Check these points: 1. CA which issued cert to the PIX and the client should be same, else that CA cert to be added too.
2. If you generated the self generated cert using ca generate ca keys command, and the vpn client has cert from some CA, add that CAs cert to the PIX.Bruno Fernandes wrote: > > Hi, > > The problem: > > I am trying to establish an IPSEC tunnel from a cisco vpn > client (3.x) to a > PIX, everything works fine using pre-shared keys but when I try > using > digital certificates it doesn't work, looking at the PIX debug > the vpn > client is requesting an encryption type that the PIX doesn't > understand and > more the client is also requesting DH group 5 that the PIX > doesn't support. > All this is hapening at Fase 1 . > > Is this normal ? > > Any comments on this please, > > Thanks in advance, > Bruno Fernandes > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65127&t=64867 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
