Vista can't authenticate on VPN connection

D

Daniel Peterson

Hello,

I've read up quite a bit about VPN problems with Vista, but can't seem to
find a solution to my issues. We have VPN setup to our Cisco PIX 515E
(which doesn't support MS-CHAP V2). Of course, since Microsoft was nice
enough to remove MS-CHAP V1 in Vista, this now prevents any of our users
from upgrading to Vista, and I'm trying to find a workaround.

Right now, I've made changes to our PIX to allow authentication over PAP,
CHAP or MSCHAPV1. The PIX has always required 128bit encryption. (This
according to the MS KB article discussing the death of MSCHAP V1, should
work).

In my VPN connection security , I've tried every combination of PAP, CHAP
and the various data encryption options, but can't get beyond the dreaded
"Error 732: Your computer and the remote computer could not agree on PPP
control protocols". I don't see anything interesting in the PIX logs or in
the Windows Vista client event logs.

User authentication is being done by an IAS server that the PIX connects to
just fine. Clients running XP, 2000 and OS X can all VPN in without any
problems at all.

Has ANYONE gotten Vista <---> PIX VPN working at all with the Vista VPN
client?
 
R

Robert L [MVP - Networking]

You may want to disable PAP, CHAP and MS-CHAP v2. This post may help,

VPN works with all OS except Vista
http://www.chicagotech.net/netforums/viewtopic.php?t=729

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hello,

I've read up quite a bit about VPN problems with Vista, but can't seem to
find a solution to my issues. We have VPN setup to our Cisco PIX 515E
(which doesn't support MS-CHAP V2). Of course, since Microsoft was nice
enough to remove MS-CHAP V1 in Vista, this now prevents any of our users
from upgrading to Vista, and I'm trying to find a workaround.

Right now, I've made changes to our PIX to allow authentication over PAP,
CHAP or MSCHAPV1. The PIX has always required 128bit encryption. (This
according to the MS KB article discussing the death of MSCHAP V1, should
work).

In my VPN connection security , I've tried every combination of PAP, CHAP
and the various data encryption options, but can't get beyond the dreaded
"Error 732: Your computer and the remote computer could not agree on PPP
control protocols". I don't see anything interesting in the PIX logs or in
the Windows Vista client event logs.

User authentication is being done by an IAS server that the PIX connects to
just fine. Clients running XP, 2000 and OS X can all VPN in without any
problems at all.

Has ANYONE gotten Vista <---> PIX VPN working at all with the Vista VPN
client?
 
D

Daniel Peterson

Hello,

As I said, I've tried every combination of PAP, CHAP and data encryption.

Other than an email address to send trace logs to for debugging, I didn't see anything new in that link.

Any other suggestions?
You may want to disable PAP, CHAP and MS-CHAP v2. This post may help,

VPN works with all OS except Vista
http://www.chicagotech.net/netforums/viewtopic.php?t=729

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hello,

I've read up quite a bit about VPN problems with Vista, but can't seem to
find a solution to my issues. We have VPN setup to our Cisco PIX 515E
(which doesn't support MS-CHAP V2). Of course, since Microsoft was nice
enough to remove MS-CHAP V1 in Vista, this now prevents any of our users
from upgrading to Vista, and I'm trying to find a workaround.

Right now, I've made changes to our PIX to allow authentication over PAP,
CHAP or MSCHAPV1. The PIX has always required 128bit encryption. (This
according to the MS KB article discussing the death of MSCHAP V1, should
work).

In my VPN connection security , I've tried every combination of PAP, CHAP
and the various data encryption options, but can't get beyond the dreaded
"Error 732: Your computer and the remote computer could not agree on PPP
control protocols". I don't see anything interesting in the PIX logs or in
the Windows Vista client event logs.

User authentication is being done by an IAS server that the PIX connects to
just fine. Clients running XP, 2000 and OS X can all VPN in without any
problems at all.

Has ANYONE gotten Vista <---> PIX VPN working at all with the Vista VPN
client?
 
A

Aanand Ramachandran

Hi Daniel
Both PAP and CHAP do not support encryption. In order to use them you
would have to turn off 128-bit encryption on the server.

thanks
Aanand
 
D

Daniel Peterson

Hello,

Thank you, that's what I was starting to wonder.

Well, that pretty much kills that solution.

THANKS MICROSOFT FOR DEPRECATING MSCHAP V1. :(
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Chap V1 for VPN Connectivity 4
Help: Need VPN with MS Chap1 under Vista 5
VPN to Cisco via Radius fails ppp 6
Vista Business VPN through Cisco PIX 501 2
Vista and VPN (Cisco Pix) 2
Microsoft PPTP VPN 7
Vista Business, Wireless and VPN 7
After Upgrade from XP to Vista RAS Connections are Failing 1

Top