Cisco VPNs are horrible
At least in my experience.
In fact, I don’t like Cisco:
- you can’t get new VPN clients without a license agreement (which then means you need a friendly network guy)
- they just don’t seem to fix bugs
- and then they threaten people when they point out unpatched security holes
I suppose this comes from having to deal with a 1MB binary kernel module which spat out lots of “Badness in kernel at …” messages.
I just use the lightweight (80KB), userspace VPNC program instead. All of which is reverse engineered since Cisco won’t release specs - their default Xauth security is also known to be insecure. In fact, you need to use the decrypt tools to get the group password out of the Cisco VPN “.pcf” file.
Just use OpenVPN and be extremely happy. It’s easy to setup and has worked flawlessly for two years for us.
Anyhow, onto the reason I’m writing this which is to get this next bit of information a bit more likely to show up in a Google search (hi Jonathan!) We have some users who couldn’t connect to the Cisco VPN - at first it was deemed to be a Vista issue. However this turned out not to be the case. The error people received was:
Secure VPN Connection terminated locally by the Client. Reason 412: The remote peer is no longer responding
The readme for the client (if you still have it) has these suggestions:
- upgrade the firmware on your router
- modify the profile and change it to TCP (from UDP)
- edit the profile (the .pcf file) and add UseLegacyIKEPort=1
Given that the router in question was a brand new router, I’m not fabulously impressed. Anyhow, that third option fixed it.
Posted: October 30th, 2007 under Work.
Comments: none
Write a comment