Cisco 3000 (Altiga) Win2K client?

Basim Jaber bjaber at IPASS.COM
Wed Jan 10 23:52:38 EST 2001


Forgot to add one important thing...
You cannot use IPsec/L2TP tunnels on Win2K if you already have anothe IPsec
client installed (i.e. Nortel Contivity, Cisco VPN 3000 v2.6 beta, etc).
The reason is that the "IPsec Policy Agent" is disabled when another IPsec
client is installed.  To be able to enable it, you must uninstall all IPsec
clients and use only the native Win2K IPsec client (over L2TP, therfore the
terminating switch must support L2TP tunnels using certificate-based
authentication).

Basim S. Jaber
Senior Systems Engineer / Remote Access Specialist
VPN Services Division
iPass Inc.	Redwood Shores, CA
http://www.iPass.COM



>-----Original Message-----
>From: Basim Jaber
>Sent: Wednesday, January 10, 2001 8:33 PM
>To: 'dgillett at niku.com'; VPN at SECURITYFOCUS.COM
>Subject: RE: Cisco 3000 (Altiga) Win2K client?
>
>
>I've been working directly with Cisco on this one for quite
>some time now.  I have a copy of the beta 2.6 Cisco VPN 3000
>client for Win2K. It works the same as the Win9x/NT one does,
>but it now installs on Win2K (works really good, I might add).
>  Please don't bother to ask me to email out copies of any
>beta clients as I am bound under NDA to not do so.
>
>I haven't confirmed this, but according to Cisco's product
>marketing for VPN 3000, this v2.6 client will not ship and
>will only be used as a stepping stone beta to test the Win2K
>interoperability, although the v2.6 client may be released
>internally for Cisco themselves.  The version 3.0 client due
>out in end of Q1 (and possibly later) will be the new
>"unified" client which will talk to the VPN 3000 Series, VPN
>5000 Series, IOS Gateway VPN routers, and PIX firewalls.
>
>With respect to getting the native Win2K VPN client to work
>using IPsec on the VPN 3000 switch, it will most certainly
>work, but it requires the use of certificate-based
>authentication as well as Active Directory.  You'll need to
>obtain a "server certificate" from the cert authority for the
>VPN switch and a certificate for each VPN client (i.e. user).
>I can't seem to find the doc for implementing this on the VPN
>3000 units.  If I find it later, I'll try to remember to post
>it to the list.
>
>In the meantime, if you need to connect Win2K users to your
>3000 switch(es), you can still do so via PPTP (hold your
>comments, please!).  Simply enable PPTP as one of the services
>on the 3000 switch(es) and you can then use the native Win2K
>PPTP VPN client.   However, the only way to connect Win2K
>IPsec clients  on the VPN 3000 Concentrator is via L2TP, so
>you'll eventually need to enable that service too.
>
>Basim S. Jaber
>Senior Systems Engineer / Remote Access Specialist
>VPN Services Division
>iPass Inc.	Redwood Shores, CA
>http://www.iPass.COM
>
>
>>-----Original Message-----
>>From: David Gillett [mailto:dgillett at niku.com]
>>Sent: Wednesday, January 10, 2001 2:28 PM
>>To: VPN at SECURITYFOCUS.COM
>>Subject: Cisco 3000 (Altiga) Win2K client?
>>
>>  I seem to recall that a lot of posters had heard rumours of
>this around
>>Oct-Nov last year.  Nobody seemed to be able to get a date
>from any Cisco
>>employee, but a VAR I talked to told me he expected it to be
>out of beta
>>around Nov 15th/2000.
>>  Well, here we are Jan/2001, and the volume of 2000 users wanting to
>>connect to our 3000 is growing.  Has anyone heard anything
>since November?
>>
>>  Alternatively, has anyone gotten this to work with the
>native Win2K IPSEC
>>stuff?  Something in the release notes made me think it
>relied on Active
>>Directory, but I'm hoping I misunderstood that bit.
>>
>>David Gillett
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20010110/c179d34c/attachment.htm 


More information about the VPN mailing list