• Question

  • I am setting up the cisco Pix as the PPTP VPN in my office
    After I setting up it, I did try to connect to this PPTP VPN Server in my home
    I did try to connect PPTP VPN Connection  using Laptop (Windows XP SP2) and connect successfully.
    However, PPTP VPN Connection by VISTA Laptop is not working
    and it always hangs on "verifying username and password".

    then Error no.732 "your copmuter and the remote computer could not
    agree on PPP control protocol".
    I tried to chenge the security configuration in vista, but no support for MS-chapv1 only v2 supported.  and the pix support only v1 

    so help me

    Wednesday, April 4, 2007 1:57 PM

All replies

  • Please see the blog post at http://blogs.technet.com/rrasblog/archive/2007/04/08/troubleshooting-vista-vpn-problems.aspx for more information on the Vista VPN issues and steps to resolve/troubleshoot them.




    Tuesday, April 10, 2007 8:35 AM
  • I had the same 732 error as above. We have been using the built in Windows XP VPN client to connect to our Cisco PIX 506e for years. We got our first Vista laptop a few weeks ago and tried to VPN in...no dice. Tried every setting (PAP, CHAP, MSCHAP) and scoured the internet for a solution. Finally paid the $259 and contacted Microsoft support. After four hours of trying every setting, scouring the internet, and consulting with his mentor the MS tech said I would have to upgrade my PIX IOS to version 7 because it supports MSCHAP version 2. I went to the Cisco site to download IOS 7 and learned that the PIX 506e does not support IOS 7.(cisco site: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#q1). So to sum it up...if you have a PIX 506e and try to connect with VPN using Vista your out of luck. 


    Friday, December 28, 2007 3:23 PM
  • Correction, there is a way to VPN using Vista and a PIX 506e. The easiest thing to do is to log on to your PIX using the PDM browser interface. Go to Wizards>VPN Wizard>select Remote Access VPN>select Cisco VPN Client>enter a Group Name and enter your PreShared key...etc. (same as you used for your  Win XP PPTP VPN). Then download the Cisco VPN Client from Cisco.com. Enter your Group name, PIX IP address, and the password you assigned in the wizard. Bam!


    Monday, December 31, 2007 7:23 PM
  • Hi, all. I am in exactly the same position Zemi was in:

    1 XP w/built-in VPN vs. 506e worked for years
    2 Vista configed the same way doesn't work 
    3 Researched, determined that CHAP v1 support missing from Vista was the cause, the Cisco VPN Client should work
    4 Added a Cisco VPN Client connection via PDM on the 506e, installed Cisco VPN Client on Vista
    5 Able to connect to firewall w/PPTP VPN under XP & w/Cisco VPN under Vista.

    The problem I have now is that I can't see any other hosts on the company network, not via ping or through network drive mapping to a networked hard drive running Samba. Both of these worked before step 4 above. Firewall-assigned IP is in the same subnet the other hosts occupy (their IPs are static). With PPTP VPN under XP, VPN connection status shows "bytes sent" increases over connection lifetime, but "bytes received" ALWAYS stops at 207.

    6 Removed from 506e the Cisco VPN Client connection created in step 4

    Problem still present w/PPTP VPN under XP - connection succeeds but remote machine can't see or access internal hosts.

    Any ideas what the symptoms mean? How might my modifications have fouled up the original config such that even XP PPTP VPN no longer works, even after removing the Cisco VPN Client entry on the 506e? 

    Adding insult to injury, after changing and apparently breaking my 506e config, I found out the person whose new Vista machine I was hoping to support is running Vista 64. So the Cisco VPN Client, which is 32-bit only, wouldn't have worked, anyway (figures!). 



    • Proposed as answer by VPN Bloke Tuesday, September 15, 2009 9:53 AM
    Monday, July 6, 2009 7:39 PM
  • This typically happens when migrating from XP to Vista due to auth restrictions on Vista. MSCHAPv1 has been deprecated on Vista so it is possible that when you are connecting from your XP machine, MSCHAPv1 was negotiated between the XP machine and the Cisco VPN server causing the connection to succeed.

    The same may not be working with Vista as MSCHAPv1 support has been removed. If you have already tried out with different auth methods [PAP, CHAP, MSCHAPv2] from your Vista machine and still are not able to connect, then the configuration on the Cisco VPN server probably has only MSCHAPv1 configured causing the connection not to complete.

    It would be great if you can send a netmon capture for your connection attempt on XP and Vista. You can get netmon from www.microsoft.com and send us a capture of the connection attempt from both machines to your VPN server.

    You could also look for solutions for related issues on our blog site or send us an email with the above information at: http://blogs.technet.com/rrasblog


    • Proposed as answer by VPN Bloke Tuesday, September 15, 2009 9:57 AM
    Tuesday, September 15, 2009 9:57 AM