Vista and Cisco VPN Client

Discussion in 'Windows Vista Installation' started by Brian Z, Dec 27, 2007.

  1. Brian Z

    Brian Z Guest

    From what I am told, Cisco VPN client will not work with Vista and it is
    Microsoft's fault. Can you shed some light on this? Cisco is pointing the
    finger at MS, but it is their software that is causing the problem.

    Start Before Logon and Microsoft Certificate with Private Key Protect Fails
    Trying to connect the VPN client using Start Before Logon (SBL) and
    Microsoft Machine-based certificates fails. This is a Microsoft issue, not a
    VPN Client problem.
    Brian Z, Dec 27, 2007
    1. Advertisements

  2. Brian Z

    Mr. Arnold Guest

    Is the software Vista compliant? If the software is not certified to run on
    the Vista platform, then it might not work. If the software is not certified
    to run on the Vista platform, which the 3rd party vendor must adhere to the
    Vista standards for software development for the Vista platform, then how is
    this MS fault?

    This link talks a little bit about applications and 3rd party software
    vendors in developing software to run on the Vista platform. If the software
    is not certified to run on the Vista platform, then its at your own risk and
    your crap shoot with rolling the dice.
    Mr. Arnold, Dec 27, 2007
    1. Advertisements

  3. Brian Z

    Joe Morris Guest

    It would help if you specify exactly what version of the Cisco client you're
    trying to use, and what the failure symptoms are.


    The function of start-before-login is to allow full login to a distant
    domain controller through a VPN tunnel, which function relies on the GINA,
    which does not exist in Vista. Any application which was designed to
    interface with the GINA needs to be rewritten before it will run under

    I'm not interested in defending Microsoft's decision to make changes to the
    specs that breaks apps that relied on the GINA, but that change hasn't
    exactly been a closely-guarded secret.

    The most recent version of the Cicso client that I've tried under Vista
    works quite cleanly, although it does not support connect-before-login
    (yet...reportedly this feature will eventually reappear). This is client

    Joe Morris
    Joe Morris, Dec 28, 2007
  4. Brian Z

    Brian Z Guest

    I agree it is Cisco that dropped the ball, and I talked to TAC who talked
    directly to the designers who said they really had no interest in making
    this work. Basically I was told to buy a new firewall. Yes, it works with
    Vista, but it doesnt work with SBL, which is needed to log onto a domain
    remotely which i need.

    It is lame they blame microsoft, and it is also lame that they told me to
    contact me reseller, who then called Cisco again to open up another ticket
    for the same exact thing. Very efficient.

    Cisco has really fallen away from the days of good support. I know this is
    not Microsoft's fault, but I figured I would point out that is what they say
    on Cisco Website. They (Cisco) are obviously trying to point the finger
    instead of doing the work.

    Cisco is dissapointing on many levels on this issue. Obviously if a new OS
    comes out, you can't just throw up your hands. I don't blame Microsoft, I
    just wanted to pose and let everyone know how lame Cisco is when it comes to
    support. Ironically, I paid for Smartnet support for Cisco, I am really not
    getting my monies worth for the support I paid for.

    On the other hand, Every time I call Microsoft they are very quick to find a
    resolution, and escalate my case. I have never had them shun their
    responsibility and point the finger at another vendor.

    Anyone who would like to help push Cisco to make their "Vista" ready client
    work correctly, please do. Let me ask you, when you bring your car to the
    dealership, do they return it half fixed? Very lame Cisco, Very lame!

    -end of rant
    Brian Z, Dec 28, 2007
  5. Brian Z

    Brian Z Guest

    The Version of the Client I am using is Version 9 (The latest you can
    download for PIX Firewall). So one of TACs ideas was to tell me to use
    ANYCONNECT with the Pix firewall.
    TAC Wrote to me "What I did last night was investigate the possibility of
    using Anyconnect to achieve this functionality and work to get a direct
    answer as to the status of these open bugs against the IPsec client under

    Now, they are telling me to use ANYCONNECT, a Client that ONLY works with
    the NEWER ASA firewalls, where my Pix 506e is a Non-ASA.

    If this isn't a suddle hint that they do not want to support me, then I
    don't know what else is!!!

    Also, there was a bug ticket open for this, now, if they were not planning
    on fixing it, why would you make a Bug ticket. I was told to contact a
    manager at Cisco about the bug ticket, but that manager never returned my

    Here is another quote from a TAC engineer.

    Please contact your Cisco Account Manager to check the status of bug ID
    CSCse47544. He will be able to provide more information about the status of
    this bug and when it should be fixed.
    SHOULD BE FIXED, now I sent numerous emails to this Cisco Account manager.
    LAKHDEEP, but no returns to my emails. Just ignoring me. Very insulting.....
    Brian Z, Jan 3, 2008
  6. Brian Z

    Brian Z Guest

    Sorry, I am running version of the client. (The latest as far as
    I know)
    Brian Z, Jan 3, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.