VPN Vista firewall check

Unanswered Question
Apr 11th, 2007

hello

we currently have a vpn service for windows user where we have the VPN3000 Required-Client-Firewall-Vendor-Code set to 1 for the Cisco Integrated Client Firewall.

this works fine for XP users but obviously not for Vista. Vista works fine without this policy but we're not happy about releasing the Vista Client without any firewall checks.

is there a VPN3000 Required-Client-Firewall-Vendor-Code for the Vista windows firewall and has anyone tried this method?

thanks

andy

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
andrewswanson Fri, 04/13/2007 - 05:16

VPN client Firewall policy is imposed through ACS 4.0 group attributes. We?re currently using:-

Cisco VPN 3000/ASA/PIX v7.x+ RADIUS Attributes

[3076\045] Required-Client-Firewall-Vendor-Code (0..65535) 1

[3076\046] Required-Client-Firewall-Product-Code 1

[3076\047] Required-Client-Firewall-Description Cisco Integrated Client Firewall

[3076\056] IPSec-Required-Client-Firewall-Capability Pushed-Policy-CPP

[3076\057] IPSec-Client-Firewall-Filter-Name Client-HTTP-Filter

[3076\058] IPSec-Client-Firewall-Filter-Optional FW-Required

As I?ve said this works fine for XP clients but won?t work for Vista (using client 5.0.00.0340). I?ve read on a forum that Cisco say its possible to use the built in Vista Firewall for the above Radius settings. If this is the case, what are the Vendor/Product Codes for Vista?

If I change IPSec-Client-Firewall-Filter-Optional to FW-Optional, the Vista client works with a warning that the Cisco Integrated Client Firewall should be installed/enabled but our management aren?t keen on this.

Any help appreciated.

Andy

Actions

This Discussion