You may be unable to use a Cisco VPN client and IPsec at the same time in Windows XP or in Windows 2000 or in Windows Server 2003

Symptoms

You may be unable to use the following components at the same time in Microsoft Windows XP, in Microsoft Windows 2000, or in Microsoft Windows Server 2003 Standard Edition with Service Pack 1 (SP1):

  • A Cisco virtual private network (VPN) client
  • The Internet Protocol security (IPsec) implementation that is built into Windows XP, Windows 2000, and Windows Server 2003
In this situation, you cannot use a VPN tunnel to access resources on an enterprise network on which Domain and Server Isolation policies are deployed.

Resolution

This issue is resolved in Cisco VPN Client v4.8.1, and in newer versions. These versions of the Cisco VPN Client are compatible with Windows IPsec for computers that are running Windows XP, Windows 2000, or Windows Server 2003 Standard Edition with SP1.

Obtain the Cisco VPN Client

Cisco VPN Client v4.8.1 or a later version is available for download. To obtain the Cisco VPN Client, visit the following Cisco Web site:
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.


Note To access Cisco VPN Client at this site, you must have a maintenance agreement with Cisco and provide password credentials.




Edit the connection profile of the Cisco VPN Client

After you install a compatible Cisco VPN Client, you must then edit the PCF connection profile file. The "UseLegacyIKEPort=0" flag must be added to the Cisco VPN Client PCF connection profile file for coexistence to work. By default, this file has a .pcf file name extension and is in the following location:

C:\program files\cisco systems\vpn client\profiles\profilename.pcf
Note The location of the profilename.pcf file may be different if a customized installer was used.



Open the PCF file by using a text editor such as Notepad, and then add the following keyword and value under the [main] section:
UseLegacyIKEPort=0

More Information

For more information about the coexistence issues that frequently occur between third-party VPN client products and the IPsec implementation that is built into Windows, visit the following Microsoft Web site:

The information and the solution in this document represents the current view of Microsoft Corporation on these issues as of the date of publication. This solution is available through Microsoft or through a third-party provider. Microsoft does not specifically recommend any third-party provider or third-party solution that this article might describe. There might also be other third-party providers or third-party solutions that this article does not describe. Because Microsoft must respond to changing market conditions, this information should not be interpreted to be a commitment by Microsoft. Microsoft cannot guarantee or endorse the accuracy of any information or of any solution that is presented by Microsoft or by any mentioned third-party provider.


Microsoft makes no warranties and excludes all representations, warranties, and conditions whether express, implied, or statutory. These include but are not limited to representations, warranties, or conditions of title, non-infringement, satisfactory condition, merchantability, and fitness for a particular purpose, with regard to any service, solution, product, or any other materials or information. In no event will Microsoft be liable for any third-party solution that this article mentions.
The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Properties

Article ID: 928310 - Last Review: Jan 4, 2008 - Revision: 1

Feedback