Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

VPN Vista firewall check

hello

we currently have a vpn service for windows user where we have the VPN3000 Required-Client-Firewall-Vendor-Code set to 1 for the Cisco Integrated Client Firewall.

this works fine for XP users but obviously not for Vista. Vista works fine without this policy but we're not happy about releasing the Vista Client without any firewall checks.

is there a VPN3000 Required-Client-Firewall-Vendor-Code for the Vista windows firewall and has anyone tried this method?

thanks

andy

1 REPLY

Re: VPN Vista firewall check

VPN client Firewall policy is imposed through ACS 4.0 group attributes. We?re currently using:-

Cisco VPN 3000/ASA/PIX v7.x+ RADIUS Attributes

[3076\045] Required-Client-Firewall-Vendor-Code (0..65535) 1

[3076\046] Required-Client-Firewall-Product-Code 1

[3076\047] Required-Client-Firewall-Description Cisco Integrated Client Firewall

[3076\056] IPSec-Required-Client-Firewall-Capability Pushed-Policy-CPP

[3076\057] IPSec-Client-Firewall-Filter-Name Client-HTTP-Filter

[3076\058] IPSec-Client-Firewall-Filter-Optional FW-Required

As I?ve said this works fine for XP clients but won?t work for Vista (using client 5.0.00.0340). I?ve read on a forum that Cisco say its possible to use the built in Vista Firewall for the above Radius settings. If this is the case, what are the Vendor/Product Codes for Vista?

If I change IPSec-Client-Firewall-Filter-Optional to FW-Optional, the Vista client works with a warning that the Cisco Integrated Client Firewall should be installed/enabled but our management aren?t keen on this.

Any help appreciated.

Andy

171
Views
0
Helpful
1
Replies
CreatePlease login to create content