I decided to write this post after a year of trying to find a solution to connecting to my work Cisco VPN on my Windows Vista running the 64 bit version of the OS. I am a Firewall/VPN novice and after struggling to find a solution for so long I felt that anyone else out there struggling with the same problem should benefit.
We use an IPSec VPN on a Cisco firewall, and to connect to this on a client machine we must use the Cisco VPN client, unfortunately this client does not currently and never will run an a 64bit machine. Cisco have virtually ceased development of this software and haven’t updated it in 5 years, I am not going to go on a rant about that now because if you found this post it is probably because you want to find out how I got connected. I actually stumbled across this solution 6 months before I finally got it to work but didn’t realise how close I was at the time.
The solution is to use the NCP Secure Entry Client which will connect to a Cisco IPSec VPN and will also work on 64bit Windows. There are 30 day trials available of this software however it does cost money if you want to use it permanently (£95.20 for a single user license) but its definitely worth it. I would recommend you try the 30 trial first to make sure it will work for you.
These are the steps I followed to get it to work for me;
- Download and install the NCP Secure Entry Client
- Click on Configuration > Profiles > New Entry
- Select Link to a Corporate Network using IPSec and click next.
- Type in a name for your connection
- Select the method of connection, if its through your normal internet connection then select LAN (over IP)
- Type in the gateway IP address (i.e. the IP address of your firewall) but DO NOT check Extended Authorization XAUTH this is the mistake I was making 6 months before. Click next.
- Set Exchange Mode to Aggressive Mode and click next.
- Enter your Shared key into the two boxes. This may be referred to as your password which is what our hosting company was calling it which created a little confusion for me.
- In the drop down menu for Local Identity select Free string used to identify groups
- In the IKE ID text box enter your Group name which may also be referred to as your Username as it was by our hosting company. Click next.
- Under IP Address Assignment select IKE Config Mode, other settings may work for you, this worked for me. Click next.
- Finally, leave the settings on the last page the way they are and click Finish
- Now just try and connect with your new profile and it should work.
…
Edit:
As people mentioned in the comments you can import the configuration from a Cisco VPN Client .pcf file which works first time for some people. However for me, the import was checking the ‘Extended Authorization XAUTH’ option which is what foiled me for so long so if the import didn’t work just make sure that option isn’t checked.
Comments 7
You can import a cisco profile from their 32 bit version and this will configure NCP correctly.
Posted 14 Apr 2009 at 2:44 am ¶You can but in my case this didn’t work as it kept enabling XAUTH and setting the XAUTH username and password to what was supposed to be the Group name and Shared key.
Posted 14 Apr 2009 at 8:02 am ¶Huge thanks for this advice. It has probably saved me 6 months of staring at the response : VPN Error – VPN gateway not responding (waiting for Msg6)
Posted 24 Apr 2009 at 6:57 pm ¶Thanks for advice, works great. in my case it was pretty simple I had .pcf profiles, just imported and that’s it.
Posted 31 Jul 2009 at 12:22 pm ¶thanks for this… I get connected into my network. I get assigned an IP but I can’t surf the web or anthing via my corp network… any ideas on what settings I could use?
Posted 27 Aug 2009 at 12:16 pm ¶Awesome. Saved me lots of time and heartache. Imported my old Cisco .pcf file and it worked like a charm. Thanks!
Posted 20 Nov 2009 at 7:08 pm ¶Worked like a charm. I just imported my pcf file and added username and password to xauth option and it works directly. No problem and no fuzz.
Posted 02 Feb 2010 at 8:13 am ¶Post a Comment