This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

INVALID_ID_INFORMATION

I am setting up my ASL box for IPSEC roadwarrior access. I am running version 5.200 and using SafeNet SoftRemote 10.3.5. I have been battling many config issues with this but am now at the authentication phase. When I attempt to initiate a connection, everything goes through until authentication. I get "INVALID_ID_INFORMATION". This is what I recieve in the ASL logs:

Code:

2005:04:11-12:10:49 (none) pluto[1524]: "D_rw-cfn-emp_2"[1] X.X.80.3 #29: 
          cannot respond to IPsec SA request because no connection is known for X.X.80.5...X.X.80.3[shultzm@domain.com]
2005:04:11-12:10:49 (none) pluto[1524]: "D_rw-cfn-emp_2"[1] X.X.80.3 #29:
           sending encrypted notification INVALID_ID_INFORMATION to X.X.80.3:500

I have combed over the certs, reissued them, redownloaded them, tried manually setting the virtual IP and tried dynamic. I have triple checked the settings but can not find any deviance between the client and server. Any suggestions on what I could do? I am pretty new to IPSEC so don't hesitate to suggest he obvious.

This thread was automatically locked due to age.

0 flyingkiwi over 20 years ago

I'm getting the same problem using ASC, I have setup ASL up as per the IPSEC roadwarrior howto using the email address for the the remote key and then followed the ASC configuration guide where it says that can only use IP for Identifier...I also tried Fully Qualified User Name but still no go...stumped [:S]
Cancel
Vote Up 0 Vote Down

Cancel
0 bagira over 20 years ago in reply to flyingkiwi

Hi all,
the VPN identifier is not the same. If you use PSK, you have to set the same one for all connections. This is a known issue of OpenSwan. In addition, have a look at the conncetion definition (remote/local subnet, gateway). It has to be the same on ASC and ASL
/bagira
Cancel
Vote Up 0 Vote Down

Cancel