Where can I get a user cert for my GVC
GrahamH
Newbie ✭
Thank you for reading! Maybe you can help me.
I have installed a new godaddy ssl cert on my tz270 and it seems to be working fine when I log into the web managemment page.
I have now assigned the cert to the Wan group vpn because I don't want to use PSKeys anymore.
I exported my new cert "vpn.domain.com" from the tz270 and installed this on the GVC, it appears to install correctly, but when I try connect the gvc it gets stuck on authenticating, so I am assuming that I am generating the user cert from the wrong place
Any help would be appreiciateed.
I have installed a new godaddy ssl cert on my tz270 and it seems to be working fine when I log into the web managemment page.
I have now assigned the cert to the Wan group vpn because I don't want to use PSKeys anymore.
I exported my new cert "vpn.domain.com" from the tz270 and installed this on the GVC, it appears to install correctly, but when I try connect the gvc it gets stuck on authenticating, so I am assuming that I am generating the user cert from the wrong place
Any help would be appreiciateed.
Category: VPN Client
0
Answers
Did you follow the KB?
Thanks , I cant figure out how to get the .pfx unfortunately
Sorry i can produce the .pfx file from the certificates on the TZ and I can import it into GVC, that all looks good, when i then try connect the gvc it gets stuck on authenticating.
See the GVC log Below-
The connection "vpn.mydomain.ie" has been enabled.
2021/09/28 17:58:01:186 Information <local host> Restricting first ISAKMP packet size to avoid fragmentation.
2021/09/28 17:58:01:212 Information xxx.xxx.xxx.xxx Starting ISAKMP phase 1 negotiation.
2021/09/28 17:58:01:259 Information xxx.xxx.xxx.xxx Starting aggressive mode phase 1 exchange.
2021/09/28 17:58:01:259 Information xxx.xxx.xxx.xxx NAT Detected: Local host is behind a NAT device.
2021/09/28 17:58:01:259 Information xxx.xxx.xxx.xxx The SA lifetime for phase 1 is 28800 seconds.
2021/09/28 17:58:01:259 Information xxx.xxx.xxx.xxx Phase 1 has completed.
2021/09/28 17:58:07:011 Warning xxx.xxx.xxx.xxx Received an unencrypted packet but encryption keys have already been established.
2021/09/28 17:58:07:011 Error xxx.xxx.xxx.xxx Failed to decrypt buffer.
2021/09/28 17:58:07:011 Information <local host> An incoming ISAKMP packet from xxx.xxx.xxx.xxx was ignored.
2021/09/28 17:58:16:001 Warning xxx.xxx.xxx.xxx Received an unencrypted packet but encryption keys have already been established.
2021/09/28 17:58:16:003 Error xxx.xxx.xxx.xxx Failed to decrypt buffer.
2021/09/28 17:58:16:005 Information <local host> An incoming ISAKMP packet from xxx.xxx.xxx.xxx was ignored.
2021/09/28 17:58:34:000 Warning xxx.xxx.xxx.xxx Received an unencrypted packet but encryption keys have already been established.
2021/09/28 17:58:34:000 Error xxx.xxx.xxx.xxx Failed to decrypt buffer.
2021/09/28 17:58:34:000 Information <local host> An incoming ISAKMP packet from xxx.xxx.xxx.xxx was ignored.
Thanks - Maybe its a Support request?
Graham
What does the log on the firewall show? Does it see the connection attempts?