Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Concentrators Replaced?

I see EOL messages on the VPN Concentrators homepage. Are these being replaced with ASA 5500 devices?

Second question, then will the ASA 5500 VPN editions support Vista Clients with some type of Mandatory Client Firewall Enabled Detection Policy?

Meaning, you require Vista to have a firewall enabled before it connects to your network via VPN. Otherwise, its a big gaping hole in your network.

5 REPLIES
Cisco Employee

Re: VPN Concentrators Replaced?

Yes, VPN3000's are being replaced by the ASAs.

Regarding client firewall, I think you are talking about the Push Policy or Central Protection Policy (CPP).

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpngrp.html#wp1182773

Regards,

Arul

** Please rate all helpful posts **

New Member

Re: VPN Concentrators Replaced?

Yes, it is supported. See the attached screenshot, this is from an ASA 5520 via ASDM.

New Member

Re: VPN Concentrators Replaced?

Awesome thanks for the screenshot. And this is the built in windows Vista Firewall that this is talking about? Or some ASA specific software VPN client for Vista?

New Member

Re: VPN Concentrators Replaced?

No, it doesn't list the Windows firewall specifically but does allow you to configure some custom properties (see attached).

Also, keep in mind that unless you're doing split tunneling, the firewall doesn't add that much more value (I would argue against that though if the user isn't behind a hardware based firewall).

New Member

Re: VPN Concentrators Replaced?

Great! thanks for the information and the screen shots. Thats a big help.

129
Views
0
Helpful
5
Replies
CreatePlease to create content