How to connect Windows Vista to a Cisco VPN using the L2TP Microsoft client

Posted on 2007-08-04
Medium Priority
Last Modified: 2013-11-05
I have a VPN server Cisco ASA 5510 using a configuration with windows clients using l2tp over ipsec.
Whit clients using Windows XP, the connection work very well.
When I try to connect with Windows Vista client, the connexion doesnt work.
Using a Windows XP virtual machine in Windows Vista, I can connect to the VPN.
Microsoft as changed something in Vista but impossible to find what and how to correct.

Ike policy:
- Encryption : 3DES
- Authentication: MD5
- DH group: 2

Ipsec parameters:
- Encryption : 3DES
- Authentication: MD5

Using the debug mode in the ASA, I can see:
- Phase 1 completed
- All IPSec SA proposals found unacceptable!
- QM FSM error

Question by:echovox

Expert Comment

ID: 19639937
Check this link about IPSec VPN debugging,
LVL 78

Expert Comment

by:Rob Williams
ID: 19641488
I am not a "Cisco guy" but this likely has to do with the fact that Vista does not support MS-CHAP v1, (only v2) and you may have further complications as some versions of the Cisco IOS do not support MS-CHAP v2. If you have the option of moving from v1 to v2, you should be able to resolve.

Author Comment

ID: 19643914
I have tried to use only chap v.2 on both side (vista and ASA), but I can't connect.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 19809428
Hi Lee,

Please do not classify this. We haven't received a proper solution to this problem. Users running Vista cannot connect to the ASA although MSCHAP v2 is configured on both ends.

Thanks for keeping this thread alive.

Expert Comment

ID: 20039126
Bad news....


We have the same issue...... Vista is working, but only for 1 client at the time...

Expert Comment

ID: 20039130
Also, I think Vista doesn't support MD5 anymore, we use SHA and 3DES, and that works fine for Vista and for XP. (But only 1 vista client at a time...)

Accepted Solution

o-tvw-ee earned 1500 total points
ID: 20039563
And good news! Cisco has relased an update 7.2.3 that sould fix this problem...

Expert Comment

ID: 22922210
Make sure you Disable PFS on de Cisco. I also had this problem.
Disableing the PFS resolved this problem

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month14 days, 2 hours left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question