7 Replies Latest reply on Jul 14, 2011 3:38 PM by Nishant Shah

    IPSEC Vpn with Windows 7 clients

    Nishant Shah

      Hi Guys,

       

      Im sorry if this topic has been raised earlier. i tried looking at the forms and did find some interesting information but couldnt find much help... 

       

      we are running 7.0.0.07 version of sidewainder and would like to use the windows 7 built in client for ipsec vpn. We have configured the the firewall for the vpn connection (dynamic ip restricted clinet mode, password for authentication, remote id as an email address in remote authentication).

       

      when i try to configure the vpn client (windows 7), it asks me a username and password in the wizard (im not sure if i have to type the pre shared key here)... i enter the pre-shared key here which i set and also set the same in the advanced settings of the client.

       

      when i try to dial the connection, it fails with an error 789. My question is.

       

      1) do i have to do anything additional or am i missing anything ?

      2) if i have chosen an email address in the identities list in the remote identity coloumn, do i have to select email address in the local autentication coloumn as well ???

      3) what exactly goes into the password field in the windows 7 client ??? (assuming i just added the identity as an email address and it doesnt exist on the AD and doesnt have a password). i have tried leaving the filed blank but get the same error.

       

      Thanks for your answers in advance guys.

       

      Nishant

        • 1. Re: IPSEC Vpn with Windows 7 clients
          sliedl

          I posted a guide here.  I believe it only works with v7.0.1.02 and later and IPSEC v2 and certificates (i.e. not passwords).

          • 2. Re: IPSEC Vpn with Windows 7 clients
            Nishant Shah

            Thanks for the Guide sliedl. I already have this with me from mcafee support. Our requirement is to use pre-shared key for authentication. I believe windows 7 built in client does support authentication so am not able to understand why mcafee support s unable to help us in this matter.

             

            Nishant.

            • 3. Re: IPSEC Vpn with Windows 7 clients
              sliedl

              We can't help you in this matter because we do not support Windows 7.  If you have a question on Windows 7 and its built-in VPN capabilities you will have to call Microsoft Support.  We do not support any VPN clients actually.  If you have a question on how to do something on a client you must contact that vendor's support.

               

              If you look at the guide we've provided for you and look at the authentication section of the Windows 7 VPN setup you'll see this:

               

              pic.jpg

               

              The only Authentication types it supports are EAP and certificates.  The firewall can only do password authentication or certificate auth. inside a VPN.  The Windows client does not seem to do password-based IPSec authentication.

               

              If you want to do password-based IPSec tunnels then use ShrewSoft, GreenBow, Safenet, or any other IPSec-compatible VPN client software.  We have guides for each of those three clients.

              • 4. Re: IPSEC Vpn with Windows 7 clients
                Nishant Shah

                thanks sliedl... i am able to see ipsec in the options and also able to type the pre-shared key in the advanced section. is it just me seeing this??? im sure there shouldnt be much difference in clients what so ever.

                 

                 

                Untitled.png

                • 5. Re: IPSEC Vpn with Windows 7 clients
                  Nishant Shah

                  i have got only 1 question infact. in the sidewinder appliance when we create a vpn connection, we have a remote authentication and a local authentication... in windows 7 client we have 2 places to type passwords. 1 with the username as shown below and 2 in the pre-shared key as shown in the figure above.

                   

                  where do we use the remote authentication and local authentication passwords in this context ???

                   

                  Untitled.png

                  • 6. Re: IPSEC Vpn with Windows 7 clients
                    sliedl

                    That is for L2TP over IPSec, Microsoft's implementatiion of IPSec.  It is not compatible with the firewall (it is not true IPSec, it is L2TP over IPSec).

                    • 7. Re: IPSEC Vpn with Windows 7 clients
                      Nishant Shah

                      thanks sliedl... so there is no way to implement ipsec with windows 7 even with version 8 of the firewall... i guess this calls for the end of the discussion in this case. you were very helpful...

                       

                      thanks a lot again

                       

                      Nishant