Solved: Does Cisco VPN client support DES for remote VPN to a PIX 501 ?

Fernando_Meza · ‎10-22-2008

Hi netpros,

I am trying to set up a remote vpn using Cisco VPN client 5.0 (I have also tried version 4.6) and a PIX501 with DES support ONLY. By looking at the logs on the PIX, I can see the client attempting to negotiate phase 1. It only sends 9 attempts (neither of them using DES as encryption) and it stops there and the VPN can't be completed. I expected the vpn client to keep on trying until a match is found. Are there any limitations on this set up.

Your comments are much appreciated !!!

ajagadee · ‎10-22-2008

Hello Fernando,

Interesting Observation. Are you using DES with SHA or DES with MD5. From what I can see in the below URL, DES with MD5 is a supported IKE Proposal.

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client46/administration/guide/vcAch8.html#wp1157757

Regards,

Arul

*Pls rate if it helps*

View solution in original post

ajagadee · ‎10-22-2008

Hello Fernando,

Interesting Observation. Are you using DES with SHA or DES with MD5. From what I can see in the below URL, DES with MD5 is a supported IKE Proposal.

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client46/administration/guide/vcAch8.html#wp1157757

Regards,

Arul

*Pls rate if it helps*

Fernando_Meza · ‎10-23-2008

Hi ..

Thanks for the tip .. indeed MD5 worked OK.

Cheers,