This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate cannot be verified using Cisco Vpn client

i tried to test my working cisco vpn connection from my laptop and now but i am not able to connect to my UTM 9 box.

I tried to re-export my key , as it might be an certificate issue, but then i have the issue tha the vpn client doesnt connect with : error 32 unable to verify certificate "user certificate".

Does anybody have a glue where to look ?

This thread was automatically locked due to age.

Parents

0 madifor over 10 years ago

Finally a step further. Loaded the signing certificate in the certification store , but it is at this moment not working.
See cisco-vpn client log.

I have hidden some private related information for security reasons.

Cisco Systems VPN Client Version 5.0.05.0290
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3

544    18:56:19.384  05/29/13  Sev=Info/4 CERT/0x63600015
Cert (************xxl) verification succeeded.

545    18:56:19.384  05/29/13  Sev=Info/4 CM/0x63100002
Begin connection process

546    18:56:19.431  05/29/13  Sev=Info/4 CM/0x63100004
Establish secure connection

547    18:56:19.431  05/29/13  Sev=Info/4 CM/0x63100024
Attempt connection with server "************xx"

548    18:56:19.431  05/29/13  Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with ***.***.***.***.

549    18:56:19.509  05/29/13  Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation

550    18:56:19.509  05/29/13  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM (SA, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to ***.***.***.***

551    18:56:20.227  05/29/13  Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

552    18:56:20.227  05/29/13  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

553    18:56:20.493  05/29/13  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = ***.***.***.***

554    18:56:20.493  05/29/13  Sev=Info/4 IKE/0x63000014
RECEIVING >> ISAKMP OAK MM (KE, NON, NAT-D, NAT-D, VID(?), VID(Unity)) to ***.***.***.***

561    18:56:20.712  05/29/13  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = ***.***.***.***

562    18:56:20.712  05/29/13  Sev=Info/4 IKE/0x63000014
RECEIVING >> ISAKMP OAK MM *(ID, CERT, CERT_REQ, SIG, NOTIFY:STATUS_INITIAL_CONTACT) to ***.***.***.***

564    18:56:26.228  05/29/13  Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

565    18:56:26.228  05/29/13  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM *(Retransmission) to ***.***.***.***

566    18:56:30.728  05/29/13  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = ***.***.***.***

567    18:56:30.728  05/29/13  Sev=Info/4 IKE/0x63000014
RECEIVING >> ISAKMP OAK MM *(Retransmission) to ***.***.***.***

570    18:56:35.728  05/29/13  Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

571    18:56:35.728  05/29/13  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM *(Retransmission) to ***.***.***.***

572    18:56:40.729  05/29/13  Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=8B67BC3A89CFD379 R_Cookie=2D9BB5918A5538A9) reason = DEL_REASON_PEER_NOT_RESPONDING

573    18:56:40.729  05/29/13  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to ***.***.***.***

574    18:56:41.229  05/29/13  Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=8B67BC3A89CFD379 R_Cookie=2D9BB5918A5538A9) reason = DEL_REASON_PEER_NOT_RESPONDING

575    18:56:41.229  05/29/13  Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "www.demuldriaan.nl" because of "DEL_REASON_PEER_NOT_RESPONDING"

576    18:56:41.338  05/29/13  Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection

577    18:56:41.729  05/29/13  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

578    18:56:41.729  05/29/13  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

579    18:56:41.729  05/29/13  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

580    18:56:41.729  05/29/13  Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 madifor over 10 years ago

Finally a step further. Loaded the signing certificate in the certification store , but it is at this moment not working.
See cisco-vpn client log.

I have hidden some private related information for security reasons.

Cisco Systems VPN Client Version 5.0.05.0290
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3

544    18:56:19.384  05/29/13  Sev=Info/4 CERT/0x63600015
Cert (************xxl) verification succeeded.

545    18:56:19.384  05/29/13  Sev=Info/4 CM/0x63100002
Begin connection process

546    18:56:19.431  05/29/13  Sev=Info/4 CM/0x63100004
Establish secure connection

547    18:56:19.431  05/29/13  Sev=Info/4 CM/0x63100024
Attempt connection with server "************xx"

548    18:56:19.431  05/29/13  Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with ***.***.***.***.

549    18:56:19.509  05/29/13  Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation

550    18:56:19.509  05/29/13  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM (SA, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to ***.***.***.***

551    18:56:20.227  05/29/13  Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started

552    18:56:20.227  05/29/13  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

553    18:56:20.493  05/29/13  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = ***.***.***.***

554    18:56:20.493  05/29/13  Sev=Info/4 IKE/0x63000014
RECEIVING >> ISAKMP OAK MM (KE, NON, NAT-D, NAT-D, VID(?), VID(Unity)) to ***.***.***.***

561    18:56:20.712  05/29/13  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = ***.***.***.***

562    18:56:20.712  05/29/13  Sev=Info/4 IKE/0x63000014
RECEIVING >> ISAKMP OAK MM *(ID, CERT, CERT_REQ, SIG, NOTIFY:STATUS_INITIAL_CONTACT) to ***.***.***.***

564    18:56:26.228  05/29/13  Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

565    18:56:26.228  05/29/13  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM *(Retransmission) to ***.***.***.***

566    18:56:30.728  05/29/13  Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = ***.***.***.***

567    18:56:30.728  05/29/13  Sev=Info/4 IKE/0x63000014
RECEIVING >> ISAKMP OAK MM *(Retransmission) to ***.***.***.***

570    18:56:35.728  05/29/13  Sev=Info/4 IKE/0x63000021
Retransmitting last packet!

571    18:56:35.728  05/29/13  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM *(Retransmission) to ***.***.***.***

572    18:56:40.729  05/29/13  Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=8B67BC3A89CFD379 R_Cookie=2D9BB5918A5538A9) reason = DEL_REASON_PEER_NOT_RESPONDING

573    18:56:40.729  05/29/13  Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to ***.***.***.***

574    18:56:41.229  05/29/13  Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=8B67BC3A89CFD379 R_Cookie=2D9BB5918A5538A9) reason = DEL_REASON_PEER_NOT_RESPONDING

575    18:56:41.229  05/29/13  Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "www.demuldriaan.nl" because of "DEL_REASON_PEER_NOT_RESPONDING"

576    18:56:41.338  05/29/13  Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection

577    18:56:41.729  05/29/13  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

578    18:56:41.729  05/29/13  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

579    18:56:41.729  05/29/13  Sev=Info/4 IPSEC/0x63700014
Deleted all keys

580    18:56:41.729  05/29/13  Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data