IKE Debug Log start time :7-5-2009 15:23:08
7-5-2009 15:23:08 Read trusted root cert file SYS:/ETC/IKE/ROOTCERT/C2S001.DER
7-5-2009 15:23:08 Read trusted root cert file SYS:/ETC/IKE/ROOTCERT/SRV001.DER
7-5-2009 15:23:08 Read trusted root cert file SYS:/ETC/IKE/ROOTCERT/C2S001.DER
7-5-2009 15:23:08 Read trusted root cert file SYS:/ETC/IKE/ROOTCERT/SRV001.DER
7-5-2009 15:23:12 Read trusted root cert file SYS:/ETC/IKE/ROOTCERT/C2S001.DER
7-5-2009 15:23:12 Read trusted root cert file SYS:/ETC/IKE/ROOTCERT/SRV001.DER
7-5-2009 15:31:22 ***Receive Main Mode message from 92.67.102.62
7-5-2009 15:31:22 I-COOKIE=020467A1398558E4,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=-1675670004
7-5-2009 15:31:22 Start IKE-SA 494710E0 - Responder,src=92.67.102.58,dst=92.67.102.62,TotSA= 1
7-5-2009 15:31:22 AUTH ALG IS 3
7-5-2009 15:31:22 KB lifetype is ignored but not rejected
7-5-2009 15:31:22 ****DH private exponent size is 1016****
7-5-2009 15:31:22 Local server's interfaces : 10.40.40.209
7-5-2009 15:31:22 Local server's interfaces : 92.67.102.58
7-5-2009 15:31:22 Recieved Supported Vendor id Novell Border Manager VPN 4.0 client - Protected Net from 92.67.102.62
7-5-2009 15:31:22 Recieved Supported Vendor id draft-ietf-ipsec-nat-t-ike-03 from 92.67.102.62
7-5-2009 15:31:22 ***Send Main Mode message to 92.67.102.62
7-5-2009 15:31:22 I-COOKIE=020467A1398558E4,R-COOKIE=B07D9D0F94325AB0,MsgID=0,1stPL=SA-PAYLOAD,state=-1675670004
7-5-2009 15:31:23 ***Receive Main Mode message from 92.67.102.62
7-5-2009 15:31:23 I-COOKIE=020467A1398558E4,R-COOKIE=B07D9D0F94325AB0,MsgID=0,1stPL=KEY-PAYLOAD,state=-1675669952
7-5-2009 15:31:23 No NAT detected
7-5-2009 15:31:23 info: sending certificate request payload is disabled
7-5-2009 15:31:23 ***Send Main Mode message to 92.67.102.62
7-5-2009 15:31:23 I-COOKIE=020467A1398558E4,R-COOKIE=B07D9D0F94325AB0,MsgID=0,1stPL=KEY-PAYLOAD,state=-1675669952
7-5-2009 15:31:23 ***Receive Main Mode message from 92.67.102.62
7-5-2009 15:31:23 I-COOKIE=020467A1398558E4,R-COOKIE=B07D9D0F94325AB0,MsgID=0,1stPL=ID-PAYLOAD,state=-1675669940
7-5-2009 15:31:23 Recieved MM ID payload type 3 protocol 0 portnum 0 length 25
7-5-2009 15:31:23 Recieved notify message type 24578 from 92.67.102.62
7-5-2009 15:31:23 Recieved INITIAL_CONTACT notify deleting all old SA's with 92.67.102.62 address
7-5-2009 15:31:23 Adding user :original address is 92.67.102.62
7-5-2009 15:31:24
Client 10.30.31.100 is added successfully
7-5-2009 15:31:24 *Sending MM id payload Type 1 - subject name :9 subject alternative name :2,3
7-5-2009 15:31:24 *protocol 0 portnum 0 length 8
7-5-2009 15:31:24 IKE_CCS_RSAPrivateKeyEncrypt: CCS_DataEncryptInit returned error code -1423
7-5-2009 15:31:24 sending notify message type 52 to 92.67.102.62
7-5-2009 15:31:24 ***Send Unacknowledge Informational message to 92.67.102.62
7-5-2009 15:31:24 I-COOKIE=020467A1398558E4,R-COOKIE=B07D9D0F94325AB0,MsgID=DB1CE557,1stPL=HASH-PAYLOAD,state=-1675669892
7-5-2009 15:31:24 Failed to create IKE-SA - Certificate authentication failure , dst = 92.67.102.627-5-2009 15:31:27 ***Receive Main Mode message from 92.67.102.62
7-5-2009 15:31:27 I-COOKIE=A50A2366CD8E28C0,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=-1675670004
7-5-2009 15:31:27 Start IKE-SA 494717A0 - Responder,src=92.67.102.58,dst=92.67.102.62,TotSA= 2
7-5-2009 15:31:27 AUTH ALG IS 3
7-5-2009 15:31:27 KB lifetype is ignored but not rejected
7-5-2009 15:31:27 ****DH private exponent size is 1016****
7-5-2009 15:31:27 Local server's interfaces : 10.40.40.209
7-5-2009 15:31:27 Local server's interfaces : 92.67.102.58
7-5-2009 15:31:27 Recieved Supported Vendor id Novell Border Manager VPN 4.0 client - Protected Net from 92.67.102.62
7-5-2009 15:31:27 Recieved Supported Vendor id draft-ietf-ipsec-nat-t-ike-03 from 92.67.102.62
7-5-2009 15:31:27 ***Send Main Mode message to 92.67.102.62
7-5-2009 15:31:27 I-COOKIE=A50A2366CD8E28C0,R-COOKIE=71208712D58A2FC3,MsgID=0,1stPL=SA-PAYLOAD,state=-1675670004
7-5-2009 15:31:27 ***Receive Main Mode message from 92.67.102.62
7-5-2009 15:31:27 I-COOKIE=A50A2366CD8E28C0,R-COOKIE=71208712D58A2FC3,MsgID=0,1stPL=KEY-PAYLOAD,state=-1675669952
7-5-2009 15:31:27 No NAT detected
7-5-2009 15:31:27 info: sending certificate request payload is disabled
7-5-2009 15:31:27 ***Send Main Mode message to 92.67.102.62
7-5-2009 15:31:27 I-COOKIE=A50A2366CD8E28C0,R-COOKIE=71208712D58A2FC3,MsgID=0,1stPL=KEY-PAYLOAD,state=-1675669952
7-5-2009 15:31:27 ***Receive Main Mode message from 92.67.102.62
7-5-2009 15:31:27 I-COOKIE=A50A2366CD8E28C0,R-COOKIE=71208712D58A2FC3,MsgID=0,1stPL=ID-PAYLOAD,state=-1675669940
7-5-2009 15:31:27 Recieved MM ID payload type 3 protocol 0 portnum 0 length 25
7-5-2009 15:31:27 Recieved notify message type 24578 from 92.67.102.62
7-5-2009 15:31:27 Recieved INITIAL_CONTACT notify deleting all old SA's with 92.67.102.62 address
7-5-2009 15:31:27 INITIAL_CONTACT : This SA is marked dead Dst:92.67.102.62 Cookie my:his[B07D9D0F94325AB0 : 020467A1398558E4]
7-5-2009 15:31:27 Adding user :original address is 92.67.102.62
7-5-2009 15:31:27 IKE-SA 494710E0 is Deleted,I-COOKIE=020467A1,R-COOKIE=B07D9D0F,dst=92.67.102.62
7-5-2009 15:31:27 State:3 Cond:4 TimerEvent:1
7-5-2009 15:31:27 lifetime :0 sec Rekey Time :0 sec
7-5-2009 15:31:27 Created at :0 sec Remaining life time :-12684 sec Current time 12684
7-5-2009 15:31:27 Freeing IKE SA

Hi all,

I've got some issues when trying to start a vpn session.
Above you see the ike.log file

I've already tried TID 3222407, but this didn't help.
Tried to reconfigure VPN settings, but what I did obviously didn't help.

When I run SDIDIAG and PKIDIAG no errors are shown in diagnostics.
I can validate all certicate objects in Console1/iManager

Running Bordermanager 3.8 SP5 on Netware 6.5

If anyone has some idea's please let me know

TIA
Remondo Sedoc