I'm in the process of setting up our Pix 515E (ver 6.1(4)) to act as a VPN endpoint for remote users (mainly Windows OS clients). I wanted to eliminate the need to download the Cisco VPN client software (using Windows built-in VPN capabilities). So far I've successfully setup the Pix to work with Win2k / XP (the client OSs we're dealing with) using local client authentication, but haven't been able to get the Pix to authenticate with our Cisco ACS server (NT, ver 2.4). I know it's an old version, but I'd think it would be able to accomplish the simple task of verifying the entered username/password. We're using the ACS for permissions and monitoring/logging on our routers, etc. for this purpose. When I enter the client authentication mode for the vpdn group like so:
vpdn group 1 client authentication aaa OVHDauth
I get the following error: "Error 781: The encryption attempt failed because no valid certificate was found."
When I use radius (cisco or the ietf mode) I get "Error 742: The remote computer does not support the required data encryption type." Doesn't the pix just pass the user's credentials to the radius server?
If you are trying to do IPSec over L2TP with the Microsoft client then you need a digital certificate for the client. There is a reg hack you can use to disable IPSec encryption and get the MS client to work, but then you are only tunneling the packets so what's the point. The Cisco VPN client will let you use a static key (not the ideal solution).
If you want to use the MS client and not do the dig cert thing then I'm pretty sure you'll have to go with PPTP.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :