Cisco Anyconnect "Login Failed"
in debug ldap 255, i see this message:
memberOf: value = CN=L-NOUSA-VPN_Access,OU=Security Groups,OU=NOUSA,OU=PROD,DC=wmh-ag,DC=org
[378534] mapped to Group-Policy: value = GroupPolicy_WM-Wisconsin
[378534] mapped to LDAP-Class: value = GroupPolicy_WM-Wisconsin
and
WM-Wisconsin# show run group-policy GroupPolicy_WM-Wisconsin
group-policy GroupPolicy_WM-Wisconsin internal
group-policy GroupPolicy_WM-Wisconsin attributes
wins-server none
dns-server value 10.155.17.246
vpn-tunnel-protocol ssl-client
default-domain value ABC-ag.org
and
WM-Wisconsin# show run tunnel-group WM-Wisconsin
tunnel-group WM-Wisconsin type remote-access
tunnel-group WM-Wisconsin general-attributes
address-pool Anyconnect-pool
authentication-server-group CA-LDAP-WM-AnyC
default-group-policy NO_VPN_ACCESS
tunnel-group WM-Wisconsin webvpn-attributes
group-alias WM-Wisconsin enable
When I try to login, it says "Login Failed"
it is evident from ldap debug that group policy is getting mapped to user, still failed.
When i change default group policy in tunnel group to GroupPolicy_WM-Wisconsin, it works ! but thats not the way i want....
this solved he issue:
group-policy GroupPolicy_WM-Wisconsin attributes
vpn-simultaneous-con 10
Similar Messages
-
Automatic download of VeriSign Secure Server CA - G3 certificate for Cisco CNA login fails
In IE8 the browser loads this VeriSign certificate automatically. The login site is accessed with www.cisco.com/go/netacad and then clicking on the login button for Academy Connection.
That site doesn't send a required intermediate certificate. So if Firefox hasn't stored that certificate from a visit to another server that sends it then you get an error. You can contact the website and inform them about that missing certificate.
* https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1130
* http://www.networking4all.com/en/support/tools/site+check/ -
When trying to connect with Cisco AnyConnect Secure Mobility Client on Windows XP SP3 getting the following error:
Function: CTransportWinHttp::SendRequest
File: .\CTransportWinHttp.cpp
Line: 1170
Invoked Function: HttpSendRequest
Return Code: 806 (0x00000326)
Description: WINDOWS_ERROR_CODE
Function: CTransportWinHttp::SendRequest
File: .\CTransportWinHttp.cpp
Line: 1178
Invoked Function: CTransportWinHttp::handleRequestError
Return Code: -30015479 (0xFE360009)
Description: CTRANSPORT_ERROR_UNEXPECTED
and finally I get the following message:
Function: ConnectMgr::processIfcData
File: .\ConnectMgr.cpp
Line: 2763
Invoked Function: ConnectMgr::processIfcData
Return Code: -30015443 (0xFE36002D)
Description: CTRANSPORT_ERROR_CONN_UNKNOWN
Connection attempt failed. Please try again.
Any ideas, thanks,
Ashok.Hi Harry,
I only wish I were more up to speed on all of the security technology. I will contact the network administrator and pass your request to him. I will let you know the results (probably later today).
Here is a little background on this issue (optional reading). All clients worked fine up until around the end of September 2013. Then, a rash of Windows updates came along. Around Sept. 20th, I noticed I could no longer connect using the VPN. So, I uninstalled (Mobility Client) but was not able to re-install as the https://site was not longer able to be reached. I got the standard Microsoft 'Diagnose Connection Problems'. So I manually installed the 'Mobility Client' but only get errors. However, I'm only guessing at the 'AnyConnectProfile.xml'. I may have the settings all wrong. Don't know.
We also noticed that all of our Windows 7 clients work fine. None of the Windows XP clients work any longer. I figured it was 'time to upgrade' all of our Windows XP clients.
Regards,
Stan -
Cisco Anyconnect Secure Mobility Client Fails to Install
I've followed and contributed to posts about this problem here: https://supportforums.cisco.com/thread/2057631
But this problem isn't only isolated to 2.5 client, so I thought a new discussion might attract a bit more attention and feedback.
For 5 or 6 users when I try to install the client as new as version 3.0.11042 (any version, not just the newest) I get a failure:
CustomAction VACon64_Install returned actual error code -536870348 (note this may not be 100% accurate if translation happened inside sandbox)
Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action VACon64_Install, location: C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\VACon64.exe, command: -install "C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\\vpnva64.inf" VPNVA
MSI (s) (44:94) [16:15:05:629]: Product: Cisco AnyConnect VPN Client -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action VACon64_Install, location: C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\VACon64.exe, command: -install "C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\\vpnva64.inf" VPNVA
Before it rolls back, I try to run the command manually which appears to do something, but doesn't fix the problem.
This is the step that is trying to install the service VPNVA, but it fails.
I have cleaned up all the files I know how (which registry entries might I also try?) and rebooted several times, but no luck.
The documented Cisco solution, and what i've been telling frustrated users one after another is "re-image your machine"
Does someone have an idea of what else I can try?Thank you.
The workaround works. Yes, using Windows 8.1.
An HOW TO on how to set this for everyone who is not that computer savvy...
1. Go to the Start Screen of Windows 8.1 and look for the Cisco Anyconnect Secure Mobility Client icon (or just type it on the Start Screen).
2. Right click the icon and select 'Open file location'.
3. Right click the Cisco Anyconnect Secure Mobility Client (Shortcut) and select 'Properties'
4. Select the 'Compatibility' Tab.
5. Check the box 'Run this program in compatibility mode for:' and select 'Windows 8' in the drop down.
6. Click 'OK' to close the window.
7. Log off and log on again (or reboot the computer).
Note to point 5. If there are multiple users are using the PC with different user accounts and they're using the Cisco Secure Mobility Client as well, then go to 'Change settings for all users' and there apply point 5. To do so you'll need administrative rights to the computer though. -
AnyConnect version: 2.5.2001
Mac OS versions: 10.7.2 and 10.6.8
We used to invoke Cisco AnyConnect VPN via the Safari browser for the SSL URL and it used to work fine on Mac OS 10.6 and 10.7. Apple released a security update on 8/Nov/2011 (see: http://support.apple.com/kb/HT5045) and after applying the update, invoking AnyConnect from the browser no longer invokes the AnyConnect application on the machine. The browser stops at this page repeatedly:
I have installed AnyConnect on my machine and am able to invoke it explicitly, but browser login just fails to do that. I have tried re-installing AnyConnect, but the problem still persists.
Any help would be highly appreciated as we are in a show-stopped situation because of this issue.
Thanks
Vivek.This is an old issue, but I ran into it continually this month while trying to use AnyConnect on my Mac 10.8+ version.
For me, the solution was:
I realized that I should have seen a pop-up warning me about the dangers of using Java etc. etc but it seemed as if my computer was blocking it automatically without giving me the option.
I went to the Java page (Java.com) and clicked on "Do I have Java?" The plug-in was inactive, so clicking it allowed me to check that my Java was up to date. Going back to my AnyConnect, this time, it seemed to go through and give me all the pop-ups allowing me to allow Java. -
SSL VPN, "Login failed" and "WebVPN: error creating WebVPN session!"
Hi,
Just ran the wizard for Anyconnect SSL VPN, created a tunnel group, a vpn pool and added user to it. When trying to logon on the SSL service, it simply says "login failed". I suspect that the user might not be in correct groups or so?
some relevant config
webvpn
enable wan
svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
svc enable
group-policy vpnpolicy1 internal
group-policy vpnpolicy1 attributes
vpn-tunnel-protocol svc
tunnel-group admins type remote-access
tunnel-group admins general-attributes
address-pool sslpool2
default-group-policy vpnpolicy1
username myuser password 1234567890 encrypted privilege 15
username myuser attributes
vpn-group-policy vpnpolicy1
Debug:
asa01# debug webvpn 255
INFO: debug webvpn enabled at level 255.
asa01# webvpn_allocate_auth_struct: net_handle = CD5734D0
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_login_resolve_tunnel_group: tgCookie = NULL
webvpn_login_resolve_tunnel_group: tunnel group name from default
webvpn_login_resolve_tunnel_group: TG_BUFFER = DefaultWEBVPNGroup
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
webvpn_portal.c:http_webvpn_kill_cookie[790]
webvpn_auth.c:http_webvpn_pre_authentication[2321]
WebVPN: calling AAA with ewsContext (-867034168) and nh (-849922864)!
webvpn_add_auth_handle: auth_handle = 17
WebVPN: started user authentication...
webvpn_auth.c:webvpn_aaa_callback[5138]
WebVPN: AAA status = (ACCEPT)
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_resuming[3093]
webvpn_auth.c:http_webvpn_post_authentication[1485]
WebVPN: user: (myuser) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2938]
webvpn_session.c:http_webvpn_create_session[184]
WebVPN: error creating WebVPN session!
webvpn_remove_auth_handle: auth_handle = 17
webvpn_free_auth_struct: net_handle = CD5734D0
webvpn_allocate_auth_struct: net_handle = CD5734D0
webvpn_free_auth_struct: net_handle = CD5734D0AnyConnect says:
"The secure gateway has rejected the agents VPN connect or reconnect request. A new connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists.
