cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
209
Views
0
Helpful
2
Replies
Highlighted
Beginner

XP VPN client

I got a copy of the latest VPN client from Cisco and it is different from before. I have Safenet now and you create a security policy and you have the settings on there (passwd, encryption levels, etc). Well with this new client that is supposed to run on XP, all it asks you for is a username and password. I don't use a TAC+ server or anything. How am I supposed to use that? Anyone have any ideas? Thanks!

2 REPLIES 2
Highlighted
Beginner

The new VPN client is built for the VPN3000 concentrator and also works with the PIX. (Support for IOS is on its way. You can use the following link to check on that support: http://www.cisco.com/warp/public/707/cmatrix.shtml) For all VPN 3000 clients (this includes the one you are running) all the security information stored on the concentrator or PIX. What happens when the client connects is that it tries different combinations of encryptions and hashing until it finds one that is compatible with a policy on the concentrator/PIX. If you run a debug on the PIX you can actually watch this happen. The username/password is the groupname and password what is configured on the PIX (using the vpngroup command) or on the vpn concentrator. The new clients are supposed to be easier to deploy and more secure since their is no configuration stored on the client. The group password is the same thing as the pre-shared key on the PIX.

Highlighted

Actually, their is a configuration file created (*.pcf) that can be imported and used in another client installation. I beleive there is a way, however, to lock editing on this file. I have a quick question for you... I added support for the VPN 3.0 client on our PIX that aleady supported version 1.1 (SafeNet). With only some additional ISAKMP configuration and the addition of the ISAKMP policy 20 group 2 rule and configuring a vpngroup as you've indicated, things work great. However, when I created and configured a second vpngroup supporting a different internal network and assigned it an IP address from a newly created IP address pool on the PIX, I can get authenticated and attached to the network but cannot route anywhere. Any ideas? Thanks.