We bought a SA 520 box which "allegedly" offers VPN functionality. Our prospective VPN clients are all Windows 7 laptops.
I configured the VPN for remote access with the VPN wizard (pre-shared key) and created one VPN user. As the local ID I set the static WAN IP address of the sa 500 series.
Windows 7 has integrated IPSec support, so tried to create a VPN client connection (Network and Sharing Center->Set up a new connection and network->Connect to a workplace->create a new connection->Use my Internet connection (VPN)). In the dialog box I wrote the sa 520 WAN IP address, and got "Connection failed with error 800". I also tried with VPN Type "L2TP/IPSec" and set the preshared key in the Advanced settings.
There is a plethora of configuration options in the Windows 7 VPN client properties, which ones should we use?
Does any of the provided Windows 7 VPN Authentication methods work:
- Cisco: EAP-FAST
- Cisco: LEAP
- Cisco: PEAP
- Intel: EAP-AKA
- Intel: EAP-SIM
- Intel: EAP-TTLS
- Microsoft: Protected EAP
- Microsoft EAP-MSCHAP v2
- Microsoft: Smart Card or other certificate
If so, what are the parameters that are required? Do I need to set some parameters in SA 520 (i.e. IKE SA Parameters) in order to get this work?
Windows 7 seems to support all the algorithms at least:
(VPN Wizrds sets these as SHA-1; 3DES; DH group 2)