Cisco Security Expert

Jamey Heary

Previous Article Next Article

Cisco changes its docs to reflect that it DOES support 3rd party VPNs

By jheary on Wed, 01/07/09 - 12:22pm.

There is Internet buzz and customer complaints around wording buried in some ASA configuration docs that can be interpreted as, “Cisco doesn’t support 3rd Party VPN connections” To set the record straight, Cisco has changed all of their documentation (in record time) to reflect their true stance.

The text in question:

ASAs support IPsec LAN-to-LAN VPNs with other Cisco peers. Because we adhere to VPN industry standards, ASAs may work with other vendors' peers in LAN-to-LAN VPNs; however, we do not support them.

Has been updated to this:

The ASA supports Lan-to-Lan IPSec connections with third party devices that comply with all relevant standards.

Many of us, myself included, always interpreted the original quote in the way it was intended. So we didn’t ever think twice about it. The intent was something like this, if you connect to a 3rd party and they are standards based then Cisco TAC would support the Cisco side of the connection and the 3rd party would have to support their side of the connection. Nothing new here right. However, history has shown that Cisco TAC usually goes above the call of duty and tries to help out Cisco customers on both ends even though that is not their job. Also, Cisco has publicly posted numerous whitepapers on how to connect Cisco stuff to other vendors like checkpoint and Juniper for example.

So I find it a bit disturbing that the blogosphere would start to perpetuate these wild interpretations of the above original text. I can understand competitors doing it (and they are, believe me) but seasoned Cisco engineers jumping on. Come on folks! Does anyone really believe that Cisco would start rejecting 3rd party IPSEC VPN connections to their ASAs? That’s like saying Microsoft is going to start rejecting 3rd party software on their operating system. Maybe when hell freezes over, but not before.

Cisco has a better track record working with customers to support 3rd parties than any other vendor in this arena by far. And most of it is just TAC engineers going above and beyond the call of duty in an effort to help their customers.

Hopefully the new wording Cisco has injected in their docs will stop the buzz and rumor mill regarding this FUD (fear uncertainty and doubt) being injected into the blogosphere at a torrent pace.

If you have any other questions or would like some kind of additional clarification just post it here and I can help.

For a look at the new changes here is a list of the docs that have been updated so far, if you find another one that needs updating please post it.

The opinions and information presented here are my personal views and not those of my employer.

More from Jamey Heary:
* Credit Card Skimming: How thieves can steal your card info without you knowing it
* Cisco enters the crowded AV and DLP client market
*Cisco's new ASA code allows you to securely take your Cisco IP Phone with you anywhere
* Cisco targets Symantec, McAfee with its new antivirus client
* Google's Chrome raises security concerns and tastes like chicken feet a>

Go to Jamey’s Blog for more articles on security.