09-26-2003 01:17 PM - edited 02-21-2020 12:47 PM
In the PKCS#10 form of vpn 3000 series concentrator the OU field must match the group name otherwise that group can't connect to the vpn concrator . If you don't fill the group field then by default which field overwrites the group field ?
10-01-2003 11:30 AM
I was told that the OU field of the certificate of the Concentrator had to match the OU field of the Client Certificate. However I remember testing my setup with different OU in the concentrator certificate and things seemed to work fine.
10-03-2003 06:22 AM
By default you have Configuration->Policy Management->Group Matching->Policy->Obtain Group from OU box checked.
It's more flexible to uncheck this box and, then check Match Group from Rules. After, you need to configure one or more rules. In rules you are able to select from Subject of from issuer what Distinguished Name you want. I have a complex configuration based on that and works very nice.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide