Cisco VPN and Windows XP/Vista/7 64bit

December 13th, 2009 Category: General

If you are using the Cisco CPN Client software together with a Cisco PIX 500 Series Security Appliances you will run into trouble when you upgrade your 32bit Windows installation to a 64bit version since the Cisco CPN Client is only supported for 32bit Windows versions.

Ciscos AnyConnect VPN Client will support 64bit versions but it will not work together Cisco PIX 500 Series. Furthermore the 500 Series has reached it’s end of life date.

Searching the solution for a different solution I first came across the Shrew Soft VPN Client. It’s a free software and should be able to import Ciscos .PCF configuration files. But my .PCF file could not be imported and the client did not tell the exact problem.

After some further research I found the NCP Secure Entry Client. It’s available for Windows 7, Windows Vista and Windows XP for 32 and 64bit. I’ve tried the evaluation version and it imported my .PCF file without any issues and also the VPN connection was immediately established. The price is about 80 EUR for a single user license.

I guess the Shrew Software VPN Client will also work together with the Cisco PIX but I did not make any further tries.

One restriction of the NCP Secure Entry Client is the missing possibility of tunneling IPSec over TCP (transparent tunneling). In certain firewall environments this may be needed. UDP Encapsulation seems to be supported but in my tests I could not get a connection. For more information refer to the knowledgebase of the NCP Secure Entry Client.

According to Cisco(Cisco VPN Client FAQ) there are no plans to provide 64-bit support for the Cisco CPN Client so the only option to get a VPN connection to your PIX is one of the mentioned third party clients mentioned above.

Another possibility is to install the Cisco CPN Client in a virtual machine but for my use case this is not a suitable possibility.

The world is not yet completely ready for 64bit – always keep that in mind