<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: Cisco 3000 (Altiga) Win2K client?</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>I've been working directly with Cisco on this one for quite some time now. I have a copy of the beta 2.6 Cisco VPN 3000 client for Win2K. It works the same as the Win9x/NT one does, but it now installs on Win2K (works really good, I might add). Please don't bother to ask me to email out copies of any beta clients as I am bound under NDA to not do so.</FONT></P>
<P><FONT SIZE=2>I haven't confirmed this, but according to Cisco's product marketing for VPN 3000, this v2.6 client will not ship and will only be used as a stepping stone beta to test the Win2K interoperability, although the v2.6 client may be released internally for Cisco themselves. The version 3.0 client due out in end of Q1 (and possibly later) will be the new "unified" client which will talk to the VPN 3000 Series, VPN 5000 Series, IOS Gateway VPN routers, and PIX firewalls.</FONT></P>
<P><FONT SIZE=2>With respect to getting the native Win2K VPN client to work using IPsec on the VPN 3000 switch, it will most certainly work, but it requires the use of certificate-based authentication as well as Active Directory. You'll need to obtain a "server certificate" from the cert authority for the VPN switch and a certificate for each VPN client (i.e. user). I can't seem to find the doc for implementing this on the VPN 3000 units. If I find it later, I'll try to remember to post it to the list.</FONT></P>
<P><FONT SIZE=2>In the meantime, if you need to connect Win2K users to your 3000 switch(es), you can still do so via PPTP (hold your comments, please!). Simply enable PPTP as one of the services on the 3000 switch(es) and you can then use the native Win2K PPTP VPN client. However, the only way to connect Win2K IPsec clients on the VPN 3000 Concentrator is via L2TP, so you'll eventually need to enable that service too.</FONT></P>
<P><FONT SIZE=2>Basim S. Jaber </FONT>
<BR><FONT SIZE=2>Senior Systems Engineer / Remote Access Specialist</FONT>
<BR><FONT SIZE=2>VPN Services Division</FONT>
<BR><FONT SIZE=2>iPass Inc. Redwood Shores, CA</FONT>
<BR><FONT SIZE=2><A HREF="http://www.iPass.COM" TARGET="_blank">http://www.iPass.COM</A></FONT>
</P>
<BR>
<P><FONT SIZE=2>>-----Original Message-----</FONT>
<BR><FONT SIZE=2>>From: David Gillett [<A HREF="mailto:dgillett@niku.com">mailto:dgillett@niku.com</A>]</FONT>
<BR><FONT SIZE=2>>Sent: Wednesday, January 10, 2001 2:28 PM</FONT>
<BR><FONT SIZE=2>>To: VPN@SECURITYFOCUS.COM</FONT>
<BR><FONT SIZE=2>>Subject: Cisco 3000 (Altiga) Win2K client?</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>> I seem to recall that a lot of posters had heard rumours of this around</FONT>
<BR><FONT SIZE=2>>Oct-Nov last year. Nobody seemed to be able to get a date from any Cisco</FONT>
<BR><FONT SIZE=2>>employee, but a VAR I talked to told me he expected it to be out of beta</FONT>
<BR><FONT SIZE=2>>around Nov 15th/2000.</FONT>
<BR><FONT SIZE=2>> Well, here we are Jan/2001, and the volume of 2000 users wanting to</FONT>
<BR><FONT SIZE=2>>connect to our 3000 is growing. Has anyone heard anything since November?</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>> Alternatively, has anyone gotten this to work with the native Win2K IPSEC</FONT>
<BR><FONT SIZE=2>>stuff? Something in the release notes made me think it relied on Active</FONT>
<BR><FONT SIZE=2>>Directory, but I'm hoping I misunderstood that bit.</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>>David Gillett</FONT>
</P>
</BODY>
</HTML>