Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

XP VPN client

I got a copy of the latest VPN client from Cisco and it is different from before. I have Safenet now and you create a security policy and you have the settings on there (passwd, encryption levels, etc). Well with this new client that is supposed to run on XP, all it asks you for is a username and password. I don't use a TAC+ server or anything. How am I supposed to use that? Anyone have any ideas? Thanks!

2 REPLIES
New Member

Re: XP VPN client

The new VPN client is built for the VPN3000 concentrator and also works with the PIX. (Support for IOS is on its way. You can use the following link to check on that support: http://www.cisco.com/warp/public/707/cmatrix.shtml) For all VPN 3000 clients (this includes the one you are running) all the security information stored on the concentrator or PIX. What happens when the client connects is that it tries different combinations of encryptions and hashing until it finds one that is compatible with a policy on the concentrator/PIX. If you run a debug on the PIX you can actually watch this happen. The username/password is the groupname and password what is configured on the PIX (using the vpngroup command) or on the vpn concentrator. The new clients are supposed to be easier to deploy and more secure since their is no configuration stored on the client. The group password is the same thing as the pre-shared key on the PIX.

New Member

Re: XP VPN client

Actually, their is a configuration file created (*.pcf) that can be imported and used in another client installation. I beleive there is a way, however, to lock editing on this file. I have a quick question for you... I added support for the VPN 3.0 client on our PIX that aleady supported version 1.1 (SafeNet). With only some additional ISAKMP configuration and the addition of the ISAKMP policy 20 group 2 rule and configuring a vpngroup as you've indicated, things work great. However, when I created and configured a second vpngroup supporting a different internal network and assigned it an IP address from a newly created IP address pool on the PIX, I can get authenticated and attached to the network but cannot route anywhere. Any ideas? Thanks.

92
Views
0
Helpful
2
Replies