Yes (at least cisco ASA, not sure about IOS) will works fine with the built in Windows client. (particularly useful for windows mobile devices without begin extorted for a SSL vpn license, and then a mobile license on top of it!). The only issue is without using certs, there's no tunnel-group targeting/switching available.
Not a big deal, just use the "defaultRAgroup" or whatever it was called. Be aware of the strange crypto algorithms Windows supports. The Windows AES implementation is a different algorithm than the Cisco device supports, so it's usually easiest just to use 3des than try to get normal aes-128 or 256 installed and working on the windows box. As for the 64 bit realm, VPNC works fine. http://hdc.tamu.edu/reference/documentation/?section_id=892 It can also completely disobey many of your group-policy features on split-tunneling and password storage :). Anyconnect does work on IOS now, but it's still a bit buggy for my liking, will likely requires a memory/flash upgrade on many 18xx, and currently does NOT support DTLS (or whatever the UDP-encapsulated SSL vpn technology is called) on IOS platforms. Due to the lack of hardware acceleration capability of some of these tasks on this platform and the heavy dependence on Cisco platforms for hardware acceleration of common tasks due to slow CPU architectures, I don't know if it ever will. If you're not doing voice, this doesn't matter to you. TCP encapsulating voice over SSL is terrible though. With ASA on the other hand, Anyconnect is full-featured and works great! Personally, I think Cisco did drop the ball here by not having a "64 bit" vpn solution on IOS until just recently... But I'm sure it was for "Business reasons"... On Thu, Dec 10, 2009 at 7:52 AM, Zisko <zisko....@gmail.com> wrote: > What is about the built in vpn-client from windows? Connect to a Cisco ASA > should be possible? Any experiances, someone? > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/