The following message was received from the secure gateway: Host or network is 0"
Other resources indicate that it's either the tunnel group, or the address pool.. The address pool is:
ip local pool sslpool2 172.16.20.0-172.16.20.254 mask 255.255.255.0
asa01# debug webvpn 255
INFO: debug webvpn enabled at level 255.
asa01# debug http 255
debug http enabled at level 255.
asa01# webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_login_resolve_tunnel_group: tgCookie = NULL
webvpn_login_resolve_tunnel_group: tunnel group name from default
webvpn_login_resolve_tunnel_group: TG_BUFFER = DefaultWEBVPNGroup
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
webvpn_portal.c:http_webvpn_kill_cookie[790]
webvpn_auth.c:http_webvpn_pre_authentication[2321]
WebVPN: calling AAA with ewsContext (-845538720) and nh (-828624376)!
webvpn_add_auth_handle: auth_handle = 22
WebVPN: started user authentication...
webvpn_auth.c:webvpn_aaa_callback[5138]
WebVPN: AAA status = (ACCEPT)
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_resuming[3093]
webvpn_auth.c:http_webvpn_post_authentication[1485]
WebVPN: user: (myuser) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2938]
HTTP: net_handle->standalone_client [0]
webvpn_session.c:http_webvpn_create_session[184]
webvpn_session.c:http_webvpn_find_session[159]
WebVPN session created!
webvpn_session.c:http_webvpn_find_session[159]
webvpn_remove_auth_handle: auth_handle = 22
webvpn_portal.c:ewaFormServe_webvpn_cookie[1805]
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE863DE8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE863DE8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE863DE8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE863DE8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CC894AA8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
Close 1043041832
webvpn_free_auth_struct: net_handle = CC894AA8 -
CUPC 8.6.3 login failed
I am running these versions of CUCM 8.6.2.10000-30, CUP 8.6.4.12900-2 and using CUPC 8.6.3.20802.
Fully AD integration and AD authentication. All userids and passwords are operational.
I keep getting login failed when I try to loginto Cisco Unified Personal Communicator in VOICE LAB ENVIRONMENTHi,
The following troubleshooting doc for CUPC should help
http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-presence/97443-cups-cupc-ts.html#topic1
Please check the following sections:
Understanding the CUPC Boot-up Process
Cannot Log In to the CUPC When Troubleshooter Shows All Green
HTH
Manish -
Setting up IPsec VPNs to use with Cisco Anyconnect
So I've been having trouble setting up vpns on our ASA 5510. I would like to use IPsec VPNs so that we don't have to worry about licensing issues, but from what I've read you can do this with and still use Cisco Anyconnect. My knowledge on how to set up VPNs especially in iOS verion 8.4 is limited so I've been using a combination of command line and ASDM.
I'm finally able to connect from a remote location but once I connect, nothing else works. From what I've read, you can use IPsec for client-to-lan connections. I've been using a preshared key for this. Documentation is limited on what should happen after you connect? Shouldn't I be able to access computers that are local to the vpn connection? I'm trying to set this up from work. If I VPN from home, shouldn't I be able to access all resources at work? I think because I've used the command line as well as ASDM I've confused some of the configuration. Plus I think some of the default policies are confusing me too. So I probably need a lot of help. Below is my current configuration with IP address altered and stuff that is completely non-related to vpns removed.
NOTE: We are still testing this ASA and it isn't in production.
Any help you can give me is much appreciated.
ASA Version 8.4(2)
hostname ASA
domain-name domain.com
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/1
nameif outside
security-level 0
ip address 50.1.1.225 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
no nameif
security-level 100
ip address 192.168.1.1 255.255.255.0
boot system disk0:/asa842-k8.bin
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
same-security-traffic permit intra-interface
object network NETWORK_OBJ_192.168.0.224_27
subnet 192.168.0.224 255.255.255.224
object-group service VPN
service-object esp
service-object tcp destination eq ssh
service-object tcp destination eq https
service-object udp destination eq 443
service-object udp destination eq isakmp
access-list ips extended permit ip any any
ip local pool VPNPool 192.168.0.225-192.168.0.250 mask 255.255.255.0
no failover
failover timeout -1
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.0.224_27 NETWORK_OBJ_192.168.0.224_27 no-proxy-arp route-lookup
object network LAN
nat (inside,outside) dynamic interface
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 50.1.1.250 1
sysopt noproxyarp inside
sysopt noproxyarp outside
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=ASA
crl configure
crypto ca server
shutdown
crypto ca certificate chain ASDM_TrustPoint0
certificate d2c18c4e
308201f3 3082015c a0030201 020204d2 c18c4e30 0d06092a 864886f7 0d010105
0500303e 3110300e 06035504 03130741 53413535 3130312a 30280609 2a864886
f70d0109 02161b41 53413535 31302e64 69676974 616c6578 7472656d 65732e63
6f6d301e 170d3131 31303036 31393133 31365a17 0d323131 30303331 39313331
365a303e 3110300e 06035504 03130741 53413535 3130312a 30280609 2a864886
f70d0109 02161b41 53413535 31302e64 69676974 616c6578 7472656d 65732e63
6f6d3081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100b2
8acbe1f4 5aa19dc5 d3379bf0 f0e1177d 79b2b7cf cc6b4623 d1d97d4c 53c9643b
37f32caf b13b5205 d24457f2 b5d674cb 399f86d0 e6c3335f 031d54f4 d6ca246c
234b32b2 b3ad2bf6 e3f824c0 95bada06 f5173ad2 329c28f8 20daaccf 04c51782
3ca319d0 d5d415ca 36a9eaff f9a7cf9c f7d5e6cc 5f7a3412 98e71de8 37150f02
03010001 300d0609 2a864886 f70d0101 05050003 8181009d d2d4228d 381112a1
cfd05ec1 0f51a828 0748172e 3ff7b480 26c197f5 fd07dd49 01cd9db6 9152c4dc
18d0f452 50f5d0f5 4a8279c4 4c1505f9 f5e691cc 59173dd1 7b86de4f 4e804ac6
beb342d1 f2db1d1f 878bb086 981536cf f4094dbf 36c5371f e1a0db0a 75685bef
af72e31f a1c4a892 d0acc618 888b53d1 9b888669 70e398
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 10
console timeout 0
management-access inside
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect image disk0:/anyconnect-linux-2.5.2014-k9.pkg 2
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3
anyconnect profiles VPN disk0:/devpn.xml
anyconnect enable
tunnel-group-list enable
group-policy VPN internal
group-policy VPN attributes
wins-server value 50.1.1.17 50.1.1.18
dns-server value 50.1.1.17 50.1.1.18
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
default-domain value digitalextremes.com
webvpn
anyconnect profiles value VPN type user
always-on-vpn profile-setting
username administrator password xxxxxxxxx encrypted privilege 15
username VPN1 password xxxxxxxxx encrypted
tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
address-pool (inside) VPNPool
address-pool VPNPool
authorization-server-group LOCAL
default-group-policy VPN
tunnel-group VPN webvpn-attributes
group-alias VPN enable
tunnel-group VPN ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
class-map ips
match access-list ips
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
class ips
ips inline fail-open
class class-default
user-statistics accountingHi Marvin, thanks for the quick reply.
It appears that we don't have Anyconnect Essentials.
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5510 Security Plus license.
So then what does this mean for us VPN-wise? Is there any way we can set up multiple VPNs with this license? -
Hi,
I use Cisco AnyConnect Secure Mobility Client 3.1.05170 to connect to my company network and it has been working successfully for a while and until Sunday evening Feb 8.
Today, this solution is no longer working and I've reproduced the same issue on 3 different Mac's which have 10.10.2 (on 2 Mac's) and 10.9.5 (on 1 Mac).
I can navigate on internet without any problem but when I launch the connection in Cisco AnyConnect Secure Mobility Client, it time outs and I get the following errors:
Feb 10 10:37:31 nicolass-macbook-pro-2-2.home acvpnui[7926]: Message type information sent to the user: Contacting <company server name removed for security reasons>.
