[c-nsp] Cisco VPN and 64 bit Windows

P C pc50000 at gmail.com
Thu Dec 10 11:35:59 EST 2009 

Yes (at least cisco ASA, not sure about IOS) will works fine with the built
in Windows client.  (particularly useful for windows mobile devices without
begin extorted for a SSL vpn license, and then a mobile license on top of
it!).  The only issue is without using certs, there's no tunnel-group
targeting/switching available.

Not a big deal, just use the "defaultRAgroup" or whatever it was called.

Be aware of the strange crypto algorithms Windows supports.  The Windows AES
implementation is a different algorithm than the Cisco device supports, so
it's usually easiest just to use 3des than try to get normal aes-128 or 256
installed and working on the windows box.

As for the 64 bit realm, VPNC works fine.

http://hdc.tamu.edu/reference/documentation/?section_id=892

It can also completely disobey many of your group-policy features on
split-tunneling and password storage :).

Anyconnect does work on IOS now, but it's still a bit buggy for my liking,
will likely requires a memory/flash upgrade on many 18xx, and currently does
NOT support DTLS (or whatever the UDP-encapsulated SSL vpn technology is
called) on IOS platforms.  Due to the lack of hardware acceleration
capability of some of these tasks on this platform and the heavy dependence
on Cisco platforms for hardware acceleration of common tasks due to slow CPU
architectures, I don't know if it ever will.  If you're not doing voice,
this doesn't matter to you.  TCP encapsulating voice over SSL is terrible
though.

With ASA on the other hand, Anyconnect is full-featured and works great!

Personally, I think Cisco did drop the ball here by not having a "64 bit"
vpn solution on IOS until just recently...  But I'm sure it was for
"Business reasons"...

On Thu, Dec 10, 2009 at 7:52 AM, Zisko <zisko.nsp at gmail.com> wrote:

> What is about the built in vpn-client from windows? Connect to a Cisco ASA
> should be possible? Any experiances, someone?
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list