Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Possible to use WINXP VPN connection (not CISCO client) to PIX 506e 6.3 ?

Is it possible to use the default w2k/xp VPN connection with this device, rather than installing the CISCO client ? I am having some trouble configuring the xp client and the 506e shows no activity unless I set the XP client to have a "pre-shared key" but PIX complains "no pre-shared key for host ...." (using different protocol otherwise ?)which it wont have because these users have dynamic IP's - in the CISCO client you have the "group authentication" tab, and these details don't work in the username/password section of xp vpn connection. I configured the client to site using the wizard in 6.3 and this works fine using the CISCO client on other platforms - just wanted to cut down on software to install on remote clients.

1 REPLY
Cisco Employee

Re: Possible to use WINXP VPN connection (not CISCO client) to P

Here's the basic config you'll need on the PIX:

http://www.cisco.com/warp/public/110/l2tp-ipsec.html

This is using certificates, which you probably don't want to do by the sounds of it, so don't worry about the two lines starting with "ca".

You'll have to add a default pre-shared key cause, as you said, you have no idea what IP address the client is going to run. The commands is as follows:

> isakmp key <keystring> address 0.0.0.0

then just use as your pre-shared key in the XP config.

Also change this line:

> isakmp policy 20 authentication rsa-sig

to:

> isakmp policy 20 authentication pre-share

103
Views
0
Helpful
1
Replies