IPSec with PIX and Win2k

[Eric Vyncke]

Jeffrey,

AFAIK, Win2K is using per default IPSec in transport mode with L2TP.
PIX is only IPSec tunnel mode. So, there is probably a mismatch
here...

Else, I'm quite confident that the PIX will propose and accept a pre-shared
key with your configuration. I've done it a couple of time.

Just my 0.01 EUR

-eric

At 14:03 26/07/2000 -0400, Jeffrey Dell wrote:
>Has anyone gotten IPSec to work with a PIX and windows 2k? I have tried many
>different configurations but nothing works. During the isakmp process the
>pix wants to use RSA for authentication but I have setup pre-shared keys.
>Here is a piece that was taken from the Cisco reference that I have also
>used for testing purposes. I would think that it would use pre-shared keys
>for authentication. But when I look at the debug logging, I see that it is
>using RSA for authentication instead of pre-shared. Has anyone else had this
>problem? Thanks in advance,
>
>Jeff
>
>Protection suite of priority 20
>         encryption algorithm:   DES - Data Encryption Standard (56 bit
>keys).
>         hash algorithm:         Message Digest 5
>         authentication method:  Pre-Shared Key
>         Diffie-Hellman group:   #1 (768 bit)
>         lifetime:               86400 seconds, no volume limit
>Default protection suite
>         encryption algorithm:   DES - Data Encryption Standard (56 bit
>keys).
>         hash algorithm:         Secure Hash Standard
>         authentication method:  Rivest-Shamir-Adleman Signature
>         Diffie-Hellman group:   #1 (768 bit)
>         lifetime:               86400 seconds, no volume limit
>
>VPN is sponsored by SecurityFocus.COM

Eric Vyncke
Senior Consulting Engineer         Cisco Systems EMEA
Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
E-mail: evyncke at cisco.com          Mobile: +32-75-312.458

VPN is sponsored by SecurityFocus.COM