We bought a SA 520 box which "allegedly" offers VPN functionality. Our prospective VPN clients are all Windows 7 laptops.
I configured the VPN for remote access with the VPN wizard (pre-shared key) and created one VPN user. As the local ID I set the static WAN IP address of the sa 500 series.
Windows 7 has integrated IPSec support, so tried to create a VPN client connection (Network and Sharing Center->Set up a new connection and network->Connect to a workplace->create a new connection->Use my Internet connection (VPN)). In the dialog box I wrote the sa 520 WAN IP address, and got "Connection failed with error 800". I also tried with VPN Type "L2TP/IPSec" and set the preshared key in the Advanced settings.
There is a plethora of configuration options in the Windows 7 VPN client properties, which ones should we use?
Does any of the provided Windows 7 VPN Authentication methods work:
- Cisco: EAP-FAST
- Cisco: LEAP
- Cisco: PEAP
- Intel: EAP-AKA
- Intel: EAP-SIM
- Intel: EAP-TTLS
- Microsoft: Protected EAP
- Microsoft EAP-MSCHAP v2
- Microsoft: Smart Card or other certificate
If so, what are the parameters that are required? Do I need to set some parameters in SA 520 (i.e. IKE SA Parameters) in order to get this work?
Windows 7 seems to support all the algorithms at least:
(VPN Wizrds sets these as SHA-1; 3DES; DH group 2)
You need a VPN client that does XAUTH. We have tested with a client from Greenbow client. I do not know if that client works with Windows 7 currently. If you read the admin guide for the SA500, you should be able to make this work with this client or any other standards based client that does XAUTH.
Wow, this is disappointing. I was hoping to use the Windows 7 VPN client with the SA 540. But it looks like I won't be able to do this. Is there a reason why this product doesn't support the many protocols that Windows 7 supports? Also, the browser SSLVPN doesn't connect in Windows 7. This adds to the TCO if we have to have purchase clients for each of the remote workers. This feature would make this product a lot more marketable.
The Windows 7 SSL VPN will be working soon. I can't give a release date yet, but we are looking at getting that finished soon.
There will also be a Quick VPN client available for Windows 7 soon. Finally, you can also use the shrew soft vpn client with the SA 540. It is a free client.
Is there a configuration guide for connecting a Shrew client to the SA540? I can find details for Pix, but not for the SA540 GUI.
I was told by the great Partner Design Support service today that we do in fact support Windows 7 with our new QuickVPN version 184.108.40.206.
This can now be downloaded from here: http://tools.cisco.com/support/downloads/go/Pla
installed the new QuickVPN client 1.4. It sort of works, inside the office, behind the firewall.
I managed to succesfully create a VPN connection from intranet when I had a secondary UMTS (Internet) connection up, so it shouldn't be my Windows 7 (OFF) / F-Secure (ON) firewall settings.
When I try create a VPN connection from Internet I end up with the"Remote Gateway is not responding, do you want to wait?" problem as desctibed in https://www.myciscocommunity.com/thread/10350
Log: [WARNING]Failed to ping remote VPN Router!
With intranet access only, the connection fails due to IP address conflict (as it should, I suppose :-)
Log: [WARNING]Local IP address conflicts the subnet of remote VPN Server.
So: connection works when having two networks up: intranet & Internet.
Is there something else I need to do to get this working?!
I already tried to disable all sensible Firewall Attack checks:
* Block Ping to WAN interface
* Enable Stealth Mode
* Block Fragmented Packets