ASA , Cisco VPN client with RADIUS authentication

Hi,
I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
Thank you.
Kind regards,
Alex

Hi Alex,
It is working as it should.
You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
thanks
John

Similar Messages

  • Certificate authentication for Cisco VPN client

    I am trying to configure the cisco VPN client for certificate authentication on my ASA 5512-X. I have it setup currently for group authentication with shared pass. This works fine. But in order for you to pass pci compliance you cannot allow aggresive mode for ikev1. the only way to disable aggresive mode (and use main mode) is to use certificate authentication for the vpn client. I know that some one out there must being doing this already. I am goign round and round with this. I am missing some thing.
    I have tried as I might and all I can get are some cryptic error messages from the client and nothing on the firewall. IE failed to genterate signature, invalid remote signature id. I have tried using different signatures (one built on ASA and bought from Godaddy, and one built from Windows CA, and one self signed).
    Can some one provide the instructions on seting this up (asdm or cli). Can this even be done? I would love to just use the AnyConnect client but I believe you need licensing for that since our system states only 2 allowed. Thank you for your help.                    

    Dear Doug ,
              What is asa code your are running on ASA hardware , for cisco anyconnect you need have Code 8.0 on your hardware with cisco anyconnect essential license enabled .Paste your me show version i will help you whether you need to procure license for your hardware . By default your hardware will be shipped with any connect essential license when you have order your hardware with asa code above 8.0 .
    With Any connect essential you are allowed to use upto total VPN peers allowed based on your hardware
    1)  What is the AnyConnect Essentials License?
    The Anyconnect Essentials is a license that allows you to connect up to your 'Total VPN Peers"  platform limit with AnyConnect.  Without an AnyConnect Essentials license, you are limited to the 'SSLVPN Peers' limit on your device.  With the Anyconnect Essentials License, you can only use Anyconnect for SSL - other features such as CSD (Cisco Secure Desktop) and using the SSLVPN portal page for anything other than launching AnyConnect are restricted.
    You can see your limits for the various licensing by issuing the 'show version' command on your ASA.
    Licensed features for this platform:
    Maximum Physical Interfaces    : Unlimited
    Maximum VLANs                  : 150      
    Inside Hosts                   : Unlimited
    Failover                       : Active/Active
    VPN-DES                        : Enabled  
    VPN-3DES-AES                   : Enabled  
    Security Contexts              : 2        
    GTP/GPRS                       : Disabled 
    SSL VPN Peers                  : 2        
    Total VPN Peers                : 750      
    Shared License                 : Disabled
    AnyConnect for Mobile          : Disabled 
    AnyConnect for Cisco VPN Phone : Disabled 
    AnyConnect Essentials          : Disabled 
    Advanced Endpoint Assessment   : Disabled 
    UC Phone Proxy Sessions        : 2        
    Total UC Proxy Sessions        : 2        
    Botnet Traffic Filter          : Disabled
    Licensed features for this platform:
    Maximum Physical Interfaces    : Unlimited
    Maximum VLANs                  : 150      
    Inside Hosts                   : Unlimited
    Failover                       : Active/Active
    VPN-DES                        : Enabled  
    VPN-3DES-AES                   : Enabled  
    Security Contexts              : 2        
    GTP/GPRS                       : Disabled 
    SSL VPN Peers                  : 2        
    Total VPN Peers                : 750      
    Shared License                 : Disabled
    AnyConnect for Mobile          : Disabled 
    AnyConnect for Cisco VPN Phone : Disabled 
    AnyConnect Essentials          :  Enabled
    Advanced Endpoint Assessment   : Disabled 
    UC Phone Proxy Sessions        : 2        
    Total UC Proxy Sessions        : 2        
    Botnet Traffic Filter          : Disabled
    Any connect VPN Configuration .
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

  • WRT54g ver 2.2+ Cisco VPN Client 4.8.x

    Hi all, I'm currently having a problem with a Cisco VPN Client and the WRT54G ver 2.2. I am able to use the Cisco VPN when I'm hardwired into the WRT54G. The VPN client works flawlessly and I am able to access my company resources. When I connect up via wifi I am able to surf the internet with no problems. When I connect using Cisco VPN Client with wifi I am able to establish a VPN tunnel, but I can not reach any resources on my company network nor am I able to reach the internet. If I try a wifi access point outside my home I'm working fine as well. The folks at work can't ping my machine either. There are no firewalls enabled on the client PC and the WRT54g is enabled to pass IPSec traffic. I have read some other forums posted here and haven't really found a straight answer and tried what they suggested(Changing MTUs, setting router to different subnet outside of 192.168.1.x). Didn't know if anyone could shed some light. I have also updated the firmware up to the latest version dated around 1-7-07. Thanks

    Dell has a fix for this problem (or at least one that looks like this problem) on their troubleshooting web site. It was the cure for the problem on my wife's laptop, and she had the same symptoms as you mentioned.  I'm not sure if this forum will let me paste a link in this response but, here is the link to the VPN problem on Dell laptops (this applies to certain HP, Cisco, and Broadcom laptops as well):  http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?c=us&cs=RC956904&docid=15...
    Let us know if this fix worked for you.

  • Need HELPS! ASA 5505 8.4 Cisco VPN Client cannot ping any internal host

    Hi:
    Need your great help for my new ASA 5505 (8.4)
    I just set a new ASA 5505 with 8.4. However, I cannot ping any host after VPN in with Cisco VPN client. Please see below posted configuration file, thanks for any suggestion.
    ASA Version 8.4(3)
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    switchport access vlan 2
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 172.29.8.254 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 177.164.222.140 255.255.255.248
    ftp mode passive
    clock timezone GMT 0
    dns server-group DefaultDNS
    domain-name ABCtech.com
    same-security-traffic permit inter-interface
    object network obj_any
    subnet 172.29.8.0 255.255.255.0
    object service RDP
    service tcp source eq 3389
    object network orange
    host 172.29.8.151
    object network WAN_173_164_222_138
    host 177.164.222.138
    object service SMTP
    service tcp source eq smtp
    object service PPTP
    service tcp source eq pptp
    object service JT_WWW
    service tcp source eq www
    object service JT_HTTPS
    service tcp source eq https
    object network obj_lex
    subnet 172.29.88.0 255.255.255.0
    description Lexington office network
    object network obj_HQ
    subnet 172.29.8.0 255.255.255.0
    object network guava
    host 172.29.8.3
    object service L2TP
    service udp source eq 1701
    access-list VPN_Tunnel_User standard permit 172.29.8.0 255.255.255.0
    access-list VPN_Tunnel_User standard permit 172.29.88.0 255.255.255.0
    access-list inside_access_in extended permit icmp any any
    access-list inside_access_in extended deny tcp any any eq 135
    access-list inside_access_in extended deny tcp any eq 135 any
    access-list inside_access_in extended deny udp any eq 135 any
    access-list inside_access_in extended deny udp any any eq 135
    access-list inside_access_in extended deny tcp any any eq 1591
    access-list inside_access_in extended deny tcp any eq 1591 any
    access-list inside_access_in extended deny udp any eq 1591 any
    access-list inside_access_in extended deny udp any any eq 1591
    access-list inside_access_in extended deny tcp any any eq 1214
    access-list inside_access_in extended deny tcp any eq 1214 any
    access-list inside_access_in extended deny udp any any eq 1214
    access-list inside_access_in extended deny udp any eq 1214 any
    access-list inside_access_in extended permit ip any any
    access-list inside_access_in extended permit tcp any any eq www
    access-list inside_access_in extended permit tcp any eq www any
    access-list outside_access_in extended permit icmp any any
    access-list outside_access_in extended permit tcp any host 177.164.222.138 eq 33
    89
    access-list outside_access_in extended permit tcp any host 177.164.222.138 eq sm
    tp
    access-list outside_access_in extended permit tcp any host 177.164.222.138 eq pp
    tp
    access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ww
    w
    access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ht
    tps
    access-list outside_access_in extended permit gre any host 177.164.222.138
    access-list outside_access_in extended permit udp any host 177.164.222.138 eq 17
    01
    access-list outside_access_in extended permit ip any any
    access-list inside_access_out extended permit icmp any any
    access-list inside_access_out extended permit ip any any
    access-list outside_cryptomap extended permit ip 172.29.8.0 255.255.255.0 172.29
    .88.0 255.255.255.0
    access-list inside_in extended permit icmp any any
    access-list inside_in extended permit ip any any
    access-list inside_in extended permit udp any any eq isakmp
    access-list inside_in extended permit udp any eq isakmp any
    access-list inside_in extended permit udp any any
    access-list inside_in extended permit tcp any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    ip local pool ABC_HQVPN_DHCP 172.29.8.210-172.29.8.230 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    asdm history enable
    arp timeout 14400
    nat (inside,outside) source static orange interface service RDP RDP
    nat (inside,outside) source static obj_HQ obj_HQ destination static obj_lex obj_
    lex route-lookup
    nat (inside,outside) source static guava WAN_173_164_222_138 service JT_WWW JT_W
    WW
    nat (inside,outside) source static guava WAN_173_164_222_138 service JT_HTTPS JT
    _HTTPS
    nat (inside,outside) source static guava WAN_173_164_222_138 service RDP RDP
    nat (inside,outside) source static guava WAN_173_164_222_138 service SMTP SMTP
    nat (inside,outside) source static guava WAN_173_164_222_138 service PPTP PPTP
    nat (inside,outside) source static guava WAN_173_164_222_138 service L2TP L2TP
    object network obj_any
    nat (inside,outside) dynamic interface
    access-group inside_in in interface inside
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 177.164.222.142 1
    route inside 172.29.168.0 255.255.255.0 172.29.8.253 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server Guava protocol nt
    aaa-server Guava (inside) host 172.29.8.3
    timeout 15
    nt-auth-domain-controller guava
    user-identity default-domain LOCAL
    http server enable
    http 172.29.8.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec ikev1 transform-set Remote_VPN_Set esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set Remote_vpn_set esp-3des esp-md5-hmac
    crypto ipsec ikev2 ipsec-proposal AES256
    protocol esp encryption aes-256
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES192
    protocol esp encryption aes-192
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES
    protocol esp encryption aes
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal 3DES
    protocol esp encryption 3des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal DES
    protocol esp encryption des
    protocol esp integrity sha-1 md5
    crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set Remote_VPN_Set
    crypto dynamic-map outside_dyn_map 20 set reverse-route
    crypto map outside_map 1 match address outside_cryptomap
    crypto map outside_map 1 set peer 173.190.123.138
    crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5
    ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ES
    P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
    crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    crypto map outside_map interface outside
    crypto ikev2 policy 1
    encryption aes-256
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 10
    encryption aes-192
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 20
    encryption aes
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 30
    encryption 3des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 40
    encryption des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 enable outside
    crypto ikev1 enable outside
    crypto ikev1 policy 1
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 43200
    crypto ikev1 policy 10
    authentication crack
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 20
    authentication rsa-sig
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 30
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 40
    authentication crack
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 50
    authentication rsa-sig
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 60
    authentication pre-share
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 70
    authentication crack
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 80
    authentication rsa-sig
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 90
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 100
    authentication crack
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 110
    authentication rsa-sig
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 120
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 130
    authentication crack
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 140
    authentication rsa-sig
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 150
    authentication pre-share
    encryption des
    hash sha
    group 2
    lifetime 86400
    telnet 192.168.1.0 255.255.255.0 inside
    telnet 172.29.8.0 255.255.255.0 inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside vpnclient-wins-override
    dhcprelay server 172.29.8.3 inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    enable outside
    group-policy ABCtech_VPN internal
    group-policy ABCtech_VPN attributes
    dns-server value 172.29.8.3
    vpn-tunnel-protocol ikev1
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value VPN_Tunnel_User
    default-domain value ABCtech.local
    group-policy GroupPolicy_10.8.8.1 internal
    group-policy GroupPolicy_10.8.8.1 attributes
    vpn-tunnel-protocol ikev1 ikev2
    username who password eicyrfJBrqOaxQvS encrypted
    tunnel-group 10.8.8.1 type ipsec-l2l
    tunnel-group 10.8.8.1 general-attributes
    default-group-policy GroupPolicy_10.8.8.1
    tunnel-group 10.8.8.1 ipsec-attributes
    ikev1 pre-shared-key *****
    ikev2 remote-authentication pre-shared-key *****
    ikev2 remote-authentication certificate
    ikev2 local-authentication pre-shared-key *****
    tunnel-group ABCtech type remote-access
    tunnel-group ABCtech general-attributes
    address-pool ABC_HQVPN_DHCP
    authentication-server-group Guava
    default-group-policy ABCtech_VPN
    tunnel-group ABCtech ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group 173.190.123.138 type ipsec-l2l
    tunnel-group 173.190.123.138 general-attributes
    default-group-policy GroupPolicy_10.8.8.1
    tunnel-group 173.190.123.138 ipsec-attributes
    ikev1 pre-shared-key *****
    ikev2 remote-authentication pre-shared-key *****
    ikev2 remote-authentication certificate
    ikev2 local-authentication pre-shared-key *****
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
      inspect pptp
      inspect ftp
      inspect netbios
    smtp-server 172.29.8.3
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:6a26676668b742900360f924b4bc80de
    : end

    Hello Wayne,
    Can you use a different subnet range than the internal interface, this could cause you a LOT of issues and hours on troubleshooting, so use a dedicated different Ip address range...
    I can see that the local Pool range is included into the inside interface Ip address subnet range, change that and the related config ( NAT,etc, ) and let us know what happens,
    Regards,
    Julio
    Security Trainer

  • IP Communicator doesn't work with Cisco VPN Client

    Hi,
    Im having problem to connect  IP Communicator (either ver 2 or 7 )whenever using Cisco VPN Client 5.0.06.0160 for windows
    the IPC didn't register to the CUCM
    There's nothing showing on the screen
    but whenever im using  Anyconnect VPN Client, it works perfectly
    The remote side is using ASA5505
    Anyone can help ??
    Thanks

         It's probably an issue with the ASA configuration in your "group-policy attributes".  The "split-tunnel-network-list value" is pointing to an access list without the subnet for the call manager.  While your ssl group-policy for webvpn has a "split-tunnel network-list value" access-list which does contain the subnet for the call manager.
         The other issue could be that your using different ip pools for ipsec and ssl vpn.  The ip pool subnet that you might be giving out for ipsec might not be in your "no nat" acl.
    Jason

  • Boot camp with Cisco VPN client and smart card

    Looking at a Macbook or Macbook Air and the only reason I need to run windows is to be able to access my work network through the Cisco VPN client and my Smartcard then use remote desktop. From my understanding if I run Bootcamp it should work am I correct? Im going to an Apple store tomorrow hopefully they can help too.
    Thanks

    mrbacklash wrote:
    Ok with that being said will the MBA 11.6 1.4ghz have the guts to make it run mostly internet based programs over the VPN connection?
    I think if you are running apps over the Internet the bottleneck will be the Internet and your VPN bandwidth. Your computer can certainly execute faster than Internet communications.
    Besides, Internet or remote applications run on the remote server. All your local computer does is local processing of the data if necessary.
    Message was edited by: BobTheFisherman

  • Problem with Cisco VPN client and HP elitebook 2530p windows 7 64-bit

    Hi there
    I have a HP Elitebook 2530p which i upgraded to windows 7 64-bit. I installed the Cisco VPN client application (ver. 5.0.07.0290 and also 64-bit) and the HP connection manager to connect to the internet through a modem Qualcomm gobi 1000 (that is inside the laptop). When I connect to the VPN, it connects (I write the username and password) but there is no traffic inside de virtual adapter for my servers. When I connect to the internet through wire or wireless internet, I connect de VPN client and there is no problem to establish communication to my servers.
    I tried everything, also change the driver and an earlier version of the HP connection manager application. I also talked to HP and they told me that there was a report with this kind of problem and it was delivered to Cisco. I don’t know where is the problem.
    Could anyone help me?
    Thanks to all.

    You can try to update Deterministic Network Enhancer to the below listed release which supports
    WWAN Drivers.
    http://www.citrix.com/lang/English/lp/lp_1680845.asp.
    DNE now supports WWAN devices in Win7.  Before downloading the latest version of DNEUpdate from the links below,  be sure you have the latest
    drivers for your network adapters by downloading them from the vendors’ websites.
    For 64-bit: ftp://files.citrix.com/dneupdate64.msi
    Hope that helps.

  • Connecting Cisco VPN client v5 to asa 5505

    I am having problem configuring remote vpn between ASA5505 and Cisco VPN client v5. I can successfully establish connection between ASA and Vpn client and receive IP address from ASA. VPN client statistics windows shows that packets are send and encrypted but none of the packets is Received/Decrypted.
    Can not ping asa 5505
    Any ideas on what I have missed?

    Your NAT configuration is incomplete, enter the following commands to your configuration:
    access-list nonat extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0
    nat (inside) 0 access-list nonat
    This tells the ASA that the traffic destined for the VPN Client should not be NATted and should be sent directly to the client via the VPN Tunnel!
    Please rate if the post helps!
    Regards,
    Michael

  • Mac Pro kernel Panic with Cisco VPN Client

    After Having to rebuild my new Mac Pro 3 times I finally found that it was the Cisco VPN Client that was released for Intel in Feb. of this year that does not play nice with the new machines. Don't install or if it's too late boot into Safe Boot mode by holding your shift key during startup and then follow the instructions at the link below.
    http://itinfo.mit.edu/answer.php?id=8171

    Just a heads-up;
    the new Cisco VPN Client has now been released and fixes this issue.
    The version 4.9.01.0030 specifically resolves the following bugs:
    CSCsd51113 feature unity nonwindows set mtu vpnclient.ini field
    CSCsd51126 unity mac ppp intel fails with mismatch log message 10.4
    CSCsc56445 unity mac rebranding volume name voids rebranding files
    CSCsf19841 unity mac does not support 64 bit mac pro platform
    Cheers,
    Dan

  • VPN 720 error with win 8 with Cisco VPN client 5.0.07.0440

    Hello,
    I have Win 2008 configured as RRAS- VPN server, with win 7/8 VPN clients.
    half of these client machines are also running "Cisco VPN client 5.0.07.0440"
    all win 7 machines works fine however most of Win 8 will not connect to windows VPN, if they also have Cisco VPN client 5.0.07.0440 intsalled.
    Any suggestion.
    Thanks

    Workaround to this problem is:
    1)- Unintsall Cisco VPN client from win 8
    2)- reset IP stack

  • Unable to access satellite offices with Cisco VPN client

    There are 4 sites:
    Main office - 192.168.0.x/24
    Sat office1 - 10.0.0.x/24
    Sat Office2 - 10.0.1.x/24
    Sat Office3 - 10.0.2.x/24
    All 4 offices are connected via MPLS using other Cisco routers from the telcom co. The user VPN endpoint is at the main office. (Cisco 1811)
    We can make the VPN connection with the Cisco VPN client and browse the 192 network all day long. We cannot access any of the other subnets over the VPN connection. Browsing the other subnets while physically at the main office is fine. This DID work in the past. Something changed that I cannot pinpoint, any ideas?
    Scope for the VPN endusers is 10.100.100.x/24
    Cisco VPN Client versions 4.x and 5.x (both affected)
    Thanks in advance

    Ken
    It is good to know that it did work in the past and then stopped working. That indicates that something changed. Is it possible that a software upgrade has been done and that the change is behavior is reflecting a different version of IOS? (I suspect that is is possible but not so likely - but we need to ask.)
    My guess is either that there was some change in the routing logic or that the access lists which indicate what traffic is to be protected by the VPN used to include remote to remote but has been changed for some reason.
    Could you post the configuration of the main office 1811?
    Another question that occurs to me is whether the main office 1811 is directly connected to the Internet or does it go through some firewall? If if goes through some firewall is it possible that there has been some change in the firewall rules that is denying the remote to remote traffic?
    HTH
    Rick

  • Cisco VPN client crashes with Error 51 on Intel Mac Mini

    I am in the process of migrating from XP to Tiger on a brand-new Mac Mini (Intel Duo). Now I am stuck:
    I use v 4.8.00 of the Cisco VPN client supplied by my university's IT dept. to connect to the Campus intranet. I have been unable to succesfully use this software, as it crashes upon initializing with "Error 51: Cannot connect to the VPN subsystem." Re-installing the software does not change the state of affairs.
    After some research, I used a hack found here (http://www.versiontracker.com/php/feedback/article.php?story=20060107011305622 and http://www.versiontracker.com/php/feedback/article.php?story=20060107011305622) to manually restart the VPN daemon. The Terminal result looks like this:
    kld(): warning /System/Library/Extensions/CiscoVPN.kext/Contents/MacOS/CiscoVPN cputype (18, architecture ppc) does not match cputype (7 architecture i386) of objects files previously loaded (file not loaded)
    kextload: kldlookup("_kmodinfo") failed for module /System/Library/Extensions/CiscoVPN.kext/Contents/MacOS/CiscoVPN
    kextload: a link/load error occured for kernel extension /System/Library/Extensions/CiscoVPN.kext
    load failed for extension /System/Library/Extensions/CiscoVPN.kext
    (run kextload with -t for diagnostic output)
    Not being fluent in Darwin, I can only interpret this to mean that the VPN client is incompatible with the Intel chip in the Mac mini... Is this correct? Is the only way for me to use VPN to wait for a 4.8.x version to be made available?
    Hopeful still,
    felixx

    Also - the Mac VPN system will work with most Cisco networking devices. You can open up the PCF profile that your IT group wants you to use and figure out most of the questions Internet Connect will ask you to set up the VPN connection. For the rest, you have to ask the IT group or try some things and see what works...
    cheers,
    Mike

  • Cisco VPN client install fails with Error 1722 on Windows 7

    Hi,
    I am having issues with laptops upgraded from Vista to Windows 7.
    Prior to the upgrade they are running Cisco VPN Client 5.0.05.0290.  These laptops also have Juniper Network Connect 6.5 and Citrix web client installed.  The windows upgrade advisor made no recommendations regarding uninstalling / reinstalling these apps.
    I have done an inplace upgade to Windows 7 (Windows Vista Enterprise 32bit to Windows 7 Enterprise 32 bit) and after the install the Cisco client is not working.  Uninstalled the client (the uninstall was successful) then reinstalled and the installation fails at Installing Cisco Systems Virtual Adapter - error 1722 there was a problem with the windows installer package.
    I have followed the steps for a manual uninstall of the Cisco client and then tried the install again - still not successful.  Interestingly (or not) the Juniper Network Connect also fails with the error The Network Connect Virtual adapter driver is not installed properly.  This also fails to reinstall after being removed.
    I tried removing the VPN clients on another laptop and then running the upgrade but the same errors occured when reinstalling the VPN Client.  I have tried the Winfix and DNE patch from Citrix but these fail saying there is a corruption in the application.
    On another laptop where only the Cisco VPN client was installed a reinstall was required after the upgrade, but it did install successfully.
    On a clean image these applications all install fine, however I have a large number of laptops do upgrade and don't want to do a fresh install and settings migration on all of them.
    What files / registry entrys are involved with the DNE adapter so I can manually clear it all out before reinstalling?
    Anything else I can do to troubleshoot this issue?
    Cheers,
    James

    You should be able to install the 64 bit version of the Cisco VPN software
    Latest version is vpnclient-winx64-msi-5.0.07.0440-k9.exe
    You should download and run MCPR.exe first, to clean out any traces of McAfee products that conflict with Cisco VPN.
    http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
    If there is a problem with vbscript registration on the system - there is a fixit tool from Microsoft for that:
    MicrosoftFixit50842.msi
    (Using Shrew VPN is a possible workaround.)

  • CISCO VPN Client v 4.8 Speed is 15% nonVPN speed with WRVS4000N Router

    My firm runs CISCO VPN client v.4.8.01.0300 andI've always had issues with VPN speeds with my ISP (Hughes.net - satellite).  I had a WRT54GS router and upgraded to the 4000N VPN router per my ISP's & Linksys's recommendation to resolve my VPN connectivity speed, but my speed is the same with the 4000N as it was with the 54GS - about 150kbps.  Are there specific settings I need to make to the router or am I never going to resolve this so long as I have a satellite-based ISP which is my only option.
    Any help would be appreciated so I will hopefully not have wasted $250 on the 4000N.
    Thanks,
    Craig
    Message Edited by CPeay on 12-23-2008 09:20 AM

    The wrvs4000n has a quick vpn software that you can use instead of your cisco vpn client. If you want to use the cisco vpn client, the wrvs4000n act as a pass through only. Try to connect the computer directly to the modem and check if the cisco vpn client is faster. If still same result, then problem is on the internet connection.

  • Access Site to Site Networks behind Cisco ASA thru VPN Client

    I have configured remote access thru asa for vpn clients to our main network. I can ping the required networks from vpn client. Internally I can ping remote network thru our sonicwall site to site vpn. I however cannot ping the remote network from the vpn client. I've added the network in the configuration on the ASA that I am trying to connect to. Any ideas what I can do so I can connect to Site B thru my vpn client connecting to Site A?
    Thanks,
    Matt

    Hello, matt0000111111.
    Did you add a VPN clients network to the sit-to-site VPN settings and to the NAT list (if nat exist at the interfaces at site-to-site vpn)?

Maybe you are looking for

  • Can not export in excel

    Hi, this is not a question, this is an affirmation: a password protected numbers spreadsheet can not be exported in excel (or any other format)!

  • Grouping splits results

    Hello, I have a problem with grouping some data: SELECT pas_code, pas_profile, count(sutp_id), sum(sutp_price), (sutp_price_proc * count(sutp_id) * pbk_price / 100) x FROM [...tables and inner joins...] WHERE lelele GROUP BY pas_code, pas_profile, su

  • Redirect, open web page

    Hi, I'm using JSF ADF BC, I just need to know how to open some web page from backing bean and target = _blank. I have a button and this is code from backing bean: public String doSomething() { BindingContainer bindings = getBindings(); OperationBindi

  • #UNAVAILABLE Error in WEBI 4.1 SP3

    Hi All, I am facing this issue with the web intelligence report created over a BEx query using a BICs connection. The report layout is attached. I have a structure object from BEx in my report. I need to show many crosstab blocks filtered by a differ

  • NAM Upgrade from 3.6(1b) to 4.0 or 4.2

    Dear All I followed the instruction from the Document "Cisco Branch Router Series (NME-NAM) Installation and Configuration Note, 4.2" and the URL is " http://www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/4.2/branch_router/configu