We are using PIX 515E (ver 6.2(2)) as a VPN solution for remote users. The PIX is using DES and does not have the license for 3DES. Remote users have no problem accessing the PIX using Cisco VPN Client 3.5.2, but can not access it using Cisco VPN Client 3.6.3. When I went to the web site to download the new client (3.6.20, it mentioned that it's 3DES. Does the new client not step back to DES if that's what the PIX supports?
The results that I am getting so far is that 3.6.x does not support DES period. I am currently struggling with getting 3.6.3 client to work with an IOS based IPsec configuration and it can not get past the IKE negotiation stage because they never agree on anything...looks like I may need to step down to 1.x client if that is availiable.
I have the same problem with Cisco IOS 12.2.11T, but the problem was in different place. Cisco VPN client says to IOS some IKE policy proposals. I got the first one of them (from the debug messages) and place it in crypto policy 1 configuration without any good result and so on. At last I understand that there is an IKE bug (there was debug message that says something like that:
VPN Clients asks for DES-MD5-Preshared I have DES-MD5-Preshared, no match!
That is very funny, not not untypical. With 12.2.13T everything seems to works (I have no hard tests with it, I have other problems there)
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...