Don't have any of those yet so I don't know how to work with them.
--------------------------------------------------
From: "Ray" <[email protected]>
Sent: Thursday, February 18, 2010 10:48 AM
To: "NT System Admin Issues" <[email protected]>
Subject: RE: CISCO VPN Client
We're starting to see some issues with Win7 64 clients connecting.
-----Original Message-----
From: David W. McSpadden [mailto:[email protected]]
Sent: Thursday, February 18, 2010 8:19 AM
To: NT System Admin Issues
Subject: Re: CISCO VPN Client
The AnyConnect from Cisco uses a cert and is webbased, it is very easy to
work with and the users are happy with it.
--------------------------------------------------
From: "Charlie Kaiser" <[email protected]>
Sent: Thursday, February 18, 2010 10:14 AM
To: "NT System Admin Issues" <[email protected]>
Subject: RE: CISCO VPN Client
Hmmm. Yeah; that's a lot of overhead. Seems a shame to have to switch
apps
because of a bad guy. That's an effective DOS attack, eh? I'd hesitate to
switch apps because I'd be afraid they'd do the same thing. But I don't
know
the AnyConnect app either.
I seem to remember the VPN client could use certs as part of the auth. I
wonder if that feature could be utilized to block non-client access? I
haven't used the Cisco client for a year or so so I don't recall the
available options.
***********************
Charlie Kaiser
[email protected]
Kingman, AZ
***********************
-----Original Message-----
From: David W. McSpadden [mailto:[email protected]]
Sent: Thursday, February 18, 2010 7:59 AM
To: NT System Admin Issues
Subject: Re: CISCO VPN Client
They change every 20 or 30 hits.
Mostly out of country.
I started by setting up rules to block them but then I had
about 100 rules to block and it became an all day job.
Easier to move the authorized users to AnyConnect which is
supported and kill the VPN Client which has end of lifed anyway.
--------------------------------------------------
From: "Charlie Kaiser" <[email protected]>
Sent: Thursday, February 18, 2010 9:54 AM
To: "NT System Admin Issues" <[email protected]>
Subject: RE: CISCO VPN Client
> Is there a way you can block the source IP(s) before they
get to the
> VPN endpoint?
>
> ***********************
> Charlie Kaiser
> [email protected]
> Kingman, AZ
> ***********************
>
>> -----Original Message-----
>> From: David W. McSpadden [mailto:[email protected]]
>> Sent: Thursday, February 18, 2010 7:45 AM
>> To: NT System Admin Issues
>> Subject: Re: CISCO VPN Client
>>
>> I have Kiwi Syslogger setup to email me every failed attempt to
>> authenticate through the VPN.
>> It went from 2 or 3 a day from lusers to 2500 to 5000 a
day and all
>> accounts I don't have in AD and all originating from the
VPN tunnel.
>> So disabling the tunnel didn't work, had to remove the
reference to
>> the tunnel entirely. Now we are back to 2 or 3 a day.
>>
>>
>> From: Bob Fronk <mailto:[email protected]>
>> Sent: Thursday, February 18, 2010 9:25 AM
>> To: NT System Admin Issues
>> <mailto:[email protected]>
>> Subject: RE: CISCO VPN Client
>>
>>
>> How did you discover this was happening?
>>
>>
>>
>> From: David W. McSpadden [mailto:[email protected]]
>> Sent: Wednesday, February 17, 2010 1:30 PM
>> To: NT System Admin Issues
>> Subject: Re: CISCO VPN Client
>>
>>
>>
>> Ok. I am looking at that area under Remote VPN in
Configuration and
>> someone has my VPN Client info and they are trying a Brute Force
>> Vocab attack to my AD's. So I have moved all my users to
AnyConnect
>> and I am ready to remove the VPN Client from the ASA or
disable it...
>>
>>
>>
>> From: Jon Harris <mailto:[email protected]>
>>
>> Sent: Wednesday, February 17, 2010 1:24 PM
>>
>> To: NT System Admin Issues
>> <mailto:[email protected]>
>>
>> Subject: Re: CISCO VPN Client
>>
>>
>>
>> Why are you getting rid of the VPN client? You don't
remove it you
>> disable it on the ASA. Just make sure all the rules are
correct for
>> the ASA first.
>>
>>
>>
>> Jon
>>
>> On Wed, Feb 17, 2010 at 1:13 PM, David W. McSpadden
<[email protected]>
>> wrote:
>>
>>
>>
>> Actually on the ASA. I think I have it found now but I am still
>> testing.
>>
>> From: Jon Harris <mailto:[email protected]>
>>
>> Sent: Wednesday, February 17, 2010 12:10 PM
>>
>> To: NT System Admin Issues
>> <mailto:[email protected]>
>>
>> Subject: Re: CISCO VPN Client
>>
>>
>>
>> Remove it is the best, they install into the same root directory
>> under Program Files but have separate directories under
that. They
>> are separate programs as Microsoft sees them.
>>
>>
>>
>> Jon
>>
>> On Wed, Feb 17, 2010 at 8:07 AM, David W. McSpadden
<[email protected]>
>> wrote:
>>
>> Anyone point me on how to Disable the old CISCO VPN Client
and leave
>> the AnyConnect still enabled?
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource
hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
~ Finally, powerful endpoint security that ISN'T a resource
hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
