I have a SA 520W and I'm trying to get the SSL VPN working on Vista x64. It works fine from a XP machine, but what changes do I need to make to the Vista x64 machines to get the VirtualPassage.cab installed successfully?
Thanks for the update. There is, I'm afraid, a mistake in the document:
Users need to have the administrative rights in order to use QuickVPN Client.
This is a constraint posed by the Windows operating systems.
I've heard Cisco make this claim before; however, when pressed no one has been able to provide documentation for this. Does the real Cisco VPN client impose this restriction? Let's see the proof that Windows is causing this. Until then, QVPN remains an unusable product for anyone wishing to secure their company equipment.
As many poeple out there may not appreciate, the QuickVPN client actually utilizes the native IPSec technology built into certain Windows operating systems..
QuickVPN modified that windows environment, so you don't have to go through the rigors of creating ISAKMP or IPSec policies. etc..via MMC.
This is also the reason why QuickVPN had difficulty with Vista-home or XP-home Editions. These Editions lack the a native IPSec module which was found in the Windows Professional Editions.
In summary, the QuickVPN client therefore only modifies the native IPSec client in windows, and adds some extra features such as ping polling between client and VPN access concentrator. When you quote 'Users need to have the administrative rights in order to use QuickVPN Client."
I can understand or appreciate why the PC user may need administrative rights, Microsoft mention this in a number of their support knowledgebase, here is one reference http://support.microsoft.com/kb/314831 but I'm sure you can find more. On my old XP-Professional PC I have no installation or operational problems as I also have user admin rights on my PC, so QuickVPN works fine on my PC.
If you are really annoyed by this there is always another option, which is to spend the money and to try a 3rd party VPN client like the Greenbow http://www.thegreenbow.com/vpn.html.. But why not give my client a try if you have native IPSec support in your PC ?
We've talked about this before, many business-owned laptops simply do not allow admin rights on the system. I'm betting Cisco's outside sales reps don't have full admin rights to their PCs. So the question becomes why does Cisco conitinue to go down this road, even with the SA500 series that's brand new? If you'd gone down the road of PPTP or the Cisco VPN client (that doesn't support modern OSs anyway, but at least works in XP/Vista 32-bit) you would not have this problem. I simply cannot try the QVPN client as too many customers won't be able to use it. As such, even the SA500 may be out of the question until Cisco realizes that creating a security risk locally to allow a VPN connection is unacceptable. What's to prevent some local user with admin rights from having tons of viruses and other junk on their machine when they connect to the office and then the viruses try to infect others? Sure, the local admin rights make it more difficult, but not impossible to cause other damage. Users without admin rights are much less likely to be infected. If Cisco tried this stunt with corporate America it'd be laughed right out of the IT world. It's time for Cisco to admit there's a problem and come up with a different solution.
Still missing the point. Why should a SMB have to pay for a 3rd party product (and one that looks to cost $80/seat!)? Your enterprise customers don't. It shows a lack total of understanding (and dare is say respect?) on Cisco's upper management's part of the SMB market. Again, I submit if Cisco's management tried to tell a Fortune 1000 company the only way to allow VPN to their offices is to make all the remote users local administrators -OR- pay for a 3rd party product Cisco would immediatly be taken off any approved equipment list. SMBs have data to protect just as much as large comapnies do. It's time Cisco owns up to this deficiency.
One more thing, if Greenbow can write something that will work the way SMBs deserve it to work why can't Cisco? Hmmm.... Now perhaps that's the REAL question! Perhaps it's time to stop outsourcing the QVPN client to a overseas 3rd parties and bring it in house. Surely your ASA VPN client could be converted to work with your SMB products in a matter of weeks.
Configure DHCP WAN Settings on the RV34x Router
A Wide Area Network (WAN) is a network that covers a broad area. A user or network of users can connect to the Internet through an Internet Service Provider (ISP) who offer...
Configure Static IP WAN Settings on the RV34x Router
A Wide Area Network (WAN) is a network that covers a broad area. A user or network of users can connect to the Internet through an Internet Service Provider (ISP) who ...