From kaiyiw at gmail.com Sat Oct 8 05:28:35 2005 From: kaiyiw at gmail.com (kaiyi wang) Date: Sat, 8 Oct 2005 17:28:35 +0800 Subject: [VPN] Cisco VPN Client(v3.0) connect to PIX-525E problems Message-ID: Hi all, I have a Cisco PIX-525 and am trying to connect it via the cisco vpn client software(3.0) using IPSec.It's always failed to connect.I start the debug to get details when trying to connect.The following is the debug information from the PIX console output: Oct 08 06:33:47 [IKEv1]: Group = ExhibitAccessgroup, IP = 61.49.235.70, Received encrypted Oakley Aggressive Mode packet with invalid payloads, MessID = 0 Oct 08 06:34:10 [IKEv1]: Group = ExhibitAccessgroup, IP = 61.49.235.70, Received encrypted Oakley Aggressive Mode packet with invalid payloads, MessID = 0 And, from the log of Cisco VPN client, the following information is detected: received a NOTIFY message withh an invalid protocol id ( 0 ) Really I can not find out what kind of problem it is.Could you give me any suggestions ? and each advice is appereacted. Thanks Regards Kee W From kaiyiw at gmail.com Tue Oct 11 10:11:47 2005 From: kaiyiw at gmail.com (kaiyi wang) Date: Tue, 11 Oct 2005 22:11:47 +0800 Subject: [VPN] Cisco VPN Client(v3.0 & 4.6) connect to PIX-525E (7.0) problems Message-ID: Hi, all I meet a problem about Cisco VPN Client(v3.0) connect to PIX-525E (7.0) problems.(VPN Client 4.6 is also used, failed again. :( ) I post it on the Cisco technical forum, please visit the following url and provide me some advices. The network topology and my PIX configuration are attached. All response are appreciated. Below is the URL: http://forums.cisco.com/eforum/servlet/NetProf;jsessionid=21pi2rm2b1.SJ2A?page=netprof&forum=Virtual%20Private%20Networks&topic=Security&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dd97527/4#selected_message Thanks Regards Wang Kaiyi -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/vpn/attachments/20051011/c0f7d72f/attachment.htm From nirmala_30782 at yahoo.co.in Thu Oct 27 07:36:32 2005 From: nirmala_30782 at yahoo.co.in (nirmala balu) Date: Thu, 27 Oct 2005 12:36:32 +0100 (BST) Subject: [VPN] testing vpn using l2tp between two linux machines Message-ID: <20051027113632.14059.qmail@web8502.mail.in.yahoo.com> hi, i am doing project in vpn using l2tp. i got the information for tesing of vpn using windows platform through internet. but i dont know how to do testing of vpn (l2tp) in linux platform.it will be very useful for me if anyone gives the procedure for testing vpn(l2tp) between two linux PCs. thanks in advance. nirmala --------------------------------- Enjoy this Diwali with Y! India Click here -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/vpn/attachments/20051027/0836d79b/attachment.htm From jef at linuxbe.org Mon Oct 31 08:55:26 2005 From: jef at linuxbe.org (Jean-Francois Dive) Date: Mon, 31 Oct 2005 14:55:26 +0100 Subject: [VPN] Re: VPN server over windows XP In-Reply-To: References: Message-ID: <20051031135526.GA2902@www.beit.be> best solution, use anoter device which is tailored for what you want to do. Second best, use openvpn(.org), third best is to try to make windows accept connection, but the soft which is provided, imho is only a client. The last solution which i know used to work somehow is to use pptp with the security implications that have been widely covered (google for more). Hope this help, J. On Wed, Sep 14, 2005 at 08:38:37PM +0000, Alaa Dalghan wrote: > hello everyone, > > I am trying to setup a windows xp machine as a vpn server that accepts > multiple ipsec tunnels from other windows xp machines. > > My restrictions are the following: > > 1- I need to set the vpn server on windows XP (not windows 2000 server, nor > 2003, nor ISA server, etc.) > > 2- I need to use tunnel mode ipsec > > 3- The vpn server should accept MULTIPLE vpn tunnels. > > The first problem I faced is that windows xp does not support ipsec tunnel > mode between 2 xp machines. It only supports transport mode which is not > what I want. > To overcome this lack of IP tunneling I tried to use the built-in tunneling > capabilities such as PPTP and L2TP/ipsec, and it worked. But the problem > here is that a windows xp can not accept more than ONE SINGLE incoming > connection at a time, and I need multiple connections. > > I think the solution could be one of the following: > > 1-Installing a third party FREE vpn server (or L2TP server) on windows XP. > If you know one please tell me. > > 2-Importing some features from windows 2000 server or 2003 server (some > executables or services or plugins that enable xp to run as a vpn server and > accept multiple connections). If you know what to import please tell me. > > 3- Installing a pure IP tunneling solution on windows xp so that it can be > combined with ipsec encryption to yield tunnel mode encryption. > > I appreciate any help, > > Alaadin > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today - it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > _______________________________________________ > VPN mailing list > VPN at lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/vpn -- -- -> Jean-Francois Dive --> jef at linuxbe.org I think that God in creating Man somewhat overestimated his ability. -- Oscar Wilde From Darren.Spruell at chw.edu Mon Oct 31 11:08:28 2005 From: Darren.Spruell at chw.edu (Spruell, Darren-Perot) Date: Mon, 31 Oct 2005 09:08:28 -0700 Subject: [VPN] Re: VPN server over windows XP Message-ID: From: Jean-Francois Dive [mailto:jef at linuxbe.org] > On Wed, Sep 14, 2005 at 08:38:37PM +0000, Alaa Dalghan wrote: > > hello everyone, > > > > I am trying to setup a windows xp machine as a vpn server > that accepts > > multiple ipsec tunnels from other windows xp machines. > best solution, use anoter device which is tailored for what > you want to > do. Second best, use openvpn(.org), third best is to try to > make windows > accept connection, but the soft which is provided, imho is only a > client. The last solution which i know used to work somehow is to use > pptp with the security implications that have been widely covered > (google for more). I would second the recommendation on OpenVPN. Finding a "free" utility for IPsec in Windows to fit everything that you want is probably not trivial. I'm not aware of any. OpenVPN does not handle IPsec but does provide equally secure SSL-tunneled VPN capabilities using a broad collection of strong cipher and hash algorithms from the OpenSSL project. I have used it with success to acheive the kind of connectivity you desire. It is a superior solution to PPTP and more firewall-friendly than IPsec or PPTP. And it is free with a native Win32 client/server. DS