Educause Security Discussion mailing list archives
Re: Slow Cisco Vpn performance!
From: "Brock, Anthony - NET" <Anthony.Brock () OREGONSTATE EDU>
Date: Thu, 27 Sep 2007 16:26:30 -0700
We've encountered significant and varied issues with the last of the 4.8 and earlier 5.x clients. Fortunately, most of our clients have been fairly stable when using version 5.0.01.0600. However, we haven't had similar reports concerning speed. Are you using the old VPN 3K or the ASA as your concentrator? Tony Anthony Brock Senior Network Security Engineer Oregon State University - Network Engineering http://oregonstate.edu/net/security/ ________________________________ From: Michael Sana [mailto:msana () HPU EDU] Sent: Wednesday, September 26, 2007 12:28 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Slow Cisco Vpn performance! Aloha Christian, Although we are not experiencing that problem, you may want to consider upgrading your Cisco VPN client to version 5. Cisco recently released a security advisory regarding local privilege escalation vulnerabilities in older versions. Although in your situation the users actually own the machines (and probably have local admin rights), you may have some users with university owned equipment that don't have privileged access. We took things a step further by setting our configuration to only allow access with the newest designated VPN client to prevent users with older versions from logging in. Here is a summary of the advisory: Summary Two vulnerabilities exist in the Cisco VPN Client for Microsoft Windows that may allow unprivileged users to elevate their privileges to those of the LocalSystem account. A workaround exists for one of the two vulnerabilities disclosed in this advisory. Cisco has made free software available to address these vulnerabilities for affected customers. The actual advisory can be found here: http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml#summary Hope this helps... mike.sana. From: Christian Hroux [mailto:Christian.Heroux () ETSMTL CA] Sent: Wednesday, September 26, 2007 7:46 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Slow Cisco Vpn performance! Hello ! We use Cisco VPN concentrator and most employees use the vpn with their own pc at home. This might be a security risk and also a situation much harder to support but we mitigate de risk by limiting the vpn access to some port and inspecting traffic with IPS. Some users have reported very slow performance only when using university resources through the VPN. All the test point out to the cisco vpn client 4.8 we use on windows XP. The only way to improve speed was to optimize windows XP TCP/IP stack with http://www.speedguide.net/files/TCPOptimizer.exe in the user`s pc. This doesn`t seem to be MTU related issue since we varied this parameter during test with the user who was having problem. Let me know off line if you had that kind of complaint from user. Christian Héroux Bacc Ing. ÉTS, M. Ing. Poly, étudiant MBA HEC, Ing jr. Analyste de l'informatique (Sécurité réseau & Télécom) Section systèmes, infrastructures et télécommunications École de Technologie Supérieure 1100 rue Notre-Dame ouest Montréal, Québec H3C 1K3 Tél : 396-8800 (7863) "Network design is 50 percent technology, 50 percent diplomacy, 50 percent magic" No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.488 / Virus Database: 269.13.31/1031 - Release Date: 9/26/2007 12:12 PM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.488 / Virus Database: 269.13.31/1031 - Release Date: 9/26/2007 12:12 PM
Current thread:
- Slow Cisco Vpn performance! Christian Hroux (Sep 26)
- <Possible follow-ups>
- Re: Slow Cisco Vpn performance! Jay Tumas (Sep 26)
- Re: Slow Cisco Vpn performance! Michael Sana (Sep 26)
- Re: Slow Cisco Vpn performance! Brock, Anthony - NET (Sep 27)