Alternative Cisco VPN clients for Windows XP

Question

I'm considering investing in a Cisco ASA5505. As Cisco's own VPN client requires a service subscription, which I am trying to do without, are there any free or low-cost ipsec VPN clients that will work with the ASA and run on Windows XP? Is XP's built-in ipsec client compatible? Any links to guides and walkthroughs would be much appreciated.

score 4 · Answer 1 · answered Nov 03 '09 at 18:12

Have you taken a look at shrew?

http://www.shrew.net/software. I've used it on windows machines as a replacement for a specific version of the cisco client which was not playing nicely with windows 7.

vpnc combined with network-manager-vpnc is a great option if you're on a linux platform though.

score 3 · Accepted Answer · answered Jun 08 '09 at 09:06

3

Install a virtual server inside the remote network and use RRAS for VPN on it. Then expose the relevant ports through the ASA.

That way all XP/Vista clients can connect reliably.

Mike

answered Jun 08 '09 at 09:06

Mike McClelland

810
4
10
19

score 2 · Answer 3 · answered Jun 08 '09 at 08:38

2

Cisco VPN is proprietary and will not work with anything but Cisco VPN :-) It is IPSec but it is not compatible with other IPSec clients.

answered Jun 08 '09 at 08:38

Antoine Benkemoun

7,314
3
42
60

Thanks for the clarification. I thought IPSec being an "industry standard" meant that it's cross-vendor compatible. – weiyin Jun 08 '09 at 19:31
1

Well it's standardized via RFCs but just Cisco decided to not have cross-vendor compatibility. – Antoine Benkemoun Jun 08 '09 at 20:56
Do any vendors do strict IPSec? It appears that Checkpoint is not compatible with standard clients either – prestomation Jul 10 '09 at 14:44

score 2 · Answer 4 · answered Jul 10 '09 at 13:03

Came across this article on how to get Windows Vista to connect to a Cisco PIX using a native client. Since ASA is mostly just a glorified PIX, these options might also work for you.

I also have to agree with the previous posts that the 'vpnc' client that you can install on Linux is just great, as it does not force any network routes or blockage like the official Cisco client does. You decide what your computer routes through the tunnel, as it should be.

score 1 · Answer 5 · answered Jun 08 '09 at 09:04

A cludge of a solution:

Virtualize your WinXP installation
Install Ubuntu 9.04
Install Ubuntu package vpnc (vpn cisco)
Install VMWare
Run WinXP inside VMWare with NAT interface (not bridging)
Establish your VPN with vpnc in Ubuntu, and the Virtual Machine will use that VPN connection.

I would consider this a bad solution - too convoluted. You will want to service contract in order to get security updates for your router and to get access to the Cisco Support Site.

If the Cisco device is just too expensive, consider a lower cost alternative, either from a different vendor or "Roll-Your-Own". Just remember RFC 1925 truth #3

With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead.

score 1 · Answer 6 · answered Jun 08 '09 at 09:09

1

Looks like you can run vpnc under Windows via Cygwin.

answered Jun 08 '09 at 09:09

rkthkr

8,618
28
38

score 1 · Answer 7 · answered Jul 10 '09 at 12:46

1

TEsted and working on

On ubuntu 9.04 -64 bit

Sudo apt-gete install VPNC

sudo apt-get install KVpnc

;)

import the Cisco VPN profile and enjoy

Thanks kartook

answered Jul 10 '09 at 12:46

kartook

79
1
4
8

Alternative Cisco VPN clients for Windows XP

7 Answers7