Cisco haven’t released a 64-bit VPN client, and are very unlikely to do so. They are forcing people to move away from IPSEC, and in all their wisdom, will only support 64-bit machines using the Anyconnect client, which a) doesn’t support IPSEC and b) has an implied cost per licence. In essence, they feel they can force companies to invest in new hardware if more and more people get 64-bit client machines. Cisco gave in. the Cisco VPN Client Version 5.0.07 now supports Windows 7 64-bit.
The remainder here is a guide to networking through the Virtual XP Mode in Windows 7, which some may find useful, therefore I will keep it here as a guide.
haven’t hadn’t considered those who use Windows Vista and Windows 7 64-bit, but have no way to force the companies that they work with to upgrade their hardware (and pay out lots of money to do so). Hence, many people have been were left stranded and have resorted to third parties such as NCP and Shrew who offer paid and free VPN clients for 64-bit machines.
Today, I have finally figured out a work around that still uses the Cisco VPN Client (v5) and no extra third party software. I thought I would share the technique.
The trick is to use Windows XP Mode which is a feature that is limited to Ultimate, Professional and Premium versions of Windows 7. You still have to download the feature from Microsoft, but after installing you’ll have a virtual Windows XP installation running under Windows 7. Your machine also needs to support Virtualisation Technology. Microsoft offers a tool to check this support is available. You may need to flick the switch in your BIOS to enable it (I had to do this on my Dell Precision as it was disabled by default).
First some terminology that will help. I will refer to the HOST as the machine that is hosting the virtual system (in my case this is Windows 7 Ultimate). The GUEST is the Windows XP Mode installation.
Once you have downloaded Windows XP Mode from Microsoft and followed the installation instructions, you must then install the second download (see Microsoft download page). At the end of this process, the new Windows XP Mode virtual machine should start up. The next steps are to install some anti-virus software and install the Cisco VPN client in the guest virtual machine. Copy across any Cisco VPN profile (.pcf) files you might need. Your HOST’s disk partitions should automatically be shared to allow you to copy files between the HOST and the GUEST.
Now comes a little configuration. Our aim is to share the active VPN connection on the GUEST with the HOST. The routing will be doing a little loop through the GUEST, then tunneled through the GUEST VPN (then virtually back through the HOST and out via your router to the internet via that VPN).
Make sure you can access the internet on the GUEST and then try a VPN connection using the Cisco VPN client. If that all works, disable the windows firewall (Control Panel -> Windows Firewall)on the GUEST and continue onto the next step.
Shut down the GUEST. Open up Windows Virtual PC – Manage virtual machines from the start menu. Undert he Settings for that machine, switch the Networking -> Adapter 1 to your network card rather than Shared Networking (NAT) or Internal Network. N.B. NAT might still work, but I haven’t tested it.
Now we need to share the GUEST VPN connection. We will enable Internet Connection Sharing on the VPN Connection in the GUEST. Go to Control Panel -> Network Connections (switch to Classic View if you can’t see that) and you will most likely see Local Area Connection 2, Cisco Systems VPN Adapter. Feel free to rename to connection to Cisco VPN Connection. Right click on the connection and click Properties. Click on the Advanced tab and make sure that the Allow other network users to connect through this computer’s internet connection is ticked, as well as the other checkbox below it (not essential). You will receive a long worded warning. Click to continue and accept the change. The warning is simply that Internet Connection Sharing (ICS) will alter your IP Address to the default of 192.168.0.1, which we will be changing in a minute anyway.
Now we need to setup some static IP addresses on both the GUEST and HOST. Usually your router will be giving out IP addresses using DHCP, but we don’t want that because we need to add a static route in a minute. If you can exclude a portion of your network IP range to static addressing. Most modern routers allow you to set the DHCP address range. I often exclude the first 50 IP addresses to be safe.
Now select the GUESTs main connection Local Area Connection and right click and select Properties. Scroll down on the items and select Internet Protocol (TCP/IP). Click on the Properties button. You need to know the values to put in here. The easiest way to do this is to find out the IP address you have now on the HOST. The easiest way to do this is to open a command window (Start -> Search Programs -> Type “cmd.exe” and click to select the program). Type at the command prompt “ipconfig /all“. You’ll see your current IP address, gateway and DNS settings. You’ll need all of these, so make a note of them.
Switch back to the GUEST and enter in the IP address you want. e.g. 192.168.1.31, the network mask of 255.255.255.0 and the gateway IP address you just wrote down. Try the internet connection and VPN again. They should still work. Your GUEST is now ready to share its VPN connection.
Now we need the HOST to know to route through the GUEST for the VPN connection. To do this, we will setup another static IP address for the HOST. Follow the same process as on the GUEST to set the IP address. E.g. 192.168.1.30. Note that in Windows 7, you’ll find the Network connections in a slightly different place. You’ll need Control Panel -> (View By -> Small Icons) -> Network and Sharing Centre (oooh) -> Change Adapter Settings (left hand side) and right click on Local Area Connection. Scroll down the items to Internet Protocol version 4 (TCP/IPv4) and select it, then click Properties. The resulting dialog box is more or less the same as Windows XP.
Now lets check we can ping the GUEST from the HOST. They should now both be on the same subnet. With the command window that is still open on the HOST, type “ping 192.168.1.31“ (or your GUEST IP address). If you have Windows Firewall enabled on the GUEST, this WON’T work!
Now, we need to add the route. We want to add a persistent route from your HOST through your GUEST, for those routes that the VPN connections support. Usually, these routes fall under certain restricted ranges (the 192.168 range is one of these). If your VPN IP address range is a 192.168 range, then you’ll need some extra tweaking). usually the ranges will be in the 10.0.x.x or 172.30.x.x ranges. Mine falls under the 172.30.x.x range.
Using the already open command window I enter the following to add my static (persistent -p) route:
route -p add 172.30.1.0 mask 255.255.255.0 192.168.1.6 1
It should say OK! Then you can use route print to see the new route in the routing table. If you screwed up and need to delete the route, type route delete 172.30.1.0 (i.e. your target range).
On the GUEST machine, with the VPN connected, ping one of the machines connected to the VPN, i.e. ping myserver. Notice the IP address to which this corresponds to. Move over to the HOST and ping that IP address (you can’t ping it by name, because the DNS requests aren’t going via the VPN). If you can see a response from the server, you are now accessing your VPN connection via the HOST. Congratulations, the hardest part is now over.
To make it easier to connect, Microsoft has built in some cool, application shortcuts into Windows XP Mode. On the HOST follow All Programs -> Windows Virtual PC -> Windows XP Mode Applications -> Cisco Systems VPN Client -> VPN Client (Windows XP Mode). right click on that last application and Pin to Start Menu. You’ll now have a VPN Client (Windows XP Mode) in your start menu.
Close down the guest (full shutdown). Now double click the start menu item, and you’ll see the usual Cisco VPN client, running virtually, but transparently in Windows 7!