Whoever you spoke to at TAC was misinformed. I'm using the free 56bit DES
key on our PIX and I can authenticate using the VPN 3.0 client. You sure
don't need any 3DES key.
And in response to an earlier question posed regarding Diffie-Hellman Group
2 usage. I originally had the isakmp policy using Group 1 but the VPN 3.0
client bombed out on attempting to authenticate. As soon as I changed the
statement on the PIX to group 2, voila!, it worked right away. I guess the
VPN3.0 client is using group 2 by default so the PIX must also use group 2.
I can't find any settings where you can change to group 1 on the VPN client
software.
Vijay Ramcharan
----- Original Message -----
From: "Alex Lee"
To:
Sent: Friday, May 25, 2001 7:38 PM
Subject: Re: PIX Software V6.0 [7:5969]
> No more DES.
>
> I was told by TAC that if you want to use VPN 3.0 client, your PIX must
have
> 3 DES activated. A pre-sale told me that this costs $1,000.00 plus license
> for VPN clients.
>
> Can someone confirm this ?
>
> Alex Lee
>
>
> "Carroll Kong" wrote in message ...
> >At 05:17 PM 5/25/01 -0400, Vijay Ramcharan wrote:
> >>If anyone wasn't aware, V6.0 of the PIX software is now available.
> >>And as I just found out, to use the VPN 3.0 client, "isakmp policy ?
> >>group 2" must be used to enable successful authentication.
> >>
> >>Vijay Ramcharan
> >
> >Are you sure this is not user configurable? Group 2 refers to the
> >Diffie-Hellman group used. I suppose unless they made it a standard to
not
> >allow you to use Group 1 (weaker), but sheesh, if they made that the
> >requirement, how dare they let people use DES.
> >
> >
> >
> >-Carroll Kong
> >FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6045&t=5969
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
