How to connect Windows Vista to a Cisco VPN using the L2TP Microsoft client

I have a VPN server Cisco ASA 5510 using a configuration with windows clients using l2tp over ipsec.
Whit clients using Windows XP, the connection work very well.
When I try to connect with Windows Vista client, the connexion doesnt work.
Using a Windows XP virtual machine in Windows Vista, I can connect to the VPN.
Microsoft as changed something in Vista but impossible to find what and how to correct.

Ike policy:
- Encryption : 3DES
- Authentication: MD5
- DH group: 2

Ipsec parameters:
- Encryption : 3DES
- Authentication: MD5


Using the debug mode in the ASA, I can see:
- Phase 1 completed
- All IPSec SA proposals found unacceptable!
- QM FSM error

Tanks
echovoxAsked:
Who is Participating?
 
o-tvw-eeCommented:
And good news! Cisco has relased an update 7.2.3 that sould fix this problem...
0
 
broeckskeCommented:
Check this link about IPSec VPN debugging,
http://blogs.isaserver.org/pouseele/
0
 
Rob WilliamsCommented:
I am not a "Cisco guy" but this likely has to do with the fact that Vista does not support MS-CHAP v1, (only v2) and you may have further complications as some versions of the Cisco IOS do not support MS-CHAP v2. If you have the option of moving from v1 to v2, you should be able to resolve.
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
echovoxAuthor Commented:
I have tried to use only chap v.2 on both side (vista and ASA), but I can't connect.
0
 
echovoxAuthor Commented:
Hi Lee,

Please do not classify this. We haven't received a proper solution to this problem. Users running Vista cannot connect to the ASA although MSCHAP v2 is configured on both ends.

Thanks for keeping this thread alive.
0
 
o-tvw-eeCommented:
Bad news....

http://support.microsoft.com/kb/942429

We have the same issue...... Vista is working, but only for 1 client at the time...
0
 
o-tvw-eeCommented:
Also, I think Vista doesn't support MD5 anymore, we use SHA and 3DES, and that works fine for Vista and for XP. (But only 1 vista client at a time...)
0
 
ITSN-VenloCommented:
Make sure you Disable PFS on de Cisco. I also had this problem.
Disableing the PFS resolved this problem
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.