Cisco AnyConnect Configuration

Similar Messages

• Configuration File goes bad in Cisco AnyConnect Secure Mobility Client.

  Hi everyone
  We are running a Cisco ISE Version: 1.3.0.876 Patch 1 for 802.1X deployment (Wired + Wireless) with posture assessment where the supplicant for the endpoint is Cisco Anyconnect Secure Mobility Client v4.0.00061.
  Symptoms:
  The Configuration is working fine both Wired and Wireless, but the issue is that some user suddenly start to have issue connecting Wireless with the Cisco Anyconnect dislpaying System Scan: Bypassing Anconnect Scan
  (Some info are masked)
  and When I digged into this found that the configuration.xml files in the path: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Network Access Manager\newConfigFiles is renamed automatically into configuration_bad.xml.
  Workaround:
  Copy and paste a normal configuration.xml into the same path again.
  Restart the Cisco anyconnect services or restart the Endpoint.
  Question:
  So was wondering if anybody has a clue why this configutatyion.xml turned into bad??
  I'm goin to dig into the Event Viewer for logs about this before going to Cisco TAC

  first poster -
  "Downloads from random internet sites are 5-10 times faster than anything from a server on the VPN."
  Your corporate network may just have too little bandwidth, your taking a poor internet route between carriers (ISP's are often maxed out believe it or not), there is a speed an duplex problem or you have a bad MTU. test all of them. your pc's MTU should be 1300. MAX on all interfaces. use the setmtu.exe tool.
  Jcohen - if you disable the IPS on the ASA does the slow transfer problem go away?

• Setting up IPsec VPNs to use with Cisco Anyconnect

  So I've been having trouble setting up vpns on our ASA 5510. I would like to use IPsec VPNs so that we don't have to worry about licensing issues, but from what I've read you can do this with and still use Cisco Anyconnect. My knowledge on how to set up VPNs especially in iOS verion 8.4 is limited so I've been using a combination of command line and ASDM.
  I'm finally able to connect from a remote location but once I connect, nothing else works. From what I've read, you can use IPsec for client-to-lan connections. I've been using a preshared key for this. Documentation is limited on what should happen after you connect? Shouldn't I be able to access computers that are local to the vpn connection? I'm trying to set this up from work. If I VPN from home, shouldn't I be able to access all resources at work? I think because I've used the command line as well as ASDM I've confused some of the configuration. Plus I think some of the default policies are confusing me too. So I probably need a lot of help. Below is my current configuration with IP address altered and stuff that is completely non-related to vpns removed.
  NOTE: We are still testing this ASA and it isn't in production.
  Any help you can give me is much appreciated.
  ASA Version 8.4(2)
  hostname ASA
  domain-name domain.com
  interface Ethernet0/0
  nameif inside
  security-level 100
  ip address 192.168.0.1 255.255.255.0
  interface Ethernet0/1
  nameif outside
  security-level 0
  ip address 50.1.1.225 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  no nameif
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  boot system disk0:/asa842-k8.bin
  ftp mode passive
  dns domain-lookup outside
  dns server-group DefaultDNS
  same-security-traffic permit intra-interface
  object network NETWORK_OBJ_192.168.0.224_27
  subnet 192.168.0.224 255.255.255.224
  object-group service VPN
  service-object esp
  service-object tcp destination eq ssh
  service-object tcp destination eq https
  service-object udp destination eq 443
  service-object udp destination eq isakmp
  access-list ips extended permit ip any any
  ip local pool VPNPool 192.168.0.225-192.168.0.250 mask 255.255.255.0
  no failover
  failover timeout -1
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-645.bin
  no asdm history enable
  arp timeout 14400
  nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.0.224_27 NETWORK_OBJ_192.168.0.224_27 no-proxy-arp route-lookup
  object network LAN
  nat (inside,outside) dynamic interface
  access-group outside_in in interface outside
  route outside 0.0.0.0 0.0.0.0 50.1.1.250 1
  sysopt noproxyarp inside
  sysopt noproxyarp outside
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec ikev2 ipsec-proposal DES
  protocol esp encryption des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal 3DES
  protocol esp encryption 3des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES
  protocol esp encryption aes
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES192
  protocol esp encryption aes-192
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES256
  protocol esp encryption aes-256
  protocol esp integrity sha-1 md5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto ca trustpoint ASDM_TrustPoint0
  enrollment self
  subject-name CN=ASA
  crl configure
  crypto ca server
  shutdown
  crypto ca certificate chain ASDM_TrustPoint0
  certificate d2c18c4e
      308201f3 3082015c a0030201 020204d2 c18c4e30 0d06092a 864886f7 0d010105
      0500303e 3110300e 06035504 03130741 53413535 3130312a 30280609 2a864886
      f70d0109 02161b41 53413535 31302e64 69676974 616c6578 7472656d 65732e63
      6f6d301e 170d3131 31303036 31393133 31365a17 0d323131 30303331 39313331
      365a303e 3110300e 06035504 03130741 53413535 3130312a 30280609 2a864886
      f70d0109 02161b41 53413535 31302e64 69676974 616c6578 7472656d 65732e63
      6f6d3081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100b2
      8acbe1f4 5aa19dc5 d3379bf0 f0e1177d 79b2b7cf cc6b4623 d1d97d4c 53c9643b
      37f32caf b13b5205 d24457f2 b5d674cb 399f86d0 e6c3335f 031d54f4 d6ca246c
      234b32b2 b3ad2bf6 e3f824c0 95bada06 f5173ad2 329c28f8 20daaccf 04c51782
      3ca319d0 d5d415ca 36a9eaff f9a7cf9c f7d5e6cc 5f7a3412 98e71de8 37150f02
      03010001 300d0609 2a864886 f70d0101 05050003 8181009d d2d4228d 381112a1
      cfd05ec1 0f51a828 0748172e 3ff7b480 26c197f5 fd07dd49 01cd9db6 9152c4dc
      18d0f452 50f5d0f5 4a8279c4 4c1505f9 f5e691cc 59173dd1 7b86de4f 4e804ac6
      beb342d1 f2db1d1f 878bb086 981536cf f4094dbf 36c5371f e1a0db0a 75685bef
      af72e31f a1c4a892 d0acc618 888b53d1 9b888669 70e398
    quit
  crypto ikev2 policy 1
  encryption aes-256
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 10
  encryption aes-192
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 20
  encryption aes
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 30
  encryption 3des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 40
  encryption des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 enable outside client-services port 443
  crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
  crypto ikev1 enable outside
  crypto ikev1 policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh timeout 10
  console timeout 0
  management-access inside
  ssl trust-point ASDM_TrustPoint0 outside
  webvpn
  enable outside
  anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
  anyconnect image disk0:/anyconnect-linux-2.5.2014-k9.pkg 2
  anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3
  anyconnect profiles VPN disk0:/devpn.xml
  anyconnect enable
  tunnel-group-list enable
  group-policy VPN internal
  group-policy VPN attributes
  wins-server value 50.1.1.17 50.1.1.18
  dns-server value 50.1.1.17 50.1.1.18
  vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
  default-domain value digitalextremes.com
  webvpn
    anyconnect profiles value VPN type user
    always-on-vpn profile-setting
  username administrator password xxxxxxxxx encrypted privilege 15
  username VPN1 password xxxxxxxxx encrypted
  tunnel-group VPN type remote-access
  tunnel-group VPN general-attributes
  address-pool (inside) VPNPool
  address-pool VPNPool
  authorization-server-group LOCAL
  default-group-policy VPN
  tunnel-group VPN webvpn-attributes
  group-alias VPN enable
  tunnel-group VPN ipsec-attributes
  ikev1 pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  class-map ips
  match access-list ips
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
    inspect http
  class ips
    ips inline fail-open
  class class-default
    user-statistics accounting

  Hi Marvin, thanks for the quick reply.
  It appears that we don't have Anyconnect Essentials.
  Licensed features for this platform:
  Maximum Physical Interfaces       : Unlimited      perpetual
  Maximum VLANs                     : 100            perpetual
  Inside Hosts                      : Unlimited      perpetual
  Failover                          : Active/Active  perpetual
  VPN-DES                           : Enabled        perpetual
  VPN-3DES-AES                      : Enabled        perpetual
  Security Contexts                 : 2              perpetual
  GTP/GPRS                          : Disabled       perpetual
  AnyConnect Premium Peers          : 2              perpetual
  AnyConnect Essentials             : Disabled       perpetual
  Other VPN Peers                   : 250            perpetual
  Total VPN Peers                   : 250            perpetual
  Shared License                    : Disabled       perpetual
  AnyConnect for Mobile             : Disabled       perpetual
  AnyConnect for Cisco VPN Phone    : Disabled       perpetual
  Advanced Endpoint Assessment      : Disabled       perpetual
  UC Phone Proxy Sessions           : 2              perpetual
  Total UC Proxy Sessions           : 2              perpetual
  Botnet Traffic Filter             : Disabled       perpetual
  Intercompany Media Engine         : Disabled       perpetual
  This platform has an ASA 5510 Security Plus license.
  So then what does this mean for us VPN-wise? Is there any way we can set up multiple VPNs with this license?

• Cisco AnyConnect SSL VPN no split tunnel and no hairpinning internet access

  Greetings,
  I am looking to configure a Cisco ASA 5515X for Cisco AnyConnect Essentials SSL VPN where ALL SSL-VPN traffic is tunneled, no split tunneling or hairpinning on the outside interface. However users require internet access. I need to route traffic out the "trusted" or "inside" interface to another device that performs content-filtering and inspection which then egresses out to the internet from there. Typically this could be done using a route-map (which ASA's do not support) or with a VRF (again, not an option on the ASA). The default route points to the outside interface toward the internet.
  Is there no other method to force all my SSL-VPN traffic out the inside interface toward LAN subnets as needed and have another default route point toward the filtering device?
  OR 
  Am I forced to put the ASA behind the filtering device somehow?

