cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
279
Views
0
Helpful
2
Replies

Cisco VPN Client v4.0 running to VPN3015 with 3.6.5

rob.wright
Level 1
Level 1

We have a VPN3015 running 3.6.5. The new client v4.0 works fine with preshared key connections but fails with certificate based users.

Does anyone know if you can run client v4.0 with a certificate based auth and xauth to a concentrator running 3.6.5.

Logging shows that the cert. passes but you then start seeing out of sequence packets.

Any help would be appreciated.

Thanks.

2 Replies 2

drolemc
Level 6
Level 6

Firstly, certificates signed by one of the following Certificate Authorities are supported: Baltimore Technologies, Entrust Technologies, Netscape, Verisign Inc., Microsoft Certificate Services  Windows 2000 or a digital certificate stored on a smart card. The VPN Client supports smart cards via the MS CAPI Interface. Make sure that you are using one of these.

Second, bug CSCdt11315 talks about problems in loading certificates from the certificate store while using certificate with Windows NT SP3. You should probably have a look at the same. Another issue that might be to blame is that the VPN client using Start Before Logon (SBL) and Microsoft Machine-based certificates fails. The problem in this case is not with the client.

Thanks for the reply. We are using MS Cert. Services on a Win2K platform. The system is working perfectly for clients that are 3.6.2b but I wanted to test the new v4.0 client and found that it only works with preshared keys and not with a certificate that functions with the earlier client 3.6. I am thinking that the concentrator needs to be updated to handle the PKI between the new client and itself.

We don't use the SBL feature, actually I was hoping that Cisco would have included the Cisco client as a service instead of a GINA applet on login.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: