04-18-2003 08:28 AM - edited 02-21-2020 12:29 PM
I am having trouble connecting to my PIX 6.1 with the new Cisco VPN 4.0 windows client. Does this new client support the older IOS, or does it require 6.3.1? The client connects fine to my test 6.3.1 pix.
Thanks
Jeff
04-18-2003 02:07 PM
HI.
Are you trying to connect behind a NAT/PAT device (at the client side)?
Try to compare the IPSec configuration at the 2 pix devices - are you using the same protocols for IKE and IPSEC (DES,MD5,SHA, etc)?
What error messages do you get at the client and pix?
Yizhar
04-18-2003 02:38 PM
The only diference in config between the 2 pixes, is that the one that works has:
crypto ipsec transform-set strong esp-des esp-md5-hmac
the one that does not work has:
crypto ipsec transform-set strong esp-des esp-sha-hmac
Can this be the reason? I have not configured any of these settings on the VPN client, and I do not see any place to specify on the client whether to use SHA or MD5.
Thanks
Jeff
04-19-2003 11:18 AM
HI.
> crypto ipsec transform-set strong esp-des esp-sha-hmac
> Can this be the reason?
Yes it is probably the reason.
I have not used the VPN version 4, but I had the same problems with 3.6.3 (did not support DES+SHA) while prior version 3.5.2 did support it.
So if you use DES, use DES+MD5 (or an older VPN client).
If you have 3DES, then SHA should work.
Look here - Table 6-2 Valid VPN Client IKE Proposals:
Yizhar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: