Hi all, Policy based VPN with Certificates to a Cisco IOS 12.3 Advanced Security Phase 1 error occurs: Cert received has a different FQDN SubAltName than expected.The cisco router has no SubAltName option in Certificate request so the certificate what I can install on that cannot contain this field. Please let me know how can I configure the SSG to ignore these fields. (the missing fields are IP and DNS name (both in SubAltName field)I've found the following article: http://kb.juniper.net/KB5833 This states that SSG only checks these parameters when FQDN peer ID is used. I use IP address not FQDN.I attach the debug ike output. If I cange the authentication to presahred key the VPN works.