×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

SA 520 SSL VPN installation problem

Unanswered Question
Dec 15th, 2009
User Badges:

Hello,


I have a SA 520W and I'm trying to get the SSL VPN working on Vista x64.  It works fine from a XP machine, but what changes do I need to make to the Vista x64 machines to get the VirtualPassage.cab installed successfully?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
CB900f2003 Wed, 12/16/2009 - 07:10
User Badges:

Direct from Cisco...  NO x64 operating system is supported.  There is no roadmap for this either at the moment.


Affected:


XP x64

Vista x64

Windows 7



Ugh.  Should have bought an ASA!!  I'm working on getting this returned.

David Hornstein Mon, 03/22/2010 - 06:18
User Badges:
  • Gold, 750 points or more

Hi All,


Sometimes change actually occurs, however sometimes painfully slow.


This old discussions create anbiguity or misunderstanding.


Check out the release notes regarding the quickvpn client reference, It does state and I have quoted the reference;


http://www.cisco.com/en/US/docs/routers/csbr/quickvpn/release/notes/QuickVPN_RN_v1-4-0-5.pdf



"Changes Since QuickVPN Client Version 1.3.0.3


1. Windows 7 operating system (including 32-bit and 64-bit editions) is now supported in addition to Windows XP (32-bit) and Windows Vista (32-bit and

64-bit)."


Even though personally I do not have Windows 7 to validate the application, seems like even 64 bit IPSec VPN is supported by the new release of the quick VPN client.


So have fun and download the application :D



regards Dave

Brian Bergin Mon, 03/22/2010 - 08:20
User Badges:
  • Bronze, 100 points or more

Dave,


Thanks for the update.  There is, I'm afraid, a mistake in the document:

Users need to have the administrative rights in order to use QuickVPN Client.

This is a constraint posed by the Windows operating systems.






I've heard Cisco make this claim before; however, when pressed no one has been able to provide documentation for this.  Does the real Cisco VPN client impose this restriction?  Let's see the proof that Windows is causing this.  Until then, QVPN remains an unusable product for anyone wishing to secure their company equipment.

David Hornstein Mon, 03/22/2010 - 11:58
User Badges:
  • Gold, 750 points or more

Hi Brian,


As many poeple out there may not appreciate, the QuickVPN client actually  utilizes the native IPSec technology built into certain Windows operating systems..


QuickVPN modified that windows environment, so you don't have to go through the rigors of creating ISAKMP  or IPSec policies. etc..via MMC.

This is also the  reason why QuickVPN had difficulty with Vista-home or XP-home Editions.  These Editions lack the a native IPSec module which was found in the Windows Professional Editions.


In summary, the  QuickVPN client therefore only modifies the native IPSec client in windows, and adds some extra features such as ping polling between client and VPN access concentrator. When you quote 'Users need to have the administrative rights in order to use QuickVPN Client."


I can understand or appreciate  why the PC user may need administrative rights,  Microsoft mention this in a number of their support knowledgebase, here is one reference http://support.microsoft.com/kb/314831 but I'm sure you can find more. On my old XP-Professional PC I have no installation or operational problems as I also have user admin rights on my PC, so QuickVPN works fine on my PC.


If you are really annoyed by this there is always another option, which is to spend the money and  to try a 3rd party VPN client like the Greenbow http://www.thegreenbow.com/vpn.html..  But why not give my client a try if you have native IPSec support in your PC ?


Respectfully


Dave Hornstein

Brian Bergin Mon, 03/22/2010 - 12:26
User Badges:
  • Bronze, 100 points or more

Dave,


We've talked about this before, many business-owned laptops simply do not allow admin rights on the system.  I'm betting Cisco's outside sales reps don't have full admin rights to their PCs.  So the question becomes why does Cisco conitinue to go down this road, even with the SA500 series that's brand new?  If you'd gone down the road of PPTP or the Cisco VPN client (that doesn't support modern OSs anyway, but at least works in XP/Vista 32-bit) you would not have this problem.  I simply cannot try the QVPN client as too many customers won't be able to use it.  As such, even the SA500 may be out of the question until Cisco realizes that creating a security risk locally to allow a VPN connection is unacceptable.  What's to prevent some local user with admin rights from having tons of viruses and other junk on their machine when they connect to the office and then the viruses try to infect others?  Sure, the local admin rights make it more difficult, but not impossible to cause other damage.  Users without admin rights are much less likely to be infected.  If Cisco tried this stunt with corporate America it'd be laughed right out of the IT world.  It's time for Cisco to admit there's a problem and come up with a different solution.

Brian Bergin Mon, 03/22/2010 - 12:53
User Badges:
  • Bronze, 100 points or more

Still missing the point.  Why should a SMB have to pay for a 3rd party product (and one that looks to cost $80/seat!)?  Your enterprise customers don't.  It shows a lack total of understanding (and dare is say respect?) on Cisco's upper management's part of the SMB market.  Again, I submit if Cisco's management tried to tell a Fortune 1000 company the only way to allow VPN to their offices is to make all the remote users local administrators -OR- pay for a 3rd party product Cisco would immediatly be taken off any approved equipment list.  SMBs have data to protect just as much as large comapnies do. It's time Cisco owns up to this deficiency.


One more thing, if Greenbow can write something that will work the way SMBs deserve it to work why can't Cisco?  Hmmm....  Now perhaps that's the REAL question!  Perhaps it's time to stop outsourcing the QVPN client to a overseas 3rd parties and bring it in house.  Surely your ASA VPN client could be converted to work with your SMB products in a matter of weeks.