[vpn-help] Imported pcf file lacks authentication info

Matthew Grooms mgrooms at shrew.net
Sun Mar 14 20:21:23 CDT 2010

On 3/8/2010 10:43 AM, novnov wrote:
> I am running shrew (current ver) on windows 7 64 and am not able to
> get a vpn connection to work. I imported a pcf file which does work
> on other OS with the cisco vpn client, and the issue is the
> authentication part. I don't really understand vpn software well so
> bear with me...in the cisco client software, there is an entry for
> 'Group Authencation' with Name and a masked password. That name value
> was pulled in to shrew, it's shown at Local Identity as Key ID
> string. I don't see the masked password; and when I try to connect,
> I'm prompted for a user name and password. What user name and
> password? I don't know the group auth password and I'm not sure I'll
> be given that by the network guy. It can't be asking me for my
> windows domain creds, right?

Try setting the authentication mode to PSK instead of PSK+Xauth. This 
will bypass you being prompted for a username and password but your 
gateway needs to be configured to support this.

I'm still confounded as to how the Cisco VPN Client can differentiate 
between these two authentication modes. The RFCs dictate that the mode 
be declared before Xauth occurs so I don't believe it can be detected 
during negotiation. Hmm, maybe the gateway doesn't advertise Xauth as a 
supported vendor ID and it expects the client to switch authentication 
modes on the fly. I'll have to investigate this because, as far as I can 
tell, there is no distinction made in the PCF file definition.

Hope this helps,


More information about the vpn-help mailing list