Feb 10 10:37:31 nicolass-macbook-pro-2-2.home acvpnui[7926]: Initiating VPN connection to the secure gateway https://<company server name removed for security reasons>
Feb 10 10:37:31 nicolass-macbook-pro-2-2.home acvpnagent[2013]: Function: processConnectNotification File: ../../vpn/Agent/MainThread.cpp Line: 11572 Received connect notification (host <company server name removed for security reasons>, profile myaccess1.xml)
Feb 10 10:37:31 nicolass-macbook-pro-2-2.home acvpnagent[2013]: Function: resolveHostName File: ../../vpn/Common/Utility/HostLocator.cpp Line: 718 Invoked Function: CHostLocator::resolveHostNameAlt Return Code: -29294571 (0xFE410015) Description: DNSREQUEST_ERROR_EMPTY_RESPONSE
Feb 10 10:37:32 nicolass-macbook-pro-2-2.home acvpnagent[2013]: Function: getHostIPAddrByName File: ../../vpn/Common/IPC/SocketSupport.cpp Line: 322 Invoked Function: ::getaddrinfo Return Code: 35 (0x00000023) Description: unknown
Feb 10 10:37:32 nicolass-macbook-pro-2-2.home acvpnagent[2013]: Function: resolveHostName File: ../../vpn/Common/Utility/HostLocator.cpp Line: 730 Invoked Function: CSocketSupport::getHostIPAddrByName Return Code: -31195124 (0xFE24000C) Description: SOCKETSUPPORT_ERROR_GETADDRINFO
Feb 10 10:37:32 nicolass-macbook-pro-2-2.home acvpnagent[2013]: Function: ResolveHostname File: ../../vpn/Common/Utility/HostLocator.cpp Line: 839 Invoked Function: CHostLocator::resolveHostName Return Code: -31195124 (0xFE24000C) Description: SOCKETSUPPORT_ERROR_GETADDRINFO failed to resolve host name <company server name removed for security reasons> to IPv6 address
Feb 10 10:37:32 nicolass-macbook-pro-2-2.home acvpnagent[2013]: Function: logResolutionResult File: ../../vpn/Common/Utility/HostLocator.cpp Line: 913 Host <company server name removed for security reasons> has been resolved to IP address 144.24.19.20
Feb 10 10:37:32 nicolass-macbook-pro-2-2.home acvpnagent[2013]: Writing to hosts file: 144.24.19.20 <company server name removed for security reasons> ###Cisco AnyConnect VPN client modified this file. Please do not modify contents until this comment is removed.
Feb 10 10:37:32 nicolass-macbook-pro-2-2.home acvpnagent[2013]: Function: respondToConnectNotification File: ../../vpn/Agent/MainThread.cpp Line: 4893 The requested VPN connection to <company server name removed for security reasons> will target the following IP protocols and addresses: primary - IPv4 (address 144.24.19.20), secondary - N/A.
Feb 10 10:37:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Function: getUserName File: ../../vpn/Api/CTransportCurlStatic.cpp Line: 1939 PasswordEntry username is nwipfli
Feb 10 10:38:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Function: PeerCertVerifyCB File: ../../vpn/Api/CTransportCurlStatic.cpp Line: 857 Return success from VerifyServerCertificate
Feb 10 10:38:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Function: SendRequest File: ../../vpn/Api/CTransportCurlStatic.cpp Line: 1422 Invoked Function: curl_easy_perform Return Code: -30015442 (0xFE36002E) Description: CTRANSPORT_ERROR_TIMEOUT 28 : Error
Feb 10 10:38:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Function: sendRequest File: ../../vpn/Api/ConnectIfc.cpp Line: 3191 Invoked Function: CTransport::SendRequest Return Code: -30015442 (0xFE36002E) Description: CTRANSPORT_ERROR_TIMEOUT
Feb 10 10:38:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Function: connect File: ../../vpn/Api/ConnectIfc.cpp Line: 481 Invoked Function: ConnectIfc::sendRequest Return Code: -30015442 (0xFE36002E) Description: CTRANSPORT_ERROR_TIMEOUT
Feb 10 10:38:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Function: TranslateStatusCode File: ../../vpn/Api/ConnectIfc.cpp Line: 3008 Invoked Function: TranslateStatusCode Return Code: -30015442 (0xFE36002E) Description: CTRANSPORT_ERROR_TIMEOUT Connection attempt has timed out. Please verify Internet connectivity.
Feb 10 10:38:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Function: doConnectIfcConnect File: ../../vpn/Api/ConnectMgr.cpp Line: 1963 Invoked Function: ConnectIfc::connect Return Code: -30015442 (0xFE36002E) Description: CTRANSPORT_ERROR_TIMEOUT
Feb 10 10:38:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Message type warning sent to the user: Connection attempt has failed.
Feb 10 10:38:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Function: processIfcData File: ../../vpn/Api/ConnectMgr.cpp Line: 2614 Content type (unknown) received. Response type (host unreachable) from <company server name removed for security reasons>:
Feb 10 10:38:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Message type warning sent to the user: Unable to contact <company server name removed for security reasons>.
Feb 10 10:38:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Function: processIfcData File: ../../vpn/Api/ConnectMgr.cpp Line: 2724 Unable to contact <company server name removed for security reasons>
Feb 10 10:38:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Message type error sent to the user: Connection attempt has timed out. Please verify Internet connectivity.
Feb 10 10:38:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Function: connect File: ../../vpn/Api/ConnectMgr.cpp Line: 2050 ConnectMgr::processIfcData failed
Feb 10 10:38:32 nicolass-macbook-pro-2-2.home acvpnui[7926]: Function: initiateConnect File: ../../vpn/Api/ConnectMgr.cpp Line: 1181 Connection failed.
Any idea about a solution ?
Thanks in advance
NicolasThere seem to be much more problems with 3.1.04049
Especially with certificate authentication.
I opened some TAC cases.
Try 3.1.04063 that came out at 07-24-13.
TAC said that there are some fixes in it... -
Problems with Cisco AnyConnect Secure Mobility Client 3.1
Since I upgraded to Cisco AnyConnect Secure Mobility Client 3.1, I am unable to start my VPN.
The service does not start correctly anymore. I tried reinstabut no help.
Could anyone help me please?
Here my logs.
Thank you very much.
Date : 07/23/2013
Time : 08:49:37
Type : Error
Source : acvpninstall
Description : Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.
Date : 07/23/2013
Time : 08:49:37
Type : Error
Source : acvpninstall
Description : Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:49:37
Type : Error
Source : acvpninstall
Description : Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.
Date : 07/23/2013
Time : 08:49:37
Type : Error
Source : acvpninstall
Description : Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:49:37
Type : Error
Source : acvpninstall
Description : Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.
Date : 07/23/2013
Time : 08:49:37
Type : Error
Source : acvpninstall
Description : Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:49:40
Type : Information
Source : acvpnva
Description : Function: CInstaller::PerformAction
File: .\VACon.cpp
Line: 522
Successfully installed service acsock
Date : 07/23/2013
Time : 08:49:40
Type : Warning
Source : acvpninstall
Description : Function: XmlLocalACPolMgr::GenerateLocalPolicy
File: .\Xml\XmlLocalACPolMgr.cpp
Line: 415
Local Security Policy file already exists and therefore will not be generated
Date : 07/23/2013
Time : 08:49:40
Type : Information
Source : acvpnagent
Description : Cisco AnyConnect Secure Mobility Client Agent starting, version 3.1.04059
Date : 07/23/2013
Time : 08:49:40
Type : Error
Source : acvpnagent
Description : Function: CBencodeStream::LoadStream
File: ..\..\PhoneHome\Bencode.cpp
Line: 126
Unable to open file for reading
Date : 07/23/2013
Time : 08:49:40
Type : Error
Source : acvpnagent
Description : Function: CBencodeDictionary::CBencodeDictionary
File: ..\..\PhoneHome\Bencode.cpp
Line: 1422
Bencode dictionary internalize failed
Date : 07/23/2013
Time : 08:49:40
Type : Error
Source : acvpnagent
Description : Function: CPhoneHomeVpn::CPhoneHomeVpn
File: .\PhoneHomeVpn.cpp
Line: 187
Failed to create Bencode dictionary
Date : 07/23/2013
Time : 08:49:40
Type : Error
Source : acvpnagent
Description : Function: CPhoneHomeVpn::CreateSingletonInstance
File: .\PhoneHomeVpn.cpp
Line: 82
Invoked Function: CPhoneHomeVpn
Return Code: -23396343 (0xFE9B0009)
Description: PHONEHOMEVPN_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:49:40
Type : Warning
Source : acvpnagent
Description : Function: CMainThread::CMainThread
File: .\MainThread.cpp
Line: 1017
Invoked Function: CPhoneHomeVpn::CreateSingletonInstance
Return Code: -23396343 (0xFE9B0009)
Description: PHONEHOMEVPN_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:49:40
Type : Warning
Source : acvpnagent
Description : Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.leaf
Date : 07/23/2013
Time : 08:49:41
Type : Information
Source : acvpnagent
Description : Function: MsgCatalog::initMsgCatalog
File: .\i18n\MsgCatalog.cpp
Line: 246
Current locale: fr-LU
Date : 07/23/2013
Time : 08:49:41
Type : Information
Source : acvpnagent
Description : Function: ProfileMgr::loadProfiles
File: .\ProfileMgr.cpp
Line: 100
No profile is available.
Date : 07/23/2013
Time : 08:49:41
Type : Information
Source : acvpnagent
Description : Current Preference Settings:
ServiceDisable: false
CertificateStoreOverride: false
CertificateStore: All
ShowPreConnectMessage: false
AutoConnectOnStart: false
MinimizeOnConnect: true
LocalLanAccess: false
AutoReconnect: true
AutoReconnectBehavior: DisconnectOnSuspend
UseStartBeforeLogon: false
AutoUpdate: true
RSASecurIDIntegration: Automatic
WindowsLogonEnforcement: SingleLocalLogon
WindowsVPNEstablishment: LocalUsersOnly
ProxySettings: Native
AllowLocalProxyConnections: true
PPPExclusion: Disable
PPPExclusionServerIP:
AutomaticVPNPolicy: false
TrustedNetworkPolicy: Disconnect
UntrustedNetworkPolicy: Connect
TrustedDNSDomains:
TrustedDNSServers:
AlwaysOn: false
ConnectFailurePolicy: Closed
AllowCaptivePortalRemediation: false
CaptivePortalRemediationTimeout: 5
ApplyLastVPNLocalResourceRules: false
AllowVPNDisconnect: true
EnableScripting: false
TerminateScriptOnNextEvent: false
EnablePostSBLOnConnectScript: true
AutomaticCertSelection: true
RetainVpnOnLogoff: false
UserEnforcement: SameUserOnly
EnableAutomaticServerSelection: false
AutoServerSelectionImprovement: 20
AutoServerSelectionSuspendTime: 4
AuthenticationTimeout: 12
SafeWordSofTokenIntegration: false
AllowIPsecOverSSL: false
ClearSmartcardPin: true
IPProtocolSupport: IPv4,IPv6
AllowManualHostInput: true
BlockUntrustedServers: true
PublicProxyServerAddress:
Date : 07/23/2013
Time : 08:49:41
Type : Error
Source : acvpnagent
Description : Function: CSocketSupport::ipv6EnabledOnVA
File: .\IPC\SocketSupport_win.cpp
Line: 284
Invoked Function: CSocketSupport::ipv6EnabledOnVA
Return Code: 2 (0x00000002)
Description: cannot open VPNVA Enum registry key (VA driver not installed?)
Date : 07/23/2013
Time : 08:49:41
Type : Error
Source : acvpnagent
Description : Function: CSocketSupport::ipv6EnabledOnVA
File: .\IPC\SocketSupport_win.cpp
Line: 284
Invoked Function: CSocketSupport::ipv6EnabledOnVA
Return Code: 2 (0x00000002)
Description: cannot open VPNVA Enum registry key (VA driver not installed?)
Date : 07/23/2013
Time : 08:49:41
Type : Information
Source : acvpnagent
Description : Function: CCvcConfig::readConfigParamFromFile
File: .\vpnconfig.cpp
Line: 5824
The specified configuration file for MUS service does not exist
Date : 07/23/2013
Time : 08:49:41
Type : Information
Source : acvpnagent
Description : Function: CThread::createThread
File: .\Utility\Thread.cpp
Line: 238
The thread (0x00001F84) has been successfully created.
Date : 07/23/2013
Time : 08:49:41
Type : Information
Source : acvpnagent
Description : Cisco AnyConnect Secure Mobility Client Agent started, version 3.1.04059
Date : 07/23/2013
Time : 08:49:41
Type : Information
Source : acvpnagent
Description : Function: CInterfaceRouteMonitorCommon::logInterfaces
File: .\Routing\InterfaceRouteMonitorCommon.cpp
Line: 477
IP Address Interface List:
FE80:0:0:0:DDA0:24CA:FE35:4D19
148.110.133.126
FE80:0:0:0:19A3:961F:C11C:3724
192.168.164.1
FE80:0:0:0:80B3:F3CD:CA44:952E
169.254.149.46
Date : 07/23/2013
Time : 08:49:45
Type : Information
Source : acvpnagent
Description : Cisco AnyConnect Secure Mobility Client Agent starting, version 3.1.04059
Date : 07/23/2013
Time : 08:49:45
Type : Error
Source : acvpnagent
Description : Function: CBencodeStream::LoadStream
File: ..\..\PhoneHome\Bencode.cpp
Line: 126
Unable to open file for reading
Date : 07/23/2013
Time : 08:49:45
Type : Error
Source : acvpnagent
Description : Function: CBencodeDictionary::CBencodeDictionary
File: ..\..\PhoneHome\Bencode.cpp
Line: 1422
Bencode dictionary internalize failed
Date : 07/23/2013
Time : 08:49:45
Type : Error
Source : acvpnagent
Description : Function: CPhoneHomeVpn::CPhoneHomeVpn
File: .\PhoneHomeVpn.cpp
Line: 187
Failed to create Bencode dictionary
Date : 07/23/2013
Time : 08:49:45
Type : Error
Source : acvpnagent
Description : Function: CPhoneHomeVpn::CreateSingletonInstance
File: .\PhoneHomeVpn.cpp
Line: 82
Invoked Function: CPhoneHomeVpn
Return Code: -23396343 (0xFE9B0009)
Description: PHONEHOMEVPN_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:49:45
Type : Warning
Source : acvpnagent
Description : Function: CMainThread::CMainThread
File: .\MainThread.cpp
Line: 1017
Invoked Function: CPhoneHomeVpn::CreateSingletonInstance
Return Code: -23396343 (0xFE9B0009)
Description: PHONEHOMEVPN_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:49:45
Type : Warning
Source : acvpnagent
Description : Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.leaf
Date : 07/23/2013
Time : 08:49:45
Type : Information
Source : acvpnagent
Description : Function: MsgCatalog::initMsgCatalog
File: .\i18n\MsgCatalog.cpp
Line: 246
Current locale: fr-LU
Date : 07/23/2013
Time : 08:49:45
Type : Information
Source : acvpnagent
Description : Function: ProfileMgr::loadProfiles
File: .\ProfileMgr.cpp
Line: 100
No profile is available.
Date : 07/23/2013
Time : 08:49:45
Type : Information
Source : acvpnagent
Description : Current Preference Settings:
ServiceDisable: false
CertificateStoreOverride: false
CertificateStore: All
ShowPreConnectMessage: false
AutoConnectOnStart: false
MinimizeOnConnect: true
LocalLanAccess: false
AutoReconnect: true
AutoReconnectBehavior: DisconnectOnSuspend
UseStartBeforeLogon: false
AutoUpdate: true
RSASecurIDIntegration: Automatic
WindowsLogonEnforcement: SingleLocalLogon
WindowsVPNEstablishment: LocalUsersOnly
ProxySettings: Native
AllowLocalProxyConnections: true
PPPExclusion: Disable
PPPExclusionServerIP:
AutomaticVPNPolicy: false
TrustedNetworkPolicy: Disconnect
UntrustedNetworkPolicy: Connect
TrustedDNSDomains:
TrustedDNSServers:
AlwaysOn: false
ConnectFailurePolicy: Closed
AllowCaptivePortalRemediation: false
CaptivePortalRemediationTimeout: 5
ApplyLastVPNLocalResourceRules: false
AllowVPNDisconnect: true
EnableScripting: false
TerminateScriptOnNextEvent: false
EnablePostSBLOnConnectScript: true
AutomaticCertSelection: true
RetainVpnOnLogoff: false
UserEnforcement: SameUserOnly
EnableAutomaticServerSelection: false
AutoServerSelectionImprovement: 20
AutoServerSelectionSuspendTime: 4
AuthenticationTimeout: 12
SafeWordSofTokenIntegration: false
AllowIPsecOverSSL: false
ClearSmartcardPin: true
IPProtocolSupport: IPv4,IPv6
AllowManualHostInput: true
BlockUntrustedServers: true
PublicProxyServerAddress:
Date : 07/23/2013
Time : 08:49:45
Type : Error
Source : acvpnagent
Description : Function: CSocketSupport::ipv6EnabledOnVA
File: .\IPC\SocketSupport_win.cpp
Line: 284
Invoked Function: CSocketSupport::ipv6EnabledOnVA
Return Code: 2 (0x00000002)
Description: cannot open VPNVA Enum registry key (VA driver not installed?)
Date : 07/23/2013
Time : 08:49:45
Type : Error
Source : acvpnagent
Description : Function: CSocketSupport::ipv6EnabledOnVA
File: .\IPC\SocketSupport_win.cpp
Line: 284
Invoked Function: CSocketSupport::ipv6EnabledOnVA
Return Code: 2 (0x00000002)
Description: cannot open VPNVA Enum registry key (VA driver not installed?)
Date : 07/23/2013
Time : 08:49:45
Type : Information
Source : acvpnagent
Description : Function: CCvcConfig::readConfigParamFromFile
File: .\vpnconfig.cpp
Line: 5824
The specified configuration file for MUS service does not exist
Date : 07/23/2013
Time : 08:49:45
Type : Information
Source : acvpnagent
Description : Function: CThread::createThread
File: .\Utility\Thread.cpp
Line: 238
The thread (0x00001F20) has been successfully created.
Date : 07/23/2013
Time : 08:49:45
Type : Information
Source : acvpnagent
Description : Cisco AnyConnect Secure Mobility Client Agent started, version 3.1.04059
Date : 07/23/2013
Time : 08:49:45
Type : Information
Source : acvpnagent
Description : Function: CInterfaceRouteMonitorCommon::logInterfaces
File: .\Routing\InterfaceRouteMonitorCommon.cpp
Line: 477
IP Address Interface List:
FE80:0:0:0:DDA0:24CA:FE35:4D19
148.110.133.126
FE80:0:0:0:19A3:961F:C11C:3724
192.168.164.1
FE80:0:0:0:80B3:F3CD:CA44:952E
169.254.149.46
Date : 07/23/2013
Time : 08:49:48
Type : Information
Source : acvpninstall
Description : Function: SetInheritACLsFromParent
File: .\ACLManager.cpp
Line: 31
Attributes for C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\ are 0x2010
Date : 07/23/2013
Time : 08:49:48
Type : Information
Source : acvpninstall
Description : Function: SetInheritACLsFromParent
File: .\ACLManager.cpp
Line: 56
Obtaining ACLs for directory C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\
Date : 07/23/2013
Time : 08:49:48
Type : Information
Source : acvpninstall
Description : Function: SetInheritACLsFromParent
File: .\ACLManager.cpp
Line: 31
Attributes for C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\CustomerExperienceFeedback are 0x2010
Date : 07/23/2013
Time : 08:49:48
Type : Information
Source : acvpninstall
Description : Function: SetInheritACLsFromParent
File: .\ACLManager.cpp
Line: 56
Obtaining ACLs for directory C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\CustomerExperienceFeedback\
Date : 07/23/2013
Time : 08:49:48
Type : Information
Source : acvpninstall
Description : Function: SetInheritACLsFromParent
File: .\ACLManager.cpp
Line: 31
Attributes for C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Help are 0x2010
Date : 07/23/2013
Time : 08:49:48
Type : Information
Source : acvpninstall
Description : Function: SetInheritACLsFromParent
File: .\ACLManager.cpp
Line: 56
Obtaining ACLs for directory C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Help\
Date : 07/23/2013
Time : 08:49:48
Type : Information
Source : acvpninstall
Description : Function: SetInheritACLsFromParent
File: .\ACLManager.cpp
Line: 31
Attributes for C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\l10n are 0x2010
Date : 07/23/2013
Time : 08:49:48
Type : Information
Source : acvpninstall
Description : Function: SetInheritACLsFromParent
File: .\ACLManager.cpp
Line: 56
Obtaining ACLs for directory C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\l10n\
Date : 07/23/2013
Time : 08:49:48
Type : Information
Source : acvpninstall
Description : Function: SetInheritACLsFromParent
File: .\ACLManager.cpp
Line: 31
Attributes for C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile are 0x2010
Date : 07/23/2013
Time : 08:49:48
Type : Information
Source : acvpninstall
Description : Function: SetInheritACLsFromParent
File: .\ACLManager.cpp
Line: 56
Obtaining ACLs for directory C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\
Date : 07/23/2013
Time : 08:49:48
Type : Information
Source : acvpninstall
Description : Function: SetInheritACLsFromParent
File: .\ACLManager.cpp
Line: 31
Attributes for C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Script are 0x2010
Date : 07/23/2013
Time : 08:49:48
Type : Information
Source : acvpninstall
Description : Function: SetInheritACLsFromParent
File: .\ACLManager.cpp
Line: 56
Obtaining ACLs for directory C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Script\
Date : 07/23/2013
Time : 08:49:49
Type : Information
Source : acvpnagent
Description : Cisco AnyConnect Secure Mobility Client Agent starting, version 3.1.04059
Date : 07/23/2013
Time : 08:49:50
Type : Error
Source : acvpnagent
Description : Function: CBencodeStream::LoadStream
File: ..\..\PhoneHome\Bencode.cpp
Line: 126
Unable to open file for reading
Date : 07/23/2013
Time : 08:49:50
Type : Error
Source : acvpnagent
Description : Function: CBencodeDictionary::CBencodeDictionary
File: ..\..\PhoneHome\Bencode.cpp
Line: 1422
Bencode dictionary internalize failed
Date : 07/23/2013
Time : 08:49:50
Type : Error
Source : acvpnagent
Description : Function: CPhoneHomeVpn::CPhoneHomeVpn
File: .\PhoneHomeVpn.cpp
Line: 187
Failed to create Bencode dictionary
Date : 07/23/2013
Time : 08:49:50
Type : Error
Source : acvpnagent
Description : Function: CPhoneHomeVpn::CreateSingletonInstance
File: .\PhoneHomeVpn.cpp
Line: 82
Invoked Function: CPhoneHomeVpn
Return Code: -23396343 (0xFE9B0009)
Description: PHONEHOMEVPN_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:49:50
Type : Warning
Source : acvpnagent
Description : Function: CMainThread::CMainThread
File: .\MainThread.cpp
Line: 1017
Invoked Function: CPhoneHomeVpn::CreateSingletonInstance
Return Code: -23396343 (0xFE9B0009)
Description: PHONEHOMEVPN_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:49:50
Type : Warning
Source : acvpnagent
Description : Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.leaf
Date : 07/23/2013
Time : 08:49:50
Type : Information
Source : acvpnagent
Description : Function: MsgCatalog::initMsgCatalog
File: .\i18n\MsgCatalog.cpp
Line: 246
Current locale: fr-LU
Date : 07/23/2013
Time : 08:49:50
Type : Information
Source : acvpnagent
Description : Function: ProfileMgr::loadProfiles
File: .\ProfileMgr.cpp
Line: 100
No profile is available.
Date : 07/23/2013
Time : 08:49:50
Type : Information
Source : acvpnagent
Description : Current Preference Settings:
ServiceDisable: false
CertificateStoreOverride: false
CertificateStore: All
ShowPreConnectMessage: false
AutoConnectOnStart: false
MinimizeOnConnect: true
LocalLanAccess: false
AutoReconnect: true
AutoReconnectBehavior: DisconnectOnSuspend
UseStartBeforeLogon: false
AutoUpdate: true
RSASecurIDIntegration: Automatic
WindowsLogonEnforcement: SingleLocalLogon
WindowsVPNEstablishment: LocalUsersOnly
ProxySettings: Native
AllowLocalProxyConnections: true
PPPExclusion: Disable
PPPExclusionServerIP:
AutomaticVPNPolicy: false
TrustedNetworkPolicy: Disconnect
UntrustedNetworkPolicy: Connect
TrustedDNSDomains:
TrustedDNSServers:
AlwaysOn: false
ConnectFailurePolicy: Closed
AllowCaptivePortalRemediation: false
CaptivePortalRemediationTimeout: 5
ApplyLastVPNLocalResourceRules: false
AllowVPNDisconnect: true
EnableScripting: false
TerminateScriptOnNextEvent: false
EnablePostSBLOnConnectScript: true
AutomaticCertSelection: true
RetainVpnOnLogoff: false
UserEnforcement: SameUserOnly
EnableAutomaticServerSelection: false
AutoServerSelectionImprovement: 20
AutoServerSelectionSuspendTime: 4
AuthenticationTimeout: 12
SafeWordSofTokenIntegration: false
AllowIPsecOverSSL: false
ClearSmartcardPin: true
IPProtocolSupport: IPv4,IPv6
AllowManualHostInput: true
BlockUntrustedServers: true
PublicProxyServerAddress:
Date : 07/23/2013
Time : 08:49:50
Type : Information
Source : acvpnagent
Description : Function: CCvcConfig::readConfigParamFromFile
File: .\vpnconfig.cpp
Line: 5824
The specified configuration file for MUS service does not exist
Date : 07/23/2013
Time : 08:49:50
Type : Information
Source : acvpnagent
Description : Function: CThread::createThread
File: .\Utility\Thread.cpp
Line: 238
The thread (0x000016C0) has been successfully created.
Date : 07/23/2013
Time : 08:49:50
Type : Information
Source : acvpnagent
Description : Cisco AnyConnect Secure Mobility Client Agent started, version 3.1.04059
Date : 07/23/2013
Time : 08:49:50
Type : Information
Source : acvpnagent
Description : Function: CInterfaceRouteMonitorCommon::logInterfaces
File: .\Routing\InterfaceRouteMonitorCommon.cpp
Line: 477
IP Address Interface List:
FE80:0:0:0:DDA0:24CA:FE35:4D19
148.110.133.126
FE80:0:0:0:19A3:961F:C11C:3724
192.168.164.1
FE80:0:0:0:80B3:F3CD:CA44:952E
169.254.149.46
Date : 07/23/2013
Time : 08:50:10
Type : Information
Source : acvpnagent
Description : Cisco AnyConnect Secure Mobility Client Agent starting, version 3.1.04059
Date : 07/23/2013
Time : 08:50:11
Type : Error
Source : acvpnagent
Description : Function: CBencodeStream::LoadStream
File: ..\..\PhoneHome\Bencode.cpp
Line: 126
Unable to open file for reading
Date : 07/23/2013
Time : 08:50:11
Type : Error
Source : acvpnagent
Description : Function: CBencodeDictionary::CBencodeDictionary
File: ..\..\PhoneHome\Bencode.cpp
Line: 1422
Bencode dictionary internalize failed
Date : 07/23/2013
Time : 08:50:11
Type : Error
Source : acvpnagent
Description : Function: CPhoneHomeVpn::CPhoneHomeVpn
File: .\PhoneHomeVpn.cpp
Line: 187
Failed to create Bencode dictionary
Date : 07/23/2013
Time : 08:50:11
Type : Error
Source : acvpnagent
Description : Function: CPhoneHomeVpn::CreateSingletonInstance
File: .\PhoneHomeVpn.cpp
Line: 82
Invoked Function: CPhoneHomeVpn
Return Code: -23396343 (0xFE9B0009)
Description: PHONEHOMEVPN_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:50:11
Type : Warning
Source : acvpnagent
Description : Function: CMainThread::CMainThread
File: .\MainThread.cpp
Line: 1017
Invoked Function: CPhoneHomeVpn::CreateSingletonInstance
Return Code: -23396343 (0xFE9B0009)
Description: PHONEHOMEVPN_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:50:11
Type : Warning
Source : acvpnagent
Description : Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.leaf
Date : 07/23/2013
Time : 08:50:11
Type : Information
Source : acvpnagent
Description : Function: MsgCatalog::initMsgCatalog
File: .\i18n\MsgCatalog.cpp
Line: 246
Current locale: fr-LU
Date : 07/23/2013
Time : 08:50:11
Type : Information
Source : acvpnagent
Description : Function: ProfileMgr::loadProfiles
File: .\ProfileMgr.cpp
Line: 100
No profile is available.
Date : 07/23/2013
Time : 08:50:11
Type : Information
Source : acvpnagent
Description : Current Preference Settings:
ServiceDisable: false
CertificateStoreOverride: false
CertificateStore: All
ShowPreConnectMessage: false
AutoConnectOnStart: false
MinimizeOnConnect: true
LocalLanAccess: false
AutoReconnect: true
AutoReconnectBehavior: DisconnectOnSuspend
UseStartBeforeLogon: false
AutoUpdate: true
RSASecurIDIntegration: Automatic
WindowsLogonEnforcement: SingleLocalLogon
WindowsVPNEstablishment: LocalUsersOnly
ProxySettings: Native
AllowLocalProxyConnections: true
PPPExclusion: Disable
PPPExclusionServerIP:
AutomaticVPNPolicy: false
TrustedNetworkPolicy: Disconnect
UntrustedNetworkPolicy: Connect
TrustedDNSDomains:
TrustedDNSServers:
AlwaysOn: false
ConnectFailurePolicy: Closed
AllowCaptivePortalRemediation: false
CaptivePortalRemediationTimeout: 5
ApplyLastVPNLocalResourceRules: false
AllowVPNDisconnect: true
EnableScripting: false
TerminateScriptOnNextEvent: false
EnablePostSBLOnConnectScript: true
AutomaticCertSelection: true
RetainVpnOnLogoff: false
UserEnforcement: SameUserOnly
EnableAutomaticServerSelection: false
AutoServerSelectionImprovement: 20
AutoServerSelectionSuspendTime: 4
AuthenticationTimeout: 12
SafeWordSofTokenIntegration: false
AllowIPsecOverSSL: false
ClearSmartcardPin: true
IPProtocolSupport: IPv4,IPv6
AllowManualHostInput: true
BlockUntrustedServers: true
PublicProxyServerAddress:
Date : 07/23/2013
Time : 08:50:11
Type : Information
Source : acvpnagent
Description : Function: CCvcConfig::readConfigParamFromFile
File: .\vpnconfig.cpp
Line: 5824
The specified configuration file for MUS service does not exist
Date : 07/23/2013
Time : 08:50:11
Type : Information
Source : acvpnagent
Description : Function: CThread::createThread
File: .\Utility\Thread.cpp
Line: 238
The thread (0x00001F34) has been successfully created.
Date : 07/23/2013
Time : 08:50:11
Type : Information
Source : acvpnagent
Description : Cisco AnyConnect Secure Mobility Client Agent started, version 3.1.04059
Date : 07/23/2013
Time : 08:50:11
Type : Information
Source : acvpnagent
Description : Function: CInterfaceRouteMonitorCommon::logInterfaces
File: .\Routing\InterfaceRouteMonitorCommon.cpp
Line: 477
IP Address Interface List:
FE80:0:0:0:DDA0:24CA:FE35:4D19
148.110.133.126
FE80:0:0:0:19A3:961F:C11C:3724
192.168.164.1
FE80:0:0:0:80B3:F3CD:CA44:952E
169.254.149.46
Date : 07/23/2013
Time : 08:50:19
Type : Information
Source : acvpnui
Description : Cisco AnyConnect Secure Mobility Client GUI started, version 3.1.04059
Date : 07/23/2013
Time : 08:50:20
Type : Information
Source : acvpnui
Description : Initializing vpnapi version 3.1.04059 ().
Date : 07/23/2013
Time : 08:50:21
Type : Information
Source : acvpnui
Description : Function: MsgCatalog::initMsgCatalog
File: .\i18n\MsgCatalog.cpp
Line: 246
Current locale: fr-LU
Date : 07/23/2013
Time : 08:50:21
Type : Information
Source : acvpnui
Description : Function: ProfileMgr::loadProfiles
File: .\ProfileMgr.cpp
Line: 100
No profile is available.
Date : 07/23/2013
Time : 08:50:21
Type : Warning
Source : acvpnui
Description : Function: ClientIfcBase::getCurrentState
File: .\ClientIfcBase.cpp
Line: 2058
API service not ready
Date : 07/23/2013
Time : 08:50:21
Type : Information
Source : acvpnui
Description : Current Preference Settings:
ServiceDisable: false
CertificateStoreOverride: false
CertificateStore: All
ShowPreConnectMessage: false
AutoConnectOnStart: false
MinimizeOnConnect: true
LocalLanAccess: false
AutoReconnect: true
AutoReconnectBehavior: DisconnectOnSuspend
UseStartBeforeLogon: false
AutoUpdate: true
RSASecurIDIntegration: Automatic
WindowsLogonEnforcement: SingleLocalLogon
WindowsVPNEstablishment: LocalUsersOnly
ProxySettings: Native
AllowLocalProxyConnections: true
PPPExclusion: Disable
PPPExclusionServerIP:
AutomaticVPNPolicy: false
TrustedNetworkPolicy: Disconnect
UntrustedNetworkPolicy: Connect
TrustedDNSDomains:
TrustedDNSServers:
AlwaysOn: false
ConnectFailurePolicy: Closed
AllowCaptivePortalRemediation: false
CaptivePortalRemediationTimeout: 5
ApplyLastVPNLocalResourceRules: false
AllowVPNDisconnect: true
EnableScripting: false
TerminateScriptOnNextEvent: false
EnablePostSBLOnConnectScript: true
AutomaticCertSelection: true
RetainVpnOnLogoff: false
UserEnforcement: SameUserOnly
EnableAutomaticServerSelection: false
AutoServerSelectionImprovement: 20
AutoServerSelectionSuspendTime: 4
AuthenticationTimeout: 12
SafeWordSofTokenIntegration: false
AllowIPsecOverSSL: false
ClearSmartcardPin: true
IPProtocolSupport: IPv4,IPv6
AllowManualHostInput: true
BlockUntrustedServers: true
PublicProxyServerAddress:
Date : 07/23/2013
Time : 08:50:21
Type : Warning
Source : acvpnui
Description : Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.nam.api
Date : 07/23/2013
Time : 08:50:21
Type : Information
Source : acvpnui
Description : Function: L2Api::attach
File: .\L2Api.cpp
Line: 87
The NAM/L2 Api could not be found or failed to load, skipping.
Date : 07/23/2013
Time : 08:50:21
Type : Warning
Source : acvpnui
Description : Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.websecurity.api
Date : 07/23/2013
Time : 08:50:21
Type : Information
Source : acvpnui
Description : Function: SSApi::attach
File: ..\common\SSApi.cpp
Line: 51
The Web Security API could not be found or failed to load, skipping.
Date : 07/23/2013
Time : 08:50:21
Type : Error
Source : acvpnui
Description : Function: MFDartBox::getDARTInstallDir
File: .\MFDartBox.cpp
Line: 332
Invoked Function: MsiEnumProductsExW
Return Code: 259 (0x00000103)
Description: No more data is available.
Date : 07/23/2013
Time : 08:50:21
Type : Warning
Source : acvpnui
Description : Function: ClientIfcBase::getStats
File: .\ClientIfcBase.cpp
Line: 1723
Called when API service not ready.
Date : 07/23/2013
Time : 08:50:22
Type : Error
Source : acvpnui
Description : Function: CSocketTransport::connectTransport
File: .\IPC\SocketTransport.cpp
Line: 981
Invoked Function: ::WSAConnect
Return Code: 10061 (0x0000274D)
Description: No connection could be made because the target machine actively refused it.
Date : 07/23/2013
Time : 08:50:22
Type : Error
Source : acvpnui
Description : Function: CIpcTransport::connectIpc
File: .\IPC\IPCTransport.cpp
Line: 252
Invoked Function: CSocketTransport::connectTransport
Return Code: -31588340 (0xFE1E000C)
Description: SOCKETTRANSPORT_ERROR_CONNECT
Date : 07/23/2013
Time : 08:50:22
Type : Error
Source : acvpnui
Description : Function: CIpcTransport::terminateIpcConnection
File: .\IPC\IPCTransport.cpp
Line: 404
Invoked Function: CSocketTransport::writeSocketBlocking
Return Code: -31588319 (0xFE1E0021)
Description: SOCKETTRANSPORT_ERROR_NO_SOCKET_HANDLE:The socket transport does not possess a valid socket handle.
Date : 07/23/2013
Time : 08:50:22
Type : Error
Source : acvpnui
Description : Function: ApiIpc::initIpc
File: .\ApiIpc.cpp
Line: 423
Invoked Function: CIpcTransport::connectIpc
Return Code: -31588340 (0xFE1E000C)
Description: SOCKETTRANSPORT_ERROR_CONNECT
Date : 07/23/2013
Time : 08:50:22
Type : Error
Source : acvpnui
Description : Function: ApiIpc::initiateAgentConnection
File: .\ApiIpc.cpp
Line: 336
Invoked Function: ApiIpc::initIpc
Return Code: -31588340 (0xFE1E000C)
Description: SOCKETTRANSPORT_ERROR_CONNECT
Date : 07/23/2013
Time : 08:50:22
Type : Error
Source : acvpnui
Description : Function: ApiIpc::run
File: .\ApiIpc.cpp
Line: 570
Invoked Function: ApiIpc::initiateAgentConnection
Return Code: -31588340 (0xFE1E000C)
Description: SOCKETTRANSPORT_ERROR_CONNECT
Date : 07/23/2013
Time : 08:50:22
Type : Error
Source : acvpnui
Description : Function: ClientIfcBase::attach
File: .\ClientIfcBase.cpp
Line: 606
Client failed to attach.
Date : 07/23/2013
Time : 08:50:25
Type : Error
Source : acvpnui
Description : Function: CMainFrame::OnCreate
File: .\mainfrm.cpp
Line: 342
Invoked Function: The VPN service is not responding or available.
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:50:25
Type : Information
Source : acvpnui
Description : Function: ClientIfcBase::detach
File: .\ClientIfcBase.cpp
Line: 438
Shutting down vpnapi
Date : 07/23/2013
Time : 08:50:25
Type : Error
Source : acvpnui
Description : Function: ConnectMgr::activateConnectEvent
File: .\ConnectMgr.cpp
Line: 1352
NULL object. Cannot establish a connection at this time.
Date : 07/23/2013
Time : 08:50:25
Type : Information
Source : acvpnui
Description : Cisco AnyConnect Secure Mobility Client GUI exiting, version 3.1.04059 , return code 0 [0x00000000]
Date : 07/23/2013
Time : 08:51:12
Type : Information
Source : acvpnagent
Description : Cisco AnyConnect Secure Mobility Client Agent starting, version 3.1.04059
Date : 07/23/2013
Time : 08:51:12
Type : Error
Source : acvpnagent
Description : Function: CBencodeStream::LoadStream
File: ..\..\PhoneHome\Bencode.cpp
Line: 126
Unable to open file for reading
Date : 07/23/2013
Time : 08:51:12
Type : Error
Source : acvpnagent
Description : Function: CBencodeDictionary::CBencodeDictionary
File: ..\..\PhoneHome\Bencode.cpp
Line: 1422
Bencode dictionary internalize failed
Date : 07/23/2013
Time : 08:51:12
Type : Error
Source : acvpnagent
Description : Function: CPhoneHomeVpn::CPhoneHomeVpn
File: .\PhoneHomeVpn.cpp
Line: 187
Failed to create Bencode dictionary
Date : 07/23/2013
Time : 08:51:12
Type : Error
Source : acvpnagent
Description : Function: CPhoneHomeVpn::CreateSingletonInstance
File: .\PhoneHomeVpn.cpp
Line: 82
Invoked Function: CPhoneHomeVpn
Return Code: -23396343 (0xFE9B0009)
Description: PHONEHOMEVPN_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:51:12
Type : Warning
Source : acvpnagent
Description : Function: CMainThread::CMainThread
File: .\MainThread.cpp
Line: 1017
Invoked Function: CPhoneHomeVpn::CreateSingletonInstance
Return Code: -23396343 (0xFE9B0009)
Description: PHONEHOMEVPN_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:51:12
Type : Warning
Source : acvpnagent
Description : Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.leaf
Date : 07/23/2013
Time : 08:51:12
Type : Information
Source : acvpnagent
Description : Function: MsgCatalog::initMsgCatalog
File: .\i18n\MsgCatalog.cpp
Line: 246
Current locale: fr-LU
Date : 07/23/2013
Time : 08:51:12
Type : Information
Source : acvpnagent
Description : Function: ProfileMgr::loadProfiles
File: .\ProfileMgr.cpp
Line: 100
No profile is available.
Date : 07/23/2013
Time : 08:51:12
Type : Information
Source : acvpnagent
Description : Current Preference Settings:
ServiceDisable: false
CertificateStoreOverride: false
CertificateStore: All
ShowPreConnectMessage: false
AutoConnectOnStart: false
MinimizeOnConnect: true
LocalLanAccess: false
AutoReconnect: true
AutoReconnectBehavior: DisconnectOnSuspend
UseStartBeforeLogon: false
AutoUpdate: true
RSASecurIDIntegration: Automatic
WindowsLogonEnforcement: SingleLocalLogon
WindowsVPNEstablishment: LocalUsersOnly
ProxySettings: Native
AllowLocalProxyConnections: true
PPPExclusion: Disable
PPPExclusionServerIP:
AutomaticVPNPolicy: false
TrustedNetworkPolicy: Disconnect
UntrustedNetworkPolicy: Connect
TrustedDNSDomains:
TrustedDNSServers:
AlwaysOn: false
ConnectFailurePolicy: Closed
AllowCaptivePortalRemediation: false
CaptivePortalRemediationTimeout: 5
ApplyLastVPNLocalResourceRules: false
AllowVPNDisconnect: true
EnableScripting: false
TerminateScriptOnNextEvent: false
EnablePostSBLOnConnectScript: true
AutomaticCertSelection: true
RetainVpnOnLogoff: false
UserEnforcement: SameUserOnly
EnableAutomaticServerSelection: false
AutoServerSelectionImprovement: 20
AutoServerSelectionSuspendTime: 4
AuthenticationTimeout: 12
SafeWordSofTokenIntegration: false
AllowIPsecOverSSL: false
ClearSmartcardPin: true
IPProtocolSupport: IPv4,IPv6
AllowManualHostInput: true
BlockUntrustedServers: true
PublicProxyServerAddress:
Date : 07/23/2013
Time : 08:51:12
Type : Information
Source : acvpnagent
Description : Function: CCvcConfig::readConfigParamFromFile
File: .\vpnconfig.cpp
Line: 5824
The specified configuration file for MUS service does not exist
Date : 07/23/2013
Time : 08:51:12
Type : Information
Source : acvpnagent
Description : Function: CThread::createThread
File: .\Utility\Thread.cpp
Line: 238
The thread (0x0000162C) has been successfully created.
Date : 07/23/2013
Time : 08:51:12
Type : Information
Source : acvpnagent
Description : Cisco AnyConnect Secure Mobility Client Agent started, version 3.1.04059
Date : 07/23/2013
Time : 08:51:12
Type : Information
Source : acvpnagent
Description : Function: CInterfaceRouteMonitorCommon::logInterfaces
File: .\Routing\InterfaceRouteMonitorCommon.cpp
Line: 477
IP Address Interface List:
FE80:0:0:0:DDA0:24CA:FE35:4D19
148.110.133.126
FE80:0:0:0:19A3:961F:C11C:3724
192.168.164.1
FE80:0:0:0:80B3:F3CD:CA44:952E
169.254.149.46
Date : 07/23/2013
Time : 08:52:13
Type : Information
Source : acvpnagent
Description : Cisco AnyConnect Secure Mobility Client Agent starting, version 3.1.04059
Date : 07/23/2013
Time : 08:52:13
Type : Error
Source : acvpnagent
Description : Function: CBencodeStream::LoadStream
File: ..\..\PhoneHome\Bencode.cpp
Line: 126
Unable to open file for reading
Date : 07/23/2013
Time : 08:52:13
Type : Error
Source : acvpnagent
Description : Function: CBencodeDictionary::CBencodeDictionary
File: ..\..\PhoneHome\Bencode.cpp
Line: 1422
Bencode dictionary internalize failed
Date : 07/23/2013
Time : 08:52:13
Type : Error
Source : acvpnagent
Description : Function: CPhoneHomeVpn::CPhoneHomeVpn
File: .\PhoneHomeVpn.cpp
Line: 187
Failed to create Bencode dictionary
Date : 07/23/2013
Time : 08:52:13
Type : Error
Source : acvpnagent
Description : Function: CPhoneHomeVpn::CreateSingletonInstance
File: .\PhoneHomeVpn.cpp
Line: 82
Invoked Function: CPhoneHomeVpn
Return Code: -23396343 (0xFE9B0009)
Description: PHONEHOMEVPN_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:52:13
Type : Warning
Source : acvpnagent
Description : Function: CMainThread::CMainThread
File: .\MainThread.cpp
Line: 1017
Invoked Function: CPhoneHomeVpn::CreateSingletonInstance
Return Code: -23396343 (0xFE9B0009)
Description: PHONEHOMEVPN_ERROR_UNEXPECTED
Date : 07/23/2013
Time : 08:52:13
Type : Warning
Source : acvpnagent
Description : Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR40.391570230547\ElGreco_MR4\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.leaf
Date : 07/23/2013
Time : 08:52:13
Type : Information
Source : acvpnagent
Description : Function: MsgCatalog::initMsgCatalog
File: .\i18n\MsgCatalog.cpp
Line: 246
Current locale: fr-LU
Date : 07/23/2013
Time : 08:52:13
Type : Information
Source : acvpnagent
Description : Function: ProfileMgr::loadProfiles
File: .\ProfileMgr.cpp
Line: 100
No profile is available.
