Vista and Cisco VPN Client

[Brian Z]

From what I am told, Cisco VPN client will not work with Vista and it is
Microsoft's fault. Can you shed some light on this? Cisco is pointing the
finger at MS, but it is their software that is causing the problem.

Start Before Logon and Microsoft Certificate with Private Key Protect Fails
Trying to connect the VPN client using Start Before Logon (SBL) and
Microsoft Machine-based certificates fails. This is a Microsoft issue, not a
VPN Client problem.

 

[Mr. Arnold]

From what I am told, Cisco VPN client will not work with Vista and it is
Microsoft's fault. Can you shed some light on this? Cisco is pointing the
finger at MS, but it is their software that is causing the problem.

Start Before Logon and Microsoft Certificate with Private Key Protect
Fails
Trying to connect the VPN client using Start Before Logon (SBL) and
Microsoft Machine-based certificates fails. This is a Microsoft issue, not
a VPN Client problem.

Is the software Vista compliant? If the software is not certified to run on
the Vista platform, then it might not work. If the software is not certified
to run on the Vista platform, which the 3rd party vendor must adhere to the
Vista standards for software development for the Vista platform, then how is
this MS fault?

This link talks a little bit about applications and 3rd party software
vendors in developing software to run on the Vista platform. If the software
is not certified to run on the Vista platform, then its at your own risk and
your crap shoot with rolling the dice.

http://blogs.zdnet.com/Ou/?p=785

 

[Joe Morris]

From what I am told, Cisco VPN client will not work with Vista and it is
Microsoft's fault. Can you shed some light on this? Cisco is pointing the
finger at MS, but it is their software that is causing the problem.

It would help if you specify exactly what version of the Cisco client you're
trying to use, and what the failure symptoms are.

Start Before Logon and Microsoft Certificate with Private Key Protect
Fails

Trying to connect the VPN client using Start Before Logon (SBL) and
Microsoft Machine-based certificates fails. This is a Microsoft issue, not
a VPN Client problem.

Why?

The function of start-before-login is to allow full login to a distant
domain controller through a VPN tunnel, which function relies on the GINA,
which does not exist in Vista. Any application which was designed to
interface with the GINA needs to be rewritten before it will run under
Vista.

I'm not interested in defending Microsoft's decision to make changes to the
specs that breaks apps that relied on the GINA, but that change hasn't
exactly been a closely-guarded secret.

The most recent version of the Cicso client that I've tried under Vista
works quite cleanly, although it does not support connect-before-login
(yet...reportedly this feature will eventually reappear). This is client
version 5.0.02.0090.

Joe Morris

 

[Brian Z]

I agree it is Cisco that dropped the ball, and I talked to TAC who talked
directly to the designers who said they really had no interest in making
this work. Basically I was told to buy a new firewall. Yes, it works with
Vista, but it doesnt work with SBL, which is needed to log onto a domain
remotely which i need.

It is lame they blame microsoft, and it is also lame that they told me to
contact me reseller, who then called Cisco again to open up another ticket
for the same exact thing. Very efficient.

Cisco has really fallen away from the days of good support. I know this is
not Microsoft's fault, but I figured I would point out that is what they say
on Cisco Website. They (Cisco) are obviously trying to point the finger
instead of doing the work.

Cisco is dissapointing on many levels on this issue. Obviously if a new OS
comes out, you can't just throw up your hands. I don't blame Microsoft, I
just wanted to pose and let everyone know how lame Cisco is when it comes to
support. Ironically, I paid for Smartnet support for Cisco, I am really not
getting my monies worth for the support I paid for.

On the other hand, Every time I call Microsoft they are very quick to find a
resolution, and escalate my case. I have never had them shun their
responsibility and point the finger at another vendor.

Anyone who would like to help push Cisco to make their "Vista" ready client
work correctly, please do. Let me ask you, when you bring your car to the
dealership, do they return it half fixed? Very lame Cisco, Very lame!

-end of rant

 

[Brian Z]

The Version of the Client I am using is Version 9 (The latest you can
download for PIX Firewall). So one of TACs ideas was to tell me to use
ANYCONNECT with the Pix firewall.
TAC Wrote to me "What I did last night was investigate the possibility of
using Anyconnect to achieve this functionality and work to get a direct
answer as to the status of these open bugs against the IPsec client under
Vista.".

Now, they are telling me to use ANYCONNECT, a Client that ONLY works with
the NEWER ASA firewalls, where my Pix 506e is a Non-ASA.

If this isn't a suddle hint that they do not want to support me, then I
don't know what else is!!!

Also, there was a bug ticket open for this, now, if they were not planning
on fixing it, why would you make a Bug ticket. I was told to contact a
manager at Cisco about the bug ticket, but that manager never returned my
emails.

Here is another quote from a TAC engineer.

Please contact your Cisco Account Manager to check the status of bug ID
CSCse47544. He will be able to provide more information about the status of
this bug and when it should be fixed.
SHOULD BE FIXED, now I sent numerous emails to this Cisco Account manager.
LAKHDEEP, but no returns to my emails. Just ignoring me. Very insulting.....

 

[Brian Z]

Sorry, I am running 5.0.0.1.600 version of the client. (The latest as far as
I know)