  Hi Jim,
  You can use tunnel default route for vpn traffic:
  ASA(config)# route inside 0.0.0.0 0.0.0.0 <inside hop> tunneled
  configure mode commands/options:
    <1-255>   Distance metric for this route, default is 1
    track     Install route depending on tracked item
    tunneled  Enable the default tunnel gateway option, metric is set to 255
  This route is applicable for only vpn traffic.
  HTH,
  Shetty

• Windows 8 64 bit issues with Cisco AnyConnect Secure Mobility Client version 3.1.04072

  I am having an issue with the Cisco AnyConnect Secure Mobility Client version 3.1.04072 on a Windows 8 64 bit laptop.
  I am able to create the VPN connection but the connection will not allow data to be transferred.
  Stats from a manual connection:
  Cisco AnyConnect Secure Mobility Client Version 3.1.04072
  VPN Stats
      Bytes Received:  14375
      Bytes Sent:  0
      Compressed Bytes Received:  0
      Compressed Bytes Sent:  0
      Compressed Packets Received:  0
      Compressed Packets Sent:  0
      Control Bytes Received:  0
      Control Bytes Sent:  0
      Control Packets Received:  0
      Control Packets Sent:  0
      Encrypted Bytes Received:  7820
      Encrypted Bytes Sent:  1207
      Encrypted Packets Received:  9
      Encrypted Packets Sent:  3
      Inbound Bypassed Packets:  0
      Inbound Discarded Packets:  0
      Outbound Bypassed Packets:  0
      Outbound Discarded Packets:  0
      Packets Received:  4
      Packets Sent:  0
      Time Connected:  00:03:01
  Protocol Info
      Inactive Protocol
          Protocol Cipher:  RSA_3DES_168_SHA1
          Protocol Compression:  None
          Protocol State:  Disconnected
          Protocol:  DTLS
      Active Protocol
          Protocol Cipher:  RSA_3DES_168_SHA1
          Protocol Compression:  Deflate
          Protocol State:  Connected
          Protocol:  TLS
  OS Version
      Windows 8 : WinNT 6.2.9200
  Log from the data transmission software:
  24/12/2013 12:51:13 - Application version = 1.11.28.0
  24/12/2013 12:51:13 - Lodgement Library Version =  1.11.28.0
  24/12/2013 12:51:13 - Connection Method =  INTERNET
  24/12/2013 12:51:13 - DIS Connection Type = Automatic
  24/12/2013 12:51:13 - VPN Client =  ACTIVE
  24/12/2013 12:51:13 - Check Available Connections =  NOT ACTIVE
  24/12/2013 12:51:13 - Windows 8 (6.2.9200 SP )
  24/12/2013 12:51:13 - Language: English (Australia)
  24/12/2013 12:51:13 -
  24/12/2013 12:51:13 - Connected to ISP via LAN
  24/12/2013 12:51:13 - Checking for presence of VPN client.
  24/12/2013 12:51:13 - VPN client found. (C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe)
  24/12/2013 12:51:13 - The Cisco AnyConnect Secure Mobility Client application is in use.
  24/12/2013 12:51:18 - Terminating Cisco AnyConnect Secure Mobility Client in progress ...
  24/12/2013 12:51:18 -
  24/12/2013 12:51:18 - Checking Cisco AnyConnect  version.
  24/12/2013 12:51:19 - Cisco AnyConnect Secure Mobility Client (version 3.1.04072) .
  24/12/2013 12:51:19 - Copyright (c) 2004 - 2013 Cisco Systems, Inc.  All Rights Reserved.
  24/12/2013 12:51:19 - Config file directory:C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\
  24/12/2013 12:51:19 -
  24/12/2013 12:51:19 - Loading profile:C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\ELS-IMelAde-TCP.xml
  24/12/2013 12:51:19 -
  24/12/2013 12:51:19 - Initializing the VPN connection.
  24/12/2013 12:51:19 - Ready to connect.
  24/12/2013 12:51:19 - Ready to connect.
  24/12/2013 12:51:19 - Contacting ELS-IMelAde-TCP.
  24/12/2013 12:51:23 - Authenticating user.
  24/12/2013 12:51:23 - Connected to VPN concentrator.
  24/12/2013 12:51:23 - Establishing VPN session...
  24/12/2013 12:51:23 - Checking for profile updates...
  24/12/2013 12:51:23 - Checking for product updates...
  24/12/2013 12:51:23 - Checking for customization updates...
  24/12/2013 12:51:23 - Performing any required updates...
  24/12/2013 12:51:23 - Establishing VPN session...
  24/12/2013 12:51:23 - Establishing VPN - Initiating connection...
  24/12/2013 12:51:24 - Establishing VPN - Examining system...
  24/12/2013 12:51:24 - Establishing VPN - Activating VPN adapter...
  24/12/2013 12:51:24 - Establishing VPN - Configuring system...
  24/12/2013 12:51:24 - Establishing VPN...
  24/12/2013 12:51:24 - Connected to VPN concentrator.
  24/12/2013 12:51:24 - Connected to ELS-IMelAde-TCP.
  24/12/2013 12:51:24 - Connected to VPN concentrator.
  24/12/2013 12:51:24 - Connection to VPN client return code = 0.
  24/12/2013 12:51:24 - Connected to VPN concentrator.
  24/12/2013 12:51:24 - Connecting : Connecting to 203.202.43.2.
  24/12/2013 12:51:45 - Error in ConnectToDIS - Socket Error # 10060
  Connection timed out.
  24/12/2013 12:51:46 -
  24/12/2013 12:51:46 - Disconnecting from the VPN concentrator.
  24/12/2013 12:51:46 - Disconnect in progress, please wait...
  24/12/2013 12:51:46 - Detaching AnyConnect, please wait...
  24/12/2013 12:51:47 - Detached.
  24/12/2013 12:51:47 - Disconnected from VPN concentrator.
  24/12/2013 12:51:47 - *****************************************************
  24/12/2013 12:51:47 -               END OF LODGEMENT PROCESS
  24/12/2013 12:51:47 - *****************************************************
  Issue history:
  - Previously running Cisco VPN client on Windows 8 64 bit laptop (VPN working and able to transmit data over VPN)
  - Upgrade to Windows 8.1 stopped the VPN client working
  - Refreshed system back to Windows 8 and reinstalled all software
  - Cisco VPN client would not install on system
  - Cisco AnyConnect Secure Mobility Client installs and is able to connect to VPN host
  - Cisco AnyConnect Secure Mobility Client downloads and installs software from VPN host
  - Data transmission software returns error code #10060
  Any assistance would be greatly appreciated.

  anyone found the fix for this?

• Problems with Cisco AnyConnect Secure Mobility Client 3.1

  Since I upgraded to Cisco AnyConnect Secure Mobility Client 3.1, I am unable to start my VPN.
  The service does not start correctly anymore. I tried reinstabut no help.
  Could anyone help me please?
  Here my logs.
  Thank you very much.
  Date        : 07/23/2013
  Time        : 08:49:37
  Type        : Error
  Source      : acvpninstall
  Description : Function: FileMoveFiles
  File: ..\Common\Utility\NativeSysFileCopy.cpp
  Line: 388
  Invoked Function: ::FindFirstFile
  Return Code: 3 (0x00000003)
  Description: The system cannot find the path specified.
  Date        : 07/23/2013
  Time        : 08:49:37
  Type        : Error
  Source      : acvpninstall
  Description : Function: wWinMain
  File: .\InstallHelper.cpp
  Line: 354
  Invoked Function: FileMoveFiles
  Return Code: -33554423 (0xFE000009)
  Description: GLOBAL_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:49:37
  Type        : Error
  Source      : acvpninstall
  Description : Function: FileMoveFiles
  File: ..\Common\Utility\NativeSysFileCopy.cpp
  Line: 388
  Invoked Function: ::FindFirstFile
  Return Code: 3 (0x00000003)
  Description: The system cannot find the path specified.
  Date        : 07/23/2013
  Time        : 08:49:37
  Type        : Error
  Source      : acvpninstall
  Description : Function: wWinMain
  File: .\InstallHelper.cpp
  Line: 354
  Invoked Function: FileMoveFiles
  Return Code: -33554423 (0xFE000009)
  Description: GLOBAL_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:49:37
  Type        : Error
  Source      : acvpninstall
  Description : Function: FileMoveFiles
  File: ..\Common\Utility\NativeSysFileCopy.cpp
  Line: 388
  Invoked Function: ::FindFirstFile
  Return Code: 3 (0x00000003)
  Description: The system cannot find the path specified.
  Date        : 07/23/2013
  Time        : 08:49:37
  Type        : Error
  Source      : acvpninstall
  Description : Function: wWinMain
  File: .\InstallHelper.cpp
  Line: 354
  Invoked Function: FileMoveFiles
  Return Code: -33554423 (0xFE000009)
  Description: GLOBAL_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:49:40
  Type        : Information
  Source      : acvpnva
  Description : Function: CInstaller::PerformAction
  File: .\VACon.cpp
  Line: 522
  Successfully installed service acsock
  Date        : 07/23/2013
  Time        : 08:49:40
  Type        : Warning
  Source      : acvpninstall
  Description : Function: XmlLocalACPolMgr::GenerateLocalPolicy
  File: .\Xml\XmlLocalACPolMgr.cpp
  Line: 415
  Local Security Policy file already exists and therefore will not be generated
  Date        : 07/23/2013
  Time        : 08:49:40
  Type        : Information
  Source      : acvpnagent
  Description : Cisco AnyConnect Secure Mobility Client Agent starting, version 3.1.04059
  Date        : 07/23/2013
  Time        : 08:49:40
  Type        : Error
  Source      : acvpnagent
  Description : Function: CBencodeStream::LoadStream
  File: ..\..\PhoneHome\Bencode.cpp
  Line: 126
  Unable to open file for reading
  Date        : 07/23/2013
  Time        : 08:49:40
  Type        : Error
  Source      : acvpnagent
  Description : Function: CBencodeDictionary::CBencodeDictionary
  File: ..\..\PhoneHome\Bencode.cpp
  Line: 1422
  Bencode dictionary internalize failed
  Date        : 07/23/2013
  Time        : 08:49:40
  Type        : Error
  Source      : acvpnagent
  Description : Function: CPhoneHomeVpn::CPhoneHomeVpn
  File: .\PhoneHomeVpn.cpp
  Line: 187
  Failed to create Bencode dictionary
  Date        : 07/23/2013
  Time        : 08:49:40
  Type        : Error
  Source      : acvpnagent
  Description : Function: CPhoneHomeVpn::CreateSingletonInstance
  File: .\PhoneHomeVpn.cpp
  Line: 82
  Invoked Function: CPhoneHomeVpn
  Return Code: -23396343 (0xFE9B0009)
  Description: PHONEHOMEVPN_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:49:40
  Type        : Warning
  Source      : acvpnagent
  Description : Function: CMainThread::CMainThread
  File: .\MainThread.cpp
  Line: 1017
  Invoked Function: CPhoneHomeVpn::CreateSingletonInstance
  Return Code: -23396343 (0xFE9B0009)
  Description: PHONEHOMEVPN_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:49:40
  Type        : Warning
  Source      : acvpnagent
  Description : Function: PluginLoader::QuickCreatePlugin
  File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
  Line: 195
  Invoked Function: PluginLoader::CreateInstance
  Return Code: -29360116 (0xFE40000C)
  Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
  com.cisco.anyconnect.leaf
  Date        : 07/23/2013
  Time        : 08:49:41
  Type        : Information
  Source      : acvpnagent
  Description : Function: MsgCatalog::initMsgCatalog
  File: .\i18n\MsgCatalog.cpp
  Line: 246
  Current locale: fr-LU
  Date        : 07/23/2013
  Time        : 08:49:41
  Type        : Information
  Source      : acvpnagent
  Description : Function: ProfileMgr::loadProfiles
  File: .\ProfileMgr.cpp
  Line: 100
  No profile is available.
  Date        : 07/23/2013
  Time        : 08:49:41
  Type        : Information
  Source      : acvpnagent
  Description : Current Preference Settings:
  ServiceDisable: false
  CertificateStoreOverride: false
  CertificateStore: All
  ShowPreConnectMessage: false
  AutoConnectOnStart: false
  MinimizeOnConnect: true
  LocalLanAccess: false
  AutoReconnect: true
  AutoReconnectBehavior: DisconnectOnSuspend
  UseStartBeforeLogon: false
  AutoUpdate: true
  RSASecurIDIntegration: Automatic
  WindowsLogonEnforcement: SingleLocalLogon
  WindowsVPNEstablishment: LocalUsersOnly
  ProxySettings: Native
  AllowLocalProxyConnections: true
  PPPExclusion: Disable
  PPPExclusionServerIP:
  AutomaticVPNPolicy: false
  TrustedNetworkPolicy: Disconnect
  UntrustedNetworkPolicy: Connect
  TrustedDNSDomains:
  TrustedDNSServers:
  AlwaysOn: false
  ConnectFailurePolicy: Closed
  AllowCaptivePortalRemediation: false
  CaptivePortalRemediationTimeout: 5
  ApplyLastVPNLocalResourceRules: false
  AllowVPNDisconnect: true
  EnableScripting: false
  TerminateScriptOnNextEvent: false
  EnablePostSBLOnConnectScript: true
  AutomaticCertSelection: true
  RetainVpnOnLogoff: false
  UserEnforcement: SameUserOnly
  EnableAutomaticServerSelection: false
  AutoServerSelectionImprovement: 20
  AutoServerSelectionSuspendTime: 4
  AuthenticationTimeout: 12
  SafeWordSofTokenIntegration: false
  AllowIPsecOverSSL: false
  ClearSmartcardPin: true
  IPProtocolSupport: IPv4,IPv6
  AllowManualHostInput: true
  BlockUntrustedServers: true
  PublicProxyServerAddress:
  Date        : 07/23/2013
  Time        : 08:49:41
  Type        : Error
  Source      : acvpnagent
  Description : Function: CSocketSupport::ipv6EnabledOnVA
  File: .\IPC\SocketSupport_win.cpp
  Line: 284
  Invoked Function: CSocketSupport::ipv6EnabledOnVA
  Return Code: 2 (0x00000002)
  Description: cannot open VPNVA Enum registry key (VA driver not installed?)
  Date        : 07/23/2013
  Time        : 08:49:41
  Type        : Error
  Source      : acvpnagent
  Description : Function: CSocketSupport::ipv6EnabledOnVA
  File: .\IPC\SocketSupport_win.cpp
  Line: 284
  Invoked Function: CSocketSupport::ipv6EnabledOnVA
  Return Code: 2 (0x00000002)
  Description: cannot open VPNVA Enum registry key (VA driver not installed?)
  Date        : 07/23/2013
  Time        : 08:49:41
  Type        : Information
  Source      : acvpnagent
  Description : Function: CCvcConfig::readConfigParamFromFile
  File: .\vpnconfig.cpp
  Line: 5824
  The specified configuration file for MUS service does not exist
  Date        : 07/23/2013
  Time        : 08:49:41
  Type        : Information
  Source      : acvpnagent
  Description : Function: CThread::createThread
  File: .\Utility\Thread.cpp
  Line: 238
  The thread (0x00001F84) has been successfully created.
  Date        : 07/23/2013
  Time        : 08:49:41
  Type        : Information
  Source      : acvpnagent
  Description : Cisco AnyConnect Secure Mobility Client Agent started, version 3.1.04059
  Date        : 07/23/2013
  Time        : 08:49:41
  Type        : Information
  Source      : acvpnagent
  Description : Function: CInterfaceRouteMonitorCommon::logInterfaces
  File: .\Routing\InterfaceRouteMonitorCommon.cpp
  Line: 477
  IP Address Interface List:
  FE80:0:0:0:DDA0:24CA:FE35:4D19
  148.110.133.126
  FE80:0:0:0:19A3:961F:C11C:3724
  192.168.164.1
  FE80:0:0:0:80B3:F3CD:CA44:952E
  169.254.149.46
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Information
  Source      : acvpnagent
  Description : Cisco AnyConnect Secure Mobility Client Agent starting, version 3.1.04059
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Error
  Source      : acvpnagent
  Description : Function: CBencodeStream::LoadStream
  File: ..\..\PhoneHome\Bencode.cpp
  Line: 126
  Unable to open file for reading
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Error
  Source      : acvpnagent
  Description : Function: CBencodeDictionary::CBencodeDictionary
  File: ..\..\PhoneHome\Bencode.cpp
  Line: 1422
  Bencode dictionary internalize failed
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Error
  Source      : acvpnagent
  Description : Function: CPhoneHomeVpn::CPhoneHomeVpn
  File: .\PhoneHomeVpn.cpp
  Line: 187
  Failed to create Bencode dictionary
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Error
  Source      : acvpnagent
  Description : Function: CPhoneHomeVpn::CreateSingletonInstance
  File: .\PhoneHomeVpn.cpp
  Line: 82
  Invoked Function: CPhoneHomeVpn
  Return Code: -23396343 (0xFE9B0009)
  Description: PHONEHOMEVPN_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Warning
  Source      : acvpnagent
  Description : Function: CMainThread::CMainThread
  File: .\MainThread.cpp
  Line: 1017
  Invoked Function: CPhoneHomeVpn::CreateSingletonInstance
  Return Code: -23396343 (0xFE9B0009)
  Description: PHONEHOMEVPN_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Warning
  Source      : acvpnagent
  Description : Function: PluginLoader::QuickCreatePlugin
  File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
  Line: 195
  Invoked Function: PluginLoader::CreateInstance
  Return Code: -29360116 (0xFE40000C)
  Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
  com.cisco.anyconnect.leaf
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Information
  Source      : acvpnagent
  Description : Function: MsgCatalog::initMsgCatalog
  File: .\i18n\MsgCatalog.cpp
  Line: 246
  Current locale: fr-LU
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Information
  Source      : acvpnagent
  Description : Function: ProfileMgr::loadProfiles
  File: .\ProfileMgr.cpp
  Line: 100
  No profile is available.
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Information
  Source      : acvpnagent
  Description : Current Preference Settings:
  ServiceDisable: false
  CertificateStoreOverride: false
  CertificateStore: All
  ShowPreConnectMessage: false
  AutoConnectOnStart: false
  MinimizeOnConnect: true
  LocalLanAccess: false
  AutoReconnect: true
  AutoReconnectBehavior: DisconnectOnSuspend
  UseStartBeforeLogon: false
  AutoUpdate: true
  RSASecurIDIntegration: Automatic
  WindowsLogonEnforcement: SingleLocalLogon
  WindowsVPNEstablishment: LocalUsersOnly
  ProxySettings: Native
  AllowLocalProxyConnections: true
  PPPExclusion: Disable
  PPPExclusionServerIP:
  AutomaticVPNPolicy: false
  TrustedNetworkPolicy: Disconnect
  UntrustedNetworkPolicy: Connect
  TrustedDNSDomains:
  TrustedDNSServers:
  AlwaysOn: false
  ConnectFailurePolicy: Closed
  AllowCaptivePortalRemediation: false
  CaptivePortalRemediationTimeout: 5
  ApplyLastVPNLocalResourceRules: false
  AllowVPNDisconnect: true
  EnableScripting: false
  TerminateScriptOnNextEvent: false
  EnablePostSBLOnConnectScript: true
  AutomaticCertSelection: true
  RetainVpnOnLogoff: false
  UserEnforcement: SameUserOnly
  EnableAutomaticServerSelection: false
  AutoServerSelectionImprovement: 20
  AutoServerSelectionSuspendTime: 4
  AuthenticationTimeout: 12
  SafeWordSofTokenIntegration: false
  AllowIPsecOverSSL: false
  ClearSmartcardPin: true
  IPProtocolSupport: IPv4,IPv6
  AllowManualHostInput: true
  BlockUntrustedServers: true
  PublicProxyServerAddress:
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Error
  Source      : acvpnagent
  Description : Function: CSocketSupport::ipv6EnabledOnVA
  File: .\IPC\SocketSupport_win.cpp
  Line: 284
  Invoked Function: CSocketSupport::ipv6EnabledOnVA
  Return Code: 2 (0x00000002)
  Description: cannot open VPNVA Enum registry key (VA driver not installed?)
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Error
  Source      : acvpnagent
  Description : Function: CSocketSupport::ipv6EnabledOnVA
  File: .\IPC\SocketSupport_win.cpp
  Line: 284
  Invoked Function: CSocketSupport::ipv6EnabledOnVA
  Return Code: 2 (0x00000002)
  Description: cannot open VPNVA Enum registry key (VA driver not installed?)
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Information
  Source      : acvpnagent
  Description : Function: CCvcConfig::readConfigParamFromFile
  File: .\vpnconfig.cpp
  Line: 5824
  The specified configuration file for MUS service does not exist
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Information
  Source      : acvpnagent
  Description : Function: CThread::createThread
  File: .\Utility\Thread.cpp
  Line: 238
  The thread (0x00001F20) has been successfully created.
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Information
  Source      : acvpnagent
  Description : Cisco AnyConnect Secure Mobility Client Agent started, version 3.1.04059
  Date        : 07/23/2013
  Time        : 08:49:45
  Type        : Information
  Source      : acvpnagent
  Description : Function: CInterfaceRouteMonitorCommon::logInterfaces
  File: .\Routing\InterfaceRouteMonitorCommon.cpp
  Line: 477
  IP Address Interface List:
  FE80:0:0:0:DDA0:24CA:FE35:4D19
  148.110.133.126
  FE80:0:0:0:19A3:961F:C11C:3724
  192.168.164.1
  FE80:0:0:0:80B3:F3CD:CA44:952E
  169.254.149.46
  Date        : 07/23/2013
  Time        : 08:49:48
  Type        : Information
  Source      : acvpninstall
  Description : Function: SetInheritACLsFromParent
  File: .\ACLManager.cpp
  Line: 31
  Attributes for C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\ are 0x2010
  Date        : 07/23/2013
  Time        : 08:49:48
  Type        : Information
  Source      : acvpninstall
  Description : Function: SetInheritACLsFromParent
  File: .\ACLManager.cpp
  Line: 56
  Obtaining ACLs for directory C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\
  Date        : 07/23/2013
  Time        : 08:49:48
  Type        : Information
  Source      : acvpninstall
  Description : Function: SetInheritACLsFromParent
  File: .\ACLManager.cpp
  Line: 31
  Attributes for C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\CustomerExperienceFeedback are 0x2010
  Date        : 07/23/2013
  Time        : 08:49:48
  Type        : Information
  Source      : acvpninstall
  Description : Function: SetInheritACLsFromParent
  File: .\ACLManager.cpp
  Line: 56
  Obtaining ACLs for directory C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\CustomerExperienceFeedback\
  Date        : 07/23/2013
  Time        : 08:49:48
  Type        : Information
  Source      : acvpninstall
  Description : Function: SetInheritACLsFromParent
  File: .\ACLManager.cpp
  Line: 31
  Attributes for C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Help are 0x2010
  Date        : 07/23/2013
  Time        : 08:49:48
  Type        : Information
  Source      : acvpninstall
  Description : Function: SetInheritACLsFromParent
  File: .\ACLManager.cpp
  Line: 56
  Obtaining ACLs for directory C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Help\
  Date        : 07/23/2013
  Time        : 08:49:48
  Type        : Information
  Source      : acvpninstall
  Description : Function: SetInheritACLsFromParent
  File: .\ACLManager.cpp
  Line: 31
  Attributes for C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\l10n are 0x2010
  Date        : 07/23/2013
  Time        : 08:49:48
  Type        : Information
  Source      : acvpninstall
  Description : Function: SetInheritACLsFromParent
  File: .\ACLManager.cpp
  Line: 56
  Obtaining ACLs for directory C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\l10n\
  Date        : 07/23/2013
  Time        : 08:49:48
  Type        : Information
  Source      : acvpninstall
  Description : Function: SetInheritACLsFromParent
  File: .\ACLManager.cpp
  Line: 31
  Attributes for C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile are 0x2010
  Date        : 07/23/2013
  Time        : 08:49:48
  Type        : Information
  Source      : acvpninstall
  Description : Function: SetInheritACLsFromParent
  File: .\ACLManager.cpp
  Line: 56
  Obtaining ACLs for directory C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\
  Date        : 07/23/2013
  Time        : 08:49:48
  Type        : Information
  Source      : acvpninstall
  Description : Function: SetInheritACLsFromParent
  File: .\ACLManager.cpp
  Line: 31
  Attributes for C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Script are 0x2010
  Date        : 07/23/2013
  Time        : 08:49:48
  Type        : Information
  Source      : acvpninstall
  Description : Function: SetInheritACLsFromParent
  File: .\ACLManager.cpp
  Line: 56
  Obtaining ACLs for directory C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Script\
  Date        : 07/23/2013
  Time        : 08:49:49
  Type        : Information
  Source      : acvpnagent
  Description : Cisco AnyConnect Secure Mobility Client Agent starting, version 3.1.04059
  Date        : 07/23/2013
  Time        : 08:49:50
  Type        : Error
  Source      : acvpnagent
  Description : Function: CBencodeStream::LoadStream
  File: ..\..\PhoneHome\Bencode.cpp
  Line: 126
  Unable to open file for reading
  Date        : 07/23/2013
  Time        : 08:49:50
  Type        : Error
  Source      : acvpnagent
  Description : Function: CBencodeDictionary::CBencodeDictionary
  File: ..\..\PhoneHome\Bencode.cpp
  Line: 1422
  Bencode dictionary internalize failed
  Date        : 07/23/2013
  Time        : 08:49:50
  Type        : Error
  Source      : acvpnagent
  Description : Function: CPhoneHomeVpn::CPhoneHomeVpn
  File: .\PhoneHomeVpn.cpp
  Line: 187
  Failed to create Bencode dictionary
  Date        : 07/23/2013
  Time        : 08:49:50
  Type        : Error
  Source      : acvpnagent
  Description : Function: CPhoneHomeVpn::CreateSingletonInstance
  File: .\PhoneHomeVpn.cpp
  Line: 82
  Invoked Function: CPhoneHomeVpn
  Return Code: -23396343 (0xFE9B0009)
  Description: PHONEHOMEVPN_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:49:50
  Type        : Warning
  Source      : acvpnagent
  Description : Function: CMainThread::CMainThread
  File: .\MainThread.cpp
  Line: 1017
  Invoked Function: CPhoneHomeVpn::CreateSingletonInstance
  Return Code: -23396343 (0xFE9B0009)
  Description: PHONEHOMEVPN_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:49:50
  Type        : Warning
  Source      : acvpnagent
  Description : Function: PluginLoader::QuickCreatePlugin
  File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
  Line: 195
  Invoked Function: PluginLoader::CreateInstance
  Return Code: -29360116 (0xFE40000C)
  Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
  com.cisco.anyconnect.leaf
  Date        : 07/23/2013
  Time        : 08:49:50
  Type        : Information
  Source      : acvpnagent
  Description : Function: MsgCatalog::initMsgCatalog
  File: .\i18n\MsgCatalog.cpp
  Line: 246
  Current locale: fr-LU
  Date        : 07/23/2013
  Time        : 08:49:50
  Type        : Information
  Source      : acvpnagent
  Description : Function: ProfileMgr::loadProfiles
  File: .\ProfileMgr.cpp
  Line: 100
  No profile is available.
  Date        : 07/23/2013
  Time        : 08:49:50
  Type        : Information
  Source      : acvpnagent
  Description : Current Preference Settings:
  ServiceDisable: false
  CertificateStoreOverride: false
  CertificateStore: All
  ShowPreConnectMessage: false
  AutoConnectOnStart: false
  MinimizeOnConnect: true
  LocalLanAccess: false
  AutoReconnect: true
  AutoReconnectBehavior: DisconnectOnSuspend
  UseStartBeforeLogon: false
  AutoUpdate: true
  RSASecurIDIntegration: Automatic
  WindowsLogonEnforcement: SingleLocalLogon
  WindowsVPNEstablishment: LocalUsersOnly
  ProxySettings: Native
  AllowLocalProxyConnections: true
  PPPExclusion: Disable
  PPPExclusionServerIP:
  AutomaticVPNPolicy: false
  TrustedNetworkPolicy: Disconnect
  UntrustedNetworkPolicy: Connect
  TrustedDNSDomains:
  TrustedDNSServers:
  AlwaysOn: false
  ConnectFailurePolicy: Closed
  AllowCaptivePortalRemediation: false
  CaptivePortalRemediationTimeout: 5
  ApplyLastVPNLocalResourceRules: false
  AllowVPNDisconnect: true
  EnableScripting: false
  TerminateScriptOnNextEvent: false
  EnablePostSBLOnConnectScript: true
  AutomaticCertSelection: true
  RetainVpnOnLogoff: false
  UserEnforcement: SameUserOnly
  EnableAutomaticServerSelection: false
  AutoServerSelectionImprovement: 20
  AutoServerSelectionSuspendTime: 4
  AuthenticationTimeout: 12
  SafeWordSofTokenIntegration: false
  AllowIPsecOverSSL: false
  ClearSmartcardPin: true
  IPProtocolSupport: IPv4,IPv6
  AllowManualHostInput: true
  BlockUntrustedServers: true
  PublicProxyServerAddress:
  Date        : 07/23/2013
  Time        : 08:49:50
  Type        : Information
  Source      : acvpnagent
  Description : Function: CCvcConfig::readConfigParamFromFile
  File: .\vpnconfig.cpp
  Line: 5824
