can I connect to my University's VPN with the Windows 7 VPN feature?

[Jonathan Bird]

Hi,

Windows 7 has a VPN feature built in ("Set up a [...] VPN connection to your workplace") which asks me for an "internet address", a "destination name", an optional domain and username plus password.

I'm wondering if I could use this feature to connect to the VPN network of my University without any third party client. The VPN information that is given on the homepage of my University reads as follows:

VPN-Typ: Cisco IPSec mit VPN-Concentrator 3000 / CiscoASA

Gateway: vpn.mobile.unibas.ch

Use Perfect Forward Secrecy: neu: DH2 (alt: off)

Gruppenname: UniBasel-Access

Gruppenpassword f?r Nicht-Cisco-Clients: UniBasel

SA-lifetime: 1h

WINS und DNS erfragen: on

IKE: DH-1024, Gruppe2, 3DES-CBC, MD5 (alt: DH-768, Gruppe1, 3DES-CBC, MD5)

IP-Sec: ESPIP_3DES_SHA (alt: ESPIP_3DES_MD5-96)

Unfortunately I know close to nothing about VPN connections and so I would appreciate your advice, opinions or ideas.

thanks, G-Z

[+BudMan MVC]

If its cisco based vpn - your going to need a cisco vpn client. Your school should provide this.

[Jonathan Bird]

thanks for your answer.

yes, there is a Cisco client. But the information I posted above is meant for the use in other clients.

What I would like to know is, if it would be possible to use the native Windows 7 VPN client to access that network.

[Sn00pY]

I can only agree with BudMan, MSVPN isn't great. Cisco VPN Client is great... and it works :)

Just ask the school for the PCF and the necessary VPN Client Installer... You need to ask for the installer unless you have a CCO which has a SMARTNet contract attached to it...

[Jonathan Bird]

well, the Cisco client officially only supports Windows up to Vista. For Windows 7 I have to use a Java based browser solution.

It works but if there is the possibility to use native Windows functionality, I think it could be a better experience.

So you both agree that it isn't possible to use the VPN client built into Windows 7?

[+BudMan MVC]

Not sure were you go the idea that was for other clients? If you are running a cisco based ipsec vpn, then you need a cisco client. No I do not believe the windows 7 client can connect. If so I would think there would be lots of info on doing it for starters. With all the issues you hear about a windows 7 compatible cisco client, etc. If it could connect without the client you would think that would be pretty big news.

I hear there is a 3rd party client that can work with cisco, they have a universal ipsec client http://www.ncp-e.com/

edit:

"the Cisco client officially only supports Windows up to Vista"

Where did you get this tidbit??

http://www.cisco.com/en/US/products/sw/secursw/ps2308/

The Cisco VPN Client supports:

* XP, Vista (x86/32-bit only), and Windows 7 (x86/32-bit only); Windows x64 (64-bit) support requires Cisco AnyConnect VPN Client

Like I said with the windows 7 issues that are all over the news about the cisco client support for windows 7 (64bit) Don't you think if you could connect with the built in client it would be fairly big news?? ;)

Edited February 4, 2010 by BudMan

[JustNikc]

Actually you should be able to connect with other clients like most VPN routers/firewalls. We provide Netscreen firewalls at work and the VPN Client for Netscreen isn't compatible with Windows 7 and probably won't be supported by Juniper for a long time.

We recommend Shrew VPN which works for Windows 7. I've just had a chat with a colleague who is in our Connectivity team (we supply Cisco and Zyxel routers) and he said give Shrew VPN a go and see if you can get that going:

The Shrew VPN Client software can be found at the following URL: http://www.shrew.net/download/vpn

Anyway hope that helps :)

[+BudMan MVC]

The Shrew client is not the native built in vpn support now is it ;)

I also suggested a 3rd party client that will work.

There are always many ways to skin a cat ;)

[JustNikc]

Yeah I realised I mis-read it when I posted the post ;) Anyway, as Budman says, try a 3rd party client =]

[Sn00pY]

Simple fact of life is...

If the school has a Cisco based VPN Server (ASA,PIX,VPN Conc whatever...) , I'd assume they have support etc which means they have access to the Cisco VPN Client, which you just need to ask them for.........

Why is this being made difficult?

also Shrew isn't native :/

EDIT:

Why are people suggesting the non-Cisco client when all he has to do is ask for that ? :|

[JustNikc]

EDIT:

Why are people suggesting the non-Cisco client when all he has to do is ask for that ? :|

Not sure ... I just offered the suggestion about Shrew VPN without really reading the post xP

[+BudMan MVC]

I'm with Sn00py on this -- using some 3rd party client may or may not work for you.. But its going to be hard trying to get support from your school if your not using the client they provided. It would seem asinine for anyone to proved a cisco vpn connection for people to use without providing the client.

If the client they provide does not support your choice of OS - I would suggest you get with them on what your best option is. But it sounds like you already have a way to connect

"I have to use a Java based browser solution."

So what is your problem with the java based client? As already stated its not a native client -- but sure if you want you could try the shrew client, seems the latest version supports the import of the .pcf file that cisco clients use.. Does your school provide this file - they should.

2009-12-05

am pleased to announce the Shrew Soft VPN Client 2.1.5 Release is now available for download. This is a maintenance release that includes many critical bug fixes as well as minor feature enhancements. It is also the first to support the Windows 7 operating system. Compatibility for Cisco gateways has been improved and the ability to import PCF files has been added. The Windows OS installer has been improved to support both 32bit and 64bit operating systems in a single unified package. For a complete list of changes, please review the product documentation available on our website.

