Cisco Systems W2K vpn client to Cisco 3005 VPN concentrator

Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
W2K vpn client to Cisco 3005 VPN concentrator srp336 06-20-05
Posted by on June 20, 2005, 6:07 pm
Please log in for more thread options
I've got a project to configure a Cisco 3005 vpn concentrator to allow
connections from the w2k builtin vpn client.

The concentrator currently has users connecting via the Cisco client
using IPSec, and authenticating against an Active Directory server.

The way I understand things is, PPTP is supported, but only without
encryption when authentication against Active Directory. And the only
other option is L2TP/IPSec, which is mutually exclusive with the
IPsec-only that's currently in use. (Have I got this all correct?)

So, the only option open here is PPTP without encryption, correct?

Is there any way to get the w2k client to do l2tp without ipsec?

Thanks!


Posted by on June 21, 2005, 9:50 am
Please log in for more thread options
Yes, you can connect to a Cisco VPN concentrator using L2TP alone or
L2TP/IPsec.

By default, W2K creates an IPsec policy for L2TP that relies on digital
signature (digital certificate) authentication. So, if you want to
configure either L2TP alone or L2TP/IPsec with pre-shared key
authentication then you need to modify the registry.

Take a look at this article for more:

http://support.microsoft.com/kb/240262


By creating the 'ProhibitIpSec' value, and setting the value to '1' (as
discussed in the first part of the article), you actually disable the
automatic creation of an IPsec policy (using digitial signature auth)
for L2TP. So, if you don't want to use IPsec with L2TP, you can stop
there, without following the instructions in the rest of the article
(although you should consider the security implications!).


Hope that helps,

Mark

CCIE#6280 / CCSI#21051 / JNICS#121 / etc.

Author: www.ciscopress.com/1587051044


Posted by on June 21, 2005, 2:41 pm
Please log in for more thread options
I've gotten l2tp working with the w2k client and cisco vpn 3005, but it
looks like the same problem I was having with pptp.

Is there no way to connect with pptp or l2tp to a 3005 concentrator
with encryption, when that concentrator is authenticating against an
Active Directory server?


Posted by Anatoliy Mysnyk on June 21, 2005, 5:10 pm
Please log in for more thread options
Hello mark,

Tuesday, June 21, 2005, 4:50:41 PM, you wrote:

[skip]
> http://support.microsoft.com/kb/240262
> By creating the 'ProhibitIpSec' value, and setting the value to '1' (as
[skip]

Can the same problem be solved under Windows XP and Windows 2003?
Key 'ProhibitIpSec' does not work and I found no solution on MSDN site.

--
Best regards,
CiscoPress.ru
Anatoliy mailto:amysnyk@ciscopress.ru.no.spam.


Similar ThreadsPosted
W2K vpn client to Cisco 3005 VPN concentrator June 20, 2005, 6:07 pm
Cisco VPN Concentrator 3005 August 2, 2006, 12:10 pm
Password expiry on Cisco concentrator 3005 November 4, 2006, 2:35 pm
CIsco 3005 Concentrator FTP Log Backup interval June 14, 2007, 9:03 am
Cisco 3005 Concentrator + DLink 804HV Router July 20, 2005, 11:46 pm
VPN Connection Problems between Cisco PIX 506E and Cisco VPN Concentrator 3005 February 15, 2005, 9:03 am
concentrator 3005 February 14, 2007, 9:16 am
Erase a VPN 3005 Concentrator September 13, 2007, 8:50 am
Concentrator 3005 AD Authentication Problems August 16, 2005, 3:16 am
VPN Concentrator 3005 connectivity with router 837 October 19, 2005, 6:11 am
3005 concentrator multiple sa's May 9, 2006, 1:02 am
Citrix access via VPN 3005 concentrator w/WebVPN January 12, 2006, 12:07 pm
VPN Concentrator 3005 - Cannot connect via Window XP built in VPN May 15, 2006, 4:32 pm
Cisco Access Concentrator 3005 Access List July 13, 2006, 3:27 pm
Windows VPN Client Cisco Concentrator August 2, 2006, 1:56 pm