[VPN] VPN3000 and digital certificate
kazuki kamiya
kazuki.kamiya at uniadex.co.jp
Sun Dec 8 06:14:49 EST 2002
Hi all,
I'm testing VPN3000 ,but I have a trouble.
Does anyone teach me this is a problem of Digital certificate or not?
I'm using Easy Cert as CA.
################VPN3000 debug log.#######################
.
.
.
.
59 12/08/2002 19:20:50.830 SEV=7 IKEDBG/28 RPT=15 172.16.1.1
IKE SA Proposal # 1, Transform # 2 acceptable
Matches global IKE entry # 1
60 12/08/2002 19:20:50.830 SEV=9 IKEDBG/0 RPT=10070 172.16.1.1
constructing ISA_SA for isakmp
61 12/08/2002 19:20:50.830 SEV=9 IKEDBG/46 RPT=70 172.16.1.1
constructing Fragmentation VID + extended capabilities payload
62 12/08/2002 19:20:50.830 SEV=8 IKEDBG/0 RPT=10071 172.16.1.1
SENDING Message (msgid=0) with payloads :
HDR + SA (1) + VENDOR (13)
total length : 112
64 12/08/2002 19:20:50.920 SEV=8 IKEDBG/0 RPT=10072 172.16.1.1
RECEIVED Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10) + NONE (0)
total length : 248
66 12/08/2002 19:20:50.920 SEV=8 IKEDBG/0 RPT=10073 172.16.1.1
RECEIVED Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10) + NONE (0)
total length : 248
68 12/08/2002 19:20:50.920 SEV=9 IKEDBG/0 RPT=10074 172.16.1.1
processing ke payload
69 12/08/2002 19:20:50.920 SEV=9 IKEDBG/0 RPT=10075 172.16.1.1
processing ISA_KE
70 12/08/2002 19:20:50.920 SEV=9 IKEDBG/1 RPT=96 172.16.1.1
processing nonce payload
71 12/08/2002 19:20:50.980 SEV=9 IKEDBG/0 RPT=10076 172.16.1.1
constructing ke payload
72 12/08/2002 19:20:50.980 SEV=9 IKEDBG/1 RPT=97 172.16.1.1
constructing nonce payload
73 12/08/2002 19:20:50.980 SEV=9 IKEDBG/0 RPT=10077 172.16.1.1
constructing certreq payload
74 12/08/2002 19:20:50.980 SEV=9 IKEDBG/46 RPT=71 172.16.1.1
constructing Cisco Unity VID payload
75 12/08/2002 19:20:50.980 SEV=9 IKEDBG/46 RPT=72 172.16.1.1
constructing xauth V6 VID payload
76 12/08/2002 19:20:50.980 SEV=9 IKEDBG/48 RPT=29 172.16.1.1
Send IOS VID
77 12/08/2002 19:20:50.980 SEV=9 IKEDBG/38 RPT=15 172.16.1.1
Constructing VPN 3000 spoofing IOS Vendor ID payload (version: 1.0.0,
capabiliti
es: 20000001)
79 12/08/2002 19:20:50.980 SEV=9 IKEDBG/46 RPT=73 172.16.1.1
constructing VID payload
80 12/08/2002 19:20:50.980 SEV=9 IKEDBG/48 RPT=30 172.16.1.1
Send Altiga GW VID
81 12/08/2002 19:20:50.980 SEV=9 IKEDBG/0 RPT=10078 172.16.1.1
Generating keys for Responder...
82 12/08/2002 19:20:50.980 SEV=8 IKEDBG/0 RPT=10079 172.16.1.1
SENDING Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10)
total length : 421
84 12/08/2002 19:20:51.090 SEV=8 IKEDBG/0 RPT=10080 172.16.1.1
RECEIVED Message (msgid=0) with payloads :
HDR + ID (5) + CERT (6) + CERT_REQ (7) + SIG (9) + NOTIFY (11) + NONE (0)
total length : 1045
87 12/08/2002 19:20:51.090 SEV=9 IKEDBG/1 RPT=98 172.16.1.1
Processing ID
88 12/08/2002 19:20:51.090 SEV=9 IKEDBG/0 RPT=10081 172.16.1.1
processing cert payload
89 12/08/2002 19:20:51.090 SEV=9 IKEDBG/0 RPT=10082 172.16.1.1
processing cert request payload
90 12/08/2002 19:20:51.090 SEV=9 IKEDBG/1 RPT=99 172.16.1.1
processing RSA signature
91 12/08/2002 19:20:51.090 SEV=9 IKEDBG/0 RPT=10083 172.16.1.1
computing hash
92 12/08/2002 19:20:51.100 SEV=9 IKEDBG/0 RPT=10084 172.16.1.1
Processing Notify payload
93 12/08/2002 19:20:51.100 SEV=9 IKEDBG/23 RPT=15 172.16.1.1
Starting group lookup for peer 172.16.1.1
94 12/08/2002 19:20:51.100 SEV=5 IKE/21 RPT=15 172.16.1.1
No Group found by matching IP Address of Cert peer 172.16.1.1
95 12/08/2002 19:20:51.100 SEV=5 CERT/101 RPT=15
Cert group matching feature is disabled
96 12/08/2002 19:20:51.200 SEV=7 IKEDBG/0 RPT=10085 172.16.1.1
Group [abc]
Found Phase 1 Group (abc)
97 12/08/2002 19:20:51.200 SEV=7 IKEDBG/14 RPT=29 172.16.1.1
Group [abc]
Authentication configured for Internal
98 12/08/2002 19:20:51.200 SEV=9 IKEDBG/19 RPT=23 172.16.1.1
Group [abc]
IKEGetUserAttributes: IP Compression = disabled
99 12/08/2002 19:20:51.200 SEV=9 IKEDBG/19 RPT=24 172.16.1.1
Group [abc]
IKEGetUserAttributes: Split Tunneling Policy = Disabled
100 12/08/2002 19:20:51.200 SEV=8 CERT/15 RPT=14
CERT_Authenticate(32, 74ad1f8, 572560)
101 12/08/2002 19:20:51.200 SEV=7 CERT/5 RPT=15
Checking revocation status: session = 32
102 12/08/2002 19:20:51.200 SEV=8 CERT/45 RPT=14
CERT_CheckCrlConfig(3a46d30, 0, 0)
103 12/08/2002 19:20:51.210 SEV=7 CERT/1 RPT=16
Certificate is valid: session = 32
104 12/08/2002 19:20:51.210 SEV=9 CERT/0 RPT=14
No CRLs checks necessary.
105 12/08/2002 19:20:51.210 SEV=8 CERT/50 RPT=14
CERT_Callback(3a46d30, 0, 0)
106 12/08/2002 19:20:51.210 SEV=5 IKE/79 RPT=14 172.16.1.1
Group [abc]
Validation of certificate successful
(CN=client2, SN=04)
107 12/08/2002 19:20:51.210 SEV=7 IKEDBG/0 RPT=10086 172.16.1.1
Group [abc]
peer ID type 9 received (DER_ASN1_DN)
108 12/08/2002 19:20:51.210 SEV=9 IKEDBG/1 RPT=100 172.16.1.1
Group [abc]
constructing ID
109 12/08/2002 19:20:51.210 SEV=9 IKEDBG/0 RPT=10087 172.16.1.1
Group [abc]
constructing cert payload
110 12/08/2002 19:20:51.210 SEV=9 IKEDBG/1 RPT=101 172.16.1.1
Group [abc]
constructing RSA signature
111 12/08/2002 19:20:51.210 SEV=9 IKEDBG/0 RPT=10088 172.16.1.1
Group [abc]
computing hash
112 12/08/2002 19:20:51.220 SEV=9 IKEDBG/46 RPT=74 172.16.1.1
Group [abc]
constructing dpd vid payload
113 12/08/2002 19:20:51.220 SEV=8 IKEDBG/0 RPT=10089 172.16.1.1
SENDING Message (msgid=0) with payloads :
HDR + ID (5) + CERT (6)
total length : 825
115 12/08/2002 19:20:51.650 SEV=8 IKEDBG/0 RPT=10090 172.16.1.1
RECEIVED Message (msgid=3dbd803e) with payloads :
HDR + HASH (8) + NOTIFY (11) + NONE (0)
total length : 625
117 12/08/2002 19:20:51.650 SEV=9 IKEDBG/0 RPT=10091 172.16.1.1
Group [abc]
processing hash
118 12/08/2002 19:20:51.650 SEV=9 IKEDBG/0 RPT=10092 172.16.1.1
Group [abc]
Processing Notify payload
119 12/08/2002 19:20:51.650 SEV=5 IKE/68 RPT=15 172.16.1.1
Group [abc]
Received non-routine Notify message: Invalid certificate (20)
120 12/08/2002 19:20:52.220 SEV=9 IKEDBG/0 RPT=10093 172.16.1.1
Group [abc]
constructing blank hash
121 12/08/2002 19:20:52.220 SEV=9 IKEDBG/0 RPT=10094 172.16.1.1
Group [abc]
constructing qm hash
122 12/08/2002 19:20:52.220 SEV=8 IKEDBG/0 RPT=10095 172.16.1.1
SENDING Message (msgid=7740f5d6) with payloads :
HDR + HASH (8) + ATTR (14)
total length : 100
More information about the VPN
mailing list