VPN not able to connect through winows Vista

Answered Question
Nov 2nd, 2007

Hello,

I'm having Cisco 506e firewall & WIn2003 SBS server.My client's are using Windows Vista Business.I had created the VPN connection on that, while verying username & password it gets stuck & after that it shows error as error 732 Your computer & remote computer does not allow PPP protocols.

Please help me on this, it would be really appreciated.

I have this problem too.
0 votes
Correct Answer by andyjames about 9 years 2 months ago

Hello,

Can you take out the following line from you config and try again.

access-group 101 in interface outside

isakmp identity address

When you post configs in the future can you remove the interesting details such as ip addresses and usernames/passwords. It's too tempting for some people.

What version of the Cisco client do you have for the Vista machines, I use 5.0.00.0340 and that works ok.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
JORGE RODRIGUEZ Sat, 11/03/2007 - 17:57

Sagars, when you say your windows vista vpn clients I assume clients are using microsoft PPTP vpn client from windows, and your pix 506e is configured to accept inbound pptp connections from outside, is this is correct go over these two links, two key points you need is permitting pptp protocol 1723 and GRE.

PIX sample config for use with pptp inbound clients

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080143a5d.shtml#intro

PPTP/GRE backround

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml

Rgds

Jorge

sagarshaha Sun, 11/04/2007 - 19:33

Thanks Jorge for your prompt response.

I had configured the pix to use PPTP protocols, it is working fine with Windows XP but not on Windows Vista.Its showing the error as error 732.

andyjames Wed, 11/07/2007 - 02:21

The problem here is likely to be Vista. Vista is set as default to ms-chap-v2 and require encryption. You can change the settings under the vpn properties to use chap and optional encryption.

You can also add the following to the vpdn group configuration - ppp encryption mppe 40 if not there already which will enable the encryption on the pix.

Ms-chap-v2 is available on version 7 os releases but i don't think the 506e will support these.

sagarshaha Wed, 11/07/2007 - 03:29

thanks for your response,

can we upgrade 506e to the latest version because i tried to change the security settings but it is not working.

andyjames Wed, 11/07/2007 - 04:58

The pix 506e is not supported under version 7 so you will not be able to upgrade.

I do have Vista clients running to 501's that are on version 6 so you should be able to get it running.

Can you post your vpdn config, there may be something missing that is required for Vista.

The other option is to use the Cisco vpn client for the connection.

sagarshaha Wed, 11/07/2007 - 05:14

I installed The Cisco Client as

Cisco Systems VPN Client 5.0.01.0600 but still its not connecting.

I changed the settings in pix 506e to allow the VPN clients,it worked from Windows XP but still its not working from Windows Vista.

Please reply

andyjames Wed, 11/07/2007 - 05:18

The cisco client will not connect to the vpdn config for pptp connections. You need to create a dynamic crypto map for these connections.

Before doing that can you post your vpdn config from the pix. We may be able to solve the problem from there.

sagarshaha Sun, 11/11/2007 - 22:45

Hello,

We had done the settings in the pix to use the vpn clients & it was successfully connected through the Windows XP machine but was not able to connect through Windows Vista machine.

I'm attaching the config of my pix, please check & revert me ASAP.

Thanks.

Attachment: 
Correct Answer
andyjames Thu, 11/15/2007 - 09:58

Hello,

Can you take out the following line from you config and try again.

access-group 101 in interface outside

isakmp identity address

When you post configs in the future can you remove the interesting details such as ip addresses and usernames/passwords. It's too tempting for some people.

What version of the Cisco client do you have for the Vista machines, I use 5.0.00.0340 and that works ok.

sagarshaha Fri, 11/16/2007 - 03:28

thanks for your suggesstion

yes, i'm using the version is 5.0.01.0600,

which one is the latest one??

sagarshaha Fri, 11/16/2007 - 04:18

thank you so much

finally, i had resolved my issue.

now, i'm able 2 connect to my server using the VPN client.

All credit goes to you andy

thanks opnce again

bye

sagarshaha Sun, 11/18/2007 - 21:53

thanks once again,

i want to know what was the problem in that & why need to delete that line from the config.

do you have any gmail or hotmail account so that we can be available on chat for some problems.

Sunclair57 Thu, 12/20/2007 - 05:10

Hi Andy,

I am a newbee here, so maybe I ask the wrong question. I have a Pix 501 with a problem on connecting from a Vista client.

Question: How do I upgrade to version 6. Do I have to buy that or download ?

Regards,

Clarinus

stevebarker Fri, 11/28/2008 - 11:31

Hi Andy,

I have PIX 501 v6.3(3) to which XP MS VPN clients (using PPTP) have been working fine for almost 4 years. Now a VISTA SP1 client has been introduced and from searching the web I see this brings with it numerous problems!!!

Understand that VISTA MS VPN client only supports MS-CHAP v2 whereas my PIX only supports MS-CHAP v1 and that my PIX can not be upgraded to v7 IOS that supports MS-CHAP v2.

I have tried setting my PIX to only expect/require CHAP and set the same in the VPN definition in VISTA using the advanced security settings but to no avail.

Have now spent 2.5 hours trying various permutations but still no joy.

Have attached PIX config from my last attempt. If you or anyone else can identify where I'm going wrong, that would be very much appreciated. I really do not want to have to go to the trouble/cost of purchasing/setting up Cisco VPN clients just to accommodate one VISTA user at this time.

Many Thanks, SteveB

Attachment: 

Actions

This Discussion