Windows Vista PPTP vpn Cisco Pix 515E

Hello,

Here's the solution for this problem:

VPN Improvement in Vista
Microsoft has changed the default settings for VPN connections to only
use MS-CHAP v2 for Authentication. If you are unfamiliar with the way
that PPTP (Microsoft Default) VPN connections work, well they are
established in a similar was as IPSec VPN's are. First, an
authentication session is established, second an encryption algorithm
is agreed upon. Microsoft's PPTP client has historically supported
four authentication methods for PPTP connections.
· PAP - Passwords are sent as clear ACSII text
· CHAP - Simple one-way hash sent to encrypt the password
· MS-CHAP (v1) - Same as CHAP except that it adds the
ability to change passwords, supports retry, and returns failure codes
explaining why an authentication failed.
· MS-CHAP v2 - adds mutual authentication by sending a
response challenge.
Windows XP supported all four for VPN authentication. Vista now
supports all but MS-CHAP (v1). This is interesting because if you are
using a Cisco PIX grade product, you should pay special attention to
this. You see the PIX's implementation of PPTP supports PAP, CHAP,
and MS-CHAP, but not MS-CHAP v2. This means that since Vista doesn't
support MS-CHAP and Cisco doesn't support MS-CHAP v2, you are left
with PAP and CHAP if your office or customer uses a Cisco PIX-based
product. Fortunately for you, PAP and CHAP are disabled by default, so
if you are using a PIX, you will need to manually configure your VPN
connection after creation.

EricvanderMeer.TakeThisOut@gmail.com schreef:

> Hello Robert,
>
> Same problem here, at work we have a same PIX device and i still cannot
> connect from my Vista Ultimate client.
>
> Tried everything but still no succes.
> Hope someone knows the solution for this problem.
>
> Best regards,
> Eric van der Meer
>
>
> Robert schreef:
>
> > Hi with my Windows XP I have no problem to connect to a cisco PIX 515E via
> > PPTP VPN tunnel. I dont even have to change anything on the encryption
> > settings and so on, only the option not to use default gateway on remote
> > network (Offcourse if this is what you want)
> > My question is what is different with Windows Vista?, I have tried
> > everithing with Vista, and I simply cannot connect to a PIX 515E over PPTP.
> > It seems the authentication mecanism has change in Windows Vista in contrast
> > to XP. (Is this right?) How can I connect to my PIX Firewall from a Windows
> > Vista Box?. Dont tell me now I have to buy some ridiculous licence!.
> > Best Regards,
> > Robert

Hello,

Here's the solution for this problem:

VPN Improvement in Vista
Microsoft has changed the default settings for VPN connections to only
use MS-CHAP v2 for Authentication. If you are unfamiliar with the way
that PPTP (Microsoft Default) VPN connections work, well they are
established in a similar was as IPSec VPN's are. First, an
authentication session is established, second an encryption algorithm
is agreed upon. Microsoft's PPTP client has historically supported
four authentication methods for PPTP connections.
· PAP - Passwords are sent as clear ACSII text
· CHAP - Simple one-way hash sent to encrypt the password
· MS-CHAP (v1) - Same as CHAP except that it adds the
ability to change passwords, supports retry, and returns failure codes
explaining why an authentication failed.
· MS-CHAP v2 - adds mutual authentication by sending a
response challenge.
Windows XP supported all four for VPN authentication. Vista now
supports all but MS-CHAP (v1). This is interesting because if you are
using a Cisco PIX grade product, you should pay special attention to
this. You see the PIX's implementation of PPTP supports PAP, CHAP,
and MS-CHAP, but not MS-CHAP v2. This means that since Vista doesn't
support MS-CHAP and Cisco doesn't support MS-CHAP v2, you are left
with PAP and CHAP if your office or customer uses a Cisco PIX-based
product. Fortunately for you, PAP and CHAP are disabled by default, so
if you are using a PIX, you will need to manually configure your VPN
connection after creation.

EricvanderMeer RemoveThis @gmail.com schreef:

> Hello Robert,
>
> Same problem here, at work we have a same PIX device and i still cannot
> connect from my Vista Ultimate client.
>
> Tried everything but still no succes.
> Hope someone knows the solution for this problem.
>
> Best regards,
> Eric van der Meer
>
>
> Robert schreef:
>
> > Hi with my Windows XP I have no problem to connect to a cisco PIX 515E via
> > PPTP VPN tunnel. I dont even have to change anything on the encryption
> > settings and so on, only the option not to use default gateway on remote
> > network (Offcourse if this is what you want)
> > My question is what is different with Windows Vista?, I have tried
> > everithing with Vista, and I simply cannot connect to a PIX 515E over PPTP.
> > It seems the authentication mecanism has change in Windows Vista in contrast
> > to XP. (Is this right?) How can I connect to my PIX Firewall from a Windows
> > Vista Box?. Dont tell me now I have to buy some ridiculous licence!.
> > Best Regards,
> > Robert