Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
0
Helpful
1
Replies

VPN3000 identity certificate problem off internal Microsoft CA

Dan Smith
Level 1
Level 1

‎11-02-2007 04:48 AM - edited ‎03-09-2019 07:11 PM

I have been sent a replacement VPN3000 concentrator due to an intermittent (unknown) fault and appear to have a problem with it's identity certificate. We use the VPN3000 for IPSec clients using RSA certificates, IPSec LAN2LAN using pre-shared-keys and WebVPN using an SSL certificate. We use Microsoft certificate services.

In order to replace the concentrator I exported the SSL Thawtre certificate to the new device and the Thawtre CA's, I installed our organisations CA certificate and enrollled with the CA to obtain an identity certificate. The WebVPN works fine but the VPN clients do not authenticate. I have checked through the config of both concentrators (as I am still using the old one) and there is no difference in the setup at all.

Cann anyone help me ?

I have attached a log from the VPN concentrator and the client when attempting to make a connection.

Labels:
Preview file
13 KB
0 Helpful
1 Reply 1

tstanik
Level 5
Level 5

‎11-07-2007 12:46 PM

Are you able to connect with the same client using a pre-shared key instead of Certificates? If you are then try and reinstall the certificate. You could also try to use IPSec over UDP on the client and check IPSec overNAT-T on the concentrator and make sure that UDP 4500 is allowed through the device the client is connecting through.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents