Cisco Anyconnect: does it support Start Before Login on Vista?

DrStalker
DrStalker used Ask the Experts™
on

We have a Cisco ASA 5505 running version 7.2.  The current config includes both a site-to-site VPN (ipsec-l2l) and a remote access VPN where users connect using the Cisco VPN client 5.0.06 (ipsec-ra).

Because the cisco VPN client lacks support for Windows 7, 64 bit OSes and SBL on Vista we need to upgrade to the AnyConnect client, which means the ASA needs to be upgraded to version 8.X.

I have two questions about this upgrade (being asked separately on Experts Exchange)


2) Does Anyconnect support Start Before Login on Windows Vista 32bit?  There is conflicting information on the Cisco site:


http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect20/administrative/guide/admin1.html#wp1008856

The Windows Vista version of AnyConnect (32- and 64-bit) supports everything that the Windows 2000 and Windows XP versions support, with the exception of Start Before Logon.


http://www.cisco.biz/en/US/products/ps6120/products_configuration_example09186a00809f0d75.shtml


Differences Between Windows-Vista and Pre-Vista Start Before Logon

The procedures to enable SBL differ slightly on Windows Vista systems. Pre-Vista systems use a component called virtual private network graphical identification and authentication (VPNGINA) to implement SBL. Vista systems use a component called PLAP to implement SBL.

In the AnyConnect client, the Windows Vista Start Before Logon feature is known as the Pre-Login Access Provider (PLAP), which is a connectable credential provider. This feature lets network administrators perform specific tasks, such as the collection of credentials or connection to network resources, prior to login. PLAP provides Start Before Logon functions on Windows Vista and the Windows 2008 server. PLAP supports 32-bit and 64-bit versions of the operating system with vpnplap.dll and vpnplap64.dll, respectively. The PLAP function supports Windows Vista x86 and x64 versions.


Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
The first doc is for "anyconnect20" (2.0), older docs.

Look instead at
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect22/administration/guide/22admin4.html#wp1006226

PLAP support has been added in current Anyconnect versions.

Author

Commented:
Thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial