While trying to setup Vista to connect to new client’s network using a VPN, I kept running into problems and could not get it to connect. I was attempting to connect to a PPTP VPN on a Pix 500 series firewall. The error I kept getting was “Failed to connect to VPN Connection”. I tested the connection with XP and was able to connect without any issues.

Come to find out, Microsoft deprecated MSCHAP v1 from Vista! Vista only supports MSCHAP v2, CHAP, and PAP. Cisco does not support MSCHAP v2 in the 6.x line of software for the PIX. Unfortunately, I was connecting to a Pix 501 and did not have the option to upgrade to version 7.x software which does support MSCHAP v2.

Since the only option left is to use CHAP, I had reconfigured the VPN connection in Vista. To do this:

Go to Properties of the VPN connection

-> Security Tab

-> Select Advanced (custom settings)

-> Click Settings

-> Set Data encryption to optional

-> Then check CHAP under Allow these protocols

Now I am able to connect without any problems.

Please note that CHAP should not be considered secure. While it is better than PAP in that is uses encryption, it is only one-way and therefore should be used with caution.