Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN client 4.0 with PIX 6.1

I am having trouble connecting to my PIX 6.1 with the new Cisco VPN 4.0 windows client. Does this new client support the older IOS, or does it require 6.3.1? The client connects fine to my test 6.3.1 pix.

Thanks

Jeff

3 REPLIES
New Member

Re: VPN client 4.0 with PIX 6.1

HI.

Are you trying to connect behind a NAT/PAT device (at the client side)?

Try to compare the IPSec configuration at the 2 pix devices - are you using the same protocols for IKE and IPSEC (DES,MD5,SHA, etc)?

What error messages do you get at the client and pix?

Yizhar

New Member

Re: VPN client 4.0 with PIX 6.1

The only diference in config between the 2 pixes, is that the one that works has:

crypto ipsec transform-set strong esp-des esp-md5-hmac

the one that does not work has:

crypto ipsec transform-set strong esp-des esp-sha-hmac

Can this be the reason? I have not configured any of these settings on the VPN client, and I do not see any place to specify on the client whether to use SHA or MD5.

Thanks

Jeff

New Member

Re: VPN client 4.0 with PIX 6.1

HI.

> crypto ipsec transform-set strong esp-des esp-sha-hmac

> Can this be the reason?

Yes it is probably the reason.

I have not used the VPN version 4, but I had the same problems with 3.6.3 (did not support DES+SHA) while prior version 3.5.2 did support it.

So if you use DES, use DES+MD5 (or an older VPN client).

If you have 3DES, then SHA should work.

Look here - Table 6-2 Valid VPN Client IKE Proposals:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_administration_guide09186a00800bd991.html#1157757

Yizhar

89
Views
0
Helpful
3
Replies
CreatePlease to create content