[VPN] VPN3000 and digital certificate

kazuki kamiya kazuki.kamiya at uniadex.co.jp
Sun Dec 8 06:14:49 EST 2002 

Hi all,

I'm testing VPN3000 ,but I have a trouble.
Does anyone teach me this is a problem of Digital certificate or not?

I'm using Easy Cert as CA.

################VPN3000 debug log.#######################
                         	.
                         	.
                         	.
                         	.

59 12/08/2002 19:20:50.830 SEV=7 IKEDBG/28 RPT=15 172.16.1.1
IKE SA Proposal # 1, Transform # 2 acceptable
Matches global IKE entry # 1

60 12/08/2002 19:20:50.830 SEV=9 IKEDBG/0 RPT=10070 172.16.1.1
constructing ISA_SA for isakmp

61 12/08/2002 19:20:50.830 SEV=9 IKEDBG/46 RPT=70 172.16.1.1
constructing Fragmentation VID + extended capabilities payload

62 12/08/2002 19:20:50.830 SEV=8 IKEDBG/0 RPT=10071 172.16.1.1
SENDING Message (msgid=0) with payloads :
HDR + SA (1) + VENDOR (13)
total length : 112

64 12/08/2002 19:20:50.920 SEV=8 IKEDBG/0 RPT=10072 172.16.1.1
RECEIVED Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10) + NONE (0)
total length : 248

66 12/08/2002 19:20:50.920 SEV=8 IKEDBG/0 RPT=10073 172.16.1.1
RECEIVED Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10) + NONE (0)
total length : 248

68 12/08/2002 19:20:50.920 SEV=9 IKEDBG/0 RPT=10074 172.16.1.1
processing ke payload

69 12/08/2002 19:20:50.920 SEV=9 IKEDBG/0 RPT=10075 172.16.1.1
processing ISA_KE

70 12/08/2002 19:20:50.920 SEV=9 IKEDBG/1 RPT=96 172.16.1.1
processing nonce payload

71 12/08/2002 19:20:50.980 SEV=9 IKEDBG/0 RPT=10076 172.16.1.1
constructing ke payload

72 12/08/2002 19:20:50.980 SEV=9 IKEDBG/1 RPT=97 172.16.1.1
constructing nonce payload

73 12/08/2002 19:20:50.980 SEV=9 IKEDBG/0 RPT=10077 172.16.1.1
constructing certreq payload

74 12/08/2002 19:20:50.980 SEV=9 IKEDBG/46 RPT=71 172.16.1.1
constructing Cisco Unity VID payload

75 12/08/2002 19:20:50.980 SEV=9 IKEDBG/46 RPT=72 172.16.1.1
constructing xauth V6 VID payload

76 12/08/2002 19:20:50.980 SEV=9 IKEDBG/48 RPT=29 172.16.1.1
Send IOS VID

77 12/08/2002 19:20:50.980 SEV=9 IKEDBG/38 RPT=15 172.16.1.1
Constructing VPN 3000 spoofing IOS Vendor ID payload (version: 1.0.0,
capabiliti
es: 20000001)

79 12/08/2002 19:20:50.980 SEV=9 IKEDBG/46 RPT=73 172.16.1.1
constructing VID payload

80 12/08/2002 19:20:50.980 SEV=9 IKEDBG/48 RPT=30 172.16.1.1
Send Altiga GW VID

81 12/08/2002 19:20:50.980 SEV=9 IKEDBG/0 RPT=10078 172.16.1.1
Generating keys for Responder...

82 12/08/2002 19:20:50.980 SEV=8 IKEDBG/0 RPT=10079 172.16.1.1
SENDING Message (msgid=0) with payloads :
HDR + KE (4) + NONCE (10)
total length : 421

84 12/08/2002 19:20:51.090 SEV=8 IKEDBG/0 RPT=10080 172.16.1.1
RECEIVED Message (msgid=0) with payloads :
HDR + ID (5) + CERT (6) + CERT_REQ (7) + SIG (9) + NOTIFY (11) + NONE (0)
total length : 1045

87 12/08/2002 19:20:51.090 SEV=9 IKEDBG/1 RPT=98 172.16.1.1
Processing ID

88 12/08/2002 19:20:51.090 SEV=9 IKEDBG/0 RPT=10081 172.16.1.1
processing cert payload

89 12/08/2002 19:20:51.090 SEV=9 IKEDBG/0 RPT=10082 172.16.1.1
processing cert request payload

90 12/08/2002 19:20:51.090 SEV=9 IKEDBG/1 RPT=99 172.16.1.1
processing RSA signature

91 12/08/2002 19:20:51.090 SEV=9 IKEDBG/0 RPT=10083 172.16.1.1
computing hash

92 12/08/2002 19:20:51.100 SEV=9 IKEDBG/0 RPT=10084 172.16.1.1
Processing Notify payload

93 12/08/2002 19:20:51.100 SEV=9 IKEDBG/23 RPT=15 172.16.1.1
Starting group lookup for peer 172.16.1.1

94 12/08/2002 19:20:51.100 SEV=5 IKE/21 RPT=15 172.16.1.1
No Group found by matching IP Address of Cert peer 172.16.1.1

95 12/08/2002 19:20:51.100 SEV=5 CERT/101 RPT=15
Cert group matching feature is disabled

96 12/08/2002 19:20:51.200 SEV=7 IKEDBG/0 RPT=10085 172.16.1.1
Group [abc]
Found Phase 1 Group (abc)

97 12/08/2002 19:20:51.200 SEV=7 IKEDBG/14 RPT=29 172.16.1.1
Group [abc]
Authentication configured for Internal

98 12/08/2002 19:20:51.200 SEV=9 IKEDBG/19 RPT=23 172.16.1.1
Group [abc]
IKEGetUserAttributes: IP Compression = disabled

99 12/08/2002 19:20:51.200 SEV=9 IKEDBG/19 RPT=24 172.16.1.1
Group [abc]
IKEGetUserAttributes: Split Tunneling Policy = Disabled

100 12/08/2002 19:20:51.200 SEV=8 CERT/15 RPT=14
CERT_Authenticate(32, 74ad1f8, 572560)

101 12/08/2002 19:20:51.200 SEV=7 CERT/5 RPT=15
Checking revocation status: session = 32

102 12/08/2002 19:20:51.200 SEV=8 CERT/45 RPT=14
CERT_CheckCrlConfig(3a46d30, 0, 0)

103 12/08/2002 19:20:51.210 SEV=7 CERT/1 RPT=16
Certificate is valid: session = 32

104 12/08/2002 19:20:51.210 SEV=9 CERT/0 RPT=14
No CRLs checks necessary.

105 12/08/2002 19:20:51.210 SEV=8 CERT/50 RPT=14
CERT_Callback(3a46d30, 0, 0)

106 12/08/2002 19:20:51.210 SEV=5 IKE/79 RPT=14 172.16.1.1
Group [abc]
Validation of certificate successful
(CN=client2, SN=04)

107 12/08/2002 19:20:51.210 SEV=7 IKEDBG/0 RPT=10086 172.16.1.1
Group [abc]
peer ID type 9 received (DER_ASN1_DN)

108 12/08/2002 19:20:51.210 SEV=9 IKEDBG/1 RPT=100 172.16.1.1
Group [abc]
constructing ID

109 12/08/2002 19:20:51.210 SEV=9 IKEDBG/0 RPT=10087 172.16.1.1
Group [abc]
constructing cert payload

110 12/08/2002 19:20:51.210 SEV=9 IKEDBG/1 RPT=101 172.16.1.1
Group [abc]
constructing RSA signature

111 12/08/2002 19:20:51.210 SEV=9 IKEDBG/0 RPT=10088 172.16.1.1
Group [abc]
computing hash

112 12/08/2002 19:20:51.220 SEV=9 IKEDBG/46 RPT=74 172.16.1.1
Group [abc]
constructing dpd vid payload

113 12/08/2002 19:20:51.220 SEV=8 IKEDBG/0 RPT=10089 172.16.1.1
SENDING Message (msgid=0) with payloads :
HDR + ID (5) + CERT (6)
total length : 825

115 12/08/2002 19:20:51.650 SEV=8 IKEDBG/0 RPT=10090 172.16.1.1
RECEIVED Message (msgid=3dbd803e) with payloads :
HDR + HASH (8) + NOTIFY (11) + NONE (0)
total length : 625

117 12/08/2002 19:20:51.650 SEV=9 IKEDBG/0 RPT=10091 172.16.1.1
Group [abc]
processing hash

118 12/08/2002 19:20:51.650 SEV=9 IKEDBG/0 RPT=10092 172.16.1.1
Group [abc]
Processing Notify payload

119 12/08/2002 19:20:51.650 SEV=5 IKE/68 RPT=15 172.16.1.1
Group [abc]
Received non-routine Notify message: Invalid certificate (20)

120 12/08/2002 19:20:52.220 SEV=9 IKEDBG/0 RPT=10093 172.16.1.1
Group [abc]
constructing blank hash

121 12/08/2002 19:20:52.220 SEV=9 IKEDBG/0 RPT=10094 172.16.1.1
Group [abc]
constructing qm hash

122 12/08/2002 19:20:52.220 SEV=8 IKEDBG/0 RPT=10095 172.16.1.1
SENDING Message (msgid=7740f5d6) with payloads :
HDR + HASH (8) + ATTR (14)
total length : 100

More information about the VPN mailing list