Support Center > Search Results > SecureKnowledge Details
Site to Site VPN tunnel failed to established on Phase1 (Main Mode) when using 3rd party CA Technical Level
Symptoms
  • Site to Site VPN tunnel failed to established on Phase1 (Main Mode) when using 3rd party CA.
  • From ike.elg: INVALID CERTIFICATE
  • From vpnd:
    [vpnd 10745 4083768064]@GWA1[26 Jan 18:59:07][tunnel] fwCert_AddCAToCertsAndGetCAObj: Expected to get certificate whose root CA is internal_ca, got certificate whose root CA is "3rd party CA"
    [vpnd 10745 4083768064]@GWA1[26 Jan 18:59:07][tunnel] < FWIKE_MM_PACKET_6_EPILOGUE1 > Id = 7
    [vpnd 10745 4083768064]@GWA1[26 Jan 18:59:07] GetCommunityByID: community ID [1] : PSK-VPN
    [vpnd 10745 4083768064]@GWA1[26 Jan 18:59:07][tunnel] extended_log_info_build_reason_from_list: list is empty, [vpnd 10745 4083768064]@GWA1[26 Jan 18:59:07][tunnel] isakmpd_log: calling isakmpd_log with original reason=(Expected to get certificate whose root CA is internal_ca, got certificate whose root CA is "3rd party CA")
Cause

Invalid Certificate.

Incorrect configuration. Expected to receive certificate from a different CA.


Solution
Note: To view this solution you need to Sign In .