I got a copy of the latest VPN client from Cisco and it is different from before. I have Safenet now and you create a security policy and you have the settings on there (passwd, encryption levels, etc). Well with this new client that is supposed to run on XP, all it asks you for is a username and password. I don't use a TAC+ server or anything. How am I supposed to use that? Anyone have any ideas? Thanks!
The new VPN client is built for the VPN3000 concentrator and also works with the PIX. (Support for IOS is on its way. You can use the following link to check on that support: http://www.cisco.com/warp/public/707/cmatrix.shtml) For all VPN 3000 clients (this includes the one you are running) all the security information stored on the concentrator or PIX. What happens when the client connects is that it tries different combinations of encryptions and hashing until it finds one that is compatible with a policy on the concentrator/PIX. If you run a debug on the PIX you can actually watch this happen. The username/password is the groupname and password what is configured on the PIX (using the vpngroup command) or on the vpn concentrator. The new clients are supposed to be easier to deploy and more secure since their is no configuration stored on the client. The group password is the same thing as the pre-shared key on the PIX.
Actually, their is a configuration file created (*.pcf) that can be imported and used in another client installation. I beleive there is a way, however, to lock editing on this file. I have a quick question for you... I added support for the VPN 3.0 client on our PIX that aleady supported version 1.1 (SafeNet). With only some additional ISAKMP configuration and the addition of the ISAKMP policy 20 group 2 rule and configuring a vpngroup as you've indicated, things work great. However, when I created and configured a second vpngroup supporting a different internal network and assigned it an IP address from a newly created IP address pool on the PIX, I can get authenticated and attached to the network but cannot route anywhere. Any ideas? Thanks.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...