If your issue is with 64bit windows 7, I'm fairly sure you could also use XP mode for the cisco vpn client. But that would seem more complicated than just using the java based client your currently using.

[Jonathan Bird]

wow, thanks a lot for all these responses! let's address some of the issues:

Why do I think that the Cisco client of my University does not support Windows 7?

Because the University Homepage says so. For Windows 7 there is, as I already mentioned, a Java based browser solution. This solution works so it's not as if I wouldn't have a way to connect to the VPN network. I once installed this Cisco client on Windows 7 back while it was still in beta and it completely crashed my system and I couldn't even boot it anymore after the installation. I know that there probably are solutions to this problem and it also might not exist anymore. But I would like to be careful.

Why di I think that the Information I posted is meant for third party VPN clients?

Because the University Homepage says so. But this information is the piece of support for any other VPN clients than the Cisco one. They officially don't support any third party solution.

What is this thread about?

1. I saw that there is a VPN solution built into Windows 7.

2. I wanted to ask if it is possible to access the VPN of my University with that Windows 7 solution.

I already asked this question to the support of my University but again the only support they give for third party clients is this information:

VPN-Typ: Cisco IPSec mit VPN-Concentrator 3000 / CiscoASA

Gateway: vpn.mobile.unibas.ch

Use Perfect Forward Secrecy: neu: DH2 (alt: off)

Gruppenname: UniBasel-Access

Gruppenpassword f?r Nicht-Cisco-Clients: UniBasel

SA-lifetime: 1h

WINS und DNS erfragen: on

IKE: DH-1024, Gruppe2, 3DES-CBC, MD5 (alt: DH-768, Gruppe1, 3DES-CBC, MD5)

IP-Sec: ESPIP_3DES_SHA (alt: ESPIP_3DES_MD5-96)

I hope I made things a bit more clear: 1. I'm not looking for a third party solution, 2. I'm not looking for a solution to any possible troubles with the Cisco client and 3. I have a solution to access the VPN - not a comfortable one, but it works. All I'm really looking for is a possible way to access the VPN through the native Windows 7 VPN system.

again, thanks a lot for your ideas!

[+BudMan MVC]

And like I said if there was native support for windows 7 to connect to cisco vpn's info on it would be all over the place! ;) Cisco's late support for win7 and 64bit support has been a hot topic for quite some time.. If there was native support in windows 7 it would be huge news and there would be countless guides on how to set it up.

Your options are to use the client already provided - or use a 3rd party, or use a cisco client inside a VM (xp mode for example) if school only supplies an older client, or if your on 64bit.

That being said there is a cisco client that supports windows 7 (32bit) If you school has not provided it - thats on them on them. They are prob just to lazy to download it ;)

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5699/ps2308/product_data_sheet0900aecd801a9de9.html

Features and Benefits

? Support for x86 (32-bit) XP, Vista (including SP1 & SP2), and Windows 7; Linux (Intel); Solaris (UltraSparc 32- and 64-bit); and Mac OS X 10.4 & 10.5.

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5006/release/notes/vpnclient5006.html#wp62415

Changes to Platforms Supported by this Release

VPN Client 5.0.06 features support on Microsoft Windows 7 (32-bit only).

This release does not support Microsoft Windows 2000 and Tablet PC 2004/2005, although it may work with these OSs.

If your not happy with your current method of connecting, I would suggest you urge your school to update the client they provide (if your using 7 32bit) or go with one of the 3rd party clients offered the ncp or shrew client.

[Sn00pY]

Man, is this still going on...

Dude - USE THE CISCO VPN CLIENT.

[Jonathan Bird]

alright, then I will use the Java solution which is recommended by my University for Windows7 and wait until they provide a Cisco client version which works under Windows 7 (at the moment they even warn about problems with Windows Vista so it is an old version of the Cisco client they use).

thanks a lot to all of you for your replies!

[+BudMan MVC]

Question which I don't recall seeing answered - are you using 32 or 64 bit version of win7? If 64, I don't believe there will ever be a cisco client, they are moving toward the SSL based vpn and their anyclient vs ipsec based vpn. This requires new hardware and different licensing - so your school might not go that route for some time.

Your going to see more an more locations move to a SSL based I believe, since ipsec based can have issues for road warriors - depending on your location, restrictions on traffic, Nat, etc. you might not always be able to make a ipsec connection.. Its great for site to site, but as a road warrior solution it has its issues.

If you not happy with the java solution - you could try the shrew client, it is free ;) Works great, if not your out nothing but some time, etc.

Good Luck.

[Jonathan Bird]

Fortunately I have Windows 7 with 32bit.

I wouldn't say that this Java based solution they provide is particularly bad. It is a bit slow, the URL of the pages is not visible which is kind of annoying and it is not very well integrated and feels sort of clumsy ... but it works and it does so with less problems than it would with the client.

[+BudMan MVC]

Well I would ask them to download the latest client then.. Or if you know someone with a contract with cisco, they can download the client for you. Don't you have a buddy with your schools IT?? Good idea always make good with the IT guys ;) hehehe Buy them Beers is a good start.

[Jonathan Bird]

hehe, I don't think they care enough for that ... and I certainly don't think that I do care enough. :)