VPN client Firewall policy is imposed through ACS 4.0 group attributes. We?re currently using:-
Cisco VPN 3000/ASA/PIX v7.x+ RADIUS Attributes
[3076\045] Required-Client-Firewall-Vendor-Code (0..65535) 1
[3076\046] Required-Client-Firewall-Product-Code 1
[3076\047] Required-Client-Firewall-Description Cisco Integrated Client Firewall
[3076\056] IPSec-Required-Client-Firewall-Capability Pushed-Policy-CPP
[3076\057] IPSec-Client-Firewall-Filter-Name Client-HTTP-Filter
[3076\058] IPSec-Client-Firewall-Filter-Optional FW-Required
As I?ve said this works fine for XP clients but won?t work for Vista (using client 5.0.00.0340). I?ve read on a forum that Cisco say its possible to use the built in Vista Firewall for the above Radius settings. If this is the case, what are the Vendor/Product Codes for Vista?
If I change IPSec-Client-Firewall-Filter-Optional to FW-Optional, the Vista client works with a warning that the Cisco Integrated Client Firewall should be installed/enabled but our management aren?t keen on this.
Any help appreciated.
Andy