Saturday, May 30, 2009

Cisco VPN Clients and Windows 7

Update: See more important information at bottom of post.

When I am outside the network and need to get in, I use a Cisco VPN client for XP Professional (32-bit).

It’s very straight-forward to install, get configured, then get connected.

So far I haven’t had to mess with Cisco VPN clients and either Windows 7 or 64-bit versions of Windows (or both at once).

However, I was asked the other day IF there was a solution for running Cisco VPN on Windows 7 64 bit.

Not a direct one that I know of, yet.

From the VPN Client - Cisco - Cisco Systems page:

The Cisco VPN client supports Windows 2000, XP and Vista (x86/32-bit only); Linux (Intel); Mac OS X 10.4; and Solaris UltraSparc (32 and 64-bit). For x64 (64-bit) Windows support, you must utilize Cisco's next-generation Cisco AnyConnect VPN Client.

Cisco AnyConnect VPN Client – Support pages has quite a lot of info on this product. In the   Release Notes for Cisco AnyConnect VPN Client, Release 2.3 the supported Windows systems are pretty tight.

Windows Versions

Windows Vista—32- and 64-bit Microsoft Windows Vista SP2 or Vista Service Pack 1 with KB952876.

Windows XP SP2 and SP3.

Windows 2000 SP4.

No official support for Windows 7.  Though I guess someone might be brave enough to dump it on a Windows 7 64-bit system and see if the Vista 64-support is close enough to carry over.

Cisco VPN Client Solution for Windows 7 64-bit (for now)

The only work-around that come to my mind (as well as Nicholas Caito) was to create a 32-bit OS virtual machine of XP or Vista and then load the traditional Cisco VPN client into that container.  Then launch and run your connection needs from within that VM.

Nicholas Caito’s illustrated how-to is linked below:

Cisco VPN Client Solution for Windows 7 32-bit (for now)

Windows 7 32-bit users are also a “bit” on their own as well.

However, there has been quite a lot more work done by the frustrated sysadmin crowd on this front.

The main complaint is that once folks go to install the Cisco VPN client on Windows 7, they seem to be working fine but get treated with a BSOD on reboot.

Bummers.

Fortunately, there seem to be well-regarded workarounds…and they do require a bit of work.

From Aaron’s hard-fought efforts:

Updated with notes from JoshP - 100% working:
I have tried many--many different ways to get the Cisco VPN client install on Windows 7--all resulting in BSOD (ndis.sys). I have found the following procedure has worked 100% of the time on multiple hardware platforms (including VMware):

1. Install Cisco DNEupdate.
2. Reboot
3. Take ownership and delete ndis.sys (in c:\windows\system32\drivers).
4. Take ownership and delete ndis.sys.mui (in c:\windows\system32\drivers\en-us).
5. Install Cisco VPN Client 5.0.04.0300.
6. Reboot
7. Windows 7 will repair itself (should take a few seconds) and automatically reboot.
8. Cisco VPN Client should work without any other tweaks.

As Mark Wilson points out in his blog post (linked below) The DNEupdate is actually the Citrix Deterministic Network Enhancer (DNE) update .  He provided this direct link to the installer file.

So with full props to Aaron, Mark, and Brenton, go get your Cisco VPN for Windows 7 on.

As for me?

Well, I’m resigned to the likely-hood our shop will be chugging on down the tracks on XP Pro deployments for many years to come…

It’s a mixed blessing.

Claus

Update:  While chasing down another rabbit on the intertubes, I found this post which has quite a lot of great information regarding Cisco VPN clients and Windows 7 compats:

From that post, Ashish Jain the Program Manager, Routing and Remote Access provides extensive VPN client tables with linkage on the following VPN clients for Windows 7: AT&T, Checkpoint ,     CISCO, Citrix , F5 , Juniper , NCP , NetGear , Nortel , SafeNet , and Sonic Wall .

If you have to do VPN support, it might be worthwhile to bookmark or RSS feed the Routing and Remote Access Blog

As I’m interested only in the Cisco client, here is an edited version of that particular table that Ashish provides:

CISCO

VPN Client

Platform

Version

Download URL

More information

Tested on Windows 7 Build

Cisco AnyConnect VPN Client (SSL VPN)

x86

2.3.x

Click Here

You must have a Cisco.com user account to download.

7048

Cisco AnyConnect VPN Client (SSL VPN)

x64

2.3.x

Click Here

You must have a Cisco.com user account to download.

7048

Cisco VPN Client (IPsec)

X86

5.0.5+

Click Here

 

 

Cisco VPN Client (IPsec)

x64

5.0.5+

Click Here

No official support for this version planned by Cisco. Use the Cisco AnyConnect VPN Client for both Windows 7 and x64 support

7048

 

There you go for now….

--C.V.

No comments: