I have an issue at my company and I need some ammunition to fight the battle between the Cisco side and the Microsoft side.
Currently our company has aprox 500 clients VPN sessions connected to our Cisco 3030 Concentrators at any given time. We are entirely a Cisco shop through and through (IPT, 6500 Cores w/ IDS blades, MARS, ect.). I have already purchased ASAs with IPS module that will be replacing our 3030 Concentrators in the next few months.
My issue is our Microsoft team has brought up that they can set up VPN and it will support Vista and is better than the Cisco solution. I realize Cisco supports Vista but I just wanted to convey what we are dealing with.
Please provide any pros or cons to the Microsoft vs. Cisco dilemma we are facing.
I would focus your research on the pro's and con's of IPSec based VPN versus PPTP. Cisco obviously using IPSec primarily in most VPN deployments, versus Microsoft almost always using PPTP. If I'm wrong, let me know.
I get into this argument pretty frequently with colleagues. Here are things that I always bring up to the MS PPTP VPN groupies:
IPSec inherently is a stronger VPN framework than PPTP - no one can argue that. The hashing and encryption algorithms (ex. SHA, 3DES, AES) and protocols surpass what Microsoft has been able to produce in regards to their 'built-in' VPN server/client system.
With Cisco's implementation of IPSec remote-access VPN, you can get very specific with what you want to allow, based off of groups and users - right down to the IP and ports desired. This is not an easy feature to setup on the Microsoft RRAS (if that's what your MS team is considering) side of the coin. The granularity of control, especially with the ASA line, is great.
I don't know what new VPN standards that MS Vista supports now, but I'm a huge fan of Cisco's remote-access VPN implementation to date.
When speaking to the MS team, I would ask:
Can you restrict remote-access VPN users to specific IP's and ports? How flexible is the MS solution, regarding IP address assignment?
What native hash and encryption methods does the MS VPN support? Are they proprietary?
Can you mass-deploy a pre-configured MS VPN connection? (comparable to a Cisco VPN client profile)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :