I have been unable to authenticate to vpn using the certificate method. Backward compatibility and NMAS methods work fine.

The system is NW6.5SP2, BM3.8SP2 and VPN client 3.8.9.

The ike.log contains the following:
"Failed to create IKE-SA - The main mode's ID did not match with certificate subjects"

I have checked the subject within the authentication rule and the client subject name from the certificate, both look the same.

Any ideas of where the problem may be or where else I could look?