https://live.paloaltonetworks.com/t5/general-topics/ikev2-with-cisco-router-using-certificate-problem/m-p/344762#M86234 <P>&nbsp;</P><P>after I finished the ikev2 configuration(using <STRONG>Distinguished Name (Subject)</STRONG> from PAN and Cisco Router using <STRONG>identity local dn</STRONG> ), I got this isse:</P><P>&nbsp;</P><P><EM>received ID_I (type dn [CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org]) does not match peers id</EM></P><P>&nbsp;</P><P>after this:</P><P>&nbsp;</P><P><EM>IKEv2 IKE SA negotiation is failed as responder</EM></P><P>&nbsp;</P><P>any ideas?</P><P>&nbsp;</P><P>regards</P><P>&nbsp;</P><P>Luping</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 20 Aug 2020 11:56:15 GMT Luping 2020-08-20T11:56:15Z https://live.paloaltonetworks.com/t5/general-topics/ikev2-with-cisco-router-using-certificate-problem/m-p/344762#M86234 <P>&nbsp;</P><P>after I finished the ikev2 configuration(using <STRONG>Distinguished Name (Subject)</STRONG> from PAN and Cisco Router using <STRONG>identity local dn</STRONG> ), I got this isse:</P><P>&nbsp;</P><P><EM>received ID_I (type dn [CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org]) does not match peers id</EM></P><P>&nbsp;</P><P>after this:</P><P>&nbsp;</P><P><EM>IKEv2 IKE SA negotiation is failed as responder</EM></P><P>&nbsp;</P><P>any ideas?</P><P>&nbsp;</P><P>regards</P><P>&nbsp;</P><P>Luping</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 20 Aug 2020 11:56:15 GMT https://live.paloaltonetworks.com/t5/general-topics/ikev2-with-cisco-router-using-certificate-problem/m-p/344762#M86234 Luping 2020-08-20T11:56:15Z https://live.paloaltonetworks.com/t5/general-topics/ikev2-with-cisco-router-using-certificate-problem/m-p/344780#M86237 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/140623">@Luping</a>There seems to be mismatch in the DN name you have configured under IKE gateway and the certificate present under certificate profile. Also verify IKE version configuration at both ends.</P> Thu, 20 Aug 2020 12:57:54 GMT https://live.paloaltonetworks.com/t5/general-topics/ikev2-with-cisco-router-using-certificate-problem/m-p/344780#M86237 SutareMayur 2020-08-20T12:57:54Z https://live.paloaltonetworks.com/t5/general-topics/ikev2-with-cisco-router-using-certificate-problem/m-p/344782#M86239 <P>I changed the configuration using preshare for Ikev2, it works. Just if I change to certificate, it show me this error message. it should no IKE missconfigure...</P><P>and DN, I just use the subject-name CN, you can see both find the same DN "externalrouter.robinlab.org".</P><P>&nbsp;</P><P><EM>"CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org" --- </EM>what is "<STRONG>unstructuredName</STRONG>"?</P><P>&nbsp;</P><P>PKI Configuration from Router:</P><P>&nbsp;</P><P><STRONG>crypto pki trustpoint CA</STRONG><BR /><STRONG>enrollment terminal</STRONG><BR /><STRONG>serial-number none</STRONG><BR /><STRONG>fqdn externalrouter.robinlab.org</STRONG><BR /><STRONG>ip-address none</STRONG><BR /><STRONG>subject-name CN=externalrouter.robinlab.org</STRONG><BR /><STRONG>revocation-check none</STRONG><BR /><STRONG>rsakeypair sslkey</STRONG></P><P>&nbsp;</P><P>&nbsp;</P> Thu, 20 Aug 2020 13:05:59 GMT https://live.paloaltonetworks.com/t5/general-topics/ikev2-with-cisco-router-using-certificate-problem/m-p/344782#M86239 Luping 2020-08-20T13:05:59Z