Cisco – Windows x64 Bit VPN Client (IPSEC)

Note: This page was originally written before the release of the Cisco x64 bit Windows 7 Client

KB ID 0000163

Problem

I was widely accepted for some time that Cisco’s support for the IPSEC VPN client will not be extended to x64 bit Windows platforms, That’s simply because they are gearing up towards their own AnyConnect VPN client.

Update 18/02/10 – Cisco have released an x64 Bit VPN Client for Windows 7 (vpnclient-winx64-msi-5.0.07.0240-k9-BETA).

The cost to swap over to SSL/AnyConnect VPN, in terms of licensing and consultancy is VERY high.

NCP have had a x64 bit compatible client on the market for a while to get round that, but its not free (though considerably less than a bunch of SSL VPN licence’s!) However, as is the way with these things, as soon as people are forced to pay for stuff, someone will produce a free piece of software to do the same.

Step forward Shrew Soft, I test a lot of stuff, and its rare that a piece of free ware is as feature rich as the commercial product – but this is 🙂

Solution

1. Firstly I’m assuming you already have the VPN setup, working, and tested, on your Cisco PIX/ASA device, if not CLICK HERE for instructions, or if your scared of command line try THIS or THIS.

2. You need to know the same three primary pieces of information that you need to configure the Cisco VPN Client, those are,

a. The public IP address of the device you are connecting to. b. The “Tunnel Group Name” of the remote access VPN c. The “Shared Secret” of the remote access tunnel group

To get the last two pieces of information issue a “more system:running-config” command on your firewall.

[box]

Petes-ASA# more system:running-config

{keep pressing the space bar to scroll though the config}

—unimportant-config-removed——-

tunnel-group Remote-VPN type remote-access tunnel-group Remote-VPN general-attributes address-pool IPSEC-VPN-DHCP-POOL authentication-server-group PNL-KERBEROS default-group-policy Remote-VPN tunnel-group Remote-VPN ipsec-attributes pre-shared-key this_is_the_pre_shared_key

---unimportant-config-removed-------

[/box]

So in the example above the Tunnel Group Name is “Remote-VPN” and the shared secret is “this_is_the_pre_shared_key”.

3. Download and install the software from Shrew Soft (in this example I’m using 2.1.5-release)

4. Configure as per the video below.

Related Articles, References, Credits, or External Links

Working with the Cisco VPN Client. (IPSEC)