Vista, Cisco VPN Client 5.0.01.0600 "Failed to enable Virtual Adapter"

Similar Messages

• 64bit vpn client issue /error :reason -442:failed to enable virtual adapter.

  Hi All of you ,
  I m using vpn client for windows64bit  -  file name - vpnclient-winx64-msi-5.0.07.0290-k9.exe and installing it on windows 2003 server .
  But while connecting via vpn client to f/w , Virtual Adapter is taking the ip address but not connecting .getting error message on screen -
  reason -442:failed to enable virtual adapter.
  Is it possible some configuration or image issue from ASA as its first time we are trying to use 64bit OS , vpn client for 32bit OS working fine .
  Below are the logs from vpn clinet when i tried to connect to ASA5520 . Version 7.0(8) -
  Cisco Systems VPN Client Version 5.0.07.0290
  Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
  Client Type(s): Windows, WinNT
  Running on: 5.2.3790 Service Pack 2
  Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
  1      15:38:03.921  01/27/11  Sev=Info/4 CM/0x63100002
  Begin connection process
  2      15:38:03.937  01/27/11  Sev=Info/4 CM/0x63100004
  Establish secure connection
  3      15:38:03.937  01/27/11  Sev=Info/4 CM/0x63100024
  Attempt connection with server "203.199.30.190"
  4      15:38:04.125  01/27/11  Sev=Info/4 CM/0x6310000E
  Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
  5      15:38:04.140  01/27/11  Sev=Info/4 CM/0x63100015
  Launch xAuth application
  6      15:38:09.515  01/27/11  Sev=Info/4 CM/0x63100017
  xAuth application returned
  7      15:38:09.515  01/27/11  Sev=Info/4 CM/0x6310000E
  Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
  8      15:38:10.562  01/27/11  Sev=Info/4 CM/0x63100019
  Mode Config data received
  9      15:38:10.781  01/27/11  Sev=Warning/2 CVPND/0xE340002C
  Unable to enable the 64-bit VA after timeout
  10     15:38:10.781  01/27/11  Sev=Warning/3 CVPND/0xE3400029
  The Client failed to enable the Virtual Adapter on 64-bit Windows
  11     15:38:10.781  01/27/11  Sev=Warning/2 CM/0xE310000A
  The virtual adapter failed to enable
  12     15:38:10.781  01/27/11  Sev=Info/6 CM/0x6310003A
  Unable to restore route changes from file.
  13     15:38:10.781  01/27/11  Sev=Info/6 CM/0x63100037
  The routing table was returned to original state prior to Virtual Adapter
  14     15:38:10.859  01/27/11  Sev=Info/4 CM/0x63100035
  The Virtual Adapter was disabled
  15     15:38:10.859  01/27/11  Sev=Warning/2 IKE/0xE300009B
  Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
  16     15:38:10.859  01/27/11  Sev=Warning/2 IKE/0xE30000A7
  Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263)
  17     15:38:11.546  01/27/11  Sev=Info/4 CM/0x63100012
  Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
  18     15:38:11.546  01/27/11  Sev=Info/5 CM/0x63100025
  Initializing CVPNDrv
  19     15:38:11.578  01/27/11  Sev=Info/6 CM/0x63100046
  Set tunnel established flag in registry to 0.
  20     15:38:40.953  01/27/11  Sev=Info/4 CM/0x63100002
  Begin connection process
  21     15:38:40.953  01/27/11  Sev=Warning/2 CVPND/0xA3400019
  Error binding socket: -21. (DRVIFACE:1234)
  22     15:38:40.968  01/27/11  Sev=Info/4 CM/0x63100004
  Establish secure connection
  23     15:38:40.968  01/27/11  Sev=Info/4 CM/0x63100024
  Attempt connection with server "203.199.30.190"
  24     15:38:41.156  01/27/11  Sev=Info/4 CM/0x6310000E
  Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
  25     15:38:41.171  01/27/11  Sev=Info/4 CM/0x63100015
  Launch xAuth application
  26     15:39:08.031  01/27/11  Sev=Info/4 CM/0x63100017
  xAuth application returned
  27     15:39:08.046  01/27/11  Sev=Info/4 CM/0x6310000E
  Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
  28     15:39:09.093  01/27/11  Sev=Info/4 CM/0x63100019
  Mode Config data received
  29     15:39:09.312  01/27/11  Sev=Warning/2 CVPND/0xE340002C
  Unable to disable the 64-bit VA after timeout
  30     15:39:09.312  01/27/11  Sev=Warning/3 CVPND/0xE340002A
  The Client failed to disable the Virtual Adapter on 64-bit Windows
  31     15:39:19.937  01/27/11  Sev=Warning/3 CVPND/0xA340000D
  The virtual adapter was not recognized by the operating system.
  32     15:39:19.937  01/27/11  Sev=Warning/2 CM/0xE310000A
  The virtual adapter failed to enable
  33     15:39:19.937  01/27/11  Sev=Info/6 CM/0x6310003A
  Unable to restore route changes from file.
  34     15:39:19.937  01/27/11  Sev=Info/6 CM/0x63100037
  The routing table was returned to original state prior to Virtual Adapter
  35     15:39:20.109  01/27/11  Sev=Warning/2 CVPND/0xE340002C
  Unable to disable the 64-bit VA after timeout
  36     15:39:20.109  01/27/11  Sev=Warning/3 CVPND/0xE340002A
  The Client failed to disable the Virtual Adapter on 64-bit Windows
  37     15:39:20.281  01/27/11  Sev=Warning/2 CVPND/0xE340002C
  Unable to disable the 64-bit VA after timeout
  38     15:39:20.281  01/27/11  Sev=Warning/3 CVPND/0xE340002A
  The Client failed to disable the Virtual Adapter on 64-bit Windows
  39     15:39:20.578  01/27/11  Sev=Warning/2 CVPND/0xE340002C
  Unable to disable the 64-bit VA after timeout
  40     15:39:20.578  01/27/11  Sev=Warning/3 CVPND/0xE340002A
  The Client failed to disable the Virtual Adapter on 64-bit Windows
  41     15:39:20.953  01/27/11  Sev=Warning/2 CVPND/0xE340002C
  Unable to disable the 64-bit VA after timeout
  42     15:39:20.953  01/27/11  Sev=Warning/3 CVPND/0xE340002A
  The Client failed to disable the Virtual Adapter on 64-bit Windows
  43     15:39:21.437  01/27/11  Sev=Info/4 CM/0x63100035
  The Virtual Adapter was disabled
  44     15:39:21.437  01/27/11  Sev=Warning/2 IKE/0xE300009B
  Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
  45     15:39:21.437  01/27/11  Sev=Warning/2 IKE/0xE30000A7
  Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263)
  46     15:39:22.046  01/27/11  Sev=Info/4 CM/0x63100012
  Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
  47     15:39:22.046  01/27/11  Sev=Info/5 CM/0x63100025
  Initializing CVPNDrv
  48     15:39:22.062  01/27/11  Sev=Info/6 CM/0x63100046
  Set tunnel established flag in registry to 0.
  release notes for vpn client 64bit  -
  http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537

