SR520 VPN Server Vista

Unanswered Question
Feb 3rd, 2010

Hi there,

we setup a VPN Server from the CCA. We used the default Security -> VPN Server path. We then exported the VPN Profile to a PCF file.

The Cisco VPN client works fine on 32bits operating systems.

How do we set this up on Vista and Windows 7? The Client installer says '64 bits not supported'

The Cisco AnyConnect VPN client has no option to import a PCF file. And the manual says it does not support IPSec/UDP.

What are we to do?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
eljakimit Wed, 02/03/2010 - 08:35

So went also installed SSL VPN. Which works okay, except for all the certificate warnings, and it doesn't work on mac Safari clients...

Does anyone know where we can install a certificate from the CCA?

If only PPTP were supported from the CCA. Or a SSLVPN client for 64bits were supported...

eljakimit Fri, 02/05/2010 - 06:32

One more issue:

you can setup websites from the internet that can be used from the outside after logging on from the Cisco web interface, but without actually setting up the VPN.

This is a nice feature. It works fine for non-secure (http) websites. However, we also a https site on the inside with a self-signed certificate (iomega storage device). This device cannot be accessed this way.

So two questions remain (I've given up on the Mac issue):

* how do we install a new certificate for the SR520 from the CCA

* how do we get https websites to work

Steven Smith Fri, 02/12/2010 - 15:01

Working on this.  Let me see if this can be done in CCA currently or not.  If not, I will post something on how to add the cert manually.  Once added manually, this should work without issue.  What version of IOS are you running?

There is an enhancement in to disable certificate verification of the sites that are going through this.

CSCsy05978ENH: IOS PKI should have a option to disable certificate validation

Let me see what I can do on this.

eljakimit Fri, 02/19/2010 - 12:04

SR520#show version;

Cisco IOS Software, SR520 Software (SR520-ADVIPSERVICESK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1)

Do you have any more news?
Steven Smith Fri, 02/19/2010 - 15:37

Here is what you can try.

Router(config)# crypto ca trustpoint

Router(config-trustpoint)# enrollment terminal

Router(config)# crypto ca authenticate

The router will then prompt you to paste in the CA certificate associated  with the HTTPS site.  This is going to be the CA cert in base64 (ascii)  format.

Let me know if that works for you.