8.1 and Cisco Anyconnect VPN

[balama]

so is it going to happen with 8.1 or not?
getting tired of waiting my RT has been gathering dust other than business trips
the device is of no use if i can't remote in to my work PC where all my docs are located

I can remote in using our work vpn on pretty much any other device I have except the Surface RT
like my ipad mini, mobile etc etc

close to biting the bullet and giving up and just getting a new 12 hr Mac Air 13" and run it in split OS
which due to its battery life is a better investment than a pro. The new sony ultrathin laptop with its long battery life is also a consideration.

any insight?
is this just another toy/playbook or a true laptop replacement?

still hoping

 

[stmav]

I have used mine on vacation with no problem. I VPN into our network and remote desktop to the servers. It was nice not to have to carry a laptop for the first time in years. I do know there are issues with some VPN accesses. Found the following on PC World

[h=2]Windows 8.1 expands VPN support[/h]Many of us use a Virtual Private Network (VPN) to connect securely to a remote network, such as a corporate office. According to Microsoft, Windows 8.1 will support a wider range of Virtual Private Network (VPN) clients, although details aren’t available yet. Additionally, Windows will allow third-party apps to initiate VPN connections automatically, possibly eliminating the need for you to start the connection manually all the time.

 

[nasellok]

I upgraded to 8.1, but haven't tried to VPN into my office's cisco server yet - I just use Teamviewer..........if your only doing office documents, or just need access to files to email, etc, you could also use Skydrive web page, and the "other pc's" links to access your files - Ive found this to be the easiest way, and why MS hasn't gotten this feature onto the Skydrive application is beyond my paygrade. My thoughts are that you need the Anyconnect app, which has not been released.

 

[inteller]

LazyConnect VPN appliances also support IPsec passthrough which negate the need for the LazyConnect client. This just needs to be enabled by the network administrator. However if your company has LazyConnect chances are your network administrator doesn't know enough about networking to know how to do that.

 

[pbankey]

I feel as a Surface RT user that there are times where I feel this device is too scatter-brained. Sometimes it's just confusing what to make of the tablet. "It's for productivity!" Awesome, except there is no domain support, limited third party VPN, and no *legal* licensing to use Office for commercial use. But why? Why alienate loyal Microsoft supporters that want to buy and tell the world about how awesome the Surface is?

And so people will read the above and say, "that's what the Pro is for." The Pro is as robust as an ultrabook, but with the battery and price it misses the mark as to why the RT is the almost-perfect device to take to meetings.

I just don't get it. There is a limbo between the RT and Pro world with very real demand and opportunity and and I hope Microsoft steps up to the challenge and makes it happen.

 

[inteller]

the license terms grant you commercial office access if you have a 365 account so I'm covered there. Honestly never had a need for AD integration as I am disconnected from the domain anyways. Domains are being obscured by cloud services anyways which are federated on the back end for authentication which is all you really need.


The problem with IT shops is they are stuck in a rut with reading off of spec sheets and if it doesn't do that thing EXACTLY they write it off. Surface does a bunch of that stuff, just differently

 

[loribinca]

https://www.facebook.com/anyconnect/posts/415635408508438

We are able to confirm that the built-in L2TP/IPsec client on the Surface can be used in conjunction with an ASA that is appropriately configured for this support. This testing was performed in conjunction with ASA 8.4.5 & 9.0.1 We are in the process of updating our compatibility chart, but this will function today IF the ASA is appropriately configured for this support. We are not able to support AnyConnect on Windows RT at this time as the OS does not provide APIs to allow us to do so.




Good luck with asking your IT firewall guys to create custom methods of access for you. I've never been able to get them to do this at any place I've ever worked.

I honestly don't know what MS is thinking behind RT is. Is it for home users/students only?. The more I use it, the more I think so. It's like they *really* want you to go with the Pro for anything corporate, but you're spending twice the money and getting half the battery life.

 

[inteller]

it is not that big of a deal and if your network security guys won't enable it they are basically showing their ignorance since the IPsec passthrough uses the same authentication methods and is just as secure as LazyConnect. There is nothing "custom" about it. In fact, LazyConnect is just an Easy Button layer put on top of what should just be a nice simple and seamless IPsec connection.

 

[loribinca]

I feel as a Surface RT user that there are times where I feel this device is too scatter-brained. Sometimes it's just confusing what to make of the tablet. "It's for productivity!" Awesome, except there is no domain support, limited third party VPN, and no *legal* licensing to use Office for commercial use. But why? Why alienate loyal Microsoft supporters that want to buy and tell the world about how awesome the Surface is?

And so people will read the above and say, "that's what the Pro is for." The Pro is as robust as an ultrabook, but with the battery and price it misses the mark as to why the RT is the almost-perfect device to take to meetings.

I just don't get it. There is a limbo between the RT and Pro world with very real demand and opportunity and and I hope Microsoft steps up to the challenge and makes it happen.

My thoughts exactly .. I'm with Chris Pirillo on this. Instead of mucking about with RT and adding unnecessary confusion they should have just made it run WP8, then for people who wanted to actually do stuff, use the Pro

 

[loribinca]

it is not that big of a deal and if your network security guys won't enable it they are basically showing their ignorance since the IPsec passthrough uses the same authentication methods and is just as secure as LazyConnect. There is nothing "custom" about it. In fact, LazyConnect is just an Easy Button layer put on top of what should just be a nice simple and seamless IPsec connection.

Every firewall guy I've met is so paranoid about getting hacked, it's a wonder they even allow any external access into the network !!

 

[inteller]

I've noticed most orgs put rather ignorant tin foil types in their network security roles cause I guess they equate ignorant paranoia to security.

 

[balama]

so why can i vpn in over cisco anyconnect using my ipad mini
seems pretty absurd, that the most non MS Windows/Office centric device has been doing it since day one.

other than the built in 4G/LTE connectivity which gives me access anywhere, I'd choose to carry my Surface around everywhere if i could just remote into my work desk like i can do with an ipad/android tablet.
We are prohibited from loading and software to our desktops, our usb ports are disabled and web surfing restricted to only company controlled sites. There's no way i install a client like teamviewer on to a work device. Our NetSec folks don't want to support customized BYOD settings for every user and manage that inventory when ever they make updates. They will soon eliminate Webmail access and restrict access via VPN to any work data/email info. We just got off XP at work as well and are no where near win8 anyrime soon.

its too bad, as i likes the form factor and physical design of my surface just not the innards.
i guess perhaps its time to move on to a real device like these new haswell and beyond ultrabooks
for the Pro is a waste of time with its battery life and weight
Any portable/remote computing device that requires a battery recharge over the course of a normal 8-10 hr work day is useless as a mobile computing device including most of these smart phones.

people are lemmings going around with their cords fighting over outlets and free wifi to use their equipment,
I blame the whole iphone/ipad marketing campaigns for all that.

 

[inteller]

sounds like you are with a company that will soon enter the history books. No one runs IT like that anymore and survives.

 

[mikemos]

If what you are saying is true, please post your config to get WP/RT to connect to a Cisco firewall via VPN.

This is a power play by Microsoft, and a bad one at that. Then again, the only reason you can connect with your iThing is because Apple stole the iOS name, and has to carry the ability to connect via IPSec.

 

[loribinca]

taken from the following release notes Release Notes for Cisco AnyConnect Secure Mobility Client, Release 3.1 - Cisco Systems


AnyConnect Support for Windows 8

AnyConnect support for Windows 8 32-bit and Windows 8 64-bit operating systems was added in 3.0.11042 and later versions (for 3.0.x versions) and 3.1.02026 and later (for 3.1.x versions), with the following limitations.
Requirements
ASDM version 7.02 or higher
Limitations to AnyConnect Support for Windows 8
•

AnyConnect is not supported on Windows RT. There are no APIs provided in the operating system to provide this functionality. Cisco has an open request with Microsoft on this topic. Customers who want this functionality should contact Microsoft to express their interest.




Apparently there is a way to do it, but you need a special setup on the firewall -- i guess you could ask your firewall guy to make an exception to you - Even if MS does open up the API's Cisco needs? will Cisco spend the $$s to make the client? does the user base of RT justify it? at the moment I don't think it does

 

[DanglingPointer]

Extracted from Windows 8 RT VPN:

Working with Microsoft and third-party VPN servers


Windows RT devices come with an in-box VPN client implementation that is fully compatible with Microsoft Routing and Remote Access Server (RRAS) and supports both IPSec and SSL-based VPN access. The supported VPN protocols include PPTP, L2TP/IPsec, IKEv2 and SSTP.


Third-party VPN solutions from major networking vendors like Cisco and Juniper are in widespread use by enterprises. But Windows RT – unlike x86-based Windows 8 - does not support the installation of native VPN client applications from these vendors. Thus, the only way to connect to third-party VPN servers is by using the in-box VPN client. This client – as noted above – is capable of connecting using standard PPTP and L2TP/IPSec protocols – which are widely supported - and the newer IKEv2 protocol. SSL-based VPN connectivity to third-party servers, however, is not possible using the in-box VPN client since SSL VPN implementations are proprietary and distinct to each vendor. Network administrators must therefore configure their third-party VPN servers to allow connections using one of the supported standard protocols.

 

[inteller]

reading the full article shows that VPN capability for RT is actually very robust and that these third party proprietary solutions like LazyConnect are really the problem.