06-08-2004 07:00 AM
Hi,
I'm in following trouble:
I had used Checkpoint SecuRemote 4.1 SP-5 VPN client in the past.
Now I've installed the Cisco VPN client release 4.0.4 on my PC to make a IPSec VPN connection to the PIX in our headquarters.
According to Cisco VPN release notes http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel404/404clnt.htm#wp1346340 it should be possible to have both Cisco and Checkpoint VPN clients installed on the same machine.
But I'm not able to connect to my PIX, I'm receiving following error message:
"Secure VPN Connection terminated locally by the Client.
Reason 403: Unable to contact the security gateway."
When I'm looking to the PC ontrolling Panels -> System -> Hardware -> Device Administration -> Network adapters, I can see Cisco Systems VPN Adapter disabled.
After enabling it manually, I'm still receiving the same error when trying to connect via the Cisco VPN client.
After PC reboot the Cisco VPN adapter is disabled again.
I even tried to Uncheck Check Point SecuRemote form my Dial-up connection (the bug CSCea31192 workaround, but the bug should not influence NAT-T connection which I'm using).
I noticed the same situation on three different PCs, one running Windows XP, two running Windows 2000.
After uninstalling the Checkpoint client completely (including Windows registers manual delete), the Cisco VPN client works fine.
So it seems to me there is a deep incompatibility between Cisco and Checkpoint VPN clients.
Does anybody know a workaround?
Thanks,
Milan
Solved! Go to Solution.
06-16-2004 09:14 AM
We had the same problem with some of our users who needed to use both clients for connecting to customers sites.
If I remember the cisco client doesn't start automatically but the Checkpoint 4.1 client does.
We got round it by deleting the checkpoint registry entry that starts the client at boot. fwenc.exe is the entry and it is in
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
After that make a shortcut to the executable which is stored in the relevant checkpoint \bin directory on the client (it differs for NT & 9x clients) and then only start it when it's needed.
Hope that's of some helps
06-14-2004 08:21 AM
Check if the vpn client has the correct settings to connect to pix, and check if it is using Transparent Tunneling. You could check this out be looking at the configuration example for the vpn client on the following link: http://www.cisco.com/en/US/customer/products/sw/secursw/ps2276/products_configuration_example09186a008010edf4.shtml#conf_client
06-14-2004 11:38 PM
Hi,
the VPN client configuration seems to be correct.
I'm using Transparent Tunelling.
After uninstalling the Checkpoint client the Cisco VPN client works fine without any configuration change.
More: I've found following lines in the Cisco VPN client log:
4 14:07:36.667 06/10/04 Sev=Info/4 CM/0x63100024
Attempt connection with server "a.b.c.d"
5 14:07:39.772 06/10/04 Sev=Critical/1 CVPND/0xE3400003
Function SocketApiBind() failed with an error code of 0xFFFFFFF8(f:\temp\IPSecClient\Rel\PubKeyPK\SRC\ike-init-state.cpp:386)
6 14:07:39.772 06/10/04 Sev=Critical/1 CVPND/0x63400012
Unable to bind to IKE port. This could be because there is another VPN client installed or running. Please disable or uninstall all VPN Clients other than the Cisco VPN Client.
7 14:07:39.782 06/10/04 Sev=Info/4 CM/0xE3100003
Failure to Initialize IKE ports
So it seems to confirm there is a problem with another VPN client compatibility.
Regards,
Milan
06-16-2004 09:14 AM
We had the same problem with some of our users who needed to use both clients for connecting to customers sites.
If I remember the cisco client doesn't start automatically but the Checkpoint 4.1 client does.
We got round it by deleting the checkpoint registry entry that starts the client at boot. fwenc.exe is the entry and it is in
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
After that make a shortcut to the executable which is stored in the relevant checkpoint \bin directory on the client (it differs for NT & 9x clients) and then only start it when it's needed.
Hope that's of some helps
06-16-2004 11:53 PM
Thanks, Mel.
Good workaround.
It even enables swapping both VPN clients over the same dial-up connection.
I was afraid I'd have to reboot my PC or kill the fwenc.exe process via task manager aterf starting it once, but it is not necessary.
Removing the register entry is the only thing necessary.
Thanks a lot,
Milan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide