Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6609
Views
0
Helpful
8
Replies

VPN Suggestions for Windows 7 and ASA 5510

Go to solution
piedmontit
Level 1
Level 1

‎11-29-2011 08:14 AM

We currently have a VPN solution with an ASA5510 and the client PC's using the Cisco VPN Client V5.0.07.0410.  This works for both Windows XP SP3 and Windows 7, however, Windows 7 will not allow Enable Start Before Logon or Disconnect VPN Connection When Logging Off (i.e. Windows Logon Properties are missing in the client configuration options).  Is there a fix for this VPN client?  What VPN upgrade options are available that will allow these options?

Thank you for your suggestions!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10

‎11-29-2011 10:10 AM

You need to use the AnyConnect client. I myself am just about to start the same kind of project, and have just purchased an AnyConnect essential license, they are the easiest option.

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
8 Replies 8

Go to solution
andrew.prince
Level 10
Level 10

‎11-29-2011 10:10 AM

You need to use the AnyConnect client. I myself am just about to start the same kind of project, and have just purchased an AnyConnect essential license, they are the easiest option.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
piedmontit
Level 1
Level 1
In response to andrew.prince

‎11-29-2011 11:12 AM

Thanks for the info!!

0 Helpful

Go to solution
Lucas Hall
Level 1
Level 1

‎11-30-2011 08:11 AM

All you have to do is to run the vpn client in XP SP3 compatability mode and the windows properties box reappears in the options menu, allowing you to keep the vpn connected during logoff.

0 Helpful

Go to solution
piedmontit
Level 1
Level 1
In response to Lucas Hall

‎11-30-2011 08:20 AM

I'll test this and post the results.  Thanks for the update!

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to piedmontit

‎11-30-2011 08:40 AM

That will not work - you will find that the machine with either blue screen, or the client will not run - and report an error about the sub system or no network connectivity, when you do have a good connection.

0 Helpful

Go to solution
piedmontit
Level 1
Level 1
In response to Lucas Hall

‎12-12-2011 05:46 AM

The XP compatibility mode will not work for my situation.  There is no prompt to connect to VPN before you log into the desktop allowing all of your startup scripts to execute from the domain controller.  As this connect before login didn't work, I did not need to test if the vpn connection remained connected after logging off the desktop.

0 Helpful

Go to solution
Lucas Hall
Level 1
Level 1

‎11-30-2011 09:00 AM

We have been running this solution for over a year without any issues.

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to Lucas Hall

‎11-30-2011 01:44 PM

That is very interesting as I found the below from this link:- http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809f0d75.shtml#dfgh

Differences Between Windows-Vista\Windows 7 and Pre-Vista Start Before Logon

The procedures to enable SBL differ slightly on Windows Vista and Windows 7 systems. Pre-Vista systems use a component called virtual private network graphical identification and authentication (VPNGINA) to implement SBL. Vista and Windows 7 systems use a component called PLAP to implement SBL.

In the AnyConnect client, the Windows Vista Start Before Logon feature is known as the Pre-Login Access Provider (PLAP), which is a connectable credential provider. This feature lets network administrators perform specific tasks, such as the collection of credentials or connection to network resources, prior to login. PLAP provides Start Before Logon functions on Windows Vista, Windows 7 and the Windows 2008 server. PLAP supports 32-bit and 64-bit versions of the operating system with vpnplap.dll and vpnplap64.dll, respectively. The PLAP function supports Windows Vista x86 and x64 versions.

Note: In this section, VPNGINA refers to the Start Before Logon feature for pre-Vista platforms, and PLAP refers to the Start Before Logon feature for Windows Vista and Windows 7 systems.

In pre-Vista systems, Start Before Logon uses a component known as the VPN Graphical Identification and Authentication Dynamic Link Library (vpngina.dll) to provide Start Before Logon capabilities. The Windows PLAP component, which is part of Windows Vista, replaces the Windows GINA component.

A GINA is activated when a user presses the Ctrl+Alt+Del key combination. With PLAP, the Ctrl+Alt+Del key combination opens a window where the user can choose either to log in to the system or activate any Network Connections (PLAP components) with the

Network Connect button in the lower-right corner of the window.

The sections that immediately follow describe the settings and procedures for both VPNGINA and PLAP SBL. For a complete description of enablement and use of the SBL feature (PLAP) on a Windows Vista platform, refer to Configuring Start Before Logon (PLAP) on Windows Vista Systems.

How do your users login??

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents