[c-nsp] Linux VPN client suggestion?
Charles Klement
cjk at klement.org
Thu Nov 5 16:20:06 EST 2009
Oh well, I guess policy enforcement will just have to be via the HR
department rather than a technical solution. :)
On Thu, Nov 5, 2009 at 12:59 PM, Eloy Paris <elparis at cisco.com> wrote:
> Hi Charles,
>
> On Thu, Nov 05, 2009 at 10:48:29AM -0800, Charles Klement wrote:
>
> > One important thing to remember is that VPNC can ignore pretty much
> > any policy sent down from the concentrator. This includes split
> > tunnelling as well as client versioning.
> >
> > This is one of the reasons that I've been pushing the company I work
> > for towards anyconnect.
>
> I would think that OpenConnect (OpenConnect is to AnyConnect what vpnc
> is to the Cisco VPN Client) suffers from the same lack of enforcement
> issues. And even if the authors tried to enforce policies it should be
> easy to modify OpenConnect so it doesn't enforce anything.
>
> Don't get me wrong -- it's a good thing to move to AnyConnect since no
> new features are being added to the old Cisco VPN Client; I just don't
> think that policy enforcement is a good reason to justify a migration.
>
> Cheers,
>
> Eloy Paris.-
> Cisco PSIRT
>
> > On Thu, Nov 5, 2009 at 9:56 AM, luismi <asturluismi at gmail.com> wrote:
> >
> > > Ubuntu karmic 9.10 here, using graphic gnome vpn assistant (which uses
> > > vpnc in the background) and zero poblems against a vpn3030
> > >
> > > El mar, 03-11-2009 a las 11:01 -0800, Scott Granados escribió:
> > > > Hi all, looks like VPNC wins with Cisco anyconnect ssl VPN coming in
> > > second.
> > > > (I actually think we have a license for this feature set already)
> > > >
> > > > Thanks as always for the great suggestions.
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Eloy Paris" <elparis at cisco.com>
> > > > To: "Scott Granados" <gsgranados at comcast.net>
> > > > Cc: <cisco-nsp at puck.nether.net>
> > > > Sent: Tuesday, November 03, 2009 10:53 AM
> > > > Subject: Re: [c-nsp] Linux VPN client suggestion?
> > > >
> > > >
> > > > > Hi Scott,
> > > > >
> > > > > On Tue, Nov 03, 2009 at 10:34:04AM -0800, Scott Granados wrote:
> > > > >
> > > > >> Hi all,
> > > > >> I'm running presently Cisco ASA 5520 hardware with the Cisco VPN
> > > client
> > > > >> to provide remote users access to network resources. I have one
> user
> > > who
> > > > >> is interested in a client for Linux (specifically CentOS) and not
> sure
> > > > >> what to suggest. Does anyone have any good pointers for a good
> client
> > > > >> that I can point him to?
> > > > >>
> > > > >> Any pointers would be appreciated.
> > > > >
> > > > > The Cisco VPN Client does support *some* versions of Linux.
> However, it
> > > > > does not work with the latest versions of the Linux kernel so if
> you
> > > > > user's kernel is recent (and unfortunately, "recent" doesn't really
> > > have
> > > > > to be very recent) then the official Cisco VPN Client is not an
> option.
> > > > >
> > > > > However, there is an open source VPN client that works with Cisco
> VPN
> > > > > headends. I personally use and it works great:
> > > > >
> > > > > http://www.unix-ag.uni-kl.de/~massar/vpnc/<http://www.unix-ag.uni-kl.de/%7Emassar/vpnc/>
> <http://www.unix-ag.uni-kl.de/%7Emassar/vpnc/>
> > > > >
> > > > > It's included in pretty much all Linux distributions. A quick
> Google
> > > > > search for "centos vpnc" turned this up as the first hit:
> > > > >
> > > > > http://wiki.centos.org/HowTos/vpnc
> > > > >
> > > > > Hope this helps.
> > > > >
> > > > > Cheers,
> > > > >
> > > > > --
> > > > >
> > > > > Eloy Paris
> > > > > Cisco PSIRT
> > > > > Ph: +1 919 392-9118
> > > >
> > > > _______________________________________________
> > > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list