Hi, all. I have been using openssl-generated certificates on my VPN Concentrator 3015 and VPN clients for about 6 months and have just recently run into some strange behaviour. Basically, clients who are connecting over a slow connection (dial-up) are unable to connect, and receive the message "no keys are available to decrypt the ISAKMP message" Strangely, this configuration has been working fine for the past 6 months without a hitch. When I use Microsoft certificates it works fine... I have tried to set my certificates up to be as similar to the Microsoft certs as possible, the only things I don't know how to change is: How to take "X509v3 Basic Constraints" out of the certificate How to add "Authority Information Access" Other than that, my certificate looks just like a MS certificate, if anyone has any other suggestions, I certainly welcome them, as Cisco will not help me until I switch to MS certs. Thanks, Mark Roach ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]