cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
300
Views
0
Helpful
3
Replies

VPN client 4.0 with PIX 6.1

jdepies
Level 1
Level 1

I am having trouble connecting to my PIX 6.1 with the new Cisco VPN 4.0 windows client. Does this new client support the older IOS, or does it require 6.3.1? The client connects fine to my test 6.3.1 pix.

Thanks

Jeff

3 Replies 3

yizhar
Level 1
Level 1

HI.

Are you trying to connect behind a NAT/PAT device (at the client side)?

Try to compare the IPSec configuration at the 2 pix devices - are you using the same protocols for IKE and IPSEC (DES,MD5,SHA, etc)?

What error messages do you get at the client and pix?

Yizhar

The only diference in config between the 2 pixes, is that the one that works has:

crypto ipsec transform-set strong esp-des esp-md5-hmac

the one that does not work has:

crypto ipsec transform-set strong esp-des esp-sha-hmac

Can this be the reason? I have not configured any of these settings on the VPN client, and I do not see any place to specify on the client whether to use SHA or MD5.

Thanks

Jeff

HI.

> crypto ipsec transform-set strong esp-des esp-sha-hmac

> Can this be the reason?

Yes it is probably the reason.

I have not used the VPN version 4, but I had the same problems with 3.6.3 (did not support DES+SHA) while prior version 3.5.2 did support it.

So if you use DES, use DES+MD5 (or an older VPN client).

If you have 3DES, then SHA should work.

Look here - Table 6-2 Valid VPN Client IKE Proposals:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_administration_guide09186a00800bd991.html#1157757

Yizhar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: