01-08-2007 09:30 AM - edited 02-21-2020 02:48 PM
We have configure a Lan-to-lan IPsec connexion using digital certificate between a VPN Cisco 3000 and a Nortel Contivity.
We have test with success the configuration on both side and we have try to replicate this in production environment.
But the tunnel is not active and we have the message in the Cisco log :
142 01/04/2007 11:11:17.270 SEV=5 IKE/79 RPT=4 144.36.239.xxx
Group [144.36.239.xxx]
Validation of certificate successful
(CN=MiDC12xxx, SN=74D7B50900000000xxxx)
144 01/04/2007 11:11:17.270 SEV=7 IKEDBG/0 RPT=179 144.36.239.xxx
Group [144.36.239.xxx]
peer ID type 9 received (DER_ASN1_DN)
145 01/04/2007 11:11:17.270 SEV=3 IKE/0 RPT=6 144.36.239.xxx
Group [144.36.239.xxx]
IKE Identity DN does not match peer cert DN
Could you explain to me the last sentence : which identity DN ? who is the peer as I'm log on the Cisco ?
We have reinstall identity certificate on both side and we have the same problem.
01-09-2007 12:00 AM
Hi,
Check the Group's "DN Field" setings, under Group-> IPSEC.
Or, check the "Configuration | Policy Management | Certificate Group Matching"
Please rate if this helped.
Regards,
Daniel
01-09-2007 12:36 AM
Hi,
thanks for your answer.
We have no rules or policy defined for Group Matching. I had already check this part before.
I will try different configuration for the DN field and see if it's working.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide