Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IKE: Phase 1 received Notification from Peer: invalid certificate

Status
Not open for further replies.

LoJACK

IS-IT--Management
Jun 5, 2003
98
US
Hello everyone,

Does anyone where what is causing this error?

IKE: Phase 1 Received Notification from Peer: invalid certificate

My VPN was working fine but out of nowhere I started getting this error when I'm trying to use the VPN.

I'm running NG AI R55 with win2003 server for the manager.

The funny thing is that I'm only getting this error from only one of my firewall, the rest of my VPN connections with my other sites are fine.

thanx in advanced,
LoJACK
 
You may want to verify the correct date and time on the boxes involved in the vpn.
 
I have check the date and time on the box at the remote site and it is the same date and time as the FW manager and local gateway.



Thanks,
LoJACK
 
Has the gateways VPN certificate been issued by the correct management server? Check the details in the certificate to make sure that they match.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
yup.. I check the Internal CA for the gateway and the management server and they match... but what I'm going to do is try to remove the CA and then re-install it again.




Thanks,
LoJACK
 
I'm getting this error when I try to remove the internal ca:

"This certificate is used in IKE authentication. Prior to deleting this certificate, define an alternative certificate, or remove the 'public key signature' authentication method."



Thanks,
LoJACK
 
You have to remove the object from any VPN rules before you can delete the CA.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
I have remove the object from all of the VPN community it was in but I was still getting the same error message.



Thanks,
LoJACK
 
Try removing the object completely and re-creating it. This will generate a new certificate.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
If I remove the object completely then I will have to re-establish the SIC when I re-create the object correct? This might be a problem because I don't really have another IT person at my remote location. but maybe I can walk someone through the process of resetting the SIC.

I will give it a try, thanx for all of your help so far. And I will let you know if it worked or not.




Thanks,
LoJACK
 
Hey LoJACK,

Were you ever able to resolve this problem...I'm also having the same issue in regard to invalid certificate.

I get the SIC and able to push out the policy...But I keep
getting the invalid certificate error.
 
I'm having the same error.
My firewall is an new installation with an separete management server and firewall.

I can get the CRL using the url provided in the vpnd.elg file. So thsi seems to work.

I also get the error ( in the debug file) http timeout. Can this have something to do with the CRL check?

What did you do to solve the issue???
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top