cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
537
Views
0
Helpful
5
Replies

VPN Concentrators Replaced?

pking2004
Level 1
Level 1

I see EOL messages on the VPN Concentrators homepage. Are these being replaced with ASA 5500 devices?

Second question, then will the ASA 5500 VPN editions support Vista Clients with some type of Mandatory Client Firewall Enabled Detection Policy?

Meaning, you require Vista to have a firewall enabled before it connects to your network via VPN. Otherwise, its a big gaping hole in your network.

5 Replies 5

ajagadee
Cisco Employee
Cisco Employee

Yes, VPN3000's are being replaced by the ASAs.

Regarding client firewall, I think you are talking about the Push Policy or Central Protection Policy (CPP).

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpngrp.html#wp1182773

Regards,

Arul

** Please rate all helpful posts **

djones
Level 1
Level 1

Yes, it is supported. See the attached screenshot, this is from an ASA 5520 via ASDM.

Awesome thanks for the screenshot. And this is the built in windows Vista Firewall that this is talking about? Or some ASA specific software VPN client for Vista?

No, it doesn't list the Windows firewall specifically but does allow you to configure some custom properties (see attached).

Also, keep in mind that unless you're doing split tunneling, the firewall doesn't add that much more value (I would argue against that though if the user isn't behind a hardware based firewall).

Great! thanks for the information and the screen shots. Thats a big help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: