[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]
RE: [fw1-gurus] IKE: Main Mode Sent Notification to Peer: invalidcertificate
Hello,
I recently ran into this issue on R55 HFA03...turns out that (in my case) the vpnd memory leak that is patched in (I think) HFA 08 could manifest itself in this way. Are you patched up?
-Warren Verbanec
Resilience Corporation
"Why, yes, that IS my dual proc Firewall!"
-----Original Message-----
From: Jacobsson, Jacob [mailto:jacob.jacobsson@xxxxxx]
Sent: Tuesday, December 28, 2004 12:40 AM
To: juan.concepcion@xxxxxxxxxxx
Cc: fw1-gurus@xxxxxxxxxxxxxxxxxx
Subject: RE: [fw1-gurus] IKE: Main Mode Sent Notification to Peer:
invalidcertificate
The expirationdate on the certificate is '5 Dec 2023' so it should work for atleast 18 more years :)
The tunnel was originally setup for about a year ago, and is using the original certificate.
Many thanks for all support!
Merry Xmas and Happy New Year!
//Jacob
> -----Original Message-----
> From: Juan Concepcion [mailto:juan.concepcion@xxxxxxxxxxx]
> Sent: den 27 december 2004 14:49
> To: Jacobsson, Jacob
> Cc: fw1-gurus@xxxxxxxxxxxxxxxxxx
> Subject: Re: [fw1-gurus] IKE: Main Mode Sent Notification to Peer:
> invalidcertificate
>
>
> What is the expiration date on the certificate that was
> originally being
> used?
>
> Juan
>
> Jacobsson, Jacob wrote:
> > Hello all,
> >
> > We got a really strange thing that happend.
> > Without any change in environment the night between 16 and
> 17 dec. One of our VPN tunnels just dropped with the
> following error messages:
> > IKE key install: "IKE: Main Mode Sent Notification to Peer:
> invalid certificate"
> > reject: "IKE: Main Mode No valid CRL CN=foo-bar VPN
> Certificate,O=foo-bar..."
> > drop: "encryption fail reason: Packet is dropped because
> there is no valid SA - please refer to solution sk19423 in
> SecureKnowlege Database for more information."
> > We have checked that the time is syncronized between the
> nodes, and that there are the correct certificates, they
> should be valid until Dec. 2023.
> > As a workaround we have enabled "shared secret" and then
> the VPN then work with no problem, but we would like to
> enable the use of certificates for authentication.
> > Does anyone have any idea what could have caused this?
> >
> > Thanks in advanced!
> > BR.
> > //Jacob
> >
> > -------------------------------------------------------------
> >
> > Jacob Jacobson
> > GDIS EMEA SDO Network
> >
> > Hewlett Packard Sverige AB
> > HP Services
> > SE-125 44 Stockholm
> > Visiting address: 230 Gotalandsvagen, Stockholm
> >
> > Phone: +46 (0)8 524 94537
> > Email: jacob.jacobsson@xxxxxx
> > Web: <http://www.hp.se/>
> > -------------------------------------------------------------
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > FireWall-1 Gurus Mailing List (http://www.phoneboy.com/gurus)
> > To unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
> > For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx
> >
> >
>
---------------------------------------------------------------------
FireWall-1 Gurus Mailing List (http://www.phoneboy.com/gurus)
To unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx
---------------------------------------------------------------------
FireWall-1 Gurus Mailing List (http://www.phoneboy.com/gurus)
To unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx
|