[vpn-help] Cisco RSA Authentication - configuration help needed

Tero Karttunen karttunen.mailinglist at gmail.com
Fri Mar 12 09:20:12 CST 2010

I am trying to set up Windows Server 2008 64-bit environment, and I am
evaluating Shrew Soft VPN Client as an alternative to Cisco Systems
VPN Client, which sadly does not work in 64-bit environments.

I have two Cisco profiles to import called "TE-access" and "SU4TSF".
The first one got imported successfully, and its type was "Mutual PSK
+ XAuth". However, the second one caused import to fail with 2.1.5.
Learning that Cisco support is a recent addition, I downloaded
2.1.6-beta-6 and tried again.

The message I got was: "The Cisco site configuration was imported but
uses a RSA authentication method. You will need to import a
certificate manually to complete the configuration." Preselected
authentication method now seems to be "Mutual RSA + XAuth".

Right. Pretty straightforward instruction; however, I cannot seem to
get it to function correctly.

What I have in hand are SU4TSF.pfx and SU4TSF.pcf files, the second
being the Cisco profile and the first one containing all the necessary
certificates. There are no certificate passwords so I am able to
install both the enclosed VPN certificate and accompanied root CA
sertificate into Windows certificate registry.

PFX is PKCS12 file, right? However, when I attempted to set all the
files (Server Certificate Authority File, Client Certificate File,
Client Private Key file) to SU4TSF.pdf, it did not work. The results

peer configured
iskamp proposal configured
esp proposal configured
client configured
server cert config failed
detached from key daemon ...

Can you please advice me how to correctly complete the configuration?
Is there a HOWTO somewhere on converting pfx into necessary files? The
vpnhelp documentation is somewhat sparse on what kind of files it

Thank you very much!

Tero Karttunen

More information about the vpn-help mailing list