Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10916
Views
5
Helpful
4
Replies

Cisco and Checkpoint VPN clients on one PC

Go to solution
milan.kulik
Level 10
Level 10

‎06-08-2004 07:00 AM

Hi,

I'm in following trouble:

I had used Checkpoint SecuRemote 4.1 SP-5 VPN client in the past.

Now I've installed the Cisco VPN client release 4.0.4 on my PC to make a IPSec VPN connection to the PIX in our headquarters.

According to Cisco VPN release notes http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel404/404clnt.htm#wp1346340 it should be possible to have both Cisco and Checkpoint VPN clients installed on the same machine.

But I'm not able to connect to my PIX, I'm receiving following error message:

"Secure VPN Connection terminated locally by the Client.

Reason 403: Unable to contact the security gateway."

When I'm looking to the PC ontrolling Panels -> System -> Hardware -> Device Administration -> Network adapters, I can see Cisco Systems VPN Adapter disabled.

After enabling it manually, I'm still receiving the same error when trying to connect via the Cisco VPN client.

After PC reboot the Cisco VPN adapter is disabled again.

I even tried to Uncheck Check Point SecuRemote form my Dial-up connection (the bug CSCea31192 workaround, but the bug should not influence NAT-T connection which I'm using).

I noticed the same situation on three different PCs, one running Windows XP, two running Windows 2000.

After uninstalling the Checkpoint client completely (including Windows registers manual delete), the Cisco VPN client works fine.

So it seems to me there is a deep incompatibility between Cisco and Checkpoint VPN clients.

Does anybody know a workaround?

Thanks,

Milan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mel Popple
Level 1
Level 1
In response to milan.kulik

‎06-16-2004 09:14 AM

We had the same problem with some of our users who needed to use both clients for connecting to customers sites.

If I remember the cisco client doesn't start automatically but the Checkpoint 4.1 client does.

We got round it by deleting the checkpoint registry entry that starts the client at boot. fwenc.exe is the entry and it is in

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

After that make a shortcut to the executable which is stored in the relevant checkpoint \bin directory on the client (it differs for NT & 9x clients) and then only start it when it's needed.

Hope that's of some helps

View solution in original post

4 Replies 4

Go to solution
umedryk
Level 5
Level 5

‎06-14-2004 08:21 AM

Check if the vpn client has the correct settings to connect to pix, and check if it is using Transparent Tunneling. You could check this out be looking at the configuration example for the vpn client on the following link: http://www.cisco.com/en/US/customer/products/sw/secursw/ps2276/products_configuration_example09186a008010edf4.shtml#conf_client

0 Helpful

Go to solution
milan.kulik
Level 10
Level 10
In response to umedryk

‎06-14-2004 11:38 PM

Hi,

the VPN client configuration seems to be correct.

I'm using Transparent Tunelling.

After uninstalling the Checkpoint client the Cisco VPN client works fine without any configuration change.

More: I've found following lines in the Cisco VPN client log:

4 14:07:36.667 06/10/04 Sev=Info/4 CM/0x63100024

Attempt connection with server "a.b.c.d"

5 14:07:39.772 06/10/04 Sev=Critical/1 CVPND/0xE3400003

Function SocketApiBind() failed with an error code of 0xFFFFFFF8(f:\temp\IPSecClient\Rel\PubKeyPK\SRC\ike-init-state.cpp:386)

6 14:07:39.772 06/10/04 Sev=Critical/1 CVPND/0x63400012

Unable to bind to IKE port. This could be because there is another VPN client installed or running. Please disable or uninstall all VPN Clients other than the Cisco VPN Client.

7 14:07:39.782 06/10/04 Sev=Info/4 CM/0xE3100003

Failure to Initialize IKE ports

So it seems to confirm there is a problem with another VPN client compatibility.

Regards,

Milan

0 Helpful

Go to solution
Mel Popple
Level 1
Level 1
In response to milan.kulik

‎06-16-2004 09:14 AM

We had the same problem with some of our users who needed to use both clients for connecting to customers sites.

If I remember the cisco client doesn't start automatically but the Checkpoint 4.1 client does.

We got round it by deleting the checkpoint registry entry that starts the client at boot. fwenc.exe is the entry and it is in

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

After that make a shortcut to the executable which is stored in the relevant checkpoint \bin directory on the client (it differs for NT & 9x clients) and then only start it when it's needed.

Hope that's of some helps

Go to solution
milan.kulik
Level 10
Level 10
In response to Mel Popple

‎06-16-2004 11:53 PM

Thanks, Mel.

Good workaround.

It even enables swapping both VPN clients over the same dial-up connection.

I was afraid I'd have to reboot my PC or kill the fwenc.exe process via task manager aterf starting it once, but it is not necessary.

Removing the register entry is the only thing necessary.

Thanks a lot,

Milan

0 Helpful
Customers Also Viewed These Support Documents