Alternative CISCO VPN client

[barbary]

Hi,

So these days I work at home and I use the CISCO VPN client to logon to work.

It's anonying because I have to put in my Password every time.

Is there a command line one that can replace the CISCO GUI so I can have it launch at start up without having to put my password in??

Then also relaunch it after it times out??

Thanks for any help.

 

[ITJunkie]

Safenet SoftRemote?

Of course, you may want to clear any change through your security group first.

 

[TheSophist]

Can you be more specific?
What version of the Cisco VPN client are you running?




TheSophist

 

[barbary]

we are running 4.7.00

 

[Woodie]

Originally posted by: ITJunkie
Of course, you may want to clear any change through your security group first.

That's one of the "issues" we had w/ a prior Cisco implementation at my work. We are now beginning to deploy a PKI (Digital Certificate) based authentication scheme, which eliminates the password prompting.

Do you need a consultant to assist in building such a system? (We've had the PKI stuff working with Nortel from ~ 2 years...much nicer than passwords or tokens. )

 

[theeedude]

Actually I have a similar question. I use vpnc on my linux box to connect to work VPN server. They also provide a cisco vpn client for windows but I get BSODs on my windows laptop when I use it.
Is there a windows port of vpnc or some other alternative free vpn client I can use instead?

 

[cmetz]

barbary, ask your IT folks to allow saving the local passwords. It's a RADIUS attribute.

Alternately, ask your IT folks to provide you with a VPN Client 3002 or an 800 router. These can be configured to be hardware network-mode VPN clients that take care of all the authentication stuff for you.

The Cisco VPN client is pretty much (IMO) the best out there for Windows. It's not that there's anything wrong with it here, your IT people have simply configured it to act a certain way. You might not like that way. That really comes down to you needing to work that out with them. If you try to use a different client to connect that doesn't prompt for the password, that's going to make your IT folks very unhappy with you. If you think putting the password in occasionally is annoying, try working from home with no VPN access allowed at all.

senseamp, what version of the Cisco client are you using, and what else is on your laptop? I have *never* seen the Cisco VPN client cause a BSOD. I have many many times seen Windows boxes with way too many random things on them that will BSOD because of that. The Cisco VPN client grapples into the networking stack in a fairly aggressive and unfriendly way, and it's likely that a conflict between that and some other things on your box (software firewall, anti-virus, etc.) is causing this BSOD. Put another way, a cleaner Windows install might not have that problem.

 

[networkman]

Originally posted by: cmetz
The Cisco VPN client is pretty much (IMO) the best out there for Windows. It's not that there's anything wrong with it here, your IT people have simply configured it to act a certain way. You might not like that way. That really comes down to you needing to work that out with them. If you try to use a different client to connect that doesn't prompt for the password, that's going to make your IT folks very unhappy with you. If you think putting the password in occasionally is annoying, try working from home with no VPN access allowed at all.

Well said! Were I the IT Administrator, that'd be my solution as well.

 

[theeedude]

Originally posted by: cmetz
barbary, ask your IT folks to allow saving the local passwords. It's a RADIUS attribute.

Alternately, ask your IT folks to provide you with a VPN Client 3002 or an 800 router. These can be configured to be hardware network-mode VPN clients that take care of all the authentication stuff for you.

The Cisco VPN client is pretty much (IMO) the best out there for Windows. It's not that there's anything wrong with it here, your IT people have simply configured it to act a certain way. You might not like that way. That really comes down to you needing to work that out with them. If you try to use a different client to connect that doesn't prompt for the password, that's going to make your IT folks very unhappy with you. If you think putting the password in occasionally is annoying, try working from home with no VPN access allowed at all.

senseamp, what version of the Cisco client are you using, and what else is on your laptop? I have *never* seen the Cisco VPN client cause a BSOD. I have many many times seen Windows boxes with way too many random things on them that will BSOD because of that. The Cisco VPN client grapples into the networking stack in a fairly aggressive and unfriendly way, and it's likely that a conflict between that and some other things on your box (software firewall, anti-virus, etc.) is causing this BSOD. Put another way, a cleaner Windows install might not have that problem.

It's 4.0.5

 

[Cooky]

4.0.5 is rather old...there are vulnerabilities w/ versions prior to 4.8.x
Get a newer version.

I've ran into situation where vpn client from other vendor wouldn't co-exist w/ Cisco vpn client. Only one of them can be installed.
See if that's the case for you too.

 

[cmetz]

Cisco SOP is to embrace and extend, they implement standard protocols and put enough proprietary twists and "ehancements" on it that you basically have to use their stuff all around or lose a lot of functionality (or at least fight hard to make it all work).

Microsoft gets publicly beaten for this, but Cisco is just as bad and somehow mostly escapes notice.

 

[spidey07]

Originally posted by: cmetz
Cisco SOP is to embrace and extend, they implement standard protocols and put enough proprietary twists and "ehancements" on it that you basically have to use their stuff all around or lose a lot of functionality (or at least fight hard to make it all work).

Microsoft gets publicly beaten for this, but Cisco is just as bad and somehow mostly escapes notice.

Oh, it's noticed.

But it's the same thing - they drive the standards/industry in many ways. At least they are good about sticking to the standards and they support them fully. They'll just add on their sprinkles that isn't standardized yet (until they write and pass one)

 

[cmetz]

spidey07, *cough* OSPF.

 

[JackBurton]

Originally posted by: networkman

Originally posted by: cmetz
The Cisco VPN client is pretty much (IMO) the best out there for Windows. It's not that there's anything wrong with it here, your IT people have simply configured it to act a certain way. You might not like that way. That really comes down to you needing to work that out with them. If you try to use a different client to connect that doesn't prompt for the password, that's going to make your IT folks very unhappy with you. If you think putting the password in occasionally is annoying, try working from home with no VPN access allowed at all.

Well said! Were I the IT Administrator, that'd be my solution as well.

I second the motion.

 

[theeedude]

Originally posted by: Cooky
4.0.5 is rather old...there are vulnerabilities w/ versions prior to 4.8.x
Get a newer version.

I've ran into situation where vpn client from other vendor wouldn't co-exist w/ Cisco vpn client. Only one of them can be installed.
See if that's the case for you too.

I tried 4.6 and 4.8 same issue. After it says "securing network channel" bam BSOD and reboot. I need another client.

 

[JackBurton]

Originally posted by: senseamp

Originally posted by: Cooky
4.0.5 is rather old...there are vulnerabilities w/ versions prior to 4.8.x
Get a newer version.

I've ran into situation where vpn client from other vendor wouldn't co-exist w/ Cisco vpn client. Only one of them can be installed.
See if that's the case for you too.

I tried 4.6 and 4.8 same issue. After it says "securing network channel" bam BSOD and reboot. I need another client.

Make sure "stateful firewall" is turned off (unchecked) on the client.

 

[cmetz]

Cooky,

>I've ran into situation where vpn client from other vendor wouldn't co-exist w/ Cisco vpn client. Only one of them can be installed.

This is a great point, and possibly could help senseamp.

As far as I can tell, all of the Windows IPsec VPN clients grapple into the operating system in ways that aren't particularly friendly, and they rarely can co-exist. I work with folks who have a business need to connect to different external systems, each of which uses a different vendor's VPN client. It basically requires separate machines.

 

[spidey07]

Originally posted by: cmetz
spidey07, *cough* OSPF.

*cough*
I've never had a problem with it????

Even Cisco isn't dumb enough to push their beloved SP customers to EIGRP.

 

[theeedude]

Originally posted by: JackBurton

Originally posted by: senseamp

Originally posted by: Cooky
4.0.5 is rather old...there are vulnerabilities w/ versions prior to 4.8.x
Get a newer version.

I've ran into situation where vpn client from other vendor wouldn't co-exist w/ Cisco vpn client. Only one of them can be installed.
See if that's the case for you too.

I tried 4.6 and 4.8 same issue. After it says "securing network channel" bam BSOD and reboot. I need another client.

Make sure "stateful firewall" is turned off (unchecked) on the client.

It's unchecked. Still BSOD. If there is another client, that would be better for me.
We have to use token card to log in, btw.