Certificate authentication for Cisco VPN client

Similar Messages

• Using Cisco VPN client certificate for built in IPSec?

  Hi,
  Does anybody know if it is possible to "convert" a certificate exported from Cisco VPN client and import it into the Keychain for using it with built-in IPSec in Snow Leopard?
  Thanks,
  Oli

  I too am having trouble importing the Cisco certificate. It would be nice for some clear documentation. We've been successful converting the x.509 cer to KPCS#7 using openssl which will import into the keychain. However, the VPN (Cisco IPSec) sill doesn't see it.

• ASA , Cisco VPN client with RADIUS authentication

  Hi,
  I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
  All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
  Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
  Thank you.
  Kind regards,
  Alex

  Hi Alex,
  It is working as it should.
  You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
  thanks
  John

• Mail and SMTP server settings of ASA Certificate Authority for cisco anyconnect VPN

                     Dear All,
  i have the folloing case :
  i am using ASA as Certificate authority for cisco anyconnect VPN users,the authentication happens based on the local database of the ASA,
  i want to issue a new certificate every 72 hours for the users ,and i want to send the one time password via email to each user.
  so what the setting of the mail and smtp server should be ,
  was i understand i should put my smtp server ip address then i have to create the local users again under(Remte VPN VPN--Certificate management--Local certificate authority --Manage user Database) along with their email addresses to send the one time passsword to them via their emails.
  i sent the email manually ,hwo can automate sending the OTP to our VPN users automatically vi their emails?
  Best regards,

  Thanks Jennifer.
  I did manage to configure LDAP attribute map to the specific group policy.
  Nevertheless, I was thinking whether I can have fixed IP address tied to individual user.
  Using legacy Cisco VPN Client, I can do it using IPSEC(IKEv1) Connection profile, where I set Pre-Shared Key and Client Address Pools. Each Client Address Pools has only 1 fix IP address.
  Example: let say my username is LLH.
  Connection Profile for me is : LLH-Connection-Profile, my profile is protected by preshared key.
  Client Address Pool for me is : LLH-pool, and the IP is 172.16.1.11
  Only me know the preshared key and only me can login with my Connection Profile.
  Using AnyConnect, I have problem. User can use any connection profile because I cannot set preshared key for AnyConnect. In that case, I cannot control who can use my Connection Profile and pretend to be me.
  Example:
  AnyConnect Connection Profile for me is : LLH-Connection-Profile, without any password
  Client Address Pool for me is : LLH-pool, IP is 172.16.1.11
  Any body can use LLH-Connection-Profile, login with another user name, let say user-abc which is a valid user in LDAP server. In that case, ASA assign 172.16.1.11 to user-abc and this user-abc can access server which only allow my IP to access.
  I hope above description can paint the scenario clearer.
  Thanks in advance for all the help and comment given.

• Support for Cisco VPN "mutual group authentication"

  Hi,
  Does anyone know of support plans for Cisco VPN mutual group authentication in the built-in VPN client on MacOSX?
  Thanks,
  John

  I would like to know the answer to this as well.
  Thanks,
  Josh

• Cisco VPN client x64 for win7 - will not install

  Hello guys,
  I have fresh windows 7 x64 installation and I try install Cisco VPN client (vpnclient-winx64-msi-5.0.07.0290-k9.exe). Installation ends with fatal error "Installation ended prematurely of an error". I red lot of 'step-by-step' how to solve this problem (run as administrator, even though that I'm administrator; UAC disabled; run in WinXP-mode; etc), without success.
  I tried run installation process from cmd with verbose logging "msiexec /i vpnclient_setup.msi /lv log.txt" (and other 'recomended' optional parameters). The same result - fatal error.
  Can anybody tell me where is the problem? (installation file is not corupted)
  Verbose log ends with this (whole log is attached):
  <cut>
  Action ended 22:35:25: WiseNextDlg. Return value 3.
  DEBUG: Error 2896:  Executing action WiseNextDlg failed.
  Internal Error 2896. WiseNextDlg
  Action ended 22:35:25: Welcome_Dialog. Return value 3.
  MSI (c) (70:2C) [22:35:25:997]: Doing action: Fatal_Error
  Action start 22:35:25: Fatal_Error.
  MSI (c) (70:2C) [22:35:25:998]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'Fatal_Error'
  MSI (c) (70:18) [22:35:26:725]: Doing action: WiseCleanup
  Action start 22:35:26: WiseCleanup.
  MSI (c) (70:1C) [22:35:26:736]: Invoking remote custom action. DLL: C:\Users\kyrcm\AppData\Local\Temp\MSI2023.tmp, Entrypoint: Cleanup
  Action ended 22:35:26: WiseCleanup. Return value 1.
  Action ended 22:35:26: Fatal_Error. Return value 2.
  Action ended 22:35:26: INSTALL. Return value 3.
  MSI (c) (70:2C) [22:35:26:791]: Destroying RemoteAPI object.
  MSI (c) (70:4C) [22:35:26:792]: Custom Action Manager thread ending.
  === Logging stopped: 4. 10. 2010  22:35:26 ===
  MSI (c) (70:2C) [22:35:26:794]: Note: 1: 1708
  MSI (c) (70:2C) [22:35:26:794]: Product: Cisco Systems VPN Client 5.0.07.0290 -- Installation operation failed.
  </cut>
  thanks,
  martin

  LOG:
  === Verbose logging started: 13.10.2010  14:58:45  Build type: SHIP UNICODE 5.00.7600.00  Calling process: C:\Windows\SysWOW64\msiexec.exe ===
  MSI (c) (48:6C) [14:58:45:636]: Font created.  Charset: Req=0, Ret=0, Font: Req=, Ret=Arial
  MSI (c) (48:6C) [14:58:45:636]: Font created.  Charset: Req=0, Ret=0, Font: Req=, Ret=Arial
  MSI (c) (48:AC) [14:58:45:657]: Resetting cached policy values
  MSI (c) (48:AC) [14:58:45:657]: Machine policy value 'Debug' is 0
  MSI (c) (48:AC) [14:58:45:657]: ******* RunEngine:
             ******* Product: vpnclient_setup.msi
             ******* Action:
             ******* CommandLine: **********
  MSI (c) (48:AC) [14:58:45:666]: Machine policy value 'DisableUserInstalls' is 0
  MSI (c) (48:AC) [14:58:45:683]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi' against software restriction policy
  MSI (c) (48:AC) [14:58:45:683]: Note: 1: 2262 2:  DigitalSignature 3: -2147287038
  MSI (c) (48:AC) [14:58:45:683]: SOFTWARE RESTRICTION POLICY: C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi is not digitally signed
  MSI (c) (48:AC) [14:58:45:685]: SOFTWARE RESTRICTION POLICY: C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi is permitted to run at the 'unrestricted' authorization level.
  MSI (c) (48:AC) [14:58:45:738]: Cloaking enabled.
  MSI (c) (48:AC) [14:58:45:738]: Attempting to enable all disabled privileges before calling Install on Server
  MSI (c) (48:AC) [14:58:45:744]: End dialog not enabled
  MSI (c) (48:AC) [14:58:45:744]: Original package ==> C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi
  MSI (c) (48:AC) [14:58:45:744]: Package we're running from ==> C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi
  MSI (c) (48:AC) [14:58:45:749]: APPCOMPAT: Compatibility mode property overrides found.
  MSI (c) (48:AC) [14:58:45:749]: APPCOMPAT: looking for appcompat database entry with ProductCode '{467D5E81-8349-4892-9E81-C3674ED8E451}'.
  MSI (c) (48:AC) [14:58:45:749]: APPCOMPAT: no matching ProductCode found in database.
  MSI (c) (48:AC) [14:58:45:753]: MSCOREE not loaded loading copy from system32
  MSI (c) (48:AC) [14:58:45:755]: Machine policy value 'TransformsSecure' is 0
  MSI (c) (48:AC) [14:58:45:755]: User policy value 'TransformsAtSource' is 0
  MSI (c) (48:AC) [14:58:45:756]: Machine policy value 'DisablePatch' is 0
  MSI (c) (48:AC) [14:58:45:756]: Machine policy value 'AllowLockdownPatch' is 0
  MSI (c) (48:AC) [14:58:45:756]: Machine policy value 'DisableLUAPatching' is 0
  MSI (c) (48:AC) [14:58:45:756]: Machine policy value 'DisableFlyWeightPatching' is 0
  MSI (c) (48:AC) [14:58:45:756]: APPCOMPAT: looking for appcompat database entry with ProductCode '{467D5E81-8349-4892-9E81-C3674ED8E451}'.
  MSI (c) (48:AC) [14:58:45:756]: APPCOMPAT: no matching ProductCode found in database.
  MSI (c) (48:AC) [14:58:45:757]: Transforms are not secure.
  MSI (c) (48:AC) [14:58:45:757]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\log.txt'.
  MSI (c) (48:AC) [14:58:45:757]: Command Line: CURRENTDIRECTORY=C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9 CLIENTUILEVEL=0 CLIENTPROCESSID=7496
  MSI (c) (48:AC) [14:58:45:757]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{A8E53AA2-297F-4262-9996-753440EF4AB0}'.
  MSI (c) (48:AC) [14:58:45:757]: Product Code passed to Engine.Initialize:           ''
  MSI (c) (48:AC) [14:58:45:757]: Product Code from property table before transforms: '{467D5E81-8349-4892-9E81-C3674ED8E451}'
  MSI (c) (48:AC) [14:58:45:757]: Product Code from property table after transforms:  '{467D5E81-8349-4892-9E81-C3674ED8E451}'
  MSI (c) (48:AC) [14:58:45:757]: Product not registered: beginning first-time install
  MSI (c) (48:AC) [14:58:45:757]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
  MSI (c) (48:AC) [14:58:45:757]: Entering CMsiConfigurationManager::SetLastUsedSource.
  MSI (c) (48:AC) [14:58:45:757]: User policy value 'SearchOrder' is 'nmu'
  MSI (c) (48:AC) [14:58:45:757]: Adding new sources is allowed.
  MSI (c) (48:AC) [14:58:45:757]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
  MSI (c) (48:AC) [14:58:45:757]: Package name extracted from package path: 'vpnclient_setup.msi'
  MSI (c) (48:AC) [14:58:45:757]: Package to be registered: 'vpnclient_setup.msi'
  MSI (c) (48:AC) [14:58:45:758]: Note: 1: 2262 2: AdminProperties 3: -2147287038
  MSI (c) (48:AC) [14:58:45:758]: Machine policy value 'DisableMsi' is 0
  MSI (c) (48:AC) [14:58:45:758]: Machine policy value 'AlwaysInstallElevated' is 0
  MSI (c) (48:AC) [14:58:45:758]: User policy value 'AlwaysInstallElevated' is 0
  MSI (c) (48:AC) [14:58:45:758]: Product installation will be elevated because user is admin and product is being installed per-machine.
  MSI (c) (48:AC) [14:58:45:758]: Running product '{467D5E81-8349-4892-9E81-C3674ED8E451}' with elevated privileges: Product is assigned.
  MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9'.
  MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '0'.
  MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '7496'.
  MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'.
  MSI (c) (48:AC) [14:58:45:758]: TRANSFORMS property is now:
  MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
  MSI (c) (48:AC) [14:58:45:758]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming
  MSI (c) (48:AC) [14:58:45:759]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\Favorites
  MSI (c) (48:AC) [14:58:45:759]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Network Shortcuts
  MSI (c) (48:AC) [14:58:45:759]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\Documents
  MSI (c) (48:AC) [14:58:45:759]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
  MSI (c) (48:AC) [14:58:45:760]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Recent
  MSI (c) (48:AC) [14:58:45:760]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\SendTo
  MSI (c) (48:AC) [14:58:45:760]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Templates
  MSI (c) (48:AC) [14:58:45:760]: SHELL32::SHGetFolderPath returned: C:\ProgramData
  MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Local
  MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\Pictures
  MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
  MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
  MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
  MSI (c) (48:AC) [14:58:45:762]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
  MSI (c) (48:AC) [14:58:45:762]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
  MSI (c) (48:AC) [14:58:45:762]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
  MSI (c) (48:AC) [14:58:45:763]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
  MSI (c) (48:AC) [14:58:45:763]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
  MSI (c) (48:AC) [14:58:45:763]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu
  MSI (c) (48:AC) [14:58:45:763]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\Desktop
  MSI (c) (48:AC) [14:58:45:764]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
  MSI (c) (48:AC) [14:58:45:764]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
  MSI (c) (48:AC) [14:58:45:765]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
  MSI (c) (48:AC) [14:58:45:769]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
  MSI (c) (48:AC) [14:58:45:769]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
  MSI (c) (48:AC) [14:58:45:769]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'CIO'.
  MSI (c) (48:AC) [14:58:45:769]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding COMPANYNAME property. Its value is 'Accenture'.
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi'.
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi'.
  MSI (c) (48:AC) [14:58:45:769]: Machine policy value 'MsiDisableEmbeddedUI' is 0
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\'.
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\'.
  MSI (c) (48:6C) [14:58:45:770]: PROPERTY CHANGE: Adding VersionHandler property. Its value is '5.00'.
  === Logging started: 13.10.2010  14:58:45 ===
  MSI (c) (48:AC) [14:58:45:776]: Note: 1: 2205 2:  3: PatchPackage
  MSI (c) (48:AC) [14:58:45:776]: Machine policy value 'DisableRollback' is 0
  MSI (c) (48:AC) [14:58:45:776]: User policy value 'DisableRollback' is 0
  MSI (c) (48:AC) [14:58:45:776]: PROPERTY CHANGE: Adding UILevel property. Its value is '5'.
  MSI (c) (48:AC) [14:58:45:776]: Note: 1: 2262 2: Font 3: -2147287038
  MSI (c) (48:AC) [14:58:45:777]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
  MSI (c) (48:AC) [14:58:45:777]: PROPERTY CHANGE: Adding SHIMFLAGS property. Its value is '512'.
  MSI (c) (48:AC) [14:58:45:777]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
  MSI (c) (48:AC) [14:58:45:777]: Doing action: INSTALL
  Action start 14:58:45: INSTALL.
  MSI (c) (48:AC) [14:58:45:777]: UI Sequence table 'InstallUISequence' is present and populated.
  MSI (c) (48:AC) [14:58:45:777]: Running UISequence
  MSI (c) (48:AC) [14:58:45:777]: PROPERTY CHANGE: Adding EXECUTEACTION property. Its value is 'INSTALL'.
  MSI (c) (48:AC) [14:58:45:778]: Doing action: WiseStartup
  Action start 14:58:45: WiseStartup.
  MSI (c) (48:AC) [14:58:45:778]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'WiseStartup'
  MSI (c) (48:8C) [14:58:45:791]: Invoking remote custom action. DLL: C:\Users\ANDREA\AppData\Local\Temp\MSI8E45.tmp, Entrypoint: Startup
  MSI (c) (48:B0) [14:58:45:793]: Cloaking enabled.
  MSI (c) (48:B0) [14:58:45:793]: Attempting to enable all disabled privileges before calling Install on Server
  MSI (c) (48:B0) [14:58:45:793]: Connected to service for CA interface.
  Action ended 14:58:45: WiseStartup. Return value 1.
  MSI (c) (48:AC) [14:58:45:926]: Doing action: LaunchConditions
  Action start 14:58:45: LaunchConditions.
  Action ended 14:58:45: LaunchConditions. Return value 1.
  MSI (c) (48:AC) [14:58:45:927]: Doing action: SetDLLDIR
  Action start 14:58:45: SetDLLDIR.
  MSI (c) (48:AC) [14:58:45:927]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetDLLDIR'
  MSI (c) (48:AC) [14:58:45:927]: PROPERTY CHANGE: Adding DLLDIR property. Its value is '{467D5E81-8349-4892-9E81-C3674ED8E451}'.
  Action ended 14:58:45: SetDLLDIR. Return value 1.
  MSI (c) (48:AC) [14:58:45:927]: Doing action: SetDLLLOC
  Action start 14:58:45: SetDLLLOC.
  MSI (c) (48:AC) [14:58:45:927]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetDLLLOC'
  MSI (c) (48:AC) [14:58:45:927]: PROPERTY CHANGE: Adding DLLLOC property. Its value is 'C:\Users\ANDREA\AppData\Local\Temp\{467D5E81-8349-4892-9E81-C3674ED8E451}\'.
  Action ended 14:58:45: SetDLLLOC. Return value 1.
  MSI (c) (48:AC) [14:58:45:927]: Doing action: CsCa_CopyInstHelperDll
  Action start 14:58:45: CsCa_CopyInstHelperDll.
  MSI (c) (48:AC) [14:58:45:928]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'CsCa_CopyInstHelperDll'
  MSI (c) (48:DC) [14:58:45:939]: Invoking remote custom action. DLL: C:\Users\ANDREA\AppData\Local\Temp\MSI8EE2.tmp, Entrypoint: f0
  MSI (c) (48!40) [14:58:45:960]: PROPERTY CHANGE: Adding CsProp_CopyInstHelperDll property. Its value is '1'.
  Action ended 14:58:45: CsCa_CopyInstHelperDll. Return value 1.
  MSI (c) (48:AC) [14:58:45:961]: Skipping action: ClearDisableUAP (condition is false)
  MSI (c) (48:AC) [14:58:45:961]: Skipping action: CsCaErr_NTNotSupported1 (condition is false)
  MSI (c) (48:AC) [14:58:45:961]: Skipping action: CsCaErr_Win64BitNotSupported2 (condition is false)
  MSI (c) (48:AC) [14:58:45:961]: Skipping action: SetPatchMode (condition is false)
  MSI (c) (48:AC) [14:58:45:961]: Skipping action: SetPatchReinstallMode (condition is false)
  MSI (c) (48:AC) [14:58:45:961]: Doing action: CsCaDll_AreWeInstalled1
  Action start 14:58:45: CsCaDll_AreWeInstalled1.
  MSI (c) (48:AC) [14:58:45:961]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'CsCaDll_AreWeInstalled1'
  MSI (c) (48:04) [14:58:45:972]: Invoking remote custom action. DLL: C:\Users\ANDREA\AppData\Local\Temp\MSI8F02.tmp, Entrypoint: f2
  MSI (c) (48!C0) [14:58:45:997]: PROPERTY CHANGE: Adding CLIENT_INSTALLED property. Its value is '0'.
  Action ended 14:58:45: CsCaDll_AreWeInstalled1. Return value 1.
  MSI (c) (48:AC) [14:58:45:998]: Skipping action: CsCaDll_AreWeInstalled (condition is false)
  MSI (c) (48:AC) [14:58:45:998]: Skipping action: CsCaProp_SetLegacyClient2Unity (condition is false)
  MSI (c) (48:AC) [14:58:45:998]: Skipping action: CsCaDll_ClientAlreadyInstalledOnVista (condition is false)
  MSI (c) (48:AC) [14:58:45:998]: Doing action: Setup_Dialog
  Action start 14:58:45: Setup_Dialog.
  MSI (c) (48:AC) [14:58:45:999]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'Setup_Dialog'
  Info 2898. For MSSansSerif8 textstyle, the system created a 'MS Sans Serif' font, in 1 character set, of 13 pixels height.
  Info 2898. For Arial10 textstyle, the system created a 'Arial' font, in 1 character set, of 16 pixels height.
  Info 2898. For Arial14 textstyle, the system created a 'Arial' font, in 1 character set, of 22 pixels height.
  Action ended 14:58:46: Setup_Dialog. Return value 1.
  MSI (c) (48:AC) [14:58:46:030]: Doing action: FindRelatedProducts
  Action start 14:58:46: FindRelatedProducts.
  MSI (c) (48:AC) [14:58:46:031]: Note: 1: 2262 2: Upgrade 3: -2147287038
  Action ended 14:58:46: FindRelatedProducts. Return value 1.
  MSI (c) (48:AC) [14:58:46:031]: Doing action: AppSearch
  Action start 14:58:46: AppSearch.
  MSI (c) (48:AC) [14:58:46:032]: Note: 1: 2262 2: Signature 3: -2147287038
  MSI (c) (48:AC) [14:58:46:032]: Note: 1: 2262 2: CompLocator 3: -2147287038
  MSI (c) (48:AC) [14:58:46:033]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNE\Parameters\Order 3: 2
  MSI (c) (48:AC) [14:58:46:033]: Note: 1: 2262 2: IniLocator 3: -2147287038
  MSI (c) (48:AC) [14:58:46:033]: Note: 1: 2262 2: DrLocator 3: -2147287038
  Action ended 14:58:46: AppSearch. Return value 1.
  MSI (c) (48:AC) [14:58:46:033]: Skipping action: CCPSearch (condition is false)
  MSI (c) (48:AC) [14:58:46:033]: Skipping action: CCPDialog (condition is false)
  MSI (c) (48:AC) [14:58:46:033]: Skipping action: RMCCPSearch (condition is false)
  MSI (c) (48:AC) [14:58:46:033]: Doing action: ValidateProductID
  Action start 14:58:46: ValidateProductID.
  Action ended 14:58:46: ValidateProductID. Return value 1.
  MSI (c) (48:AC) [14:58:46:033]: Doing action: CostInitialize
  Action start 14:58:46: CostInitialize.
  MSI (c) (48:AC) [14:58:46:034]: Machine policy value 'MaxPatchCacheSize' is 10
  MSI (c) (48:AC) [14:58:46:035]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'C:\'.
  MSI (c) (48:AC) [14:58:46:036]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
  Action ended 14:58:46: CostInitialize. Return value 1.
  MSI (c) (48:AC) [14:58:46:036]: Doing action: FileCost
  Action start 14:58:46: FileCost.
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: MsiAssembly 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: RemoveFile 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: MoveFile 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: DuplicateFile 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: TypeLib 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: IniFile 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: ReserveCost 3: -2147287038
  Action ended 14:58:46: FileCost. Return value 1.
  MSI (c) (48:AC) [14:58:46:038]: Doing action: IsolateComponents
  Action start 14:58:46: IsolateComponents.
  MSI (c) (48:AC) [14:58:46:040]: Note: 1: 2262 2: BindImage 3: -2147287038
  MSI (c) (48:AC) [14:58:46:041]: Note: 1: 2262 2: IsolatedComponent 3: -2147287038
  MSI (c) (48:AC) [14:58:46:041]: Note: 1: 2205 2:  3: Patch
  Action ended 14:58:46: IsolateComponents. Return value 1.
  MSI (c) (48:AC) [14:58:46:041]: Doing action: CostFinalize
  Action start 14:58:46: CostFinalize.
  MSI (c) (48:AC) [14:58:46:041]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
  MSI (c) (48:AC) [14:58:46:042]: Note: 1: 2205 2:  3: Patch
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'C:\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding WWWROOT property. Its value is 'C:\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding GAC property. Its value is 'C:\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding System16Folder property. Its value is 'C:\Windows\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding Drivers property. Its value is 'C:\Windows\system32\Drivers\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding WinSxS property. Its value is 'C:\Windows\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding ProfilesFolder property. Its value is 'C:\Windows\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding Cisco_Systems_VPN_Client property. Its value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding Cisco_Systems property. Its value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding CommonFiles64Folder.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D property. Its value is 'C:\Program Files\Common Files\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding D64_CFDetNet.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D property. Its value is 'C:\Program Files\Common Files\Deterministic Networks\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding D64_DNCF.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D property. Its value is 'C:\Program Files\Common Files\Deterministic Networks\Common Files\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding D64_DNE.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D property. Its value is 'C:\Program Files\Common Files\Deterministic Networks\DNE\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding CommonFiles64Folder.0525718E_E263_4E57_A46E_C584C25A7F93 property. Its value is 'C:\Program Files\Common Files\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding INSTALLDIR2 property. Its value is 'C:\Program Files (x86)\VPN Client\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding INSTALLDIR1 property. Its value is 'C:\Program Files (x86)\Cisco Systems\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding INSTALLDIR property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding updates property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\updates\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding TempInstall property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\TempInstall\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Resources property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Resources\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Profiles property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Logs property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Logs\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding include property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\include\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Certificates property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Certificates\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding accessible property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\accessible\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Setup property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Setup\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Languages property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Languages\'.
  MSI (c) (48:AC) [14:58:46:043]: Target path resolution complete. Dumping Directory table...
  MSI (c) (48:AC) [14:58:46:043]: Note: target paths subject to change (via custom actions or browsing)
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: TARGETDIR    , Object: C:\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: WWWROOT    , Object: C:\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: GAC    , Object: C:\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: MyPicturesFolder    , Object: C:\Users\andrea\Pictures\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonAppDataFolder    , Object: C:\ProgramData\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: WindowsFolder    , Object: C:\Windows\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: System16Folder    , Object: C:\Windows\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: TemplateFolder    , Object: C:\ProgramData\Microsoft\Windows\Templates\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: AdminToolsFolder    , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: System64Folder    , Object: C:\Windows\system32\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Drivers    , Object: C:\Windows\system32\Drivers\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: WinSxS    , Object: C:\Windows\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: SystemFolder    , Object: C:\Windows\SysWOW64\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: FontsFolder    , Object: C:\Windows\Fonts\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: TempFolder    , Object: C:\Users\ANDREA\AppData\Local\Temp\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: ProfilesFolder    , Object: C:\Windows\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: AppDataFolder    , Object: C:\Users\andrea\AppData\Roaming\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: FavoritesFolder    , Object: C:\Users\andrea\Favorites\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: NetHoodFolder    , Object: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: DesktopFolder    , Object: C:\Users\Public\Desktop\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: RecentFolder    , Object: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Recent\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: StartMenuFolder    , Object: C:\ProgramData\Microsoft\Windows\Start Menu\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: ProgramMenuFolder    , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Cisco_Systems_VPN_Client    , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: StartupFolder    , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Cisco_Systems    , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: PersonalFolder    , Object: C:\Users\andrea\Documents\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: SendToFolder    , Object: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\SendTo\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: PrintHoodFolder    , Object: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: LocalAppDataFolder    , Object: C:\Users\andrea\AppData\Local\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: ProgramFiles64Folder    , Object: C:\Program Files\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonFiles64Folder    , Object: C:\Program Files\Common Files\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonFiles64Folder.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D    , Object: C:\Program Files\Common Files\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: D64_CFDetNet.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D    , Object: C:\Program Files\Common Files\Deterministic Networks\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: D64_DNCF.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D    , Object: C:\Program Files\Common Files\Deterministic Networks\Common Files\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: D64_DNE.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D    , Object: C:\Program Files\Common Files\Deterministic Networks\DNE\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonFiles64Folder.0525718E_E263_4E57_A46E_C584C25A7F93    , Object: C:\Program Files\Common Files\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: ProgramFilesFolder    , Object: C:\Program Files (x86)\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonFilesFolder    , Object: C:\Program Files (x86)\Common Files\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: INSTALLDIR2    , Object: C:\Program Files (x86)\VPN Client\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: INSTALLDIR1    , Object: C:\Program Files (x86)\Cisco Systems\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: INSTALLDIR    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: updates    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\updates\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: TempInstall    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\TempInstall\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Resources    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Resources\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Profiles    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Logs    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Logs\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: include    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\include\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Certificates    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Certificates\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: accessible    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\accessible\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Setup    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Setup\
  MSI (c) (48:AC) [14:58:46:044]: Dir (target): Key: Languages    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Languages\
  MSI (c) (48:AC) [14:58:46:045]: Note: 1: 2262 2: RemoveFile 3: -2147287038
  Action ended 14:58:46: CostFinalize. Return value 1.
  MSI (c) (48:AC) [14:58:46:045]: Doing action: MigrateFeatureStates
  Action start 14:58:46: MigrateFeatureStates.
  Action ended 14:58:46: MigrateFeatureStates. Return value 0.
  MSI (c) (48:AC) [14:58:46:047]: Doing action: SetWizardProperty1
  Action start 14:58:46: SetWizardProperty1.
  MSI (c) (48:AC) [14:58:46:048]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetWizardProperty1'
  MSI (c) (48:AC) [14:58:46:048]: PROPERTY CHANGE: Adding WiseCurrentWizard property. Its value is 'Welcome_Dialog'.
  Action ended 14:58:46: SetWizardProperty1. Return value 1.
  MSI (c) (48:AC) [14:58:46:048]: Doing action: Welcome_Dialog
  Action start 14:58:46: Welcome_Dialog.
  MSI (c) (48:AC) [14:58:46:049]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'Welcome_Dialog'
  MSI (c) (48:2C) [14:58:46:068]: Note: 1: 2262 2: DuplicateFile 3: -2147287038
  MSI (c) (48:2C) [14:58:46:068]: Note: 1: 2262 2: ReserveCost 3: -2147287038
  MSI (c) (48:2C) [14:58:46:068]: Note: 1: 2205 2:  3: _RemoveFilePath
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: TypeLib 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: BindImage 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: ProgId 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: PublishComponent 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: SelfReg 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Font 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: PROPERTY CHANGE: Modifying PrimaryVolumeSpaceAvailable property. Its current value is '0'. Its new value: '60293640'.
  MSI (c) (48:2C) [14:58:46:077]: PROPERTY CHANGE: Modifying PrimaryVolumeSpaceRequired property. Its current value is '0'. Its new value: '50274'.
  MSI (c) (48:2C) [14:58:46:077]: PROPERTY CHANGE: Modifying PrimaryVolumeSpaceRemaining property. Its current value is '0'. Its new value: '60243366'.
  MSI (c) (48:2C) [14:58:46:077]: PROPERTY CHANGE: Adding PrimaryVolumePath property. Its value is 'C:'.
  MSI (c) (48:6C) [14:58:46:746]: Doing action: WiseNextDlg
  Action start 14:58:46: WiseNextDlg.
  MSI (c) (48:6C) [14:58:46:746]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'WiseNextDlg'
  Action ended 14:58:46: WiseNextDlg. Return value 3.
  DEBUG: Error 2896:  Executing action WiseNextDlg failed.
  Internal Error 2896. WiseNextDlg
  Action ended 14:58:46: Welcome_Dialog. Return value 3.
  MSI (c) (48:AC) [14:58:46:753]: Doing action: Fatal_Error
  Action start 14:58:46: Fatal_Error.
  MSI (c) (48:AC) [14:58:46:754]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'Fatal_Error'
  MSI (c) (48:6C) [14:58:47:418]: Doing action: WiseCleanup
  Action start 14:58:47: WiseCleanup.
  MSI (c) (48:6C) [14:58:47:418]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'WiseCleanup'
  MSI (c) (48:40) [14:58:47:445]: Invoking remote custom action. DLL: C:\Users\ANDREA\AppData\Local\Temp\MSI94AE.tmp, Entrypoint: Cleanup
  Action ended 14:58:47: WiseCleanup. Return value 1.
  Action ended 14:58:47: Fatal_Error. Return value 2.
  Action ended 14:58:47: INSTALL. Return value 3.
  MSI (c) (48:AC) [14:58:47:467]: Destroying RemoteAPI object.
  MSI (c) (48:B0) [14:58:47:487]: Custom Action Manager thread ending.
  === Logging stopped: 13.10.2010  14:58:47 ===
  MSI (c) (48:AC) [14:58:47:488]: Note: 1: 1708
  MSI (c) (48:AC) [14:58:47:488]: Product: Cisco Systems VPN Client 5.0.07.0290 -- Installation operation failed.
  MSI (c) (48:AC) [14:58:47:489]: Windows Installer installed the product. Product Name: Cisco Systems VPN Client 5.0.07.0290. Product Version: 5.0.7. Product Language: 1033. Manufacturer: Cisco Systems, Inc.. Installation success or error status: 1603.
  MSI (c) (48:AC) [14:58:47:491]: Grabbed execution mutex.
  MSI (c) (48:AC) [14:58:47:491]: Cleaning up uninstalled install packages, if any exist
  MSI (c) (48:AC) [14:58:47:493]: MainEngineThread is returning 1603
  === Verbose logging stopped: 13.10.2010  14:58:47 ===

• Is there really a Cisco VPN client for Linux? _Really?_

  Hello folks,           
          I've finally after almost experiencing a brain aneurysm by trying to think too hard got my Cisco 881-SEC-K9 router properly configured for a multipoint IPSec VPN tunnel to my Amazon Virtual Private Cloud, so that hurdle is finally passed and I actually feel it was a very important milestone in my life somehow. I never thought I'd see the day I actually got my hands on a legitimate Cisco non-stink... erm.. I mean, non-linksys router. Now I just can't seem to find a 'client' VPN program for Linux. I'm currently running a Xen Hypervisor environment on openSUSE Linux because it's the only Linux distribution that completes all of my strenous requirements in a Linux server environment. It's also the most mature, and secure Linux on this planet, making it the most appreciable Linux distribution for my research needs.  Using NetworkManager is not really an option for a basic Linux server environment, and OpenVPN is just too confusing to comprehend for my tiny little head.  I've heard mention of some mysterious "Easy VPN" but after hours of digging online can't find any information about it, even the Cisco download link leads to a Page Not Found error.  I do see a Linux VPN API for the AnyConnect program, but is that an actual VPN client, or just an API?  It seems to want my money to download it but I don't have any money nor do I really know what it is because it's all secretive-like, closed source, and I can't even find a simple README file on it explaining what it is exactly.  I'm just an out-of-work software developer trying to connect to my home router for personal use and I can't really afford to fork over a million and a half dollars for a single program that I'm only going to need to download once in my lifetime that should have been included with the router in the first place. I more than likely won't even be able to figure out how to use the program anyways because I don't know anything about VPN connections which is why I bought this router so I can try to figure it all out as part of the not-for-profit open source, volunteer research I'm presently trying to conduct.  Is there some kind of evaluation or trial period for personal use? That would be really nice so I could at least figure out if I'm going to be able to figure it out or not.  I hate throwing money away when it's in such short supply these days. There's really no alternative to a Cisco router.  It's an absolute necessity for the things I'm trying to accomplish, so trying to settle for something else and going on with my life is not really an option. No, this is something I just need to face head on and get it over with.
  <Rant>
         Maybe I have a little too much crazy in me for my own good, but I don't see why it should take so much money just to learn how to do something for personal reference, it's not really a skill I would ever use otherwise.  Wouldn't it be great if Cisco made their VPN client open source and free to the public to use and modify, to improve on, to learn and to grow and bring the whole world closer together as a community? Even the source code to the old discontinued Cisco VPN client could be used as a valuable learning tool for some poor starving college student or Open Source Software developer somewhere trying to get by on Ramen Noodles and Ramen Noodle Sauce on Toast (don't tell me you never thought about it).  Through the ripple effect, It would drastically improve sales over the course of time, because it would open the door to a whole new market where those who previously could not afford to participate now could. That's the true power of Open Source. It creates a more skilled work force for the future by openly contributing and sharing knowledge together. What if the next big internet technology and the solution to world tyranny - the solution to end all wars forever - were locked in the mind of an unemployed software developer who couldn't afford to upgrade their cisco router software or access the software they needed because it was closed source and required committing to an expensive service contract to download?  That would be just terrible, wouldn't it?  I guess there's no way to ever know for sure. I suppose I'd be just as happy if some kind soul out there could point me to an easy to use alternative to an always on VPN connection that runs in the background which doesn't require NetworkManager or having to spend days upon days digging through and trying to comprehend either some really poor or extremely complex documentation?  I apologize for all the run on sentences posed as questions, but I've just got some serious mental burnout from all of this, being unemployed is some hard work folks. I could really use a vacation.  Perhaps a camping trip to the coast is in order after I get this working, that sounds nice, doesn't it? Nothing like a good summer thunder storm on the ocean beach - far away from technology - to refresh the mind.
  </Rant>

  I do tend to talk too much and I don't mince any words either.  What I am however, is really appreciative for the help. I know you hear that all the time, but you have no idea how much time and headache you just saved me.  I think vpnc might be just what I've been looking for, unless someone can think of a client for Linux that I might be able to throw a little further.  I'm very security minded now, after the backlash of Blackhat 2013, there's no telling which direction the internet might head next. Oh, you didn't hear? Well wether they realize it or not, DARPA basically declared war with other government agencies by releasing their own version of a spy program for civilians to use against the whoever -- possibly even the governmnet itself. They even went so far as to suggest it's private usage to blanket entire cities in information gathering. Civilians are a powerful foe, as they are not bound by the oath of office, any evidence they obtain is admissible in court, wether they know that or not. There's a very important reason for that. It's to prevent another civil war from ever happening, we shed enough blood the first time around less people forgot.  It's something that can and will be avoided because our civilization has advanced beyond the need for bloodshed. The courts have to obey the majority rule, no matter what. For the first time in history, cyberwarfare can reach into the physical world to cause serious damage to physical structures like the nuclear facility incident in Iran.  There's scarry bills trying to sneak through congress that are changing the landscape of technology forever for the entire world. We're at a pivotal point now where things can happen. It will be interesting to see how it all plays out over the next decade or so. No matter which way you look at it, just be preparerd to sell a whole lot of routers.

• Cisco VPN Client Driver for Atom Processor Tablet

  I recently bought a Dell Venue 8 Pro and installed Cisco VPN Client (5.0.05.0290). I get the Error message "Reason 440: Driver Failure"
  This is perhaps this is because the client driver is not compatible with the Atom processor of the Venue 8 Pro. I have serched Dell for a driver but found none.
  Any ideas?
  Thanks,
  H

  Hi,
  According to your description, I think it is compatibility problem.
  I suggest you use the vpn in the windows 7 compatibility mode.
  Making older programs compatible with this version of Windows:
  http://windows.microsoft.com/en-GB/windows-8/older-programs-compatible-version-windows
  If it doesn't work, I suggest you use the method as the following thread mentioned:
  http://social.technet.microsoft.com/Forums/windows/en-US/ad556ff3-8d33-453e-8b16-71e36e23e2c6/cisco-vpn-client-and-windows-81-preview-determinist-network-enhancer-dilema?forum=w8itpronetworking
  Hope this helps.
  Regards,
  Kelvin hsu
  TechNet Community Support

• Which ports to open in PIX for outgoing Cisco VPN client connections ?

  I have Cisco vpn clients behind the PIX and i want them to connect to a vpn 3005 which i behind another PIX . Can anybody tell me which ports i have to open on both the PIX firewalls ?

  It depends on how you have deployed your VPN Remote Access users.
  By default, if you enable IPSec-Over-TCP or IPSec-over-UDP, then port 10000 is used for both, these methods are Cisco Proprietary and can be changed.
  If you use NAT-T (NAT Traversal), the Standards-based implementation, then it uses UDP-4500).
  either way, the operation of the VPN depends on:
  1) Whether these service have been enable on the VPN Concentrator
  2) Enabling the relevant transport settings on the VPN Client connection Properties.
  Regarding the PIX infront of the VPNC3005, you will need to allow these above ports inbound to your VPNC3005 Public interface.
  Locally, it depends if you filter outbound connections through your PIX. If you don't, then the PIX will allow the connection for the VPN Client attempting to access the remote VPNC3005

• Resources for migration from legacy Cisco VPN client to AnyConnect?

  As the legacy client is now officially EOL'd, and it is having issues with Windows 7 - the need has presented itself to migrate to AnyConnect. 
  The complicating issue here is that many of the machines that need to be migrated connect remotely and never touch a corporate LAN - as such - I need to devise a means to remotely and seamlessly (as much as possible) migrate from old to new.  Sounds a bit like changing the wings on a flying plane, but I'm guessing others have had to face the same issue.  By procrastinating this migration - my hope is that your blood spilled will be mine saved?  (Just kidding. Sorta). 
  Any tips, input, suggestion, procedures, FAQs,  good luck wishes, etc. greatly appreciated.
  Cheers,
  JP

  Hi Andy
  Anyconnect licensing is a little complicated, but 99% of the time you only need the "Essentials" AnyConnect license for your ASAs. This gives you everything that you have using the old Cisco VPN Client.
  Essentials is licensed per ASA, and not per user like the other ASA AnyConnect licenses.
  AnyConnect Premium gives you all that Essentials give you plus "clientless" VPN (Web portal type stuff).
  Configuration wize - it's pretty simple and similar to how you configure the old VPN support. There's a wizard to assist you in configuring it if you like that kind of thing.
  HTH
  Barry Hesk
  Intrinsic Network Solutions

• Need HELPS! ASA 5505 8.4 Cisco VPN Client cannot ping any internal host

  Hi:
  Need your great help for my new ASA 5505 (8.4)
  I just set a new ASA 5505 with 8.4. However, I cannot ping any host after VPN in with Cisco VPN client. Please see below posted configuration file, thanks for any suggestion.
  ASA Version 8.4(3)
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  switchport access vlan 2
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 172.29.8.254 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 177.164.222.140 255.255.255.248
  ftp mode passive
  clock timezone GMT 0
  dns server-group DefaultDNS
  domain-name ABCtech.com
  same-security-traffic permit inter-interface
  object network obj_any
  subnet 172.29.8.0 255.255.255.0
  object service RDP
  service tcp source eq 3389
  object network orange
  host 172.29.8.151
  object network WAN_173_164_222_138
  host 177.164.222.138
  object service SMTP
  service tcp source eq smtp
  object service PPTP
  service tcp source eq pptp
  object service JT_WWW
  service tcp source eq www
  object service JT_HTTPS
  service tcp source eq https
  object network obj_lex
  subnet 172.29.88.0 255.255.255.0
  description Lexington office network
  object network obj_HQ
  subnet 172.29.8.0 255.255.255.0
  object network guava
  host 172.29.8.3
  object service L2TP
  service udp source eq 1701
  access-list VPN_Tunnel_User standard permit 172.29.8.0 255.255.255.0
  access-list VPN_Tunnel_User standard permit 172.29.88.0 255.255.255.0
  access-list inside_access_in extended permit icmp any any
  access-list inside_access_in extended deny tcp any any eq 135
  access-list inside_access_in extended deny tcp any eq 135 any
  access-list inside_access_in extended deny udp any eq 135 any
  access-list inside_access_in extended deny udp any any eq 135
  access-list inside_access_in extended deny tcp any any eq 1591
  access-list inside_access_in extended deny tcp any eq 1591 any
  access-list inside_access_in extended deny udp any eq 1591 any
  access-list inside_access_in extended deny udp any any eq 1591
  access-list inside_access_in extended deny tcp any any eq 1214
  access-list inside_access_in extended deny tcp any eq 1214 any
  access-list inside_access_in extended deny udp any any eq 1214
  access-list inside_access_in extended deny udp any eq 1214 any
  access-list inside_access_in extended permit ip any any
  access-list inside_access_in extended permit tcp any any eq www
  access-list inside_access_in extended permit tcp any eq www any
  access-list outside_access_in extended permit icmp any any
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq 33
  89
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq sm
  tp
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq pp
  tp
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ww
  w
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ht
  tps
  access-list outside_access_in extended permit gre any host 177.164.222.138
  access-list outside_access_in extended permit udp any host 177.164.222.138 eq 17
  01
  access-list outside_access_in extended permit ip any any
  access-list inside_access_out extended permit icmp any any
  access-list inside_access_out extended permit ip any any
  access-list outside_cryptomap extended permit ip 172.29.8.0 255.255.255.0 172.29
  .88.0 255.255.255.0
  access-list inside_in extended permit icmp any any
  access-list inside_in extended permit ip any any
  access-list inside_in extended permit udp any any eq isakmp
  access-list inside_in extended permit udp any eq isakmp any
  access-list inside_in extended permit udp any any
  access-list inside_in extended permit tcp any any
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool ABC_HQVPN_DHCP 172.29.8.210-172.29.8.230 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  asdm history enable
  arp timeout 14400
  nat (inside,outside) source static orange interface service RDP RDP
  nat (inside,outside) source static obj_HQ obj_HQ destination static obj_lex obj_
  lex route-lookup
  nat (inside,outside) source static guava WAN_173_164_222_138 service JT_WWW JT_W
  WW
  nat (inside,outside) source static guava WAN_173_164_222_138 service JT_HTTPS JT
  _HTTPS
  nat (inside,outside) source static guava WAN_173_164_222_138 service RDP RDP
  nat (inside,outside) source static guava WAN_173_164_222_138 service SMTP SMTP
  nat (inside,outside) source static guava WAN_173_164_222_138 service PPTP PPTP
  nat (inside,outside) source static guava WAN_173_164_222_138 service L2TP L2TP
  object network obj_any
  nat (inside,outside) dynamic interface
  access-group inside_in in interface inside
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 177.164.222.142 1
  route inside 172.29.168.0 255.255.255.0 172.29.8.253 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server Guava protocol nt
  aaa-server Guava (inside) host 172.29.8.3
  timeout 15
  nt-auth-domain-controller guava
  user-identity default-domain LOCAL
  http server enable
  http 172.29.8.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set Remote_VPN_Set esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set Remote_vpn_set esp-3des esp-md5-hmac
  crypto ipsec ikev2 ipsec-proposal AES256
  protocol esp encryption aes-256
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES192
  protocol esp encryption aes-192
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES
  protocol esp encryption aes
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal 3DES
  protocol esp encryption 3des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal DES
  protocol esp encryption des
  protocol esp integrity sha-1 md5
  crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set Remote_VPN_Set
  crypto dynamic-map outside_dyn_map 20 set reverse-route
  crypto map outside_map 1 match address outside_cryptomap
  crypto map outside_map 1 set peer 173.190.123.138
  crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5
  ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ES
  P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto ikev2 policy 1
  encryption aes-256
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 10
  encryption aes-192
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 20
  encryption aes
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 30
  encryption 3des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 40
  encryption des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 enable outside
  crypto ikev1 enable outside
  crypto ikev1 policy 1
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 43200
  crypto ikev1 policy 10
  authentication crack
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 120
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet 192.168.1.0 255.255.255.0 inside
  telnet 172.29.8.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside vpnclient-wins-override
  dhcprelay server 172.29.8.3 inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  enable outside
  group-policy ABCtech_VPN internal
  group-policy ABCtech_VPN attributes
  dns-server value 172.29.8.3
  vpn-tunnel-protocol ikev1
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPN_Tunnel_User
  default-domain value ABCtech.local
  group-policy GroupPolicy_10.8.8.1 internal
  group-policy GroupPolicy_10.8.8.1 attributes
  vpn-tunnel-protocol ikev1 ikev2
  username who password eicyrfJBrqOaxQvS encrypted
  tunnel-group 10.8.8.1 type ipsec-l2l
  tunnel-group 10.8.8.1 general-attributes
  default-group-policy GroupPolicy_10.8.8.1
  tunnel-group 10.8.8.1 ipsec-attributes
  ikev1 pre-shared-key *****
  ikev2 remote-authentication pre-shared-key *****
  ikev2 remote-authentication certificate
  ikev2 local-authentication pre-shared-key *****
  tunnel-group ABCtech type remote-access
  tunnel-group ABCtech general-attributes
  address-pool ABC_HQVPN_DHCP
  authentication-server-group Guava
  default-group-policy ABCtech_VPN
  tunnel-group ABCtech ipsec-attributes
  ikev1 pre-shared-key *****
  tunnel-group 173.190.123.138 type ipsec-l2l
  tunnel-group 173.190.123.138 general-attributes
  default-group-policy GroupPolicy_10.8.8.1
  tunnel-group 173.190.123.138 ipsec-attributes
  ikev1 pre-shared-key *****
  ikev2 remote-authentication pre-shared-key *****
  ikev2 remote-authentication certificate
  ikev2 local-authentication pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect pptp
    inspect ftp
    inspect netbios
  smtp-server 172.29.8.3
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:6a26676668b742900360f924b4bc80de
  : end

  Hello Wayne,
  Can you use a different subnet range than the internal interface, this could cause you a LOT of issues and hours on troubleshooting, so use a dedicated different Ip address range...
  I can see that the local Pool range is included into the inside interface Ip address subnet range, change that and the related config ( NAT,etc, ) and let us know what happens,
  Regards,
  Julio
  Security Trainer

• Cisco VPN client and License

  Hello,
  We have a Cisco ASA 5520 with the VPN PLus License and 8.04 IOS installed, we want to set up vpn access to our users. We can use the cisco VPN client which works on WIndows Platform, but we also have MAC OS 10.7 which works only with Cisco Anyconnect.
  I am a little bit lost with all the client and the license, actually we can't setup more than 2 vpn session with an Anyconnect client installed on MAC or Windows. The authentication is by Certificate, the first two connect fine, but the third one don't connect and prompt for a username / password.
  I joined a SH VER of my ASA, if anyome can tell me what is wrong on the license or perhaps it's a configuration problem?
  Thanks a lot for the answer.
  Mathieu.
  fw-eps-02# sh ver
  Cisco Adaptive Security Appliance Software Version 8.0(4)
  Device Manager Version 6.4(1)
  Compiled on Thu 07-Aug-08 20:53 by builders
  System image file is "disk0:/asa804-k8.bin"
  Config file at boot was "startup-config"
  fw-eps-02 up 1 hour 36 mins
  Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
  Internal ATA Compact Flash, 256MB
  BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
  Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                               Boot microcode   : CN1000-MC-BOOT-2.00
                               SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                               IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
  0: Ext: GigabitEthernet0/0  : address is c84c.75da.9a58, irq 9
  1: Ext: GigabitEthernet0/1  : address is c84c.75da.9a59, irq 9
  2: Ext: GigabitEthernet0/2  : address is c84c.75da.9a5a, irq 9
  3: Ext: GigabitEthernet0/3  : address is c84c.75da.9a5b, irq 9
  4: Ext: Management0/0       : address is c84c.75da.9a5c, irq 11
  5: Int: Not used            : irq 11
  6: Int: Not used            : irq 5
  Licensed features for this platform:
  Maximum Physical Interfaces  : Unlimited
  Maximum VLANs                : 150
  Inside Hosts                 : Unlimited
  Failover                     : Active/Active
  VPN-DES                      : Enabled
  VPN-3DES-AES                 : Enabled
  Security Contexts            : 2
  GTP/GPRS                     : Disabled
  VPN Peers                    : 750
  WebVPN Peers                 : 2
  AnyConnect for Mobile        : Disabled
  AnyConnect for Linksys phone : Disabled
  Advanced Endpoint Assessment : Disabled
  UC Proxy Sessions            : 2
  This platform has an ASA 5520 VPN Plus license.
  Serial Number: JMX1433L0Y3
  Running Activation Key: 0x3a17c153 0x8c141630 0xe0f3b5d4 0x86044ccc 0x47193392
  Configuration register is 0x40 (will be 0x1 at next reload)
  Configuration last modified by mgeffroy at 15:33:11.409 CEST Mon Jan 23 2012
  fw-eps-02#

  why don't you use built-in client in mac osx? it supports certificate authentication also.
  another solution would be to buy additional ssl vpn licences: there is a limit of two ssl vpn sessions by default.
  Sent from Cisco Technical Support iPad App

• IOS VPN will not respond to Cisco VPN Client connections.

  Hi all,
  I am about to set my routers on fire here.
  I have two 2921 ISRs both with Security licenses on separate leased lines. I have configured one to accept VPN connections from our Cisco VPN Client remote workers.
  I have followed the set up process I used on another site with an 1841/Sec router and the same clients and I have also checked against the config given in the latest IOS15 EasyVPN guide.
  With all debugs active, all I see is
  038062: Dec  8 14:03:04.519: ISAKMP (0): received packet from x.y.z.z dport 500 sport 60225 Global (N) NEW SA
  038063: Dec  8 14:03:04.519: ISAKMP: Created a peer struct for x.y.z.z, peer port 60225
  038064: Dec  8 14:03:04.519: ISAKMP: New peer created peer = 0x3972090C peer_handle = 0x8001D881
  038065: Dec  8 14:03:04.523: ISAKMP: Locking peer struct 0x3972090C, refcount 1 for crypto_isakmp_process_block
  038066: Dec  8 14:03:04.523: ISAKMP:(0):Setting client config settings 3E156D70
  038067: Dec  8 14:03:10.027: ISAKMP (0): received packet from x.y.z.z dport 500 sport 60225 Global (R) MM_NO_STATE
  Below is the abridged config.
  System image file is "flash0:c2900-universalk9-mz.SPA.154-1.T1.bin"
  aaa new-model
  aaa authentication login default local
  aaa authentication login VPNAUTH local
  aaa authorization exec default local
  aaa authorization network VPN local
  aaa session-id common
  crypto isakmp policy 10
   encr aes
   authentication pre-share
   group 14
  crypto isakmp client configuration group VPN
   key ****-****-****-****
   dns 192.168.177.207 192.168.177.3
   domain xxx.local
   pool VPNADDRESSES
   acl REVERSEROUTE
  crypto ipsec transform-set HASH esp-aes esp-sha-hmac
   mode tunnel
  crypto ipsec profile IPSECPROFILE
   set transform-set HASH
  crypto dynamic-map VPN 1
   set transform-set HASH
   reverse-route
  crypto map VPN client authentication list VPNAUTH
  crypto map VPN isakmp authorization list VPN
  crypto map VPN client configuration address respond
  crypto map VPN 65535 ipsec-isakmp dynamic VPN
  ip local pool VPNADDRESSES 172.16.198.16 172.16.198.31
  ip access-list extended REVERSEROUTE
   permit ip 192.168.0.0 0.0.255.255 any
   permit ip 10.0.0.0 0.0.0.255 any
  ip access-list extended FIREWALL
   2 permit udp any host a.b.c.d eq non500-isakmp
   3 permit udp any host a.b.c.d eq isakmp
   4 permit ahp any host a.b.c.d
   5 permit esp any host a.b.c.d
  If anyone can see anything wrong, I would be so pleased and it would save the destruction of an ostensibly innocent router.
  Thanks,
  Paul

  > I actually love you. Thank you so much.
  Sorry, I'm married ... ;-)
  > Im not using a virtual template. Can I get away without the Crypto Map if I use one...? All my tunnels are VTIs
  oh yes, I could have seen that ...
  crypto isakmp profile VPN-RA
  match identity group VPN
  client authentication list VPNAUTH
  isakmp authorization list VPN
  client configuration address respond
  virtual-template 1
  interface Virtual-Template1 type tunnel
  description Tunnel fuer Cisco VPN-Client
  ip unnumbered GigabitEthernet0/0
  ip virtual-reassembly in
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile IPSECPROFILE
  Your isakmp-config and ipsec profile stays the same.

• 2 Factor Authentication for Anyconnect VPN using ISE

  We are planning to implement dual factor authentication for Anyconnect VPN.
  The end users will be authenticated using domain name in machine certificates and username password with
  ISE used as radius server.
  We have the following approaches to achieve this :-
  1. Use primary and secondary authentication with user credentials as primary authentication
  and CN field of the certificate as secondary authentication.However this option prompts users for password for
  both the fields while we want the machine certificate to authenticate itself without a password.
  2. Second approach is to authenticate using user credentials and authorize the user to access the network if
  the machine certificate has a domain name in CN field which we are able to validate from the AD using
  Dynamic Access Policy.
  We are looking forward for discussions on the above approaches and are open to any other
  solution.

  Hi Umahar,
  Not sure I understood correct. You would like to authenticate the user using machine certificate for anyconnect and want to extract CN attribute the client's certificate and send it to the ISE server for further authenticate with AD. And also you don't want an additional password prompt to be produced to the user.
  If my understanding is correct. Then user would get a prompt for the password atleast because in the machine certificate there won't be password, but to authenticate with RADIUS/TACACS , we need both username and password. So how will the user gets authenticated without password.
  If you are looking a way to just see if the user is present under AD, not exactly and authentication then this might not be possible.

• Windows 8 Cisco VPN Client Issue

  I connect to several of my customers with the Cisco VPN Client Version 5.0.07.0290 and all has been working fine. In the last week, virtually every Windows 8 machine has stopped working. The client connects fine, shows it's connected, but if I go to Status -> Statistics it just shows 0 in the Bytes Received and Sent. The Bypassed and Discarded increases, but I am unable to reach any system. Does anyone know what causes this or how to resolve it? This is a HUGE problem for me as all of the work we do for our customers is via their VPNs. Every non-Windows 8 PC still works fine. And these Windows 8 PCs have been working fine until just the last week. Browsing through, I've seen posts with this same issue, but none related to Windows 8 recently. They are all Windows 7, and my Windows 7 machines are working flawlessly.
  Someone help!
  Thanks,
  Brian

  Hi Brian,
  IPSEC client on Windows 8 machine is not supported.
  Cisco VPN Client 5.0.07 supports the following Microsoft OSs:
  •Windows 7 on x64 (64-bit)
  •Windows 7 on x86 (32-bit) only
  •Windows Vista on both x86 (32-bit) and x64
  •Windows XP on x86
  VPN Client does not support the Tablet PC 2004/2005; and Windows 2000, NT, 98, and ME.
  VPN Client supports smart card authentication on Windows 7, Vista, and  XP. However, VPN Client does not support the ST Microelectronics smart  card Model ST23YL80, and smart cards from the same family.
  VPN Client supports up to one Ethernet adapter and one PPP adapter. It  does not support the establishment of a VPN connection over a tethered  link.
  VPN Client 5.0.x is incompatible with the combination of Cisco Unified  Video Advantage 2.1.2 and McAfee HIPS Patch 4 Build 688. To avoid system  failures, uninstall either of these two applications, upgrade McAfee to  the latest version, or use VPN Client 4.6.x.
  To install the VPN Client, you need
  •Pentium®-class processor or greater
  •Microsoft TCP/IP installed. (Confirm via Start > Settings > Control Panel > Network > Protocols or Configuration.)
  •50 MB hard disk space.
  •128 MB RAM
  (256 MB recommended)
  •Administrator privileges
  The VPN Client supports the following Cisco VPN devices:
  •Cisco Series 5500 Adaptive Security Appliance, Version 7.0 or later.
  •Cisco VPN 3000 Series Concentrator, Version 3.0 or later.
  •Cisco PIX Firewall, Version 6.2.2(122) or Version 6.3(1).
  •Cisco IOS Routers, Version 12.2(8)T or later.
  you can get more information from following link:-
  http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537
  Regards,
  Naresh