Incompatibility with Microsoft's Internet Explorer 8 means one of the ASA's SSL VPN options won't work until then, leaving a second option that only supports applications with Web interfaces or those that can be readily made Web compliant. Businesses that want to use an ASA option called Smart Tunnels with IE8 are out of luck. Smart Tunnels require Java or Active X downloads to the browser in order to create the VPN connection -- all without requiring administrative privileges on the remote machine. The advantage of these connections is they support TCP-based applications and give administrators power to restrict those applications that have access to internal resources.
Cisco says customers that need to use IE8 and the ASA Smart Tunnels feature can sign up for a beta version of the next release of ASA software. An internal Cisco e-mail says that using the beta "may or may not help."
One business ran afoul of the IE8 incompatibility recently when employees who received new PCs equipped with IE8 as holiday gifts started using them to access the VPN. They reported they could not access the ASA at all, says the user who cannot be identified because he spoke without permission from his employer. They clicked on the desktop icon for the VPN portal and received a notice that the page cannot be displayed.
"It works once in a blue moon, more often than not it doesn't work," he says.
Cisco says it tries to time its major software updates with the updates of major browsers and operating systems. In this case the IE8 release came well before Cisco's next major scheduled version release. The company says in the future it will arrange for such upgrades in maintenance releases if changes are necessary.
This story, "Cisco ASA users can't use SSL VPNs with IE 8" was originally published by Network World.