[NTLUG:Discuss] VPN Setup Help required

[crem]

Regarding MS IPSEC. MS does not allow phase 1 (Authentication) and phase 2
(encryption) with different Diff-Hellman groups. If you use DH1 on phase1
you need to use DH1 on phase2. It is not documented that I can find. I found
out that by connecting up MS customers to Juniper's Netscreen 5400
firewalls. You can build MS IPSec profile and save the file as '.ipsec'.
".ipsec" is portable between all MS products. Cisco and Juniper will allow
different DH groups at different phases.

Not sure about Linux and variants. 

Charles Rem

-----Original Message-----
From: discuss-bounces at ntlug.org [mailto:discuss-bounces at ntlug.org] On Behalf
Of Burton Strauss III
Sent: Monday, February 15, 2010 09:28
To: 'NTLUG Discussion List'
Subject: Re: [NTLUG:Discuss] VPN Setup Help required

<SNIP/>

Hi Chris.

Thanks.  I've used some of this before, but never had it stable before.

This customer is using Software based RSA Tokens, not a device RSA key
device.  And I've not been able to get that software fully installed.
The software script supplied by Cisco seems to be broken, and the
instructions seem to be flatout wrong (as in, asking for a binary file,
but the specified file is a clear-text ascii file that is the Server's
master config).  Getting the RSA set up and talking to anything that
talks Cisco seems to be the major sticking point right now.  Vpnc won't
do RSA Tokens, at least not in its current version, which does not seem
to give me anything but MS to fall back on.

Suggestions? (I am seriously considering switching to MS at this point
- -- I really need VPN, either Cisco/RSA or pptp to work).

Regards,
Steve

Why don't you contact Cisco?

It's commercial software and you are licensed for it and running in a
supported platform, that's what commercial support is for...

-----Burton


_______________________________________________
http://www.ntlug.org/mailman/listinfo/discuss