Re: username password when using certificate

majidkk · ‎09-12-2005

I configured VPN 3020 using CA. Works fine untill authentication set to none under IPSec tab. When autehntication method set to Internal/RADIUS, VPN users no longer be able to connect, even they are not prompted for username password. If anyone could help, how to setup username password aythentication when using Certificates?

ebreniz · ‎09-16-2005

I am not sure about your requirement. I do not think you can use username/password using certificates. In fact, you use digital certificates in place of username/password authentication, which is much easier and secure.

sonepardis · ‎09-16-2005

Check the Concentrator logs. You will find why users can't no longer be able to connect.

majidkk · ‎09-19-2005

Belwo are the Log messages when RADIUS is configured for user authentication:

8766 09/19/2005 09:43:29.070 SEV=8 IKEDBG/79 RPT=21260

Mismatched attr types for class DH Group:

Rcv'd: Oakley Group 2

Cfg'd: Oakley Group 5

8768 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21261

Phase 1 failure against global IKE proposal # 13:

Mismatched attr types for class Hash Alg:

Rcv'd: MD5

Cfg'd: SHA

8770 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21262

Phase 1 failure against global IKE proposal # 14:

Mismatched attr types for class Key Length:

Rcv'd: 256 Bits

Cfg'd: 192 Bits

8773 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21263

Phase 1 failure against global IKE proposal # 15:

Rcv'd Key Length attr class, but class is not cfg'd

8775 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21264

Phase 1 failure against global IKE proposal # 16:

Rcv'd Key Length attr class, but class is not cfg'd

8777 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21265

Phase 1 failure against global IKE proposal # 17:

Rcv'd Key Length attr class, but class is not cfg'd

8779 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21266

Phase 1 failure against global IKE proposal # 18:

Rcv'd Key Length attr class, but class is not cfg'd

8781 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21267

Proposal # 1, Transform # 9, Type ISAKMP, Id IKE

Parsing received transform:

Phase 1 failure against global IKE proposal # 1:

Mismatched attr types for class Key Length:

Rcv'd: 128 Bits

Cfg'd: 256 Bits

8786 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21268

Phase 1 failure against global IKE proposal # 2:

Rcv'd Key Length attr class, but class is not cfg'd

8788 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21269

Phase 1 failure against global IKE proposal # 3:

Rcv'd Key Length attr class, but class is not cfg'd

8790 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21270

Phase 1 failure against global IKE proposal # 4:

Rcv'd Key Length attr class, but class is not cfg'd

8792 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21271

Phase 1 failure against global IKE proposal # 5:

Rcv'd Key Length attr class, but class is not cfg'd

8794 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21272

Phase 1 failure against global IKE proposal # 6:

Rcv'd Key Length attr class, but class is not cfg'd

8796 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21273

Phase 1 failure against global IKE proposal # 7:

Rcv'd Key Length attr class, but class is not cfg'd

8798 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21274

Phase 1 failure against global IKE proposal # 8:

Rcv'd Key Length attr class, but class is not cfg'd

8800 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21275

Phase 1 failure against global IKE proposal # 9:

Rcv'd Key Length attr class, but class is not cfg'd

8802 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21276

Phase 1 failure against global IKE proposal # 10:

Mismatched attr types for class DH Group:

Rcv'd: Oakley Group 5

Cfg'd: Oakley Group 2

8805 09/19/2005 09:43:29.080 SEV=8 IKEDBG/79 RPT=21277

Phase 1 failure against global IKE proposal # 11:

Mismatched attr types for class DH Group:

Rcv'd: Oakley Group 5

Cfg'd: Oakley Group 2

It never shows if problem is with RADIUS config,if ti set to none again,start working again.