Have three different occurances of the VPN 3000 client being installed on a system running Windows ME (Millenium Edition).
On all three machines the client gets to the "Negotiating Security Profiles" dialogue box and gets no further.
The third machine is a fresh install with nothing but Windows ME. There is no personal firewall or other such security software installed. ICS was removed per the VPN 3000 installation requirements.
There are some strange log entries in the log but we are not certain they are coming from the failed Windows ME attempts. Just a list of random characters after a failed authentication attempt.
Any clues? Anyone know of a M$ or Altiga fix?
I assume you are running version 1.1 of the client. Windows 95 & 98 only. I know a Windows 2000 client is due out shortly. I am not sure if it will work with Win ME.
Sorry it took so long to get back to you. I dowloaded the 3.0 client from Cisco's website under their software link. I think you need to have a CCO account to get to the VPN software.
I have testet the v3.1, but it seems like IPSec over NAT are no longer working ?!
Test environment: Win2000 Professionel over Cisco 677 ADSL with NAT to a VPN3005 box.
The Beta edition 2.6 are working fine, but not the 3.1 version.
I'm not faomiliar with 3005 Concentrator, but I know on the 3015-80 series both the client and the group you are using have to be enabled to do IPSEC with NAT.
I have just upgraded to version 3.0.2, and still the same result, the client and the vpn box cant speek with each other. I am still able to connect with a 2.6 beta client !
I had a similar problem when using the new client although I have a VPN3030. The problem lied in the order of the IKE proposals. You should find that when you upgraded the concentrator to 3.0.2 that some extra proposals were added, namely:
I am using certificates and found that after a debug a transform proposal above the new VPN client entries was being used that would not work. By moving the CiscoVPNClient-3DES-MD5-RSA up the list above the old client entry IKE-3DES-MD5-RSA both 2.5/2.6 and 3.0 clients could connect.
At a guess if you are not using certificates I would try moving CiscoVPNClient-3DES-MD5 up the list, so it is above IKE-3DES-MD5.
Each transform is evaluated by the clients and concentrator during the negiotiation phase. With the new version 3.0 client supporting slightly different transforms the order seems to matter.
Hope this helps.