  The specified configuration file for MUS service does not exist
  Date        : 07/23/2013
  Time        : 08:49:50
  Type        : Information
  Source      : acvpnagent
  Description : Function: CThread::createThread
  File: .\Utility\Thread.cpp
  Line: 238
  The thread (0x000016C0) has been successfully created.
  Date        : 07/23/2013
  Time        : 08:49:50
  Type        : Information
  Source      : acvpnagent
  Description : Cisco AnyConnect Secure Mobility Client Agent started, version 3.1.04059
  Date        : 07/23/2013
  Time        : 08:49:50
  Type        : Information
  Source      : acvpnagent
  Description : Function: CInterfaceRouteMonitorCommon::logInterfaces
  File: .\Routing\InterfaceRouteMonitorCommon.cpp
  Line: 477
  IP Address Interface List:
  FE80:0:0:0:DDA0:24CA:FE35:4D19
  148.110.133.126
  FE80:0:0:0:19A3:961F:C11C:3724
  192.168.164.1
  FE80:0:0:0:80B3:F3CD:CA44:952E
  169.254.149.46
  Date        : 07/23/2013
  Time        : 08:50:10
  Type        : Information
  Source      : acvpnagent
  Description : Cisco AnyConnect Secure Mobility Client Agent starting, version 3.1.04059
  Date        : 07/23/2013
  Time        : 08:50:11
  Type        : Error
  Source      : acvpnagent
  Description : Function: CBencodeStream::LoadStream
  File: ..\..\PhoneHome\Bencode.cpp
  Line: 126
  Unable to open file for reading
  Date        : 07/23/2013
  Time        : 08:50:11
  Type        : Error
  Source      : acvpnagent
  Description : Function: CBencodeDictionary::CBencodeDictionary
  File: ..\..\PhoneHome\Bencode.cpp
  Line: 1422
  Bencode dictionary internalize failed
  Date        : 07/23/2013
  Time        : 08:50:11
  Type        : Error
  Source      : acvpnagent
  Description : Function: CPhoneHomeVpn::CPhoneHomeVpn
  File: .\PhoneHomeVpn.cpp
  Line: 187
  Failed to create Bencode dictionary
  Date        : 07/23/2013
  Time        : 08:50:11
  Type        : Error
  Source      : acvpnagent
  Description : Function: CPhoneHomeVpn::CreateSingletonInstance
  File: .\PhoneHomeVpn.cpp
  Line: 82
  Invoked Function: CPhoneHomeVpn
  Return Code: -23396343 (0xFE9B0009)
  Description: PHONEHOMEVPN_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:50:11
  Type        : Warning
  Source      : acvpnagent
  Description : Function: CMainThread::CMainThread
  File: .\MainThread.cpp
  Line: 1017
  Invoked Function: CPhoneHomeVpn::CreateSingletonInstance
  Return Code: -23396343 (0xFE9B0009)
  Description: PHONEHOMEVPN_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:50:11
  Type        : Warning
  Source      : acvpnagent
  Description : Function: PluginLoader::QuickCreatePlugin
  File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
  Line: 195
  Invoked Function: PluginLoader::CreateInstance
  Return Code: -29360116 (0xFE40000C)
  Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
  com.cisco.anyconnect.leaf
  Date        : 07/23/2013
  Time        : 08:50:11
  Type        : Information
  Source      : acvpnagent
  Description : Function: MsgCatalog::initMsgCatalog
  File: .\i18n\MsgCatalog.cpp
  Line: 246
  Current locale: fr-LU
  Date        : 07/23/2013
  Time        : 08:50:11
  Type        : Information
  Source      : acvpnagent
  Description : Function: ProfileMgr::loadProfiles
  File: .\ProfileMgr.cpp
  Line: 100
  No profile is available.
  Date        : 07/23/2013
  Time        : 08:50:11
  Type        : Information
  Source      : acvpnagent
  Description : Current Preference Settings:
  ServiceDisable: false
  CertificateStoreOverride: false
  CertificateStore: All
  ShowPreConnectMessage: false
  AutoConnectOnStart: false
  MinimizeOnConnect: true
  LocalLanAccess: false
  AutoReconnect: true
  AutoReconnectBehavior: DisconnectOnSuspend
  UseStartBeforeLogon: false
  AutoUpdate: true
  RSASecurIDIntegration: Automatic
  WindowsLogonEnforcement: SingleLocalLogon
  WindowsVPNEstablishment: LocalUsersOnly
  ProxySettings: Native
  AllowLocalProxyConnections: true
  PPPExclusion: Disable
  PPPExclusionServerIP:
  AutomaticVPNPolicy: false
  TrustedNetworkPolicy: Disconnect
  UntrustedNetworkPolicy: Connect
  TrustedDNSDomains:
  TrustedDNSServers:
  AlwaysOn: false
  ConnectFailurePolicy: Closed
  AllowCaptivePortalRemediation: false
  CaptivePortalRemediationTimeout: 5
  ApplyLastVPNLocalResourceRules: false
  AllowVPNDisconnect: true
  EnableScripting: false
  TerminateScriptOnNextEvent: false
  EnablePostSBLOnConnectScript: true
  AutomaticCertSelection: true
  RetainVpnOnLogoff: false
  UserEnforcement: SameUserOnly
  EnableAutomaticServerSelection: false
  AutoServerSelectionImprovement: 20
  AutoServerSelectionSuspendTime: 4
  AuthenticationTimeout: 12
  SafeWordSofTokenIntegration: false
  AllowIPsecOverSSL: false
  ClearSmartcardPin: true
  IPProtocolSupport: IPv4,IPv6
  AllowManualHostInput: true
  BlockUntrustedServers: true
  PublicProxyServerAddress:
  Date        : 07/23/2013
  Time        : 08:50:11
  Type        : Information
  Source      : acvpnagent
  Description : Function: CCvcConfig::readConfigParamFromFile
  File: .\vpnconfig.cpp
  Line: 5824
  The specified configuration file for MUS service does not exist
  Date        : 07/23/2013
  Time        : 08:50:11
  Type        : Information
  Source      : acvpnagent
  Description : Function: CThread::createThread
  File: .\Utility\Thread.cpp
  Line: 238
  The thread (0x00001F34) has been successfully created.
  Date        : 07/23/2013
  Time        : 08:50:11
  Type        : Information
  Source      : acvpnagent
  Description : Cisco AnyConnect Secure Mobility Client Agent started, version 3.1.04059
  Date        : 07/23/2013
  Time        : 08:50:11
  Type        : Information
  Source      : acvpnagent
  Description : Function: CInterfaceRouteMonitorCommon::logInterfaces
  File: .\Routing\InterfaceRouteMonitorCommon.cpp
  Line: 477
  IP Address Interface List:
  FE80:0:0:0:DDA0:24CA:FE35:4D19
  148.110.133.126
  FE80:0:0:0:19A3:961F:C11C:3724
  192.168.164.1
  FE80:0:0:0:80B3:F3CD:CA44:952E
  169.254.149.46
  Date        : 07/23/2013
  Time        : 08:50:19
  Type        : Information
  Source      : acvpnui
  Description : Cisco AnyConnect Secure Mobility Client GUI started, version 3.1.04059
  Date        : 07/23/2013
  Time        : 08:50:20
  Type        : Information
  Source      : acvpnui
  Description : Initializing vpnapi version 3.1.04059 ().
  Date        : 07/23/2013
  Time        : 08:50:21
  Type        : Information
  Source      : acvpnui
  Description : Function: MsgCatalog::initMsgCatalog
  File: .\i18n\MsgCatalog.cpp
  Line: 246
  Current locale: fr-LU
  Date        : 07/23/2013
  Time        : 08:50:21
  Type        : Information
  Source      : acvpnui
  Description : Function: ProfileMgr::loadProfiles
  File: .\ProfileMgr.cpp
  Line: 100
  No profile is available.
  Date        : 07/23/2013
  Time        : 08:50:21
  Type        : Warning
  Source      : acvpnui
  Description : Function: ClientIfcBase::getCurrentState
  File: .\ClientIfcBase.cpp
  Line: 2058
  API service not ready
  Date        : 07/23/2013
  Time        : 08:50:21
  Type        : Information
  Source      : acvpnui
  Description : Current Preference Settings:
  ServiceDisable: false
  CertificateStoreOverride: false
  CertificateStore: All
  ShowPreConnectMessage: false
  AutoConnectOnStart: false
  MinimizeOnConnect: true
  LocalLanAccess: false
  AutoReconnect: true
  AutoReconnectBehavior: DisconnectOnSuspend
  UseStartBeforeLogon: false
  AutoUpdate: true
  RSASecurIDIntegration: Automatic
  WindowsLogonEnforcement: SingleLocalLogon
  WindowsVPNEstablishment: LocalUsersOnly
  ProxySettings: Native
  AllowLocalProxyConnections: true
  PPPExclusion: Disable
  PPPExclusionServerIP:
  AutomaticVPNPolicy: false
  TrustedNetworkPolicy: Disconnect
  UntrustedNetworkPolicy: Connect
  TrustedDNSDomains:
  TrustedDNSServers:
  AlwaysOn: false
  ConnectFailurePolicy: Closed
  AllowCaptivePortalRemediation: false
  CaptivePortalRemediationTimeout: 5
  ApplyLastVPNLocalResourceRules: false
  AllowVPNDisconnect: true
  EnableScripting: false
  TerminateScriptOnNextEvent: false
  EnablePostSBLOnConnectScript: true
  AutomaticCertSelection: true
  RetainVpnOnLogoff: false
  UserEnforcement: SameUserOnly
  EnableAutomaticServerSelection: false
  AutoServerSelectionImprovement: 20
  AutoServerSelectionSuspendTime: 4
  AuthenticationTimeout: 12
  SafeWordSofTokenIntegration: false
  AllowIPsecOverSSL: false
  ClearSmartcardPin: true
  IPProtocolSupport: IPv4,IPv6
  AllowManualHostInput: true
  BlockUntrustedServers: true
  PublicProxyServerAddress:
  Date        : 07/23/2013
  Time        : 08:50:21
  Type        : Warning
  Source      : acvpnui
  Description : Function: PluginLoader::QuickCreatePlugin
  File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
  Line: 195
  Invoked Function: PluginLoader::CreateInstance
  Return Code: -29360116 (0xFE40000C)
  Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
  com.cisco.anyconnect.nam.api
  Date        : 07/23/2013
  Time        : 08:50:21
  Type        : Information
  Source      : acvpnui
  Description : Function: L2Api::attach
  File: .\L2Api.cpp
  Line: 87
  The NAM/L2 Api could not be found or failed to load, skipping.
  Date        : 07/23/2013
  Time        : 08:50:21
  Type        : Warning
  Source      : acvpnui
  Description : Function: PluginLoader::QuickCreatePlugin
  File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
  Line: 195
  Invoked Function: PluginLoader::CreateInstance
  Return Code: -29360116 (0xFE40000C)
  Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
  com.cisco.anyconnect.websecurity.api
  Date        : 07/23/2013
  Time        : 08:50:21
  Type        : Information
  Source      : acvpnui
  Description : Function: SSApi::attach
  File: ..\common\SSApi.cpp
  Line: 51
  The Web Security API could not be found or failed to load, skipping.
  Date        : 07/23/2013
  Time        : 08:50:21
  Type        : Error
  Source      : acvpnui
  Description : Function: MFDartBox::getDARTInstallDir
  File: .\MFDartBox.cpp
  Line: 332
  Invoked Function: MsiEnumProductsExW
  Return Code: 259 (0x00000103)
  Description: No more data is available.
  Date        : 07/23/2013
  Time        : 08:50:21
  Type        : Warning
  Source      : acvpnui
  Description : Function: ClientIfcBase::getStats
  File: .\ClientIfcBase.cpp
  Line: 1723
  Called when API service not ready.
  Date        : 07/23/2013
  Time        : 08:50:22
  Type        : Error
  Source      : acvpnui
  Description : Function: CSocketTransport::connectTransport
  File: .\IPC\SocketTransport.cpp
  Line: 981
  Invoked Function: ::WSAConnect
  Return Code: 10061 (0x0000274D)
  Description: No connection could be made because the target machine actively refused it.
  Date        : 07/23/2013
  Time        : 08:50:22
  Type        : Error
  Source      : acvpnui
  Description : Function: CIpcTransport::connectIpc
  File: .\IPC\IPCTransport.cpp
  Line: 252
  Invoked Function: CSocketTransport::connectTransport
  Return Code: -31588340 (0xFE1E000C)
  Description: SOCKETTRANSPORT_ERROR_CONNECT
  Date        : 07/23/2013
  Time        : 08:50:22
  Type        : Error
  Source      : acvpnui
  Description : Function: CIpcTransport::terminateIpcConnection
  File: .\IPC\IPCTransport.cpp
  Line: 404
  Invoked Function: CSocketTransport::writeSocketBlocking
  Return Code: -31588319 (0xFE1E0021)
  Description: SOCKETTRANSPORT_ERROR_NO_SOCKET_HANDLE:The socket transport does not possess a valid socket handle.
  Date        : 07/23/2013
  Time        : 08:50:22
  Type        : Error
  Source      : acvpnui
  Description : Function: ApiIpc::initIpc
  File: .\ApiIpc.cpp
  Line: 423
  Invoked Function: CIpcTransport::connectIpc
  Return Code: -31588340 (0xFE1E000C)
  Description: SOCKETTRANSPORT_ERROR_CONNECT
  Date        : 07/23/2013
  Time        : 08:50:22
  Type        : Error
  Source      : acvpnui
  Description : Function: ApiIpc::initiateAgentConnection
  File: .\ApiIpc.cpp
  Line: 336
  Invoked Function: ApiIpc::initIpc
  Return Code: -31588340 (0xFE1E000C)
  Description: SOCKETTRANSPORT_ERROR_CONNECT
  Date        : 07/23/2013
  Time        : 08:50:22
  Type        : Error
  Source      : acvpnui
  Description : Function: ApiIpc::run
  File: .\ApiIpc.cpp
  Line: 570
  Invoked Function: ApiIpc::initiateAgentConnection
  Return Code: -31588340 (0xFE1E000C)
  Description: SOCKETTRANSPORT_ERROR_CONNECT
  Date        : 07/23/2013
  Time        : 08:50:22
  Type        : Error
  Source      : acvpnui
  Description : Function: ClientIfcBase::attach
  File: .\ClientIfcBase.cpp
  Line: 606
  Client failed to attach.
  Date        : 07/23/2013
  Time        : 08:50:25
  Type        : Error
  Source      : acvpnui
  Description : Function: CMainFrame::OnCreate
  File: .\mainfrm.cpp
  Line: 342
  Invoked Function: The VPN service is not responding or available.
  Return Code: -33554423 (0xFE000009)
  Description: GLOBAL_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:50:25
  Type        : Information
  Source      : acvpnui
  Description : Function: ClientIfcBase::detach
  File: .\ClientIfcBase.cpp
  Line: 438
  Shutting down vpnapi
  Date        : 07/23/2013
  Time        : 08:50:25
  Type        : Error
  Source      : acvpnui
  Description : Function: ConnectMgr::activateConnectEvent
  File: .\ConnectMgr.cpp
  Line: 1352
  NULL object. Cannot establish a connection at this time.
  Date        : 07/23/2013
  Time        : 08:50:25
  Type        : Information
  Source      : acvpnui
  Description : Cisco AnyConnect Secure Mobility Client GUI exiting, version 3.1.04059 , return code 0 [0x00000000]
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Information
  Source      : acvpnagent
  Description : Cisco AnyConnect Secure Mobility Client Agent starting, version 3.1.04059
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Error
  Source      : acvpnagent
  Description : Function: CBencodeStream::LoadStream
  File: ..\..\PhoneHome\Bencode.cpp
  Line: 126
  Unable to open file for reading
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Error
  Source      : acvpnagent
  Description : Function: CBencodeDictionary::CBencodeDictionary
  File: ..\..\PhoneHome\Bencode.cpp
  Line: 1422
  Bencode dictionary internalize failed
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Error
  Source      : acvpnagent
  Description : Function: CPhoneHomeVpn::CPhoneHomeVpn
  File: .\PhoneHomeVpn.cpp
  Line: 187
  Failed to create Bencode dictionary
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Error
  Source      : acvpnagent
  Description : Function: CPhoneHomeVpn::CreateSingletonInstance
  File: .\PhoneHomeVpn.cpp
  Line: 82
  Invoked Function: CPhoneHomeVpn
  Return Code: -23396343 (0xFE9B0009)
  Description: PHONEHOMEVPN_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Warning
  Source      : acvpnagent
  Description : Function: CMainThread::CMainThread
  File: .\MainThread.cpp
  Line: 1017
  Invoked Function: CPhoneHomeVpn::CreateSingletonInstance
  Return Code: -23396343 (0xFE9B0009)
  Description: PHONEHOMEVPN_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Warning
  Source      : acvpnagent
  Description : Function: PluginLoader::QuickCreatePlugin
  File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
  Line: 195
  Invoked Function: PluginLoader::CreateInstance
  Return Code: -29360116 (0xFE40000C)
  Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
  com.cisco.anyconnect.leaf
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Information
  Source      : acvpnagent
  Description : Function: MsgCatalog::initMsgCatalog
  File: .\i18n\MsgCatalog.cpp
  Line: 246
  Current locale: fr-LU
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Information
  Source      : acvpnagent
  Description : Function: ProfileMgr::loadProfiles
  File: .\ProfileMgr.cpp
  Line: 100
  No profile is available.
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Information
  Source      : acvpnagent
  Description : Current Preference Settings:
  ServiceDisable: false
  CertificateStoreOverride: false
  CertificateStore: All
  ShowPreConnectMessage: false
  AutoConnectOnStart: false
  MinimizeOnConnect: true
  LocalLanAccess: false
  AutoReconnect: true
  AutoReconnectBehavior: DisconnectOnSuspend
  UseStartBeforeLogon: false
  AutoUpdate: true
  RSASecurIDIntegration: Automatic
  WindowsLogonEnforcement: SingleLocalLogon
  WindowsVPNEstablishment: LocalUsersOnly
  ProxySettings: Native
  AllowLocalProxyConnections: true
  PPPExclusion: Disable
  PPPExclusionServerIP:
  AutomaticVPNPolicy: false
  TrustedNetworkPolicy: Disconnect
  UntrustedNetworkPolicy: Connect
  TrustedDNSDomains:
  TrustedDNSServers:
  AlwaysOn: false
  ConnectFailurePolicy: Closed
  AllowCaptivePortalRemediation: false
  CaptivePortalRemediationTimeout: 5
  ApplyLastVPNLocalResourceRules: false
  AllowVPNDisconnect: true
  EnableScripting: false
  TerminateScriptOnNextEvent: false
  EnablePostSBLOnConnectScript: true
  AutomaticCertSelection: true
  RetainVpnOnLogoff: false
  UserEnforcement: SameUserOnly
  EnableAutomaticServerSelection: false
  AutoServerSelectionImprovement: 20
  AutoServerSelectionSuspendTime: 4
  AuthenticationTimeout: 12
  SafeWordSofTokenIntegration: false
  AllowIPsecOverSSL: false
  ClearSmartcardPin: true
  IPProtocolSupport: IPv4,IPv6
  AllowManualHostInput: true
  BlockUntrustedServers: true
  PublicProxyServerAddress:
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Information
  Source      : acvpnagent
  Description : Function: CCvcConfig::readConfigParamFromFile
  File: .\vpnconfig.cpp
  Line: 5824
  The specified configuration file for MUS service does not exist
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Information
  Source      : acvpnagent
  Description : Function: CThread::createThread
  File: .\Utility\Thread.cpp
  Line: 238
  The thread (0x0000162C) has been successfully created.
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Information
  Source      : acvpnagent
  Description : Cisco AnyConnect Secure Mobility Client Agent started, version 3.1.04059
  Date        : 07/23/2013
  Time        : 08:51:12
  Type        : Information
  Source      : acvpnagent
  Description : Function: CInterfaceRouteMonitorCommon::logInterfaces
  File: .\Routing\InterfaceRouteMonitorCommon.cpp
  Line: 477
  IP Address Interface List:
  FE80:0:0:0:DDA0:24CA:FE35:4D19
  148.110.133.126
  FE80:0:0:0:19A3:961F:C11C:3724
  192.168.164.1
  FE80:0:0:0:80B3:F3CD:CA44:952E
  169.254.149.46
  Date        : 07/23/2013
  Time        : 08:52:13
  Type        : Information
  Source      : acvpnagent
  Description : Cisco AnyConnect Secure Mobility Client Agent starting, version 3.1.04059
  Date        : 07/23/2013
  Time        : 08:52:13
  Type        : Error
  Source      : acvpnagent
  Description : Function: CBencodeStream::LoadStream
  File: ..\..\PhoneHome\Bencode.cpp
  Line: 126
  Unable to open file for reading
  Date        : 07/23/2013
  Time        : 08:52:13
  Type        : Error
  Source      : acvpnagent
  Description : Function: CBencodeDictionary::CBencodeDictionary
  File: ..\..\PhoneHome\Bencode.cpp
  Line: 1422
  Bencode dictionary internalize failed
  Date        : 07/23/2013
  Time        : 08:52:13
  Type        : Error
  Source      : acvpnagent
  Description : Function: CPhoneHomeVpn::CPhoneHomeVpn
  File: .\PhoneHomeVpn.cpp
  Line: 187
  Failed to create Bencode dictionary
  Date        : 07/23/2013
  Time        : 08:52:13
  Type        : Error
  Source      : acvpnagent
  Description : Function: CPhoneHomeVpn::CreateSingletonInstance
  File: .\PhoneHomeVpn.cpp
  Line: 82
  Invoked Function: CPhoneHomeVpn
  Return Code: -23396343 (0xFE9B0009)
  Description: PHONEHOMEVPN_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:52:13
  Type        : Warning
  Source      : acvpnagent
  Description : Function: CMainThread::CMainThread
  File: .\MainThread.cpp
  Line: 1017
  Invoked Function: CPhoneHomeVpn::CreateSingletonInstance
  Return Code: -23396343 (0xFE9B0009)
  Description: PHONEHOMEVPN_ERROR_UNEXPECTED
  Date        : 07/23/2013
  Time        : 08:52:13
  Type        : Warning
  Source      : acvpnagent
  Description : Function: PluginLoader::QuickCreatePlugin
  File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
  Line: 195
  Invoked Function: PluginLoader::CreateInstance
  Return Code: -29360116 (0xFE40000C)
  Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
  com.cisco.anyconnect.leaf
  Date        : 07/23/2013
  Time        : 08:52:13
  Type        : Information
  Source      : acvpnagent
  Description : Function: MsgCatalog::initMsgCatalog
  File: .\i18n\MsgCatalog.cpp
  Line: 246
  Current locale: fr-LU
  Date        : 07/23/2013
  Time        : 08:52:13
  Type        : Information
  Source      : acvpnagent
  Description : Function: ProfileMgr::loadProfiles
  File: .\ProfileMgr.cpp
  Line: 100
  No profile is available.
  Date        : 07/23/2013
  Time        : 08:52:13
  Type        : Information
  Source      : acvpnagent
  Description : Current Preference Settings:
  ServiceDisable: false
  CertificateStoreOverride: false
  CertificateStore: All
  ShowPreConnectMessage: false
  AutoConnectOnStart: false
  MinimizeOnConnect: true
  LocalLanAccess: false
  AutoReconnect: true
  AutoReconnectBehavior: DisconnectOnSuspend
  UseStartBeforeLogon: false
  AutoUpdate: true
  RSASecurIDIntegration: Automatic
  WindowsLogonEnforcement: SingleLocalLogon
  WindowsVPNEstablishment: LocalUsersOnly
  ProxySettings: Native
  AllowLocalProxyConnections: true
  PPPExclusion: Disable
  PPPExclusionServerIP:
  AutomaticVPNPolicy: false
  TrustedNetworkPolicy: Disconnect
  UntrustedNetworkP

  There seem to be much more problems with 3.1.04049
  Especially with certificate authentication.
  I opened some TAC cases.
  Try 3.1.04063 that came out at 07-24-13.
  TAC said that there are some fixes in it...

• Simple remote connection using Cisco AnyConnect and ISR router

  Hi all,
  I am just wondering what the easiest and simplest method would be to make remote PCs (running Cisco AnyConnect) establish a VPN IPsec to a Cisco ISR (881/887, 1900s,2900s series). I used to use EasyVPN method (simple and fast to configure and no need for special licences other than crypto licence) but since Cisco VPN Client is no longer supported I had to resort to WebVPN which requires a licence depending on the number of clients to support (SSL licences for 10,20 users and so forth). I've read a bit about FlexVPN but I can't find an easy example to what I want to do. The closest is this one (FlexVPN and Anyconnect IKEv2 Client Configuration Example):
  http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115941-flexvpn-ikev2-config-00.html
  But that example makes use of RADIUS. Is there a way to make use of local database (users configured on the router) instead of RADIUS?
  Basically what I am after is the following
  - Remote users install Cisco AnyConnect to establish a VPN connection to HQ
  - HQ ISR (880s, 1900s, 2900s) terminates that VPN connections and allows access to local resources (shared drives, applications...).Authentication method would be local database on the router. No need of RADIUS/ACS as this is for very small companies with no IT resources to maintain and configure a RADIUS/ACS server.
  I think what I need is this AnyConnect to IOS Headend Over IPsec with IKEv2 and Certificates Configuration Example:
  http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115014-flexvpn-guide-cert-00.html
  But the example is too highlevel for me to follow, basically I don't know how to generate such certificates and distribute it to remote clients.
  Any help as to how to create such certificates or how to configure FlexVPN to just requiring the user to enter usr/pass (using local database not RADIUS nor ACS) would be highly appreciated.
  Cheers
  Alvaro

  If you insist .. try this:
  http://www.cisco.com/c/en/us/support/docs/security/flexvpn/116032-flexvpn-aaa-config-example-00.html
  http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115907-config-flexvpn-wcca-00.html
  http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/50282-ios-ca-ios.html

• Error Cisco AnyConnect Secure Mobility Client - MAC Os X

  Hello,
  I have this problem when I tried to connect the anyconnect secure mobility with my vpn
  Please, can you help me?
  The error messege is this
  " The AnyConnect package on the secure gateway could not be reached . You may be experiencing network connectivity issues . Please try connecting again. "
  The firewall in use is
  ASA 5520
  ASA 9.1(4)
  ASDM 7.1(6)

  Correct answer for this error Cisco AnyConnect Client
  Upload to ASA the .pkg of the client vpn what you need to used
  For ASA 9.1(4) and ASDM 7.1(6)
  Go to Configuration -> Network (Client) Access -> AnyConnect Client Software
  "If the .pkg is not declare here, you have to add"
  For ADD -> press + Add -> Browse flash -> Find the .pkg what you need and select -> Press OK -> Press OK
  Finally Press Apply
  Then, connect the vpn and you will not have problem
  Regards

• Cisco AnyConnect Secure Mobility Client

  I have a Cisco ASA 5525-X.
  Behind the firewall I have six seperate networks, with interface 0 connected to the Internet.
  Cisco Anyconnect clients can connect from the Internet without any problems.
  What I want to do is restrict users/groups to specific networks.
  For instance -group1 can only connect to network1 after authentication.
  The problem I have is that users that are NOT part of the tunnelgroup are still authenticated and get access to a network they shouldn't have access to.
  In short I want six groups for six networks but can't seem to make this work.
  The reason for this is that these networks are six distinct networks with one Internet feed.
  I would be most gratefull if somebody can point me in the right direction.
  thanks

  Hi,
  I got to admit that I am a bit rusty on the VPN Client side.
  In some of our environments we utilize the default RA (Remote Access) "tunnel-group" only and use a separate AAA server to return the correct group for the user based on their login information.
  Now if we had to do this with just the ASA then I am not 100% sure how to set it up. I wonder if the solution would then be to remove all the non default "tunnel-group" configurations related to the type of VPN you are using and simply using the default "tunnel-group" and assigning "username" different "group-policy" based on their need?
  In other words using only the default "tunnel-group" there would be nothing to choose from in the drop down menu but the "group-policy" attached to the "username" would define to which networks traffic would be tunneled and so on.
  I guess this would still require you to configure an "address-pool" under the default "tunnel-group" or you would have to define each users IP address under the "username attributes".
  To view the default "tunnel-group" and "group-policy" configurations on the CLI of the ASA you would have to use this command
  show run all tunnel-group
  show run all group-policy
  Do take note that these commands print out a lot more information/configurations than the usual "show run" variation. This is because the command also shows the default settings which arent otherwise visible in the "show run" output.
  Would really need to test this myself to be able to give you an 100% sure answer.
  - Jouni

• Cisco AnyConnect Secure Mobility Client - Newbie Totally Lost

  We currently have an ASA 5505 Firewall with VPN services configured.  The system is running ASA Version 9.0.0 and ADSDM 7.0.2.  I installed the "Cisco AnyConnect Sercure Mobility Client" Version 3.1.01065 on my Windows 7 Ultimate PC.  When I try to connect to my VPN service I ge the following message:
  Security Warning: Untrusted VPN Server Certificate!  AnyConnect cannot verify the VPN server: XXX.XXX.XX.XX
  Certifiate does not match the server name
  Certificate is from an untrusted source.
  Certificate is not identified for this purpose.
  Without purchasing a certificate from a 3rd Party vendor, is it possible to register a "Self" generated Certificate to get rid of this message?  If so are there any "Detailed" (e.g., simplified or not in Cisco-eeze language) instructions on how to setup the Firewall to "push" the certificate to the VPN client so the message doesn't come up for the user?

  You can simply accept the self-signed certificate the first time you are presented with that message and direct AnyConnect to always trust such certificates.
  If you don't want to do that, you need to make your clients automatically trust this certificate from your ASA. You can do that several ways. You mentioned using a 3rd party vendor - that ends up being the method of using a vendor in the trusted root Certificate Authority (CA) list. If you don't use one of the 3rd party ones, you will need to push out the trust via some software deployment method - e.g. a GPO for Windows clients in a managed AD setup or via pre-deploying with yet another 3rd party tool like LANdesk.
  If you don't have an internal CA or AD-managed infrastructure for your clients then just telling users to click "always trust" is the path of least resistance (although the least secure).

• Cisco anyconnect secure mobility client + caching

  Hi,
  We have recently implemented wifi at our location, all working fine with the below exception. we have cisco anyconnect secure mobility client installed on all laptops for VPN access. we are facing a problem as the vpn client is caching the credentilas i.e inorder to connect to the corp wifi, we need ot add a profile in the anyconnect client with the SSID, security and 802.1x configuration bcoz my WIFI infra is setup to use ISE as the authentication manager and WLC is integrated with ISE. First time when someone tries to connect to wifi, it prompts for the credentials. but for the subsequent connections it is not prompting for the credentials and somehow it is picking from the cache or somewhere. How can i disable this? I want the users to be prompted for credentials whenever they try to connect to the corp wifi? FYI, we are using cisco anyconnect secure moile client 3.0.5 version.
  Thanks,
  Sridhar

  I'm guessing that it is this setting...
  Go to C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client and edit the AnyConnectLocalPolicy.xml.
  Change this line to:
            All
  It's probably best to use the AnyConnect Profile Editor to do this and I'm also not sure if this is something that can be pushed from the gateway to all machines.

• Cisco AnyConnect Secure Mobility Client with IPsec

  Hello,
  Current equipment
  ASA 5520
  ASA Version 8.4(6)
  ASDM Version 7.1(3)
  IPsec(IKEv1)
  Cisco VPN Client
  Cisco AnyConnect Secure Mobility Client
  Version 3.1.04072
  I need to configure the vpn client with ipsec using the version of the vpn client what i'm talk.
  The first time I complete all the parameters. I note what file was edit. The file what was edit is this file "preferences.xml"
  c:\users\user\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client
  If I edit this file "preference.xml" all setting change but not help me in made a solution.
  The file contains this
  <?xml version="1.0" encoding="UTF-8"?>
  <AnyConnectPreferences>
  <DefaultUser>user</DefaultUser>
  <DefaultSecondUser></DefaultSecondUser>
  <ClientCertificateThumbprint></ClientCertificateThumbprint>
  <ServerCertificateThumbprint></ServerCertificateThumbprint>
  <DefaultHostName>server</DefaultHostName>
  <DefaultHostAddress></DefaultHostAddress>
  <ProxyHost></ProxyHost>
  <ProxyPort></ProxyPort>
  <SDITokenType>none</SDITokenType>
  <ControllablePreferences>
  <LocalLanAccess>false</LocalLanAccess>
  <AutoConnectOnStart>false</AutoConnectOnStart>
  <BlockUntrustedServers>false</BlockUntrustedServers></ControllablePreferences>
  </AnyConnectPreferences>
  What i need to know is the "sentence" or line of configuration what i have to introduce in this file to reference the different ipsec profile. If I am told that I must update the handle or asdm version. I can do it.
  Somebody can help me please

  Here is a link to an example of configuring AnyConnect to use IKEv2. According to this ASA 8.4 and AnyConnect 3.1 should be ok.
  http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/113692-ac-ikev2-ca-00.html
  HTH
  Rick

• An error when trying to connect with the Cisco AnyConnect.

  Good day!
  I connect from Windows 7 (also from Ubuntu) with the Cisco AnyConnect client 3.0 (and with Cisco AnyConnect Secure Mobility Client 3.1) and  get error a “The VPN client was unable to successfully verify the IP  forwarding table modifications. A VPN connection will not be  established.   No changes had been made to the  configuration  of my  asa5520 running 8.4(2) (ASDM 6.4(5)).
  I have license  (AnyConnect Premium Perpetual) supports 2  vpn connections.
  I read about this problem on different forums and cisco.com:
  disabled unused adapters, check install software (Adobe photoshop and Bonjour are not installed on my system).
  I made new configuration AnyConnect  in ASDM. But the problem remains the same...
  Please, help me find the way to solution in this situation!

  I have seen that error before but it usually clears up on its own.  I have a working theory though so perhaps this might help you.  I noticed that once you connect, 2 files are created in C:\ProgramData\Cisco\Cisco AnyConnect VPN Client.  I think that folder is different if using v3.x instead of 2.5.  Anyway, the files are routechangesv4.bin and routechangesv6.bin.  Try deleting each and then rebooting.  Try connecting again after that.
  My theory is that those files are not clearing up after disconnecting.  I think they are supposed to go away after disconnecting but I noticed in some cases that they don't.

• Mail and SMTP server settings of ASA Certificate Authority for cisco anyconnect VPN

                     Dear All,
  i have the folloing case :
  i am using ASA as Certificate authority for cisco anyconnect VPN users,the authentication happens based on the local database of the ASA,
  i want to issue a new certificate every 72 hours for the users ,and i want to send the one time password via email to each user.
  so what the setting of the mail and smtp server should be ,
  was i understand i should put my smtp server ip address then i have to create the local users again under(Remte VPN VPN--Certificate management--Local certificate authority --Manage user Database) along with their email addresses to send the one time passsword to them via their emails.
  i sent the email manually ,hwo can automate sending the OTP to our VPN users automatically vi their emails?
  Best regards,

  Thanks Jennifer.
  I did manage to configure LDAP attribute map to the specific group policy.
  Nevertheless, I was thinking whether I can have fixed IP address tied to individual user.
  Using legacy Cisco VPN Client, I can do it using IPSEC(IKEv1) Connection profile, where I set Pre-Shared Key and Client Address Pools. Each Client Address Pools has only 1 fix IP address.
  Example: let say my username is LLH.
  Connection Profile for me is : LLH-Connection-Profile, my profile is protected by preshared key.
  Client Address Pool for me is : LLH-pool, and the IP is 172.16.1.11
  Only me know the preshared key and only me can login with my Connection Profile.
  Using AnyConnect, I have problem. User can use any connection profile because I cannot set preshared key for AnyConnect. In that case, I cannot control who can use my Connection Profile and pretend to be me.
  Example:
  AnyConnect Connection Profile for me is : LLH-Connection-Profile, without any password
  Client Address Pool for me is : LLH-pool, IP is 172.16.1.11
  Any body can use LLH-Connection-Profile, login with another user name, let say user-abc which is a valid user in LDAP server. In that case, ASA assign 172.16.1.11 to user-abc and this user-abc can access server which only allow my IP to access.
  I hope above description can paint the scenario clearer.
  Thanks in advance for all the help and comment given.

• Issue or Bug with Cisco Anyconnect 3.1

  Hello Everybody,
  I´m facing to one problem
  i have an ASA 5510 version 8.4
  i have upgraded since 3 days the anyconnect version to Anyconnect 3.1
  Here is my license :
  VPN-DES                           : Enabled        perpetual
  VPN-3DES-AES                      : Enabled        perpetual
  Security Contexts                 : 0              perpetual
  GTP/GPRS                          : Disabled       perpetual
  AnyConnect Premium Peers          : 50             perpetual
  AnyConnect Essentials             : Disabled       perpetual
  Other VPN Peers                   : 250            perpetual
  Total VPN Peers                   : 250            perpetual
  Shared License                    : Disabled       perpetual
  AnyConnect for Mobile             : Disabled       perpetual
  AnyConnect for Cisco VPN Phone    : Disabled       perpetual
  Advanced Endpoint Assessment      : Disabled       perpetual
  UC Phone Proxy Sessions           : 2              perpetual
  Total UC Proxy Sessions           : 2              perpetual
  Botnet Traffic Filter             : Disabled       perpetual
  Intercompany Media Engine         : Disabled       perpetual
  Everything was working fine on my client user , when they vpn with the new application : "anyconnect vers 3.1"
  Now , noone are able to connect via VPN , it appear on message when try to vpn :
  " The service Provider in your current location is restricting access to the Internet. You need to log on with the service provider before you can estabilish a vpn session"
  Everything work fine , with my service Provider, have the last JAVA on my Laptop and here is is the Event viewer error :
  Function: MsgCatalog::msgFormat File: .\i18n\MsgCatalog.cpp Line: 450 Invoked Function: FormatMessage Return Code: 3 (0x00000003) Description: The system cannot find the path specified.
  Function: MsgCatalog::msgFormat File: .\i18n\MsgCatalog.cpp Line: 450 Invoked Function: FormatMessage Return Code: 3 (0x00000003) Description: The system cannot find the path specified.
  Please someone can Help Me Fix this Probleme, Everything was working fine before ?

  Captive Portal Hotspot Detection and Remediation Requirements
  Support for both captive portal detection and remediation requires one of the following licenses:
  •AnyConnect Premium (SSL VPN Edition)
  •Cisco AnyConnect Secure Mobility
  You can use a Cisco AnyConnect Secure Mobility license to provide  support for captive portal detection and remediation in combination with  either an AnyConnect Essentials or an AnyConnect Premium license.
  Captive portal detection and remediation support only computers running  Microsoft Windows 7, Windows Vista, or Windows XP and Mac OS X  10.5,10.6, and 10.7.
  Captive Portal Hotspot Detection
  AnyConnect displays the "Unable to contact VPN server" message on the GUI if it cannot connect, regardless of the cause. VPN server specifies the secure gateway. If always-on is enabled, and a captive  portal is not present, the client continues to attempt to connect to the  VPN and updates the status message accordingly.
  If always-on VPN is enabled, the connect failure policy is closed,  captive portal remediation is disabled, and AnyConnect detects the  presence of a captive portal, the AnyConnect GUI displays the following  message once per connection and once per reconnect:
  The service provider in your current location is restricting access to the Internet.
  The AnyConnect protection settings must be lowered for you to log on with the service
  provider. Your current enterprise security policy does not allow this.
  If AnyConnect detects the presence of a captive portal and the  AnyConnect configuration differs from that described above, the  AnyConnect GUI displays the following message once per connection and  once per reconnect:
  The service provider in your current location is restricting access to the Internet. You need to log on with the service provider before you can establish a VPN session. You can try this by visiting any website with your browser.
  Captive portal detection is enabled by default, and is non-configurable.
  AnyConnect does not modify any browser configuration settings during Captive Portal detection.
  Jatin Katyal
  - Do rate helpful posts -