3000 series test not authenticating to Win2k Server

Unanswered Question

I can ping the server from the CLI.

After looking at http://www.cisco.com/warp/customer/707/2000.html -- do I still need to do the Value Name: ProhibitIpSec Data Type: REG_DWORD Value: 1

in order to authenticate on the win2k server?

I have the 3000 attached to the 5500 cat on a 2621 with the server. Is a crypto isakmp policy 1 needed going through f0/0 and f0/1 using the same subnet?

I notice that doing an IKE proposal > Add a proposal statement . The concentrator accepts the DES-SHA statement but never shows up in the IKE Proposal colum? So I used DES-MD5 on both the server and the Con.

Creating a user do I use the base-group or the 172.18.124.X group ?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
paqiu Thu, 06/27/2002 - 23:35
User Badges:

1 The registry change for REG_DWORD Value: 1 is not necessary when you are using the sample config:


In this case, you are building LAN to LAN tunnel from a Cisco box to a Windows 2000 server.

If you are doing L2TP with IPSEC when you using remote access from a client to a Windows 2000 server, you do need the registry change for REG_DWORD Value: 1

2 I believe you are building up the tunnel from VPN 3000 to windows 2000 server ? In that case, you do not need worry about the user or group stuff, you should modify the LAN to LAN tunnel part of the IPSEC in VPN 3000 concentrator.

Other questions please clarify, then we will know what situation you are talking about. For example, remote-access for VPN client or LAN to LAN tunnel.

Best Regards,

Paul Qiu


This Discussion