cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
654
Views
0
Helpful
2
Replies

VPN pix to Checkpoint / Netscreen with certificate

irampazzo
Level 1
Level 1

Checkpoint / Netscreen refuste connection because :

IKE <ip_addr> Phase 1: Cert received has a different { IP address | FQDN | UFQDN } SubAltName than expected.

Pix use UNSTRUCTURED NAME and UNSTRUCTURED IP in the certificate.

Any idea

2 Replies 2

owillins
Level 6
Level 6

Try and regenerate your RSA Key and try to enroll with the CA Server again.

Hi owillins,

I have a VPN Site-to-Site b/w Cisco ASA 5512 9.1(1) and CheckPoint working with Pre-shared-key. The end customer wants to use Certificate instead of pre-shared-key. It is possible for each Site to use Certificate enrolled with different CA? What conditions must both Certificates match or be aware?

 

Thanks a lot in advance.