Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Q1.) 3DES and VPN Clients. Q2.) VPN Clients connect with W2000 AD.

Q 1.)

I have several clients that I would be nice if

they could use 3DES, although I do not want to

have 3DES for the rest of the VPN connections,

is this possible and in that case how is that


Q 2.)

It there any possibility to have the the

Cisco VPN clients managed by Windows 2000 AD?

Q 3.)

Is there a possibility to set usernames and

passwords for the VPN Client users in the PIX?

Cisco Employee

Re: Q1.) 3DES and VPN Clients. Q2.) VPN Clients connect with W20

If you are using the Cisco Unity client, on the head end vpn g/w you could set two different group with different transform sets and corresponding ike policy, one uses 3des, and the other des. The clients are then configured to the appropriate groups they are allowed to connect to.

There is no direct way of managing the vpn client via AD. You could however implement user authentication for the vpn client via radius, and the radius server could then backend to AD for username/pw. That way the AD is looked up for the username/pw challenge to the vpn client.

Username/pw for vpn clients on the PIX could only be set on the radius server and not locally.

New Member

Re: Q1.) 3DES and VPN Clients. Q2.) VPN Clients connect with W20

well, you can configure your authentication server as a windows 2000 AD in order to use AD for external authentication. Make sure that you are giving netbios name of AD server not the domain name. Cicso 3005 understand only the server name.