  Hi Anisha ,
  Exact version of OS is "Microsoft Windows Server 2003 x64"  .
  I need supported cisco vpn client for this OS .
  =========
  Thanx 4 reply .
  Raj

• Cisco VPN Client 5.0.07.0440 Fails Installation on Win7 64

  Dears,
  I went to istall the Cisco VPN Client SW. I used  "vpnclient-winx64-msi-5.0.07.0440-k9" installator. But the installation  on my laptoop finished with the Error 1722.
  Here is fagment from the log  file:
  MSI (s) (74:B0) [12:07:23:006]: Product: Cisco Systems VPN Client  5.0.07.0440 -- Error 1722. There is a problem with this Windows  Installer package. A program run as part of the setup did not finish as  expected. Contact your support personnel or package vendor.  Action  CsCaExe_VAInstall, location: C:\Program Files (x86)\Cisco Systems\VPN  Client\VAInst64.exe, command: nopopup i "C:\Program Files (x86)\Cisco  Systems\VPN Client\Setup\CVirtA64.inf CS_VirtA
  I use the Windows 7 Home Premium 64bit on my laptop, the UAC is switched OFF  and the antivir SW is uninstalled and my account has administrators rights.
  I looked for it on the net but I did  not found satisfactory solution.
  Please do knows somebody how can I solve this issue??
  Thanks  Milan

  Hello Paul,
  This seems to be a known issue:
  Client cvpnd.exe errors on bootup if certain vendor's firewall installed.
  However, just to try further options, what if you try this?
  Restart VPN Client Service if You Install VPN Client before Zone Alarm
  Also check: Check Point Integrity Firewall Incompatibility, found in the link above.
  From the Zone Alarm FW, make sure you have the following advanced firewall options enabled:
  Allow VPN protocols
  Allow uncommon protocols at high security
  Enable IPv6 networking
  HTH
  Portu.

• Cisco VPN Client after Windows Vista Update (KB941229)

  I had the Cisco VPN client 5 installed on my laptop and configured by the IT department at work. It was working fine all day until I restarted and KB941229 was automatically installed. When it turned back on the Cisco VPN service (CVPND) would attempt to run then stop. If I started it manually it would run for about a minute then stop again. Without the service running the VPN client won't open, let alone let me connect.
  I know this vista update is fairly recent so I'm not sure there will be a fix but maybe somebody can think of a workaround or some way to fix this situation.
  Things I've tried:
  1) Uninstalling the windows update
  2) restarting
  3) restarting (in denial that this was happening)
  4) configuring a vista VPN connection to attempt to connect to the company VPN (this failed too)
  Uninstalling the update caused me to be unable to ping for some reason. This meant the VPN client would run but be unable to connect to the server and yet I was entirely able to access the internet locally. I reinstalled the update assuming maybe the installation went badly but that caused the same problem with the VPN service stopping itself (or being stopped) after a minute.

  Hello
  my issue has been resolved.
  there is a service called Base Filtering Services running in background for Vista and has to disabled to make IP Sec VPN Client working.
  after doing so it works smoothly.
  - Dhaval Tandel

• Cisco VPN Client Blue Screen Windows Vista

  I am using Cisco Client IPSec VPN version 5.0.07.0410. Installed on a Windows Vista operating system. Blue screen in Windows occurs after I have entered userid and password. Can anyone shed any light on this? I know that Cisco operates fine with XP and Windows 7 but has had issues with Vista?
  Thank you
  Carlos                  

  Andrew,
               Thank you. As soon as we upgraded Vista to SP2, it worked. The issue was with the OS not having the proper updates to interact with the Cisco VPN client.
  Appreciate all the support.
  Carlos

• Installing VPN Client 5.0.01.0600 on Vista

  Hi There,
  I'm having some problems with the VPN client 5.0.01.0600 for Windows Vista.
  I've installed the client but when trying to connect I receive the following error;
  "Reason 421: The remote peer is not responding"
  This to me would suggest an issue with our 2600 series router however ive tried connecting to it using two other laptops running Windows XP (from the same internet connection) and theyve connected fine with no issues.
  Ive attached my logs from when I try to connect.
  Any ideas would be much appreciated!

  Hi Magnus
  Uninstall VPN client. Restart the PC
  Donwload and run the following software, then restart the PC
  http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
  Reinstall VPN client
  Regards

• Cisco VPN client install fails with Error 1722 on Windows 7

  Hi,
  I am having issues with laptops upgraded from Vista to Windows 7.
  Prior to the upgrade they are running Cisco VPN Client 5.0.05.0290.  These laptops also have Juniper Network Connect 6.5 and Citrix web client installed.  The windows upgrade advisor made no recommendations regarding uninstalling / reinstalling these apps.
  I have done an inplace upgade to Windows 7 (Windows Vista Enterprise 32bit to Windows 7 Enterprise 32 bit) and after the install the Cisco client is not working.  Uninstalled the client (the uninstall was successful) then reinstalled and the installation fails at Installing Cisco Systems Virtual Adapter - error 1722 there was a problem with the windows installer package.
  I have followed the steps for a manual uninstall of the Cisco client and then tried the install again - still not successful.  Interestingly (or not) the Juniper Network Connect also fails with the error The Network Connect Virtual adapter driver is not installed properly.  This also fails to reinstall after being removed.
  I tried removing the VPN clients on another laptop and then running the upgrade but the same errors occured when reinstalling the VPN Client.  I have tried the Winfix and DNE patch from Citrix but these fail saying there is a corruption in the application.
  On another laptop where only the Cisco VPN client was installed a reinstall was required after the upgrade, but it did install successfully.
  On a clean image these applications all install fine, however I have a large number of laptops do upgrade and don't want to do a fresh install and settings migration on all of them.
  What files / registry entrys are involved with the DNE adapter so I can manually clear it all out before reinstalling?
  Anything else I can do to troubleshoot this issue?
  Cheers,
  James

  You should be able to install the 64 bit version of the Cisco VPN software
  Latest version is vpnclient-winx64-msi-5.0.07.0440-k9.exe
  You should download and run MCPR.exe first, to clean out any traces of McAfee products that conflict with Cisco VPN.
  http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
  If there is a problem with vbscript registration on the system - there is a fixit tool from Microsoft for that:
  MicrosoftFixit50842.msi
  (Using Shrew VPN is a possible workaround.)

• How long does Cisco VPN client keeps its logs

  Hi,
  How long does the Cisco VPN client keeps its logs? It seems like 2 weeks. Is it right?

  February 18, 2010
  Due to popular demand, the Cisco VPN Client v5.0.7 open beta is now available!
  In addition to serving as a general maintenance release, the Cisco VPN Client 5.0.7 beta is compatible with Windows 7 & Windows Vista 64-bit environments. 
  A 64-bit specific compatible image is available for installation on these platforms.
  Please have communicate feedback (both positive and problems) to [email protected]
  Key Capabilities available for Beta Testing:
  New Platform support – Windows 7 & Windows Vista 64-bit platform compatibility
  Software Access: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=281940730 (under 5.BETA)
  Software is available for download by any customer with a Cisco.com SMARTnet™ enabled login.
  Release Notes will be available next week via a link once the download image is selected.
  There are currently no plans to support Windows XP 64 bit in the VPN client.

• [T400] Cisco VPN client not working over wireless adapter (but works on cabled connection)

  I have a very strange problem. 
  I need to connect to my work via the cisco vpn client (version 5.0.00.0340). 
  My previous laptop (T43 , windows XP) worked well through both wired / wireless connections.  My desktop machine (vista) works via wired connection (it has no wireless connection). 
  On my new T400, the VPN client works via a wired connection but not via the wireless adapter.  
  On the wireless apapter, the vpn seems to connect OK, but when I try to access resources via the VPN there is little response.
  I get this in the vpn log...
  405   08:56:57.073  04/16/09  Sev=Warning/2 IPSEC/0xE3700003
  Function CniInjectSend() failed with an error code of 0xa4510009 (IPSecDrvCB:846)
   I've tried disabling the firewall (in both the T400 and the router), removed access connections, and disabling tcp v6. I've rebooted everything too. 
  But, nothing seems to work.   I suspect the problem is on the t400 somewhere, because the old laptop used to work OK via wireless.
  I've seen some google links on cisco vpn not working via  wireless but nothing seems to apply to my exact situation yet. 
  Anyone else had this problem or know of a fix? Thanks in advance. 
  Solved!
  Go to Solution.

  all good now, got it working. 
  The Deterministic network thing was not installed on the wireless adapter for some reason.
  So, I installed the latest wireless driver, reinstalled the vpn and all is good now.  

• Windows 8 Cisco VPN Client Issue

  I connect to several of my customers with the Cisco VPN Client Version 5.0.07.0290 and all has been working fine. In the last week, virtually every Windows 8 machine has stopped working. The client connects fine, shows it's connected, but if I go to Status -> Statistics it just shows 0 in the Bytes Received and Sent. The Bypassed and Discarded increases, but I am unable to reach any system. Does anyone know what causes this or how to resolve it? This is a HUGE problem for me as all of the work we do for our customers is via their VPNs. Every non-Windows 8 PC still works fine. And these Windows 8 PCs have been working fine until just the last week. Browsing through, I've seen posts with this same issue, but none related to Windows 8 recently. They are all Windows 7, and my Windows 7 machines are working flawlessly.
  Someone help!
  Thanks,
  Brian

  Hi Brian,
  IPSEC client on Windows 8 machine is not supported.
  Cisco VPN Client 5.0.07 supports the following Microsoft OSs:
  •Windows 7 on x64 (64-bit)
  •Windows 7 on x86 (32-bit) only
  •Windows Vista on both x86 (32-bit) and x64
  •Windows XP on x86
  VPN Client does not support the Tablet PC 2004/2005; and Windows 2000, NT, 98, and ME.
  VPN Client supports smart card authentication on Windows 7, Vista, and  XP. However, VPN Client does not support the ST Microelectronics smart  card Model ST23YL80, and smart cards from the same family.
  VPN Client supports up to one Ethernet adapter and one PPP adapter. It  does not support the establishment of a VPN connection over a tethered  link.
  VPN Client 5.0.x is incompatible with the combination of Cisco Unified  Video Advantage 2.1.2 and McAfee HIPS Patch 4 Build 688. To avoid system  failures, uninstall either of these two applications, upgrade McAfee to  the latest version, or use VPN Client 4.6.x.
  To install the VPN Client, you need
  •Pentium®-class processor or greater
  •Microsoft TCP/IP installed. (Confirm via Start > Settings > Control Panel > Network > Protocols or Configuration.)
  •50 MB hard disk space.
  •128 MB RAM
  (256 MB recommended)
  •Administrator privileges
  The VPN Client supports the following Cisco VPN devices:
  •Cisco Series 5500 Adaptive Security Appliance, Version 7.0 or later.
  •Cisco VPN 3000 Series Concentrator, Version 3.0 or later.
  •Cisco PIX Firewall, Version 6.2.2(122) or Version 6.3(1).
  •Cisco IOS Routers, Version 12.2(8)T or later.
  you can get more information from following link:-
  http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537
  Regards,
  Naresh

• Cisco VPN Client is not opening on windows 7 64bits

  Hello,
  My problem : i instaled Cisco VPN client 5.0.07.0440-k9 on Windows 7  64 bits, the installation ends successfully. But when i restard the computer, when i click it doesnt open.
  Notice : when i restard the computer, it takes an infinite time the first rebooting ,  in the final stage of boot ( The black window with the Microsoft logo and  message Windows Is Starting ...)  '' it takes an infinite time so i force the reboot.
  started the same thread here but no answer yet.
  Thank you

  check your event viewer/System log.   You may see some entries stating that
  "The Cisco Systems Inc. IPSec Driver failed to start due to the following error: Windows cannot verify the digital signature for this file."
  disable digital signatures (NOT recommended) and cisco works fine
  I guess Cisco has already killed this program if they aren't even getting it certified.

• Need HELPS! ASA 5505 8.4 Cisco VPN Client cannot ping any internal host

  Hi:
  Need your great help for my new ASA 5505 (8.4)
  I just set a new ASA 5505 with 8.4. However, I cannot ping any host after VPN in with Cisco VPN client. Please see below posted configuration file, thanks for any suggestion.
  ASA Version 8.4(3)
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  switchport access vlan 2
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 172.29.8.254 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 177.164.222.140 255.255.255.248
  ftp mode passive
  clock timezone GMT 0
  dns server-group DefaultDNS
  domain-name ABCtech.com
  same-security-traffic permit inter-interface
  object network obj_any
  subnet 172.29.8.0 255.255.255.0
  object service RDP
  service tcp source eq 3389
  object network orange
  host 172.29.8.151
  object network WAN_173_164_222_138
  host 177.164.222.138
  object service SMTP
  service tcp source eq smtp
  object service PPTP
  service tcp source eq pptp
  object service JT_WWW
  service tcp source eq www
  object service JT_HTTPS
  service tcp source eq https
  object network obj_lex
  subnet 172.29.88.0 255.255.255.0
  description Lexington office network
  object network obj_HQ
  subnet 172.29.8.0 255.255.255.0
  object network guava
  host 172.29.8.3
  object service L2TP
  service udp source eq 1701
  access-list VPN_Tunnel_User standard permit 172.29.8.0 255.255.255.0
  access-list VPN_Tunnel_User standard permit 172.29.88.0 255.255.255.0
  access-list inside_access_in extended permit icmp any any
  access-list inside_access_in extended deny tcp any any eq 135
  access-list inside_access_in extended deny tcp any eq 135 any
  access-list inside_access_in extended deny udp any eq 135 any
  access-list inside_access_in extended deny udp any any eq 135
  access-list inside_access_in extended deny tcp any any eq 1591
  access-list inside_access_in extended deny tcp any eq 1591 any
  access-list inside_access_in extended deny udp any eq 1591 any
  access-list inside_access_in extended deny udp any any eq 1591
  access-list inside_access_in extended deny tcp any any eq 1214
  access-list inside_access_in extended deny tcp any eq 1214 any
  access-list inside_access_in extended deny udp any any eq 1214
  access-list inside_access_in extended deny udp any eq 1214 any
  access-list inside_access_in extended permit ip any any
  access-list inside_access_in extended permit tcp any any eq www
  access-list inside_access_in extended permit tcp any eq www any
  access-list outside_access_in extended permit icmp any any
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq 33
  89
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq sm
  tp
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq pp
  tp
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ww
  w
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ht
  tps
  access-list outside_access_in extended permit gre any host 177.164.222.138
  access-list outside_access_in extended permit udp any host 177.164.222.138 eq 17
  01
  access-list outside_access_in extended permit ip any any
  access-list inside_access_out extended permit icmp any any
  access-list inside_access_out extended permit ip any any
  access-list outside_cryptomap extended permit ip 172.29.8.0 255.255.255.0 172.29
  .88.0 255.255.255.0
  access-list inside_in extended permit icmp any any
  access-list inside_in extended permit ip any any
  access-list inside_in extended permit udp any any eq isakmp
  access-list inside_in extended permit udp any eq isakmp any
  access-list inside_in extended permit udp any any
  access-list inside_in extended permit tcp any any
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool ABC_HQVPN_DHCP 172.29.8.210-172.29.8.230 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  asdm history enable
  arp timeout 14400
  nat (inside,outside) source static orange interface service RDP RDP
  nat (inside,outside) source static obj_HQ obj_HQ destination static obj_lex obj_
  lex route-lookup
  nat (inside,outside) source static guava WAN_173_164_222_138 service JT_WWW JT_W
  WW
  nat (inside,outside) source static guava WAN_173_164_222_138 service JT_HTTPS JT
  _HTTPS
  nat (inside,outside) source static guava WAN_173_164_222_138 service RDP RDP
  nat (inside,outside) source static guava WAN_173_164_222_138 service SMTP SMTP
  nat (inside,outside) source static guava WAN_173_164_222_138 service PPTP PPTP
  nat (inside,outside) source static guava WAN_173_164_222_138 service L2TP L2TP
  object network obj_any
  nat (inside,outside) dynamic interface
  access-group inside_in in interface inside
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 177.164.222.142 1
  route inside 172.29.168.0 255.255.255.0 172.29.8.253 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server Guava protocol nt
  aaa-server Guava (inside) host 172.29.8.3
  timeout 15
  nt-auth-domain-controller guava
  user-identity default-domain LOCAL
  http server enable
  http 172.29.8.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set Remote_VPN_Set esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set Remote_vpn_set esp-3des esp-md5-hmac
  crypto ipsec ikev2 ipsec-proposal AES256
  protocol esp encryption aes-256
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES192
  protocol esp encryption aes-192
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES
  protocol esp encryption aes
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal 3DES
  protocol esp encryption 3des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal DES
  protocol esp encryption des
  protocol esp integrity sha-1 md5
  crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set Remote_VPN_Set
  crypto dynamic-map outside_dyn_map 20 set reverse-route
  crypto map outside_map 1 match address outside_cryptomap
  crypto map outside_map 1 set peer 173.190.123.138
  crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5
  ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ES
  P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto ikev2 policy 1
  encryption aes-256
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 10
  encryption aes-192
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 20
  encryption aes
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 30
  encryption 3des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 40
  encryption des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 enable outside
  crypto ikev1 enable outside
  crypto ikev1 policy 1
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 43200
  crypto ikev1 policy 10
  authentication crack
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 120
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet 192.168.1.0 255.255.255.0 inside
  telnet 172.29.8.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside vpnclient-wins-override
  dhcprelay server 172.29.8.3 inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  enable outside
  group-policy ABCtech_VPN internal
  group-policy ABCtech_VPN attributes
  dns-server value 172.29.8.3
  vpn-tunnel-protocol ikev1
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPN_Tunnel_User
  default-domain value ABCtech.local
  group-policy GroupPolicy_10.8.8.1 internal
  group-policy GroupPolicy_10.8.8.1 attributes
  vpn-tunnel-protocol ikev1 ikev2
  username who password eicyrfJBrqOaxQvS encrypted
  tunnel-group 10.8.8.1 type ipsec-l2l
  tunnel-group 10.8.8.1 general-attributes
  default-group-policy GroupPolicy_10.8.8.1
  tunnel-group 10.8.8.1 ipsec-attributes
  ikev1 pre-shared-key *****
  ikev2 remote-authentication pre-shared-key *****
  ikev2 remote-authentication certificate
  ikev2 local-authentication pre-shared-key *****
  tunnel-group ABCtech type remote-access
  tunnel-group ABCtech general-attributes
  address-pool ABC_HQVPN_DHCP
  authentication-server-group Guava
  default-group-policy ABCtech_VPN
  tunnel-group ABCtech ipsec-attributes
  ikev1 pre-shared-key *****
  tunnel-group 173.190.123.138 type ipsec-l2l
  tunnel-group 173.190.123.138 general-attributes
  default-group-policy GroupPolicy_10.8.8.1
  tunnel-group 173.190.123.138 ipsec-attributes
  ikev1 pre-shared-key *****
  ikev2 remote-authentication pre-shared-key *****
  ikev2 remote-authentication certificate
  ikev2 local-authentication pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect pptp
    inspect ftp
    inspect netbios
  smtp-server 172.29.8.3
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:6a26676668b742900360f924b4bc80de
  : end

  Hello Wayne,
  Can you use a different subnet range than the internal interface, this could cause you a LOT of issues and hours on troubleshooting, so use a dedicated different Ip address range...
  I can see that the local Pool range is included into the inside interface Ip address subnet range, change that and the related config ( NAT,etc, ) and let us know what happens,
  Regards,
  Julio
  Security Trainer

• ASA , Cisco VPN client with RADIUS authentication

  Hi,
  I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
  All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
  Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
  Thank you.
  Kind regards,
  Alex

  Hi Alex,
  It is working as it should.
  You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
  thanks
  John

• Boot camp with Cisco VPN client and smart card

  Looking at a Macbook or Macbook Air and the only reason I need to run windows is to be able to access my work network through the Cisco VPN client and my Smartcard then use remote desktop. From my understanding if I run Bootcamp it should work am I correct? Im going to an Apple store tomorrow hopefully they can help too.
  Thanks

  mrbacklash wrote:
  Ok with that being said will the MBA 11.6 1.4ghz have the guts to make it run mostly internet based programs over the VPN connection?
  I think if you are running apps over the Internet the bottleneck will be the Internet and your VPN bandwidth. Your computer can certainly execute faster than Internet communications.
  Besides, Internet or remote applications run on the remote server. All your local computer does is local processing of the data if necessary.
  Message was edited by: BobTheFisherman

• Problem with Cisco VPN client and HP elitebook 2530p windows 7 64-bit

  Hi there
  I have a HP Elitebook 2530p which i upgraded to windows 7 64-bit. I installed the Cisco VPN client application (ver. 5.0.07.0290 and also 64-bit) and the HP connection manager to connect to the internet through a modem Qualcomm gobi 1000 (that is inside the laptop). When I connect to the VPN, it connects (I write the username and password) but there is no traffic inside de virtual adapter for my servers. When I connect to the internet through wire or wireless internet, I connect de VPN client and there is no problem to establish communication to my servers.
  I tried everything, also change the driver and an earlier version of the HP connection manager application. I also talked to HP and they told me that there was a report with this kind of problem and it was delivered to Cisco. I don’t know where is the problem.
  Could anyone help me?
  Thanks to all.

  You can try to update Deterministic Network Enhancer to the below listed release which supports
  WWAN Drivers.
  http://www.citrix.com/lang/English/lp/lp_1680845.asp.
  DNE now supports WWAN devices in Win7.  Before downloading the latest version of DNEUpdate from the links below,  be sure you have the latest
  drivers for your network adapters by downloading them from the vendors’ websites.
  For 64-bit: ftp://files.citrix.com/dneupdate64.msi
  Hope that helps.