We're starting to get more people upgrading their home computers. I'm one of those people.
-----Original Message----- From: David W. McSpadden [mailto:[email protected]] Sent: Thursday, February 18, 2010 8:57 AM To: NT System Admin Issues Subject: Re: CISCO VPN Client Don't have any of those yet so I don't know how to work with them. -------------------------------------------------- From: "Ray" <[email protected]> Sent: Thursday, February 18, 2010 10:48 AM To: "NT System Admin Issues" <[email protected]> Subject: RE: CISCO VPN Client > We're starting to see some issues with Win7 64 clients connecting. > > -----Original Message----- > From: David W. McSpadden [mailto:[email protected]] > Sent: Thursday, February 18, 2010 8:19 AM > To: NT System Admin Issues > Subject: Re: CISCO VPN Client > > The AnyConnect from Cisco uses a cert and is webbased, it is very easy to > work with and the users are happy with it. > > > -------------------------------------------------- > From: "Charlie Kaiser" <[email protected]> > Sent: Thursday, February 18, 2010 10:14 AM > To: "NT System Admin Issues" <[email protected]> > Subject: RE: CISCO VPN Client > >> Hmmm. Yeah; that's a lot of overhead. Seems a shame to have to switch >> apps >> because of a bad guy. That's an effective DOS attack, eh? I'd hesitate to >> switch apps because I'd be afraid they'd do the same thing. But I don't >> know >> the AnyConnect app either. >> >> I seem to remember the VPN client could use certs as part of the auth. I >> wonder if that feature could be utilized to block non-client access? I >> haven't used the Cisco client for a year or so so I don't recall the >> available options. >> >> >> *********************** >> Charlie Kaiser >> [email protected] >> Kingman, AZ >> *********************** >> >>> -----Original Message----- >>> From: David W. McSpadden [mailto:[email protected]] >>> Sent: Thursday, February 18, 2010 7:59 AM >>> To: NT System Admin Issues >>> Subject: Re: CISCO VPN Client >>> >>> They change every 20 or 30 hits. >>> Mostly out of country. >>> I started by setting up rules to block them but then I had >>> about 100 rules to block and it became an all day job. >>> Easier to move the authorized users to AnyConnect which is >>> supported and kill the VPN Client which has end of lifed anyway. >>> >>> >>> -------------------------------------------------- >>> From: "Charlie Kaiser" <[email protected]> >>> Sent: Thursday, February 18, 2010 9:54 AM >>> To: "NT System Admin Issues" <[email protected]> >>> Subject: RE: CISCO VPN Client >>> >>> > Is there a way you can block the source IP(s) before they >>> get to the >>> > VPN endpoint? >>> > >>> > *********************** >>> > Charlie Kaiser >>> > [email protected] >>> > Kingman, AZ >>> > *********************** >>> > >>> >> -----Original Message----- >>> >> From: David W. McSpadden [mailto:[email protected]] >>> >> Sent: Thursday, February 18, 2010 7:45 AM >>> >> To: NT System Admin Issues >>> >> Subject: Re: CISCO VPN Client >>> >> >>> >> I have Kiwi Syslogger setup to email me every failed attempt to >>> >> authenticate through the VPN. >>> >> It went from 2 or 3 a day from lusers to 2500 to 5000 a >>> day and all >>> >> accounts I don't have in AD and all originating from the >>> VPN tunnel. >>> >> So disabling the tunnel didn't work, had to remove the >>> reference to >>> >> the tunnel entirely. Now we are back to 2 or 3 a day. >>> >> >>> >> >>> >> From: Bob Fronk <mailto:[email protected]> >>> >> Sent: Thursday, February 18, 2010 9:25 AM >>> >> To: NT System Admin Issues >>> >> <mailto:[email protected]> >>> >> Subject: RE: CISCO VPN Client >>> >> >>> >> >>> >> How did you discover this was happening? >>> >> >>> >> >>> >> >>> >> From: David W. McSpadden [mailto:[email protected]] >>> >> Sent: Wednesday, February 17, 2010 1:30 PM >>> >> To: NT System Admin Issues >>> >> Subject: Re: CISCO VPN Client >>> >> >>> >> >>> >> >>> >> Ok. I am looking at that area under Remote VPN in >>> Configuration and >>> >> someone has my VPN Client info and they are trying a Brute Force >>> >> Vocab attack to my AD's. So I have moved all my users to >>> AnyConnect >>> >> and I am ready to remove the VPN Client from the ASA or >>> disable it... >>> >> >>> >> >>> >> >>> >> From: Jon Harris <mailto:[email protected]> >>> >> >>> >> Sent: Wednesday, February 17, 2010 1:24 PM >>> >> >>> >> To: NT System Admin Issues >>> >> <mailto:[email protected]> >>> >> >>> >> Subject: Re: CISCO VPN Client >>> >> >>> >> >>> >> >>> >> Why are you getting rid of the VPN client? You don't >>> remove it you >>> >> disable it on the ASA. Just make sure all the rules are >>> correct for >>> >> the ASA first. >>> >> >>> >> >>> >> >>> >> Jon >>> >> >>> >> On Wed, Feb 17, 2010 at 1:13 PM, David W. McSpadden >>> <[email protected]> >>> >> wrote: >>> >> >>> >> >>> >> >>> >> Actually on the ASA. I think I have it found now but I am still >>> >> testing. >>> >> >>> >> From: Jon Harris <mailto:[email protected]> >>> >> >>> >> Sent: Wednesday, February 17, 2010 12:10 PM >>> >> >>> >> To: NT System Admin Issues >>> >> <mailto:[email protected]> >>> >> >>> >> Subject: Re: CISCO VPN Client >>> >> >>> >> >>> >> >>> >> Remove it is the best, they install into the same root directory >>> >> under Program Files but have separate directories under >>> that. They >>> >> are separate programs as Microsoft sees them. >>> >> >>> >> >>> >> >>> >> Jon >>> >> >>> >> On Wed, Feb 17, 2010 at 8:07 AM, David W. McSpadden >>> <[email protected]> >>> >> wrote: >>> >> >>> >> Anyone point me on how to Disable the old CISCO VPN Client >>> and leave >>> >> the AnyConnect still enabled? >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> > >>> > >>> > ~ Finally, powerful endpoint security that ISN'T a resource >>> hog! ~ ~ >>> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> > >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource >>> hog! ~ ~ >>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
