This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec / problem with connection to Juniper

Hi everyone!

I hope I can get some help or at least ideas from this board [:)]

We have an ASG 120 and want to establish an IPSec VPN Connection with our customer (Cisco/Juniper).

Everything is set up correctly, including using a certificate that has been generated according to our CSR by our customer.

The problem is that the customer's firewall refuses the VPN connection due to a "wrong" local certificate at our ASG. Phase 1 of the connection is working and Phase 2 isn't.

Wrong because the values returned by the ASL do not match to the ones I used in the CSR.

The difference is in following values:

Sent:
O=(old company name)
L=(wrong spelled city)
OU=(empty)

Should be:
O=(new company name)
L=(correctly spelled city)
OU=IT

Do you know if there is a way to change the existing local certificate with the one our customer's firewall is expecting?

Please let me know if you need more information regarding the config to help me.

Thanks in advance!

Eddie

This thread was automatically locked due to age.

0 BAlfson over 16 years ago

In 'Site-to-site VPN » IPSec', on the 'Advanced' tab, check the cert chosen for 'Local X509 Certificate'. Now, in 'Site-to-site VPN » Certificate Management', check to see if that cert has the desired information. If not, you either can upload the cert you need, or generate a new cert for your Astaro and your customer.

If you choose to generate a new cert, be aware that the Astaro will let you leave one or more fields empty, but the resulting cert will not work.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel