[vpn-help] Cisco RSA Authentication - configuration help needed

[Tero Karttunen]

I am trying to set up Windows Server 2008 64-bit environment, and I am
evaluating Shrew Soft VPN Client as an alternative to Cisco Systems
VPN Client, which sadly does not work in 64-bit environments.

I have two Cisco profiles to import called "TE-access" and "SU4TSF".
The first one got imported successfully, and its type was "Mutual PSK
+ XAuth". However, the second one caused import to fail with 2.1.5.
Learning that Cisco support is a recent addition, I downloaded
2.1.6-beta-6 and tried again.

The message I got was: "The Cisco site configuration was imported but
uses a RSA authentication method. You will need to import a
certificate manually to complete the configuration." Preselected
authentication method now seems to be "Mutual RSA + XAuth".

Right. Pretty straightforward instruction; however, I cannot seem to
get it to function correctly.

What I have in hand are SU4TSF.pfx and SU4TSF.pcf files, the second
being the Cisco profile and the first one containing all the necessary
certificates. There are no certificate passwords so I am able to
install both the enclosed VPN certificate and accompanied root CA
sertificate into Windows certificate registry.

PFX is PKCS12 file, right? However, when I attempted to set all the
files (Server Certificate Authority File, Client Certificate File,
Client Private Key file) to SU4TSF.pdf, it did not work. The results
are:

------------------------------------------
peer configured
iskamp proposal configured
esp proposal configured
client configured
server cert config failed
detached from key daemon ...
------------------------------------------

Can you please advice me how to correctly complete the configuration?
Is there a HOWTO somewhere on converting pfx into necessary files? The
vpnhelp documentation is somewhat sparse on what kind of files it
expects!

Thank you very much!

Tero Karttunen