On April 13, Cisco Systems officially posted a 64-bit version of its popular IPSec VPN Software Client. (Unofficially, this was available in Beta from an unpublicized source). This very welcome and requested enhancement came even to the surprise of former students of mine who are Cisco Systems employees! This post will briefly comment on the impact of this announcement, especially in light of the current emphasis on the AnyConnect VPN client.
As the product release notes indicate, there are some caveats in the installation of the 64-bit version, especially pertaining to computers which had a previous 32-bit version of the IPSec client. Most notably, any previous versions must be uninstalled prior to running the .msi install file. Personally, I would recommend the extra step of making sure that the installation directory (usually C:\Program Files\Cisco Systems\VPN Client) has been deleted. Also, be sure that you have administrative rights on the desktop or laptop before you attempt installation.
Another caveat mentioned is that the Integrated Client Firewall (originally called the Cisco Integrated Client Firewall, but actually a Zone Labs OEM) is no longer supported. As the notes indicate, a version later than 3.1.274 needs to be implemented. Once this is done, the Centralized Policy Protection (CPP push) can be implemented as before, where the VPN server applies a set of filtering rules to the client upon connection. Other unsupported options previously available in earlier 32-bit versions are Start Before Logon and Auto Update.
What remains to be seen in the long-term VPN implementation strategy from Cisco is whether the AnyConnect VPN client will accommodate the IPSec client in addition to its existing support for SSL. As some personnel from Cisco have indicated to me, this is “on the roadmap” so to speak. Traditionally, the IPSec client has never been implemented as a dynamic “push down” install, so speculation here is that when implemented, the IPSec/SSL combined AnyConnect could only be preinstalled using an .msi file (an option for the current SSL-only offering).
Another speculation is that the current .pcf files used in the IPSec VPN client will be migrated to the xml files used by AnyConnect when the latter client is updated to include this functionality. If this will be the case, a .pcf to xml conversion tool would certainly seem in order.
Author: Doug McKillip