Posted by: Raj Perumal
Hi folks! For those of you that rely on Cisco for VPN access, you’ll be happy to hear that there is a supported Windows 8 client now. I installed it myself and verified that it does indeed work.
The Cisco AnyConnect VPN client no longer needs a workaround to work with Windows 8 as it did before. A quick check of the Cisco AnyConnect release notes revealed the following:
AnyConnect 3.0.10055 and later versions (including the latest version of AnyConnect, version 3.1.01065), function on Windows 8 32-bit and Windows 8 64-bit operating systems, though there are some limitations.
Limitations to AnyConnect Support for Windows 8
•AnyConnect is not supported on Windows RT. There are no APIs provided in the operating system to provide this functionality. Cisco has an open request with Microsoft on this topic. Customers who want this functionality should contact Microsoft to express their interest.
•Other third party product’s incompatibility with Windows 8 prevent AnyConnect from establishing a VPN connection over wireless networks. Here are two examples of this problem:
–WinPcap service “Remote Packet Capture Protocol v.0 (experimental)” distributed with Wireshark does not support Windows 8.
To workaround this problem, uninstall Wireshark or disable the WinPcap service, reboot your Windows 8 computer, and attempt the AnyConnect connection again.
–Outdated wireless cards or wireless card drivers that do not support Windows 8 prevent AnyConnect from establishing a VPN connection.
To workaround this problem, make sure you have the latest wireless network cards or drivers that support Windows 8 installed on your Windows 8 computer.
•AnyConnect is not integrated with the new UI framework, written in the Metro design language, that is deployed on Windows 8; however, AnyConnect does run on Windows 8 in desktop mode.
•AnyConnect 3.1.01065 and AnyConnect 3.0.10055, and later AnyConnect 3.0 releases, provide “toast notifications.”
•You will not be able to write a Host Scan prelogin policy that tests for Windows 8 on the endpoint.
•You will not be able to write a dynamic access policy that tests for Windows 8 on the endpoint.
•For Network Access Manager, machine authentication using machine password will not work on Windows 8 / Server 2012 unless a registry fix described in Microsoft KB 2743127 (http://support.microsoft.com/kb/2743127) is applied to the client desktop. This fix includes adding a DWORD value LsaAllowReturningUnencryptedSecrets to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa registry key and setting this value to 1. This change permits Local Security Authority (LSA) to provide clients like Cisco Network Access Manager with the Machine password. It is related to the increased default security settings in Windows 8 / Server 2012. Machine authentication using Machine certificate does not require this change and will work the same as it worked with pre-Windows 8 operating systems.