We recently purchased a PIX firewall 515 and are attempting to establish VPN connectivity for our remote users (3DES). I'm very confused on what solution is what and what version works with what.
First of all, our Cisco VAR sold us the Cisco Secure Client which ships version as 1.1. This version does not work on Windows 2000. I heard that there is now a version that is supported on 2000 and I downloaded that - v3.01. Tried loading that on a 2000 laptop and it crashed. The symptom is a reboot as the OS begins to load. Then I read a little bit more and found out that PIX v6.0 is needed in order to have v3.01 work. I found v3.01 to look completely different than 1.1 and I cannot find any place to configure the private key etc in this version. If someone could direct me to some good documentation for this version I would appreciate it. If it is not a good idea to use it then I will need to know that also.
Next, what is the difference between Cisco Secure and VPN 3000 client? Should I be using VPN 3000 client instead? I need VPN to work on 95, NT AND 2000. Could someone tell me what is the best solution or path to take based on what I've described?
Any help or direction to some updated documentation would be much appreciated.
PS - I couldn't find much software today at the Software Center. I was on the prowl for PIX software v6.0 and couldn't find anything available. Did something change?
I would reccomend using the new Cisco VPN client v3.0. You will require PIX v6.0, but this is a must improved VPN Client. In the future, we will be migrating exclusively to this new VPN Client for all of our VPN platforms.
It is true that the VPN Client 3.0 does need PIX 6.0 and/or a VPN Concentrator switch.
The cisco secure 1.1 will work but it is not as clean as the later versions. The cisco secure and VPN 3000 Client are not 2 different VPN clients. Actually the VPN 3000 Client is actually version 2.5 and is a much better client that 1.1 . Also ver 2.5/3000 client will work with a pix firewall but you will need at least version 5.2(1) of the PIX OS and a new activation key to enable encryption (DES/3DES). This client will also let Win 95 users logon to a NT Domain. NT wrkstn clients will not be able to. Also, as far as I know, this client will NOT work with Win 2000. I don't know if ver 3.0 will or not.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...