Cisco 3000 (Altiga) Win2K client?
bjaber at IPASS.COM
Wed Jan 10 23:33:02 EST 2001
I've been working directly with Cisco on this one for quite some time now.
I have a copy of the beta 2.6 Cisco VPN 3000 client for Win2K. It works the
same as the Win9x/NT one does, but it now installs on Win2K (works really
good, I might add). Please don't bother to ask me to email out copies of
any beta clients as I am bound under NDA to not do so.
I haven't confirmed this, but according to Cisco's product marketing for VPN
3000, this v2.6 client will not ship and will only be used as a stepping
stone beta to test the Win2K interoperability, although the v2.6 client may
be released internally for Cisco themselves. The version 3.0 client due out
in end of Q1 (and possibly later) will be the new "unified" client which
will talk to the VPN 3000 Series, VPN 5000 Series, IOS Gateway VPN routers,
and PIX firewalls.
With respect to getting the native Win2K VPN client to work using IPsec on
the VPN 3000 switch, it will most certainly work, but it requires the use of
certificate-based authentication as well as Active Directory. You'll need
to obtain a "server certificate" from the cert authority for the VPN switch
and a certificate for each VPN client (i.e. user). I can't seem to find the
doc for implementing this on the VPN 3000 units. If I find it later, I'll
try to remember to post it to the list.
In the meantime, if you need to connect Win2K users to your 3000 switch(es),
you can still do so via PPTP (hold your comments, please!). Simply enable
PPTP as one of the services on the 3000 switch(es) and you can then use the
native Win2K PPTP VPN client. However, the only way to connect Win2K IPsec
clients on the VPN 3000 Concentrator is via L2TP, so you'll eventually need
to enable that service too.
Basim S. Jaber
Senior Systems Engineer / Remote Access Specialist
VPN Services Division
iPass Inc. Redwood Shores, CA
>From: David Gillett [mailto:dgillett at niku.com]
>Sent: Wednesday, January 10, 2001 2:28 PM
>To: VPN at SECURITYFOCUS.COM
>Subject: Cisco 3000 (Altiga) Win2K client?
> I seem to recall that a lot of posters had heard rumours of this around
>Oct-Nov last year. Nobody seemed to be able to get a date from any Cisco
>employee, but a VAR I talked to told me he expected it to be out of beta
>around Nov 15th/2000.
> Well, here we are Jan/2001, and the volume of 2000 users wanting to
>connect to our 3000 is growing. Has anyone heard anything since November?
> Alternatively, has anyone gotten this to work with the native Win2K IPSEC
>stuff? Something in the release notes made me think it relied on Active
>Directory, but I'm hoping I misunderstood that bit.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the VPN