SA 500 series VPN settings for native Windows 7 access

Unanswered Question
Jan 21st, 2010


We bought a SA 520 box which "allegedly" offers VPN functionality. Our prospective VPN clients are all Windows 7 laptops.

I configured the VPN for remote access with the VPN wizard (pre-shared key) and created one VPN user. As the local ID I set the static WAN IP address of the sa 500 series.

Windows 7 has integrated IPSec support, so tried to create a VPN client connection (Network and Sharing Center->Set up a new connection and network->Connect to a workplace->create a new connection->Use my Internet connection (VPN)). In the dialog box I wrote the sa 520 WAN IP address, and got "Connection failed with error 800". I also tried with VPN Type "L2TP/IPSec" and set the preshared key in the Advanced settings.

There is a plethora of configuration options in the Windows 7 VPN client properties, which ones should we use?

Does any of the provided Windows 7 VPN Authentication methods work:


- Cisco: EAP-FAST

- Cisco: LEAP

- Cisco: PEAP

- Intel: EAP-AKA

- Intel: EAP-SIM

- Intel: EAP-TTLS

- Microsoft: Protected EAP

- Microsoft EAP-MSCHAP v2

- Microsoft: Smart Card or other certificate



If so, what are the parameters that are required? Do I need to set some parameters in SA 520 (i.e. IKE SA Parameters) in order to get this work?

Windows 7 seems to support all the algorithms at least:

(VPN Wizrds sets these as SHA-1; 3DES; DH group 2)

Best regards,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Steven Smith Fri, 01/22/2010 - 13:04

You need a VPN client that does XAUTH.  We have tested with a client from Greenbow client.  I do not know if that client works with Windows 7 currently.  If you read the admin guide for the SA500, you should be able to make this work with this client or any other standards based client that does XAUTH.

kdeklerk1 Fri, 02/12/2010 - 07:01

Wow, this is disappointing.  I was hoping to use the Windows 7 VPN client with the SA 540.  But it looks like I won't be able to do this.  Is there a reason why this product doesn't support the many protocols that Windows 7 supports? Also, the browser SSLVPN doesn't connect in Windows 7.  This adds to the TCO if we have to have purchase clients for each of the remote workers.  This feature would make this product a lot more marketable.

Steven Smith Fri, 02/12/2010 - 07:36

The Windows 7 SSL VPN will be working soon.  I can't give a release date yet, but we are looking at getting that finished soon.

There will also be a Quick VPN client available for Windows 7 soon.  Finally, you can also use the shrew soft vpn client with the SA 540.  It is a free client.

ambleside Mon, 02/22/2010 - 21:05

Is there a configuration guide for connecting a Shrew client to the SA540?  I can find details for Pix, but not for the SA540 GUI.


Ambleside Logic

joniniemi Wed, 04/07/2010 - 02:56

installed the new QuickVPN client 1.4. It sort of works, inside the office, behind the firewall.

I managed to succesfully create a VPN connection from intranet when I had a secondary UMTS (Internet) connection up, so it shouldn't be my Windows 7 (OFF) / F-Secure (ON) firewall settings.

When I try create a VPN connection from Internet I end up with the"Remote Gateway is not responding, do you  want to wait?" problem as desctibed in

Log: [WARNING]Failed to ping remote VPN Router!

With intranet access only, the connection fails due to IP address conflict (as it should, I suppose :-)

Log: [WARNING]Local IP address conflicts the subnet of remote VPN Server.

So: connection works when having two networks up: intranet &  Internet.

Is there something else I need to do to get this working?!

I already tried to disable all sensible Firewall Attack checks:

* Block  Ping to WAN interface

* Enable Stealth Mode

* Block  Fragmented Packets

BR, Joni