Hello,
i have two servers in different TREE. Both are NW 6.5 sp6 and have BM38
with last sp.
Connection is established but on the IKE screen is problem message:

10:50:48 AM VPN Control Send update cfg to 2 for type of mask = 31,
typeofcfg = 1
10:50:48 AM VPN Control Send update cfg to 1 for type of mask = 7,
typeofcfg = 1
10:50:48 AM VPN Control VPNGetRootCert: Read trusted root certs from
TRC - BORDER1.Internet
10:50:46 AM VPN Control The configured server certificate is vpns2s -
BORDER1.Internet
10:50:46 AM VPN Control The trusted root container of this VPN server
is TRC - BORDER1.Internet
10:50:46 AM IKE Failed to create IKE SA - Certificate authentication
failure.
cookies my-his : 2592E46746FA8160-C51CA7FBDE69D136 dst: x.x.x.x(SHBRD1)
src: x.x.x.x(BORDER1)

10:50:46 AM IKE Sending notify message of type : 52 to
x.x.x.x(SHBRD1)
10:50:46 AM IKE First IKE connection sending INITIAL_CONTACT notify
to x.x.x.x(SHBRD1)
10:50:46 AM IKE IKE SA NEGOTIATION - Peer lifetime is: 28800 My
lifetime is: 28800
10:50:46 AM VPN Control Configuring VPN member SHBRD1.
10:50:46 AM VPN Control Configured VPN member BORDER1.

SHBRD1 - SLAVE
BORDER1 - MASTER

I dont know what is bad. I put root certificate from Master to slave
and SLAVE to Master. Name of the server certificate is correct i think
:) . in the log x.x.x.x is static (ISP)ip address.
Please can you help me with this problem ?

I Can't ping to SLAVE tunnel adress from Master. Routes are correct.

Thank you

Milan Kures


--
mkures