Hi,

I get this error after making a S2S VPN with 2 BM3.8:


Audit log:

IKE IKE SA NEGOTIATION - Peer lifetime is: 28800 My lifetime is: 28800
IKE First IKE connection sending INITIAL_CONTACT notify to 194.xxx.xxx.2
VPN Control VPN ACLCheck - No Match found in Trusted Master List.
IKE Received MM ID type: 9 protocol : 0 portnum: 0 length 48
VPN Control VPN ACLCheck - No Match found in Member List.
VPN Control VPN ACLCheck - No Match in Client Auth List.
VPN Control VPN ACLCheck could not find a match in configured Authentication Rule List.
Authentication failed for peer server: O=MESA-CZ.CN=194.xxx.xxx.2
IKE Sending notify message of type : 65519 to 194.228.238.2
IKE Failed to create IKE SA - ACL Check Failed cookies my-his :
9BFC71563F270EB2-85C47FBA010B506E dst: 194.xxx.xxx.2 src: 194.yyy.yyy.2
IKE PFS NOT ENABLED - DELETING ALL IPSEC SA
================== END ==========================

IKE-LOG-Screen:

26.1.2005 13.26.46 *Sending MM id payload Type 9 - subject name :9 subject
alternative name :2,3
26.1.2005 13.26.46 *protocol 0 portnum 0 length 64
26.1.2005 13.26.46 Sending INITIAL_CONTACT notify to 194.xxx.xxx.2
26.1.2005 13.26.46 ***Send Main Mode message to 194.xxx.xxx.2
26.1.2005 13.26.46 I-COOKIE=76FA350833E010E6,R-COOKIE=E96B15A235561E7E,MsgID=0,
1stPL=ID-PAYLOAD,state=-1853369716
26.1.2005 13.26.47 ***Receive Main Mode message from 194.xxx.xxx.2
26.1.2005 13.26.47 I-COOKIE=76FA350833E010E6,R-COOKIE=E96B15A235561E7E,MsgID=0,
1stPL=ID-PAYLOAD,state=-1853369716
26.1.2005 13.26.47 Recieved MM ID payload type 9 protocol 0 portnum 0 length 48

26.1.2005 13.26.47 sending notify message type 65519 to 194.xxx.xxx.2
26.1.2005 13.26.47 ***Send Unacknowledge Informational message to 194.228.238.2

26.1.2005 13.26.47 I-COOKIE=76FA350833E010E6,R-COOKIE=E96B15A235561E7E,MsgID=2F
23555B,1stPL=HASH-PAYLOAD,state=-1853369668
26.1.2005 13.26.47 Failed to create IKE-SA - ACL Check Failed , dst = 194.xxx.x
xx.2
26.1.2005 13.26.49 IKE-SA 919C6000 is Deleted,I-COOKIE=76FA3508,R-COOKIE=E96B15
A2,dst=194.228.238.2
26.1.2005 13.26.49 State:2 Cond:4 TimerEvent:1
26.1.2005 13.26.49 lifetime :28800 sec Rekey Time :0 sec
26.1.2005 13.26.49 Created at :0 sec Remaining life time :26629 sec Current
time 2171
================= END ====================


The Servers are in diffrent trees. I have add the TROs in both trees.
The Subject name is as shown in the cert.

Regards

Chris