Ive not come across this before, normally fairly straightforward, have you manually configured the subject name on the ASA?
Can you post some configurations? Stu 2009/7/8 Shawn H. Mesiatowsky <[email protected]> > I am trying to setup a L2L vpn between an ASA and router using digital > certificates. I am using another router for as a CA. When isakmp tries to > establish an SA, I see the following in a debug on the ASA: > > > > Jul 05 2009 21:49:28: %PIX-7-713906: Group = R3.digitalcortex.local, IP = > 172.16.123.2, Unable to compare IKE ID against peer cert Subject Alt Name > > > > I copied the certs from the ca router and compared the two certificates in > windows. I saw the ASA cert contains an extra attribute: > > Subject Alt Name: > > DNS Name=ASA1.digitalcortex.local > > > > But the router cert does not contain this attribute. > > It seems the isakmp sa is failing because the router cert does not contain > this attribute. Any idea how to make the router request this attribute in > it’s cert, or how to tell the asa to stop looking for this attribute? Thanks > for your help > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- _________________________ Stuart Hare [email protected] _________________________
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
