Cisco ASA 5510 require IPSEC clients to have XP firewall turned on

Posted on 2009-02-12
Last Modified: 2012-05-06
Hello All,

Due to "PCI" requirements, we are required to check whether clients have a firewall installed/enabled and if not force them to install or turn it on.  Some employees use their personal home PC's to VPN to our network.  For our employees we would like to make certain that the machines they are using to VPN in with have the Windows XP firewall turned on.

I know that with the Cisco ASA device we can force the specific Group Policy to check for a specific type of firewall installed on the client.  I also know that the XP firewall doesn't always play nicely with the Cisco VPN, we will deal with that ourselves.  

There are several firewalls selectable from the "Firewall Type" section when enabling the firewall requirement on the GP on the ASA, XP firewall is not one of them and at the moment we are not prepared to support any other third party firewalls, even if they are free.  So we would like to select "custom firewall" and add the XP firewall as the firewall type.  In order to do so, you have to select the "Vendor ID" and "Product ID" which I have bene unable to find after several days of searching.  Does anyone now the Vendor and Product ID's for the XP firewall and has anyone gotten this to work?

Any help is greatly appreciated.

Question by:genoint
    LVL 79

    Expert Comment

    Are you using the Advanced Endpoint Protection license add-on with Secure Desktop ?
    LVL 79

    Expert Comment


    Author Comment

    Unfortunately no, we aren't using AEP qith secure desktop.  We arent using secure desktop at all.  We are trying to keep it as simple as possible.  As I indicated in the first post, there is a setting with the Group Policy to check for a firewall and you should be abel to add the XP Firewall as a custom firewall, I just don't know the Vendor and Product ID's.  I am going to open a ticket with Cisco today, if I find a fix I will post it here.

    Accepted Solution

    I think I found the answer, apparently the "Custom Firewall" entry is for future release only, it isnt presently being used.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    I wrote an article ( some time ago with a reference to nLite  ( software.  I recently changed that link to point to NTLite (https://www.ntl…
    If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now