Hello all,

im trying to set up a client 2 site VPN
i made the certificates and all seems to be ok.
But when ill try to connect ill get an IKE error.

Server
8.4.2008 16.46.27 ***Receive Main Mode message from "Client"
8.4.2008 16.46.27 I-COOKIE=6A90A46A7BFC1D30,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=-1519469044
8.4.2008 16.46.27 Start IKE-SA A300A180 - Responder,src="Bordermanager",dst="Client",TotSA=1
8.4.2008 16.46.27 AUTH ALG IS 3
8.4.2008 16.46.27 IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=28800
8.4.2008 16.46.27 ****DH private exponent size is 1016****
8.4.2008 16.46.27 Local server's interfaces : 160.98.12.215
8.4.2008 16.46.27 Local server's interfaces : "Bordermanager"
8.4.2008 16.46.27 Recieved Supported Vendor id Novell Border Manager VPN 4.0 client - Protected Net from "Client"
8.4.2008 16.46.27 Recieved Supported Vendor id draft-ietf-ipsec-nat-t-ike-03 from "Client"
8.4.2008 16.46.27 ***Send Main Mode message to "Client"
8.4.2008 16.46.27 I-COOKIE=6A90A46A7BFC1D30,R-COOKIE=FBD1F71E3DD24D13,MsgID=0,1stPL=SA-PAYLOAD,state=-1519469044
8.4.2008 16.46.27 ***Receive Main Mode message from "Client"
8.4.2008 16.46.27 I-COOKIE=6A90A46A7BFC1D30,R-COOKIE=FBD1F71E3DD24D13,MsgID=0,1stPL=KEY-PAYLOAD,state=-1519468992
8.4.2008 16.46.27 No NAT detected
8.4.2008 16.46.27 info: sending certificate request payload is disabled
8.4.2008 16.46.27 ***Send Main Mode message to "Client"
8.4.2008 16.46.27 I-COOKIE=6A90A46A7BFC1D30,R-COOKIE=FBD1F71E3DD24D13,MsgID=0,1stPL=KEY-PAYLOAD,state=-1519468992
8.4.2008 16.46.28 ***Receive Main Mode message from "Client"
8.4.2008 16.46.28 I-COOKIE=6A90A46A7BFC1D30,R-COOKIE=FBD1F71E3DD24D13,MsgID=0,1stPL=ID-PAYLOAD,state=-1519468980
8.4.2008 16.46.28 Recieved MM ID payload type 3 protocol 0 portnum 0 length 28
8.4.2008 16.46.28 Recieved notify message type 24578 from "Client"
8.4.2008 16.46.28 Recieved INITIAL_CONTACT notify deleting all old SA's with "Client" address
8.4.2008 16.46.28 sending notify message type 65519 to "Client"
8.4.2008 16.46.28 ***Send Unacknowledge Informational message to "Client"
8.4.2008 16.46.28 I-COOKIE=6A90A46A7BFC1D30,R-COOKIE=FBD1F71E3DD24D13,MsgID=E30B49FB,1stPL=HASH-PAYLOAD,state=-1519468932
8.4.2008 16.46.28 Failed to create IKE-SA - ACL Check Failed , dst = "Client"
8.4.2008 16.46.28 IKE-SA A300A180 is Deleted,I-COOKIE=6A90A46A,R-COOKIE=FBD1F71E,dst="Client"
8.4.2008 16.46.28 State:2 Cond:4 TimerEvent:1
8.4.2008 16.46.28 lifetime :28800 sec Rekey Time :0 sec
8.4.2008 16.46.28 Created at :0 sec Remaining life time :-9592119 sec Current time 9620919
8.4.2008 16.46.28 The client "Client" removed from vpninf

