Re: Cisco VPN Client <-> XP VPN

client. I thought - please correct me, if I'm wrong - that XP and

> Cisco both use the L2TP technique,

You are wrong. XP does L2TP over IPSec in transport mode. L2TP itself is an Ethernet brigde tunnel over PPP. Cisco Client uses IPSec in tunnel mode with propietary extensions to do user authentication and client configuration.

Reply to
Lutz Donnerhacke
Loading thread data ...


so due to this extension Cisco's Client can't connect to gates designed for XP?

Cheers, Raul

Reply to
Raul Elms

They are simply different. The extensions where introduced at a time where Windows did not even know about IPSec. They are on the standardizaion track. L2TP had a similar history, it starts as a propietary protocol called PPTP.

A once more: Windows IPSec can't use NAT-Traversal (without patches), while the Cisco client does the propietary NAT-Traversal extensions.

Keep in mind: IPSec is ONLY standardized for the case of two systems with public addresses. There are two cases: Both sides has static interal IP addresses, so use tunnel mode and connect the networks. Or at least one side has no known internal IP address, so use transport mode without using any routing.

In practical enviroments both standardized precondidions are not meet. Therefore a lot of extensions exists. The Windows extensions is incompatible to the Cisco extensions, beside Cisco boxes can be used to terminate Windows roadwarrior systems (beside PIX 7.x).

You have to live with it.

Reply to
Lutz Donnerhacke Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.