[vpn-help] Cisco RSA Authentication - configuration help needed
Matthew Grooms
mgrooms at shrew.net
Sun Mar 14 21:19:06 CDT 2010
On 3/12/2010 9:20 AM, Tero Karttunen wrote:
> I am trying to set up Windows Server 2008 64-bit environment, and I am
> evaluating Shrew Soft VPN Client as an alternative to Cisco Systems
> VPN Client, which sadly does not work in 64-bit environments.
>
> I have two Cisco profiles to import called "TE-access" and "SU4TSF".
> The first one got imported successfully, and its type was "Mutual PSK
> + XAuth". However, the second one caused import to fail with 2.1.5.
> Learning that Cisco support is a recent addition, I downloaded
> 2.1.6-beta-6 and tried again.
>
> The message I got was: "The Cisco site configuration was imported but
> uses a RSA authentication method. You will need to import a
> certificate manually to complete the configuration." Preselected
> authentication method now seems to be "Mutual RSA + XAuth".
>
> Right. Pretty straightforward instruction; however, I cannot seem to
> get it to function correctly.
>
> What I have in hand are SU4TSF.pfx and SU4TSF.pcf files, the second
> being the Cisco profile and the first one containing all the necessary
> certificates. There are no certificate passwords so I am able to
> install both the enclosed VPN certificate and accompanied root CA
> sertificate into Windows certificate registry.
>
> PFX is PKCS12 file, right? However, when I attempted to set all the
> files (Server Certificate Authority File, Client Certificate File,
> Client Private Key file) to SU4TSF.pdf, it did not work. The results
> are:
>
> ------------------------------------------
> peer configured
> iskamp proposal configured
> esp proposal configured
> client configured
> server cert config failed
> detached from key daemon ...
> ------------------------------------------
>
> Can you please advice me how to correctly complete the configuration?
> Is there a HOWTO somewhere on converting pfx into necessary files? The
> vpnhelp documentation is somewhat sparse on what kind of files it
> expects!
>
I would try exporting the certificate manually using openssl to see if
that works. This may produce more than one so it may take some trial and
error. Google spits out a wealth of links when I type in "pfx to pem".
Have a look at this ...
http://help.globalscape.com/help/eft5/admin/exporting_a_certificate_from_pfx_to_pem.htm
If you get it to work this way, please let us know.
-Matthew
More information about the vpn-help
mailing list