Re: [c-nsp] Cisco VPN and 64 bit Windows
I was just wondering, what kind of VPN software people use for Windows mobile to connect to Cisco. I know, Anyconnecy is one option. But what about IPSEC? Aivars Gert Doering g...@greenie.muc.de writes: Not that they are willing to ship an IPSEC VPN client for 64 bit windows... There are vendors other than C and J, and one of them recently lowered the price for its basic PC client software (available for 64-bit Windows as well) to 0... /Benny ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Hi, Agreed. The Cisco IPSec Client on OS X is notorious causing kernel panics. ;-( Kaj From: Ian Henderson i...@ianh.net.au Date: Wed, 9 Dec 2009 20:13:31 -0800 To: Marc Haber mh+cisco-...@zugschlus.de Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco VPN and 64 bit Windows - I'm not 100% keen on the Mac client. Its clunky and obtrusive. Apple only just got around to including IPSec under Snow Leopard, and have had it on the iPhone for ages. But getting the Apples of the world to include Cisco SSL? By then we'll have yet another VPN technology. The Windows client is a bit better. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
What is about the built in vpn-client from windows? Connect to a Cisco ASA should be possible? Any experiances, someone? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Never had one in the last two years (10.5 through 10.6.2), connected pretty much constantly. TIA, Andrew -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Kaj Niemi Sent: Thursday, December 10, 2009 6:03 AM To: Ian Henderson; Marc Haber Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco VPN and 64 bit Windows Hi, Agreed. The Cisco IPSec Client on OS X is notorious causing kernel panics. ;-( Kaj From: Ian Henderson i...@ianh.net.au Date: Wed, 9 Dec 2009 20:13:31 -0800 To: Marc Haber mh+cisco-...@zugschlus.de Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco VPN and 64 bit Windows - I'm not 100% keen on the Mac client. Its clunky and obtrusive. Apple only just got around to including IPSec under Snow Leopard, and have had it on the iPhone for ages. But getting the Apples of the world to include Cisco SSL? By then we'll have yet another VPN technology. The Windows client is a bit better. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Yes (at least cisco ASA, not sure about IOS) will works fine with the built in Windows client. (particularly useful for windows mobile devices without begin extorted for a SSL vpn license, and then a mobile license on top of it!). The only issue is without using certs, there's no tunnel-group targeting/switching available. Not a big deal, just use the defaultRAgroup or whatever it was called. Be aware of the strange crypto algorithms Windows supports. The Windows AES implementation is a different algorithm than the Cisco device supports, so it's usually easiest just to use 3des than try to get normal aes-128 or 256 installed and working on the windows box. As for the 64 bit realm, VPNC works fine. http://hdc.tamu.edu/reference/documentation/?section_id=892 It can also completely disobey many of your group-policy features on split-tunneling and password storage :). Anyconnect does work on IOS now, but it's still a bit buggy for my liking, will likely requires a memory/flash upgrade on many 18xx, and currently does NOT support DTLS (or whatever the UDP-encapsulated SSL vpn technology is called) on IOS platforms. Due to the lack of hardware acceleration capability of some of these tasks on this platform and the heavy dependence on Cisco platforms for hardware acceleration of common tasks due to slow CPU architectures, I don't know if it ever will. If you're not doing voice, this doesn't matter to you. TCP encapsulating voice over SSL is terrible though. With ASA on the other hand, Anyconnect is full-featured and works great! Personally, I think Cisco did drop the ball here by not having a 64 bit vpn solution on IOS until just recently... But I'm sure it was for Business reasons... On Thu, Dec 10, 2009 at 7:52 AM, Zisko zisko@gmail.com wrote: What is about the built in vpn-client from windows? Connect to a Cisco ASA should be possible? Any experiances, someone? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
My experiences are quite the opposite, pretty much a crash once every two weeks on macbook pros for the last 4 years. Kaj From: Tolstykh, Andrew atolst...@integrysgroup.com Date: Thu, 10 Dec 2009 07:04:07 -0800 To: Kaj Niemi kaj...@a51.org, Ian Henderson i...@ianh.net.au, Marc Haber mh+cisco-...@zugschlus.de Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Cisco VPN and 64 bit Windows Never had one in the last two years (10.5 through 10.6.2), connected pretty much constantly. TIA, Andrew -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Kaj Niemi Sent: Thursday, December 10, 2009 6:03 AM To: Ian Henderson; Marc Haber Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco VPN and 64 bit Windows Hi, Agreed. The Cisco IPSec Client on OS X is notorious causing kernel panics. ;-( Kaj From: Ian Henderson i...@ianh.net.au Date: Wed, 9 Dec 2009 20:13:31 -0800 To: Marc Haber mh+cisco-...@zugschlus.de Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco VPN and 64 bit Windows - I'm not 100% keen on the Mac client. Its clunky and obtrusive. Apple only just got around to including IPSec under Snow Leopard, and have had it on the iPhone for ages. But getting the Apples of the world to include Cisco SSL? By then we'll have yet another VPN technology. The Windows client is a bit better. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
The short answer is... no. Cisco said they will never release a 64-bit version of their VPN Client. However, Anyconnect has a 64-bit variant, however, this requires a separate license for the ASA... There is a third-party VPN client for 64-bit that works fine: http://www.ncp-e.com/en.html Jonathan On Wed, Dec 9, 2009 at 9:20 AM, Marc Haber mh+cisco-...@zugschlus.de wrote: Hi, at a number of customer sites, we run a VPN service for mobile users. Since we usually are not in charge of the firewall that is in place there, we have the following construction Internet | -- |Firewall|-|VPN Router| -- | internal network The VPN router is usually an 1841, and the mobile users have the standard Cisco VPN client for IPSEC (the one with the nice .pcf files and which is currently shipping as version 5.0.04.0300). This works just fine, and we would really like to stay with this setup for some time. Unfortunately, Cisco seems to have decided to not ship the standard VPN client for 64 bit Windows variants, which are increasingly often used out in the wild. They refer to the AnyConnect VPN Client which, to my knowledge, can only connect to an ASA and not to an IOS device. Can anybody here tell me whether there will be a possibility available to connect from 64 bit Windows to an IOS device? Any hints will be appreciated. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things. Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
this one is free: www.shrewsoft.com Regards, Ge Moua | Email: moua0...@umn.edu Network Design Engineer University of Minnesota | Networking Telecommunications Services Jonathan Charles wrote: The short answer is... no. Cisco said they will never release a 64-bit version of their VPN Client. However, Anyconnect has a 64-bit variant, however, this requires a separate license for the ASA... There is a third-party VPN client for 64-bit that works fine: http://www.ncp-e.com/en.html Jonathan On Wed, Dec 9, 2009 at 9:20 AM, Marc Haber mh+cisco-...@zugschlus.de wrote: Hi, at a number of customer sites, we run a VPN service for mobile users. Since we usually are not in charge of the firewall that is in place there, we have the following construction Internet | -- |Firewall|-|VPN Router| -- | internal network The VPN router is usually an 1841, and the mobile users have the standard Cisco VPN client for IPSEC (the one with the nice .pcf files and which is currently shipping as version 5.0.04.0300). This works just fine, and we would really like to stay with this setup for some time. Unfortunately, Cisco seems to have decided to not ship the standard VPN client for 64 bit Windows variants, which are increasingly often used out in the wild. They refer to the AnyConnect VPN Client which, to my knowledge, can only connect to an ASA and not to an IOS device. Can anybody here tell me whether there will be a possibility available to connect from 64 bit Windows to an IOS device? Any hints will be appreciated. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Does anyone know of a way or if it is possible to have the Shrew client send its client type and version. I use client access rules so I would like to restrict this to specific versions. Currently it doesn't send anything. Thanks, Nick -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ge Moua Sent: Wednesday, December 09, 2009 11:34 AM To: Jonathan Charles Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco VPN and 64 bit Windows this one is free: www.shrewsoft.com Regards, Ge Moua | Email: moua0...@umn.edu Network Design Engineer University of Minnesota | Networking Telecommunications Services Jonathan Charles wrote: The short answer is... no. Cisco said they will never release a 64-bit version of their VPN Client. However, Anyconnect has a 64-bit variant, however, this requires a separate license for the ASA... There is a third-party VPN client for 64-bit that works fine: http://www.ncp-e.com/en.html Jonathan On Wed, Dec 9, 2009 at 9:20 AM, Marc Haber mh+cisco-...@zugschlus.de wrote: Hi, at a number of customer sites, we run a VPN service for mobile users. Since we usually are not in charge of the firewall that is in place there, we have the following construction Internet | -- |Firewall|-|VPN Router| -- | internal network The VPN router is usually an 1841, and the mobile users have the standard Cisco VPN client for IPSEC (the one with the nice .pcf files and which is currently shipping as version 5.0.04.0300). This works just fine, and we would really like to stay with this setup for some time. Unfortunately, Cisco seems to have decided to not ship the standard VPN client for 64 bit Windows variants, which are increasingly often used out in the wild. They refer to the AnyConnect VPN Client which, to my knowledge, can only connect to an ASA and not to an IOS device. Can anybody here tell me whether there will be a possibility available to connect from 64 bit Windows to an IOS device? Any hints will be appreciated. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Jonathan Charles wrote: The short answer is... no. Cisco said they will never release a 64-bit version of their VPN Client. So how does the cisco solution work on new systems going forward? -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
NCP Client triggered the below in our case. Make sure your local pool does not leak IPs. CSCtd63032 Bug Details IOS EzVPN server leaking local IP pool Symptom: IOS EzVPN server leak local pool addresses under some conditions with some 3rd party VPN clients Make sure your local pool does not leak IPs. Thanks, Ozgur --- On Wed, 9/12/09, Jonathan Charles jonv...@gmail.com wrote: From: Jonathan Charles jonv...@gmail.com Subject: Re: [c-nsp] Cisco VPN and 64 bit Windows To: Marc Haber mh+cisco-...@zugschlus.de Cc: cisco-nsp@puck.nether.net Date: Wednesday, 9 December, 2009, 16:20 The short answer is... no. Cisco said they will never release a 64-bit version of their VPN Client. However, Anyconnect has a 64-bit variant, however, this requires a separate license for the ASA... There is a third-party VPN client for 64-bit that works fine: http://www.ncp-e.com/en.html Jonathan On Wed, Dec 9, 2009 at 9:20 AM, Marc Haber mh+cisco-...@zugschlus.de wrote: Hi, at a number of customer sites, we run a VPN service for mobile users. Since we usually are not in charge of the firewall that is in place there, we have the following construction Internet | -- |Firewall|-|VPN Router| -- | internal network The VPN router is usually an 1841, and the mobile users have the standard Cisco VPN client for IPSEC (the one with the nice .pcf files and which is currently shipping as version 5.0.04.0300). This works just fine, and we would really like to stay with this setup for some time. Unfortunately, Cisco seems to have decided to not ship the standard VPN client for 64 bit Windows variants, which are increasingly often used out in the wild. They refer to the AnyConnect VPN Client which, to my knowledge, can only connect to an ASA and not to an IOS device. Can anybody here tell me whether there will be a possibility available to connect from 64 bit Windows to an IOS device? Any hints will be appreciated. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things. Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Really, the best solution here is to run a 3rd party VPN client. This is the best plan unless you want to migrate to anyconnect. We use VPNC with Linux and the built in Mac VPN support and there are several decent free 64 bit windows options. - Original Message - From: Bryan Fields br...@bryanfields.net To: cisco-nsp@puck.nether.net Sent: Wednesday, December 09, 2009 8:44 AM Subject: Re: [c-nsp] Cisco VPN and 64 bit Windows Jonathan Charles wrote: The short answer is... no. Cisco said they will never release a 64-bit version of their VPN Client. So how does the cisco solution work on new systems going forward? -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Hi, On Wed, Dec 09, 2009 at 10:20:27AM -0600, Jonathan Charles wrote: The short answer is... no. So, IPSEC with a dedicated out-of-browser software is dead? However, Anyconnect has a 64-bit variant, however, this requires a separate license for the ASA... I don't have ASAs, and I don't want them. There is a third-party VPN client for 64-bit that works fine: http://www.ncp-e.com/en.html Very very expensive. I am not sure whether the clients will shell out that kind of money. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Hi, On Wed, Dec 09, 2009 at 11:44:02AM -0500, Bryan Fields wrote: Jonathan Charles wrote: The short answer is... no. Cisco said they will never release a 64-bit version of their VPN Client. So how does the cisco solution work on new systems going forward? Give money to Cisco and buy new boxes. Does that surprise anyone? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp2bbNDkhEg2.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
-Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Gert Doering Sent: Wednesday, December 09, 2009 1:18 PM To: Bryan Fields Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco VPN and 64 bit Windows Hi, On Wed, Dec 09, 2009 at 11:44:02AM -0500, Bryan Fields wrote: Jonathan Charles wrote: The short answer is... no. Cisco said they will never release a 64-bit version of their VPN Client. So how does the cisco solution work on new systems going forward? Give money to Cisco and buy new boxes. Does that surprise anyone? Which is why we opted to migrate all of our VPN to Juniper :-) Best regards, Jim LITTLEFIELD Information Technology Office: +1 401 276 4457 james.littlefi...@3ds.com This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged. If you are not one of the named recipients or have received this email in error, (i) you should not read, disclose, or copy it, (ii) please notify sender of your receipt by reply email and delete this email and all attachments, (iii) Dassault Systemes does not accept or assume any liability or responsibility for any use of or reliance on this email.For other languages, go to http://www.3ds.com/terms/email-disclaimer. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Have you looked into IOS SSL VPN? AnyConnect will work on IOS and supports 64 bit OS. http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/product_data_sheet0900aecd80405e25.html Brian On Wed, Dec 9, 2009 at 9:20 AM, Marc Haber mh+cisco-...@zugschlus.demh%2bcisco-...@zugschlus.de wrote: Hi, at a number of customer sites, we run a VPN service for mobile users. Since we usually are not in charge of the firewall that is in place there, we have the following construction Internet | -- |Firewall|-|VPN Router| -- | internal network The VPN router is usually an 1841, and the mobile users have the standard Cisco VPN client for IPSEC (the one with the nice .pcf files and which is currently shipping as version 5.0.04.0300). This works just fine, and we would really like to stay with this setup for some time. Unfortunately, Cisco seems to have decided to not ship the standard VPN client for 64 bit Windows variants, which are increasingly often used out in the wild. They refer to the AnyConnect VPN Client which, to my knowledge, can only connect to an ASA and not to an IOS device. Can anybody here tell me whether there will be a possibility available to connect from 64 bit Windows to an IOS device? Any hints will be appreciated. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
On 09.12.2009 16:20, Marc Haber wrote: Unfortunately, Cisco seems to have decided to not ship the standard VPN client for 64 bit Windows variants, which are increasingly often used out in the wild. They refer to the AnyConnect VPN Client which, to my knowledge, can only connect to an ASA and not to an IOS device. I just checked with our Cisco distributor, who after a week was finally able to inform me that there are in fact SSL VPN licenses for IOS routers like the 1841 ... e.g. article ID FL-WEBVPN-10-K9 ... haven't tried it out yet, though ... -garry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Hi, On Wed, Dec 09, 2009 at 09:43:22AM -0800, Scott Granados wrote: This is the best plan unless you want to migrate to anyconnect. What are the (dis)advantages of anyconnect? Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Hi, On Wed, Dec 09, 2009 at 08:16:40PM +0100, Marc Haber wrote: On Wed, Dec 09, 2009 at 09:43:22AM -0800, Scott Granados wrote: This is the best plan unless you want to migrate to anyconnect. What are the (dis)advantages of anyconnect? Extra license cost, vendor lock-in, no open standard. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgplYb5qd28vr.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Hi, On Wed, Dec 09, 2009 at 01:32:27PM -0500, LITTLEFIELD James wrote: Which is why we opted to migrate all of our VPN to Juniper :-) Not that they are willing to ship an IPSEC VPN client for 64 bit windows... But you can buy our SSL VPN appliance!!! (which isn't even a proper Junos box). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp78oOJcYUE9.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
On Wed, Dec 09, 2009 at 09:16:35PM +0100, Gert Doering wrote: On Wed, Dec 09, 2009 at 08:16:40PM +0100, Marc Haber wrote: On Wed, Dec 09, 2009 at 09:43:22AM -0800, Scott Granados wrote: This is the best plan unless you want to migrate to anyconnect. What are the (dis)advantages of anyconnect? Extra license cost, vendor lock-in, no open standard. As if Cisco's IPSEC was particularly interoperable. Any alternatives? Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Marc Haber wrote: On Wed, Dec 09, 2009 at 09:16:35PM +0100, Gert Doering wrote: On Wed, Dec 09, 2009 at 08:16:40PM +0100, Marc Haber wrote: On Wed, Dec 09, 2009 at 09:43:22AM -0800, Scott Granados wrote: This is the best plan unless you want to migrate to anyconnect. What are the (dis)advantages of anyconnect? Extra license cost, vendor lock-in, no open standard. As if Cisco's IPSEC was particularly interoperable. Any alternatives? Well, there's always the don't use Cisco option. I think all of the Cisco options have already been covered. ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Hi, On Wed, Dec 09, 2009 at 09:36:53PM +0100, Marc Haber wrote: As if Cisco's IPSEC was particularly interoperable. Now that's the basic problem with IPSEC. IPSEC as it is is not really suited for road-warrior auto-conf type setups, and as such, vendors had to improve it... Any alternatives? OpenVPN. Also sucks, especially on Windows, but regarding portability and configuration magic, I'm a big fan of it :-) (Linksys WRT54GL + OpenWRT makes a really nice OpenVPN server... but yes, this not easy to roll out in a commercial environment) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpsP588MSJKV.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Hi, On Wed, Dec 09, 2009 at 01:32:27PM -0500, LITTLEFIELD James wrote: Which is why we opted to migrate all of our VPN to Juniper :-) We migrated from Netscreen to Cisco a few years ago after the XP SP2 desaster of the Juniper NSR Client. Additionally, the VPN connections with the Cisco gear are _much_ more stable than Netscreen ever was. This is sad, as I really like the Netscreen stuff[1], but true. Greetings Marc [1] Juniper is making it really hard to sell and support Netscreens for a small shop in the last months, so we might to ditch them for Firewalls as well -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
You can also have accessibility concerns if you use some of the SSL VPN offerings. If you have low vision users it's something to consider. - Original Message - From: Marc Haber mh+cisco-...@zugschlus.de To: cisco-nsp@puck.nether.net Sent: Wednesday, December 09, 2009 12:36 PM Subject: Re: [c-nsp] Cisco VPN and 64 bit Windows On Wed, Dec 09, 2009 at 09:16:35PM +0100, Gert Doering wrote: On Wed, Dec 09, 2009 at 08:16:40PM +0100, Marc Haber wrote: On Wed, Dec 09, 2009 at 09:43:22AM -0800, Scott Granados wrote: This is the best plan unless you want to migrate to anyconnect. What are the (dis)advantages of anyconnect? Extra license cost, vendor lock-in, no open standard. As if Cisco's IPSEC was particularly interoperable. Any alternatives? Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
Gert Doering g...@greenie.muc.de writes: Not that they are willing to ship an IPSEC VPN client for 64 bit windows... There are vendors other than C and J, and one of them recently lowered the price for its basic PC client software (available for 64-bit Windows as well) to 0... /Benny ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco VPN and 64 bit Windows
On Wed, 9 Dec 2009, Marc Haber wrote: What are the (dis)advantages of anyconnect? - It works in more places than IPSec - mostly hotels with dodgy firewalls. - Its easier to configure for the user. Send them to a URL, enter username and password, client downloads, installs, configures itself. - I'm not 100% keen on the Mac client. Its clunky and obtrusive. Apple only just got around to including IPSec under Snow Leopard, and have had it on the iPhone for ages. But getting the Apples of the world to include Cisco SSL? By then we'll have yet another VPN technology. The Windows client is a bit better. - Modifying VPN filter lists using the IPSec client on the ASA was instant. Anyconnect/SSL requires a reconnect for access-list changes to apply. Rgds, - I. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
