Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mle2802
Staff
Staff

Created on ‎06-11-2025 09:41 PM

Article Id 395913

Troubleshooting Tip: Error 'unable to parse peer.subject as DN' with IPsec dial-up VPN using certificate authentication

Description This article describes how to troubleshoot the error 'unable to parse peer.subject as DN' when using certificate authentication with IPsec dial-up VPN.
Scope FortiGate.
Solution Running ike debug while connecting to VPN, the error 'unable to parse peer.subject as DN' is observed:

diagnose debug application ike -1

diagnose debug enable

Screenshot 2025-06-11 122209.png

Comparing PKI user config under User & Authentication -> PKI with the client certificate, the 'Subject' field is different.

 

Screenshot 2025-06-11 120924.png

To resolve the error, change the PKI config to match the client certificate and test again:

Screenshot 2025-06-11 121847.png

 

Screenshot 2025-06-11 122038.png
257
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.