Screen OS

My AD is cert.com:

My ssg550m os is 6.2.0r2.0,the command only have one dc:

set user "vpn" ike-id asn1-dn wildcard "CN=vpn,OU=vpn,O=,L=,ST=,C=,Email=vpn@cert.com,DC=cert," share-limit 1

How to write the second DC?

Best Regards!

Hi,

When using "wildcard" you can have only one identity field for each type, so you can't configure a second DC.

You can try using "container" instead of "wilcard":

set user "vpn" ike-id asn1-dn container "CN=vpn,OU=vpn,Email=vpn@cert.com,DC=cert,DC=com" share-limit 1

Note that the field sequence must be identical when using "container".

Best regards,

Igor

kI use  "wildcard" ,but only two parameters, "cn" & "dc" , this can also be successfully established VPN connection.

Thanks!

But now do not support the Chinese-based Certificate Validation?

Debug:

## 2009-05-05 15:27:45 : normalize_user_wildcard_dn_id: <7><DC=cert>.
## 2009-05-05 15:27:45 : get_dn_element_type_mask: mask<00000080>
## 2009-05-05 15:27:45 : normalize_user_wildcard_dn_id: got <7><8bfff6bc><DC=cer
t>.
## 2009-05-05 15:27:45 : normalize_one_elem: input<CN=......>
## 2009-05-05 15:27:45 : normalize_one_elem: content<......>
## 2009-05-05 15:27:45 : normalize_one: A temp<CN=......,> in_len<6>
## 2009-05-05 15:27:45 : normalize_one: temp<CN=......,> len<10>
## 2009-05-05 15:27:45 : normalize_user_wildcard_dn_id: ind<0> elem<CN=......,>l
en<10>
## 2009-05-05 15:27:45 : normalize_one_elem: input<OU=..........>
## 2009-05-05 15:27:45 : normalize_one_elem: content<..........>
## 2009-05-05 15:27:45 : normalize_one: A temp<OU=..........,> in_len<10>
## 2009-05-05 15:27:45 : normalize_one: temp<OU=..........,> len<14>

Best regards!