An alternative is to use the client from Shrew Soft. I've used it on Win7 x64 to connect to both ASA and the older 3000. http://www.shrew.net/
-Anders On Thu, Feb 18, 2010 at 5:08 PM, Terry Dickson <[email protected]>wrote: > Not that I can help, but what issues? We still use the Cisco VPN Client > and many of our machines are Win7 64 machines. Since Cisco will not make a > 64bit version of the VPN Client we are looking at the anyconnect solution > also. > > -----Original Message----- > From: Ray [mailto:[email protected]] > Sent: Thursday, February 18, 2010 9:48 AM > To: NT System Admin Issues > Subject: RE: CISCO VPN Client > > We're starting to see some issues with Win7 64 clients connecting. > > -----Original Message----- > From: David W. McSpadden [mailto:[email protected]] > Sent: Thursday, February 18, 2010 8:19 AM > To: NT System Admin Issues > Subject: Re: CISCO VPN Client > > The AnyConnect from Cisco uses a cert and is webbased, it is very easy to > work with and the users are happy with it. > > > -------------------------------------------------- > From: "Charlie Kaiser" <[email protected]> > Sent: Thursday, February 18, 2010 10:14 AM > To: "NT System Admin Issues" <[email protected]> > Subject: RE: CISCO VPN Client > > > Hmmm. Yeah; that's a lot of overhead. Seems a shame to have to switch > apps > > because of a bad guy. That's an effective DOS attack, eh? I'd hesitate to > > switch apps because I'd be afraid they'd do the same thing. But I don't > > know > > the AnyConnect app either. > > > > I seem to remember the VPN client could use certs as part of the auth. I > > wonder if that feature could be utilized to block non-client access? I > > haven't used the Cisco client for a year or so so I don't recall the > > available options. > > > > > > *********************** > > Charlie Kaiser > > [email protected] > > Kingman, AZ > > *********************** > > > >> -----Original Message----- > >> From: David W. McSpadden [mailto:[email protected]] > >> Sent: Thursday, February 18, 2010 7:59 AM > >> To: NT System Admin Issues > >> Subject: Re: CISCO VPN Client > >> > >> They change every 20 or 30 hits. > >> Mostly out of country. > >> I started by setting up rules to block them but then I had > >> about 100 rules to block and it became an all day job. > >> Easier to move the authorized users to AnyConnect which is > >> supported and kill the VPN Client which has end of lifed anyway. > >> > >> > >> -------------------------------------------------- > >> From: "Charlie Kaiser" <[email protected]> > >> Sent: Thursday, February 18, 2010 9:54 AM > >> To: "NT System Admin Issues" <[email protected]> > >> Subject: RE: CISCO VPN Client > >> > >> > Is there a way you can block the source IP(s) before they > >> get to the > >> > VPN endpoint? > >> > > >> > *********************** > >> > Charlie Kaiser > >> > [email protected] > >> > Kingman, AZ > >> > *********************** > >> > > >> >> -----Original Message----- > >> >> From: David W. McSpadden [mailto:[email protected]] > >> >> Sent: Thursday, February 18, 2010 7:45 AM > >> >> To: NT System Admin Issues > >> >> Subject: Re: CISCO VPN Client > >> >> > >> >> I have Kiwi Syslogger setup to email me every failed attempt to > >> >> authenticate through the VPN. > >> >> It went from 2 or 3 a day from lusers to 2500 to 5000 a > >> day and all > >> >> accounts I don't have in AD and all originating from the > >> VPN tunnel. > >> >> So disabling the tunnel didn't work, had to remove the > >> reference to > >> >> the tunnel entirely. Now we are back to 2 or 3 a day. > >> >> > >> >> > >> >> From: Bob Fronk <mailto:[email protected]> > >> >> Sent: Thursday, February 18, 2010 9:25 AM > >> >> To: NT System Admin Issues > >> >> <mailto:[email protected]> > >> >> Subject: RE: CISCO VPN Client > >> >> > >> >> > >> >> How did you discover this was happening? > >> >> > >> >> > >> >> > >> >> From: David W. McSpadden [mailto:[email protected]] > >> >> Sent: Wednesday, February 17, 2010 1:30 PM > >> >> To: NT System Admin Issues > >> >> Subject: Re: CISCO VPN Client > >> >> > >> >> > >> >> > >> >> Ok. I am looking at that area under Remote VPN in > >> Configuration and > >> >> someone has my VPN Client info and they are trying a Brute Force > >> >> Vocab attack to my AD's. So I have moved all my users to > >> AnyConnect > >> >> and I am ready to remove the VPN Client from the ASA or > >> disable it... > >> >> > >> >> > >> >> > >> >> From: Jon Harris <mailto:[email protected]> > >> >> > >> >> Sent: Wednesday, February 17, 2010 1:24 PM > >> >> > >> >> To: NT System Admin Issues > >> >> <mailto:[email protected]> > >> >> > >> >> Subject: Re: CISCO VPN Client > >> >> > >> >> > >> >> > >> >> Why are you getting rid of the VPN client? You don't > >> remove it you > >> >> disable it on the ASA. Just make sure all the rules are > >> correct for > >> >> the ASA first. > >> >> > >> >> > >> >> > >> >> Jon > >> >> > >> >> On Wed, Feb 17, 2010 at 1:13 PM, David W. McSpadden > >> <[email protected]> > >> >> wrote: > >> >> > >> >> > >> >> > >> >> Actually on the ASA. I think I have it found now but I am still > >> >> testing. > >> >> > >> >> From: Jon Harris <mailto:[email protected]> > >> >> > >> >> Sent: Wednesday, February 17, 2010 12:10 PM > >> >> > >> >> To: NT System Admin Issues > >> >> <mailto:[email protected]> > >> >> > >> >> Subject: Re: CISCO VPN Client > >> >> > >> >> > >> >> > >> >> Remove it is the best, they install into the same root directory > >> >> under Program Files but have separate directories under > >> that. They > >> >> are separate programs as Microsoft sees them. > >> >> > >> >> > >> >> > >> >> Jon > >> >> > >> >> On Wed, Feb 17, 2010 at 8:07 AM, David W. McSpadden > >> <[email protected]> > >> >> wrote: > >> >> > >> >> Anyone point me on how to Disable the old CISCO VPN Client > >> and leave > >> >> the AnyConnect still enabled? > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> > > >> > > >> > ~ Finally, powerful endpoint security that ISN'T a resource > >> hog! ~ ~ > >> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > > >> > >> > >> ~ Finally, powerful endpoint security that ISN'T a resource > >> hog! ~ ~ > >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
