New VPN Connection...need some help!
E Double U
Member Posts: 2,233 ■■■■■■■■■■
in Off-Topic
I rcvd the following email:
With the issues we have seen using the Verizon hotspots as well as incompatibility in Windows 8.1, we need to be able to provide an alternative to using the Cisco IPSec VPN Client. Setting up a L2TP/IPSec VPN connection may work well and would allow us to use the built in Windows network connection.
I recommended a registry fix, but here is the response:
We can get it to work with a registry fix, but it makes other features on the system fail. Also, Cisco is discontinuing their IPSec client so we need another method.
I hate to admit it, but I am stumped. Hopefully someone here can give me some direction. Thanks in advance for any help that you're able to provide.
With the issues we have seen using the Verizon hotspots as well as incompatibility in Windows 8.1, we need to be able to provide an alternative to using the Cisco IPSec VPN Client. Setting up a L2TP/IPSec VPN connection may work well and would allow us to use the built in Windows network connection.
I recommended a registry fix, but here is the response:
We can get it to work with a registry fix, but it makes other features on the system fail. Also, Cisco is discontinuing their IPSec client so we need another method.
I hate to admit it, but I am stumped. Hopefully someone here can give me some direction. Thanks in advance for any help that you're able to provide.
Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
Comments
-
shodown Member Posts: 2,271There are plenty of open source VPN clients that work with windows 8. I use a shrewsoft vpn client and it has worked fine for my windwos 8 IPSEC VPN.
I do have to ask why arent you guys looking into SSL VPN's, is there a feature in IPSEC that you 100 percent need? Or is it that the license are free?Currently Reading
CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related -
E Double U Member Posts: 2,233 ■■■■■■■■■■Thanks for the reply!
Actually, most employees do use Clientless SSL VPN (myself included), but the employees that are in the field will be getting Dell Surface Pros and the decision makers want to use IPSec.
Since we're not a humongous organization (few hundred employees) the guys above me like when things are free. Especially since our security budget always seems to drive up costsAlphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
E Double U Member Posts: 2,233 ■■■■■■■■■■We came across the following:
[h=2]L2TP/IPSec with Windows 8/7 and Cisco ASA 8.x/9.x[/h]
https://popravak.wordpress.com/2013/03/06/l2tpipsec-with-windows-8-and-cisco-asa-8-x9-x/
Hoping someone here can advise if they've applied this solution.Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
Hondabuff Member Posts: 667 ■■■□□□□□□□I would migrate over to the Cisco SSL VPN. You can create the package on your firewall and export the install package as a .exe file and distribute it out to all your employees. Can also be pushed out with Group Policy if you create an .msi file. Launch it from your Desktop and enter your Domain credentials and your up and running. Its called Cisco Anyconnect VPN Client.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
-
shodown Member Posts: 2,271^^^^
I think they are sticking with the IPSEC firewall because its free based upon the hardware vs SSL which you have to pay for each user.Currently Reading
CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related -
E Double U Member Posts: 2,233 ■■■■■■■■■■^^^^
I think they are sticking with the IPSEC firewall because its free based upon the hardware vs SSL which you have to pay for each user.
The CIO and CISO like freeAlphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
Hondabuff Member Posts: 667 ■■■□□□□□□□I think "E Double U" needs to present a business need for the company and stress why a paid product has better support and reliability. I would exhaust all efforts and if they then tell you NO, go for a free one because you don't have a choice. I worked in a school district before and this happened all the time. The main school where I was at wanted to go with Google Docs because it was free. We did a pilot test for 3 months and ended up renewing our $20k license for office.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
-
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□I think "E Double U" needs to present a business need for the company and stress why a paid product has better support and reliability. I would exhaust all efforts and if they then tell you NO, go for a free one because you don't have a choice. I worked in a school district before and this happened all the time. The main school where I was at wanted to go with Google Docs because it was free. We did a pilot test for 3 months and ended up renewing our $20k license for office.
Been there, done that.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
E Double U Member Posts: 2,233 ■■■■■■■■■■LOL thanks guys!Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
phoeneous Member Posts: 2,333 ■■■■■■■□□□^^^^
I think they are sticking with the IPSEC firewall because its free based upon the hardware vs SSL which you have to pay for each user.
Which ASA and ios do you have? -
E Double U Member Posts: 2,233 ■■■■■■■■■■Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
phoeneous Member Posts: 2,333 ■■■■■■■□□□E Double U wrote: »5510 version 9.1(5)12
Do a show version, you might already have existing ssl licenses to work with. I have a 5510 on 8.2 and it came with 10 ssl licenses. -
E Double U Member Posts: 2,233 ■■■■■■■■■■Finally got it to work with a quick change in ACS and following this:
https://supportforums.cisco.com/document/12376016/configure-l2tp-over-ipsec-using-cisco-asa-84-and-ldap-authenticationAlphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS