[VPN] Request: Need PIX Recipe for WinXP L2TP/IPSEC

Stacy Purcell spurcell at covad.net
Tue May 25 02:55:04 EDT 2004


Does anyone have a working example of a PIX config that works with WinXP 
L2TP/IPSEC clients that they can share?

I'm working with a PIX 501 that has the DES/3DES/AES license.

Using the WinXP VPN client GUI config, I can initiate the connection and 
it passes the authentication step in quick mode, but hangs on the next 
ISAKMP step where they try to agree on the encryption parameters. It 
complains about "invalid transforma proposal flags -- 0x200" or says 
"transform proposal not supported".

I also tried unsuccessfully to configure the WinXP side from scratch 
using the IPSEC policies but I can't even get the box to do IKE when I 
have the policy installed.

A PIX example with a brief description of how you config the WinXP 
clients would be very helpful. :)

Thanks,
Stacy Purcell





More information about the VPN mailing list