Windows Vista PPTP vpn Cisco Pix 515E

[Guest]

Hi with my Windows XP I have no problem to connect to a cisco PIX 515E via
PPTP VPN tunnel. I dont even have to change anything on the encryption
settings and so on, only the option not to use default gateway on remote
network (Offcourse if this is what you want)
My question is what is different with Windows Vista?, I have tried
everithing with Vista, and I simply cannot connect to a PIX 515E over PPTP.
It seems the authentication mecanism has change in Windows Vista in contrast
to XP. (Is this right?) How can I connect to my PIX Firewall from a Windows
Vista Box?. Dont tell me now I have to buy some ridiculous licence!.
Best Regards,
Robert

 

[EricvanderMeer]

Hello Robert,

Same problem here, at work we have a same PIX device and i still cannot
connect from my Vista Ultimate client.

Tried everything but still no succes.
Hope someone knows the solution for this problem.

Best regards,
Eric van der Meer


Robert schreef:

 

[EricvanderMeer]

Hello,

Here's the solution for this problem:

VPN Improvement in Vista
Microsoft has changed the default settings for VPN connections to only
use MS-CHAP v2 for Authentication. If you are unfamiliar with the way
that PPTP (Microsoft Default) VPN connections work, well they are
established in a similar was as IPSec VPN's are. First, an
authentication session is established, second an encryption algorithm
is agreed upon. Microsoft's PPTP client has historically supported
four authentication methods for PPTP connections.
· PAP - Passwords are sent as clear ACSII text
· CHAP - Simple one-way hash sent to encrypt the password
· MS-CHAP (v1) - Same as CHAP except that it adds the
ability to change passwords, supports retry, and returns failure codes
explaining why an authentication failed.
· MS-CHAP v2 - adds mutual authentication by sending a
response challenge.
Windows XP supported all four for VPN authentication. Vista now
supports all but MS-CHAP (v1). This is interesting because if you are
using a Cisco PIX grade product, you should pay special attention to
this. You see the PIX's implementation of PPTP supports PAP, CHAP,
and MS-CHAP, but not MS-CHAP v2. This means that since Vista doesn't
support MS-CHAP and Cisco doesn't support MS-CHAP v2, you are left
with PAP and CHAP if your office or customer uses a Cisco PIX-based
product. Fortunately for you, PAP and CHAP are disabled by default, so
if you are using a PIX, you will need to manually configure your VPN
connection after creation.

(e-mail address removed) schreef: