Cisco just released support for the Windows 7 operating system in both its IPSEC client and SSLVPN client software. The Cisco Anyconnect 2.4 SSLVPN client now supports both 32bit and 64bit Windows 7 hosts. The new Anyconnect 2.4 client additionally supports MAC OSX 10.6.1 32 and 64bit operating systems as well. Cisco also released a Windows 7 32bit version of its widely deployed Cisco VPN client 5.0.6.
Neither client requires any changes at the head-end VPN concentrator/ASA.
You can download the new Anyconnect 2.4 client here
You can download the new Cisco IPSEC VPN client 5.0.6 here
Both download links will require a valid CCO account and valid Smartnet maintenance contract for access.
Here are the Anyconnect 2.4 release notes
Here are the Cisco VPN client 5.0.6 release notes
I've been using the Anyconnect 2.4 client on my MAC 10.6.1 OS for a few weeks now and it works great.
There are also some new features in the Anyconnect 2.4 client.
•Split DNS Fallback – You define domain names that should be tunneled through to the corporate DNS servers for resolution. All other DNS queries will be sent directly to the Internet DNS server configured on the client.
•Trusted Network Detection – Allows you to automatically bring up the vpn tunnel when a client is on a untrusted network. Conversely, when the client connects to a internal corporate trusted network the Anyconnect client will automatically disconnect. You define the trusted networks list.
•Simple Certificate Enrollment Protocol (SCEP) – You can now configure the Anyconnect client to provide automatic cert provisioning if the user fails certificate checking. The client will use SCEP to make this process easy. Or you can show a "Get Certificate" or an "Enroll" button to the user for manual certificate provisioning. Once they click on this button, Anyconnect uses the SCEP protocol to automatically provision a user certificate to them. It also has the ability to present the user with a challenge request for authentication to the CA Authority. Bottom line is this will make it way easier for you to start using certificates as a second factor auth method.
•Prompting Users to Select Authentication Certificate – Before this release the Anyconnect client would auto pick the best certificate. Now you have the option of providing a list of certificates to the end-user that they can choose from.
•Scripting – Very useful feature that allows you to run OnConnect scripts and OnDisconnect scripts on the host. You could run login scripts, drive mapping scripts, whatever you want using this new feature.
•New Proxy Support Enhancements
•PEM File Certificate Store – For MAC and Linux clients the AnyConnect client supports certificate authentication using a Privacy Enhanced Mail (PEM) formatted file store. Instead of relying on browsers to verify and sign certificates, the client reads PEM-formatted certificate files from the file system on the remote computer, and verifies and signs them.
•FIPS Compliant Anyconnect Solution
Have fun!
The opinions and information presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.
More from Jamey Heary:
* Credit Card Skimming: How thieves can steal your card info without you knowing it
* Why you should always shred your boarding pass
* Video rental records are afforded more privacy protections than your online data
* The truth about new SSL attacks
* 2009 Top Urban Legends in IT Security/a>Go to Jamey’s Blog for more articles on security.
Jamey Heary, CCIE No. 7680, is the author of the Cisco NAC Appliance: Enforcing Host Security with Clean Access book by Cisco Press. Jamey is a seasoned security technologist with over 15 years in the IT field with 10 years focused on IT security. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. Jamey is currently a Security Consulting Systems Engineer with Cisco, though the opinions expressed here are his own. Jamey is a member of Network World's Cisco Subnet blog community.
The Leader in Network Knowledge
Not Complete
While this was released and does work (several days ago BTW) the CSD piece that validates anti-virus and such is not compatible with Snow Leopard. I here Windows 7 works but I haven't been able to confirm that as of yet.
CSD
Thanks for the additional info.
CSD 3.5 will be releasing shortly that will add support for windows 7 and CSD.
64-bit IPSEC Client
Why Doesn't Cisco offer a 64-bit IPSEC client? Any suggestions for a client that will work with W7 64-bit IPSEC VPN?
NCP has a 64 bit IPsec client for Windows 7
ncp-e dot com
I fully agree with Anon.
I fully agree with Anon. Why is Cisco requiring client to purchase SSL licenses for 64bit functionality under Windows 7? where is your 64 bit IPSEC client?
Re: 64-bit IPSEC Client
It is surprising that Cisco hasn't released a 64 bit IPsec client, especially now with W7 officially out. A lot of people are frustrated with the lack of support on this one. As someone already suggested, NCP engineering is worth further exploring—they have a 64-bit IPsec client for W7. It is easy to configure and universal with operating systems and other devices. Check out, http://vpnhaus.wordpress.com/windows_7_beta/, for more information.
Hope this helps.
Is this just another trick to make money?
As one can see, you get much more remote access VPN sessions "for" free with the ASA than SSL VPN user sessions.
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
Maybe that´s the reason why Cisco will never develop a 64bit version of the IPSec VLN client? To sell more licenses for the AnyConncet client when you need to support 64bit OS?
You get what you pay for: Faster connection better stability
NCPs client it connects much faster and remains connected better then our previous solution. For my users, being able to connect every-time reliably more then made up for the initial purchase price of the software our help desk load seems to be near zero with NCPs client.
Cisco needs to step up.
This is BS and will become a loud issue shortly with all of the Win 7 64 bit laptops getting ordered right now. I am involved in a project to deploy up to 15,000 windows 7 64 bit laptops with remote users. You think they are going to order 15,000 anyconnect VPN licenses? Nope. I will recommend a competitor if I have to. As a consultant I always try to go with the best solution for the customer. I would rather go wirh a ASA VPN Cluster, but..............
Confusion on anyconnect
I think their is some confusion over the cost of Cisco's Anyconnect licenses for the ASA. In a nutshell the Anyconnect Essentials license is just about free to buy. Essentials gives you all the IPSEC like features except using the AnyConnect SSL client instead. You buy one essentials license for the ASA device and it unlocks the max. user count for that platform model. it is not like regular anyconnect licenses where you buy per user licenses. Here is list pricing:
5505 (25users) $100
5510 (250 users) $150
5520 (750 users) $250
5540 (2500 users) $350
5550 (5000 users) $400
5580 (10,000 users) $500
Hopefully this clears up why Cisco is not providing an IPSEC client at 64bits.
Post new comment