I'm prepping for a possible Vista/Windows 7 rollout and I'm trying to find any information about Vista comptibility with a Pix 515E. So far I am unable to connect to the VPN that is setup on the device from any Vista PC (XP works great) and I have been unable to find any informormation about this. I am trying to determine if I need an updated VPN client, an update on the Pix, or both. Anything that points me in the right direction would be appreciated.
I had a similar issue before we switched to the Cisco VPN Client. I used to use windows and PPTP (VPDN commands) on the FW to allow users to connect via VPN. This was always fine on XP, but as soon as people started swapping to Vista it caused problems. If I remember rightly it was because VISTA only supports MSCHAP V2 and the PPTP/PIX IOS version (6.3 I think) I was using only supported MSCHAP V1.
You can solve the problem by telling VISTA to use CHAP but has to be done manually in the settings of the VPN connection. However, a better fix is to set up IPSEC VPN and use the Cisco VPN Client.
I see. So if I understand correctly what you are saying is that because of the version of MS-Chap that comes with Vista I will have to switch to the Cisco VPN client?
Also, I'll probably be using version 5.0.03.0530 or possibly a slightly older version. If I want to use the Cisco VPN client am I required to setup IPSec? And if I do, could that cause problems with the current users that are still using Windows to connect?
I apologize if my questions are newbie questions, I'm not usually THE guy on Cisco stuff... Thanks again to anyone who replies! It's really been helpful!!!
You don't have to switch, like I say you can just tell Vista to use CHAP and it should work (assuming you have the same setup as I did). Maybe post that part of the PIX config and I'll let you know if it's the same.
If you change to the Cisco client you'd have to set it up and then give the client to all your users to install on their machines.
I see. That would be great if I could get Vista to work without the Cisco client. I've tried every combination I can think of on the Windows VPN setup so I'll see what I can do to get the Pix config since it seems like something will have to be changed on that side to get my Vista test PCs to connect.
Also, I would be happy using the Cisco client with Vista PCs as long as I don't have to migrate all of the XP PCs to the Cisco client.
Do you think the Pix could be setup to use either the Windows or Cisco client at the same time? For example XP PCs with Windows VPN and Vista PCs with Cisco client.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...