|
Posted by Raul Elms on March 13, 2006, 6:02 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hello,
I'm a little bit confused about the differences between Microsoft's
build-in VPN Client (for XP) and Cisco's VPN client.
I wanna set up a connection to a network using Cisco's client (which
I'm using for other networks as well). For the new network detailed
instructions for the XP client are given, but nothing for the Cisco
client. I thought - please correct me, if I'm wrong - that XP and
Cisco both use the L2TP technique, so I should be able to use any
client for those connections. But Cisco's client needs much more
information than the IP of the gate (e.g. Group name and passwd). Is
there a possibility using the Cisco client when only the gate IP is
known (which is enough for XP) ?
Thanks a lot,
Raul
--
Raul Elms <email: http://raul.n8n.de>
|
 
| |
Posted by Lutz Donnerhacke on March 13, 2006, 6:17 am
If you were Registered and logged in, you could reply and use other advanced thread options
* Raul Elms wrote:
> client. I thought - please correct me, if I'm wrong - that XP and
> Cisco both use the L2TP technique,
You are wrong. XP does L2TP over IPSec in transport mode. L2TP itself is an
Ethernet brigde tunnel over PPP. Cisco Client uses IPSec in tunnel mode with
propietary extensions to do user authentication and client configuration.
|
|
Posted by Raul Elms on March 13, 2006, 6:50 am
If you were Registered and logged in, you could reply and use other advanced thread options
> You are wrong. XP does L2TP over IPSec in transport mode. L2TP itself is an
> Ethernet brigde tunnel over PPP. Cisco Client uses IPSec in tunnel mode with
> propietary extensions to do user authentication and client configuration.
so due to this extension Cisco's Client can't connect to gates
designed for XP?
Cheers,
Raul
--
Raul Elms <email: http://raul.n8n.de>
|
|
Posted by Lutz Donnerhacke on March 13, 2006, 7:07 am
If you were Registered and logged in, you could reply and use other advanced thread options
>> You are wrong. XP does L2TP over IPSec in transport mode. L2TP itself is an
>> Ethernet brigde tunnel over PPP. Cisco Client uses IPSec in tunnel mode with
>> propietary extensions to do user authentication and client configuration.
>
> so due to this extension Cisco's Client can't connect to gates
> designed for XP?
They are simply different. The extensions where introduced at a time where
Windows did not even know about IPSec. They are on the standardizaion track.
L2TP had a similar history, it starts as a propietary protocol called PPTP.
A once more: Windows IPSec can't use NAT-Traversal (without patches), while
the Cisco client does the propietary NAT-Traversal extensions.
Keep in mind: IPSec is ONLY standardized for the case of two systems with
public addresses. There are two cases: Both sides has static interal IP
addresses, so use tunnel mode and connect the networks. Or at least one side
has no known internal IP address, so use transport mode without using any
routing.
In practical enviroments both standardized precondidions are not meet.
Therefore a lot of extensions exists. The Windows extensions is incompatible
to the Cisco extensions, beside Cisco boxes can be used to terminate Windows
roadwarrior systems (beside PIX 7.x).
You have to live with it.
|
| Similar Threads | Posted | | Watchguard / Safenet Client and Cisco VPN Client Compatible? | February 7, 2005, 3:38 pm |
| Client VPN Cisco HELP | May 20, 2006, 11:14 am |
| Looking for Cisco VPN Client (XP) | September 7, 2006, 9:19 pm |
| API for Cisco VPN client? | June 6, 2007, 6:06 pm |
| W2K vpn client to Cisco 3005 VPN concentrator | June 20, 2005, 3:07 pm |
| Need help enrolling a certificate, Cisco VPN Client | July 19, 2005, 7:41 pm |
| Configuring Cisco VPN Client / Windows XP | July 22, 2005, 8:00 am |
| Need assistance with Cisco VPN client and Linux FC4 | December 28, 2005, 9:40 pm |
| How to reconnect cisco vpn client automatically | February 2, 2006, 11:22 am |
| Zonealarm free client and cisco vpn 4.6 | March 6, 2006, 6:55 am |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map