Vista compatibility with Pix 515E

Unanswered Question
Feb 11th, 2009

I'm prepping for a possible Vista/Windows 7 rollout and I'm trying to find any information about Vista comptibility with a Pix 515E. So far I am unable to connect to the VPN that is setup on the device from any Vista PC (XP works great) and I have been unable to find any informormation about this. I am trying to determine if I need an updated VPN client, an update on the Pix, or both. Anything that points me in the right direction would be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
eddie.mitchell@... Wed, 02/11/2009 - 14:44

What software version are you running on your PIX?

What version of Cisco VPN client are you using?

marmstrong-koa Wed, 02/11/2009 - 15:14

Thansk for the response.

I don't know on the Pix (it was already setup before I started here by an outside consultant), but I can find out...

We are not using the Cisco VPN client right now. At this point we are just setting up the VPN using Windows.


I had a similar issue before we switched to the Cisco VPN Client. I used to use windows and PPTP (VPDN commands) on the FW to allow users to connect via VPN. This was always fine on XP, but as soon as people started swapping to Vista it caused problems. If I remember rightly it was because VISTA only supports MSCHAP V2 and the PPTP/PIX IOS version (6.3 I think) I was using only supported MSCHAP V1.

You can solve the problem by telling VISTA to use CHAP but has to be done manually in the settings of the VPN connection. However, a better fix is to set up IPSEC VPN and use the Cisco VPN Client.

Hope that helps.


marmstrong-koa Thu, 02/12/2009 - 11:19

I see. So if I understand correctly what you are saying is that because of the version of MS-Chap that comes with Vista I will have to switch to the Cisco VPN client?

Also, I'll probably be using version or possibly a slightly older version. If I want to use the Cisco VPN client am I required to setup IPSec? And if I do, could that cause problems with the current users that are still using Windows to connect?

I apologize if my questions are newbie questions, I'm not usually THE guy on Cisco stuff... Thanks again to anyone who replies! It's really been helpful!!!

You don't have to switch, like I say you can just tell Vista to use CHAP and it should work (assuming you have the same setup as I did). Maybe post that part of the PIX config and I'll let you know if it's the same.

If you change to the Cisco client you'd have to set it up and then give the client to all your users to install on their machines.



marmstrong-koa Fri, 02/13/2009 - 06:11

I see. That would be great if I could get Vista to work without the Cisco client. I've tried every combination I can think of on the Windows VPN setup so I'll see what I can do to get the Pix config since it seems like something will have to be changed on that side to get my Vista test PCs to connect.

Also, I would be happy using the Cisco client with Vista PCs as long as I don't have to migrate all of the XP PCs to the Cisco client.

Do you think the Pix could be setup to use either the Windows or Cisco client at the same time? For example XP PCs with Windows VPN and Vista PCs with Cisco client.

Thanks again!


This Discussion