8.4.2008 16.46.28 Freeing IKE SA

Client
04-08-2008 04:46:25 PM Created thread for SendKeepAlivePacketProcess
04-08-2008 04:46:25 PM Loaded: 1 private key(s).
04-08-2008 04:46:25 PM Loaded: 2 certificate(s), 2 public key(s).
04-08-2008 04:46:25 PM Cert data len = 1367
04-08-2008 04:46:25 PM Cert data len = 1328
04-08-2008 04:46:25 PM Read trusted root cert file C:\Novell\Vpnc\Certificates\Trusted Roots\Border2.der
04-08-2008 04:46:25 PM Start IPSEC SA 00a12340 - Initiator****totSA=1
04-08-2008 04:46:25 PM src from IPsec
04-08-2008 04:46:25 PM 00000000 00000000
04-08-2008 04:46:25 PM dst from IPsec
04-08-2008 04:46:25 PM 00000000 91fdc084
04-08-2008 04:46:25 PM Start IKE-SA 007099a8 - Initiator,src="Client",dst="Bordermanager",TotSA=1
04-08-2008 04:46:25 PM AUTH ALG IS 3
04-08-2008 04:46:25 PM setting rsa sig 3
04-08-2008 04:46:25 PM ***Send Main Mode message to "Bordermanager"
04-08-2008 04:46:25 PM I-COOKIE=6a90a46a7bfc1d30,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=25754368
04-08-2008 04:46:26 PM ***Receive Main Mode message from "Bordermanager"
04-08-2008 04:46:26 PM I-COOKIE=6a90a46a7bfc1d30,R-COOKIE=fbd1f71e3dd24d13,MsgID=0,1stPL=SA-PAYLOAD,state=24705744
04-08-2008 04:46:26 PM IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=28800
04-08-2008 04:46:26 PM Recieved Supported Vendor id draft-ietf-ipsec-nat-t-ike-03 from "Bordermanager"
04-08-2008 04:46:26 PM ***Send Main Mode message to "Bordermanager"
04-08-2008 04:46:26 PM I-COOKIE=6a90a46a7bfc1d30,R-COOKIE=fbd1f71e3dd24d13,MsgID=0,1stPL=KEY-PAYLOAD,state=24705644
04-08-2008 04:46:26 PM ***Receive Main Mode message from "Bordermanager"
04-08-2008 04:46:26 PM I-COOKIE=6a90a46a7bfc1d30,R-COOKIE=fbd1f71e3dd24d13,MsgID=0,1stPL=KEY-PAYLOAD,state=24705744
04-08-2008 04:46:26 PM No NAT detected
04-08-2008 04:46:26 PM *Sending MM id payload Type 3 - subject name :9 subject alternative name :2,3
04-08-2008 04:46:26 PM *protocol 0 portnum 0 length 28
04-08-2008 04:46:26 PM Sending INITIAL_CONTACT notify to "Bordermanager"
04-08-2008 04:46:26 PM ***Send Main Mode message to "Bordermanager"
04-08-2008 04:46:26 PM I-COOKIE=6a90a46a7bfc1d30,R-COOKIE=fbd1f71e3dd24d13,MsgID=0,1stPL=ID-PAYLOAD,state=24705644
04-08-2008 04:46:27 PM ***Receive Unacknowledge Informational message from "Bordermanager"
04-08-2008 04:46:27 PM I-COOKIE=6a90a46a7bfc1d30,R-COOKIE=fbd1f71e3dd24d13,MsgID=e30b49fb,1stPL=HASH-PAYLOAD,state=24705744
04-08-2008 04:46:27 PM Recieved notify message type -17 from "Bordermanager"
04-08-2008 04:46:27 PM Error :No matching Certifcate authentication rule in server ,check Server Configuration
04-08-2008 04:46:27 PM Notify Recvd :Deleting IKE SA and related QM SAS - Peer "Bordermanager"
04-08-2008 04:46:27 PM Exiting thread for SendKeepAlivePacketProcess



The Client got an public IP.
It seems to be a server problem, but all i found is a fix to an server 2 server VPN.

any Idear

thx
Tribion