Link to home
Start Free TrialLog in
Avatar of echovox
echovox

asked on

How to connect Windows Vista to a Cisco VPN using the L2TP Microsoft client

I have a VPN server Cisco ASA 5510 using a configuration with windows clients using l2tp over ipsec.
Whit clients using Windows XP, the connection work very well.
When I try to connect with Windows Vista client, the connexion doesnt work.
Using a Windows XP virtual machine in Windows Vista, I can connect to the VPN.
Microsoft as changed something in Vista but impossible to find what and how to correct.

Ike policy:
- Encryption : 3DES
- Authentication: MD5
- DH group: 2

Ipsec parameters:
- Encryption : 3DES
- Authentication: MD5


Using the debug mode in the ASA, I can see:
- Phase 1 completed
- All IPSec SA proposals found unacceptable!
- QM FSM error

Tanks
Avatar of broeckske
broeckske
Check this link about IPSec VPN debugging,
http://blogs.isaserver.org/pouseele/
Avatar of Rob Williams
Rob Williams
Flag of Canada image
I am not a "Cisco guy" but this likely has to do with the fact that Vista does not support MS-CHAP v1, (only v2) and you may have further complications as some versions of the Cisco IOS do not support MS-CHAP v2. If you have the option of moving from v1 to v2, you should be able to resolve.
Avatar of echovox
echovox

ASKER

I have tried to use only chap v.2 on both side (vista and ASA), but I can't connect.
Avatar of echovox
echovox

ASKER

Hi Lee,

Please do not classify this. We haven't received a proper solution to this problem. Users running Vista cannot connect to the ASA although MSCHAP v2 is configured on both ends.

Thanks for keeping this thread alive.
Avatar of o-tvw-ee
o-tvw-ee
Bad news....

http://support.microsoft.com/kb/942429

We have the same issue...... Vista is working, but only for 1 client at the time...
Avatar of o-tvw-ee
o-tvw-ee
Also, I think Vista doesn't support MD5 anymore, we use SHA and 3DES, and that works fine for Vista and for XP. (But only 1 vista client at a time...)
ASKER CERTIFIED SOLUTION
Avatar of o-tvw-ee
o-tvw-ee
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ITSN-Venlo
ITSN-Venlo
Flag of Netherlands image
Make sure you Disable PFS on de Cisco. I also had this problem.
Disableing the PFS resolved this problem