04-30-2003 05:54 AM - edited 02-21-2020 12:30 PM
We have a VPN3015 running 3.6.5. The new client v4.0 works fine with preshared key connections but fails with certificate based users.
Does anyone know if you can run client v4.0 with a certificate based auth and xauth to a concentrator running 3.6.5.
Logging shows that the cert. passes but you then start seeing out of sequence packets.
Any help would be appreciated.
Thanks.
05-06-2003 07:15 AM
Firstly, certificates signed by one of the following Certificate Authorities are supported: Baltimore Technologies, Entrust Technologies, Netscape, Verisign Inc., Microsoft Certificate Services Windows 2000 or a digital certificate stored on a smart card. The VPN Client supports smart cards via the MS CAPI Interface. Make sure that you are using one of these.
Second, bug CSCdt11315 talks about problems in loading certificates from the certificate store while using certificate with Windows NT SP3. You should probably have a look at the same. Another issue that might be to blame is that the VPN client using Start Before Logon (SBL) and Microsoft Machine-based certificates fails. The problem in this case is not with the client.
05-07-2003 07:46 AM
Thanks for the reply. We are using MS Cert. Services on a Win2K platform. The system is working perfectly for clients that are 3.6.2b but I wanted to test the new v4.0 client and found that it only works with preshared keys and not with a certificate that functions with the earlier client 3.6. I am thinking that the concentrator needs to be updated to handle the PKI between the new client and itself.
We don't use the SBL feature, actually I was hoping that Cisco would have included the Cisco client as a service instead of a GINA applet on login.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide