn_session.c:http_webvpn_destroy_session[1661]