Date : 07/23/2013
Time : 08:52:13
Type : Information
Source : acvpnagent
Description : Current Preference Settings:
ServiceDisable: false
CertificateStoreOverride: false
CertificateStore: All
ShowPreConnectMessage: false
AutoConnectOnStart: false
MinimizeOnConnect: true
LocalLanAccess: false
AutoReconnect: true
AutoReconnectBehavior: DisconnectOnSuspend
UseStartBeforeLogon: false
AutoUpdate: true
RSASecurIDIntegration: Automatic
WindowsLogonEnforcement: SingleLocalLogon
WindowsVPNEstablishment: LocalUsersOnly
ProxySettings: Native
AllowLocalProxyConnections: true
PPPExclusion: Disable
PPPExclusionServerIP:
AutomaticVPNPolicy: false
TrustedNetworkPolicy: Disconnect
UntrustedNetworkPThere seem to be much more problems with 3.1.04049
Especially with certificate authentication.
I opened some TAC cases.
Try 3.1.04063 that came out at 07-24-13.
TAC said that there are some fixes in it... -
Cisco AnyConnect Configuration
Can someone assist me with configuring Cisco AnyConnect VPN? For some reason with the config below, I seem to get connected but then my internet connection randomly drops and reconnects. Ive tried several different times to get this to work properly but Im obivously missing something here. Any help is appreciated.
ASA Version 8.2(2)
hostname FW01
enable password .MlTybcgwEXNF1HM encrypted
passwd .MlTybcgwEXNF1HM encrypted
names
dns-guard
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan2
description ### Link to Internet ###
nameif outside
security-level 0
ip address dhcp setroute
interface Vlan3
description ### Link to GUEST WIFI ###
nameif guest
security-level 50
ip address 172.16.10.1 255.255.255.0
interface Vlan4
description ### Link to INSIDE LAN ###
nameif inside
security-level 100
ip address 172.16.1.1 255.255.255.0
interface Vlan5
description ### Link to INSIDE WIFI ###
nameif insidewifi
security-level 50
ip address 172.16.2.1 255.255.255.0
interface Ethernet0/0
description ### Link to Internet ###
switchport access vlan 2
interface Ethernet0/1
description ### Link to GUEST WIFI ###
switchport access vlan 3
interface Ethernet0/2
description ### Link to INSIDE LAN ###
switchport access vlan 4
interface Ethernet0/3
description ### Link to INSIDE WIFI ###
switchport access vlan 5
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
banner exec
banner exec ******* ENGLISH *** ATTENTION *** ENGLISH *** ATTENTION *** ENGLISH **********
banner exec *
banner exec * This system is for the use of authorized users only.
banner exec * Individuals using this system are subject to having all of their
banner exec * activities on this system monitored and recorded by system
banner exec * personnel.
banner exec *
banner exec * Anyone using this system expressly consents to such monitoring
banner exec * and is advised that if such monitoring reveals possible
banner exec * evidence of criminal activity, system personnel may provide the
banner exec * evidence of such monitoring to law enforcement officials.
banner exec *
banner exec ******* ENGLISH *** ATTENTION *** ENGLISH *** ATTENTION *** ENGLISH **********
banner exec
banner exec
banner exec Name:.......FW01
banner exec Address:....172.16.1.1
banner exec Location:...CST -5
ftp mode passive
clock timezone CST -5
same-security-traffic permit inter-interface
access-list inside extended permit ip any any
access-list outside extended permit ip any any
access-list guest extended permit udp any host 172.16.1.102 eq domain
access-list guest extended permit udp any host 172.16.1.103 eq domain
access-list guest extended permit udp any any range bootps tftp
access-list guest extended deny ip any 172.16.1.0 255.255.255.0 log
access-list guest extended deny ip any 172.16.2.0 255.255.255.0 log
access-list guest extended permit ip any any
access-list insidewifi extended permit ip any any
access-list Outside_In extended permit tcp any any eq 3389
pager lines 50
logging enable
logging list TEST level alerts
logging buffered debugging
logging asdm informational
logging mail TEST
logging from-address [email protected]
logging recipient-address ************* level errors
mtu outside 1500
mtu guest 1500
mtu inside 1500
mtu insidewifi 1500
ip local pool SSLClientPool 172.16.9.1-172.16.9.2 mask 255.255.255.0
ip audit name FW01-INFO info action alarm
ip audit name FW01-ATTACK attack action alarm reset
ip audit interface outside FW01-INFO
ip audit interface outside FW01-ATTACK
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2004 disable
ip audit signature 2005 disable
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply outside
icmp permit any guest
icmp permit any inside
icmp permit any insidewifi
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (guest) 1 172.16.10.0 255.255.255.0
nat (inside) 1 172.16.1.0 255.255.255.0
nat (insidewifi) 1 172.16.2.0 255.255.255.0
static (inside,outside) tcp interface 3389 172.16.1.200 3389 netmask 255.255.255.255
static (inside,guest) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
static (inside,insidewifi) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
access-group Outside_In in interface outside
access-group guest in interface guest
access-group inside in interface inside
access-group insidewifi in interface insidewifi
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 172.16.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
fragment chain 1 outside
sysopt noproxyarp outside
service resetoutside
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn sslvpn.moore.net
subject-name CN=sslvpn.moore.net
keypair sslvpnkeypair
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 956e1350
308201ef 30820158 a0030201 02020495 6e135030 0d06092a 864886f7 0d010105
0500303c 31193017 06035504 03131073 736c7670 6e2e6d6f 6f72652e 6e657431
1f301d06 092a8648 86f70d01 09021610 73736c76 706e2e6d 6f6f7265 2e6e6574
301e170d 31323037 32383034 34363133 5a170d32 32303732 36303434 3631335a
303c3119 30170603 55040313 1073736c 76706e2e 6d6f6f72 652e6e65 74311f30
1d06092a 864886f7 0d010902 16107373 6c76706e 2e6d6f6f 72652e6e 65743081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100c8 167e2c3d
04c16a6c b6639fda c60f085a 8ea6a2ea 6e0bcafb acb3ec8e 3c659274 37636c34
0df9e770 17fb97f6 c2b8641e ff3675f3 3d906e01 a7056bb0 9c0bf54c 3475729e
74caf157 068464d3 e235c46f a8525867 c3911d9c 760253d0 c7bbb7c8 84f91f92
858866c6 e0c1033d 6cfba6f0 b732158f 3d2d7ef5 9bbb0821 4d093f02 03010001
300d0609 2a864886 f70d0101 05050003 81810062 65e2455a cb4e87ea 7879099d
06ed1c5e 7eab180a 4d7564be c36810eb fe6a5bb9 94348ded 1336d811 d0949342
2718400c 8cc32395 23e7d722 3e2758a9 a2116a38 07500bd5 5b96f3c2 1d7c5769
dc5b876b 858cb447 355aa323 abbaf45d bed3814d a04f503a 21cddb47 aaecd5aa
1c82f701 22969424 f6845937 a21568a1 ecaa0e
quit
telnet timeout 5
ssh 172.16.1.0 255.255.255.0 inside
ssh timeout 60
console timeout 0
management-access inside
dhcpd dns 172.16.1.102
dhcpd ping_timeout 750
dhcprelay server 172.16.1.102 inside
dhcprelay enable guest
dhcprelay enable insidewifi
dhcprelay setroute guest
dhcprelay setroute insidewifi
dhcprelay timeout 60
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address 172.16.0.0 255.255.0.0
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 211.233.40.78
ntp server 61.153.197.226
ntp server 202.150.213.154 prefer
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
svc image disk0:/anyconnect-dart-win-2.5.6005-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy SSLClientPolicy internal
group-policy SSLClientPolicy attributes
dns-server value 172.16.1.102 172.16.1.103
vpn-tunnel-protocol svc
default-domain value moore.net
address-pools value SSLClientPool
username gmoore_a password PNUmTwjDhevRqhkT encrypted privilege 15
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
default-group-policy SSLClientPolicy
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
smtp-server 68.1.17.8
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:847a9a2b25e6a8ea2d4b68d17cdd41d2
: end
no asdm history enableJavier,
Thanks for the explaination. I have one more question, maybe I should open a seperate discussion. If so please let me know...
After I got the Anyconnect VPN configuraiton working I tried to configure LDAP configuration. Now when I try to connect I get and error stating
"Login denied. Your environment does not meet the access criteria defined by your administrator."
Then at the bottom of the AnyConnect client I see
"Access Denied: Your system does not meet policy requirement (DAP)
Looking at the DAP configuration I cant see what the policy is not accepting. The partial config is below
ASA Version 8.2(2)
same-security-traffic permit inter-interface
access-list inside extended permit ip any any
access-list outside extended permit ip any any
access-list guest extended permit udp any host 172.16.1.102 eq domain
access-list guest extended permit udp any host 172.16.1.103 eq domain
access-list guest extended permit udp any any range bootps tftp
access-list guest extended deny ip any 172.16.1.0 255.255.255.0 log
access-list guest extended deny ip any 172.16.2.0 255.255.255.0 log
access-list guest extended permit ip any any
access-list insidewifi extended permit ip any any
access-list Outside_In extended permit tcp any any eq 3389
access-list SSLClientProfile_SPLIT standard permit 172.16.1.0 255.255.255.0
access-list SSLClientProfile_SPLIT standard permit 172.16.2.0 255.255.255.0
access-list nonat_inside extended permit ip 172.16.1.0 255.255.255.0 172.16.9.0 255.255.255.0
access-list nonat_insidewifi extended permit ip 172.16.2.0 255.255.255.0 172.16.9.0 255.255.255.0
pager lines 50
logging enable
logging list TEST level alerts
logging buffered debugging
logging asdm informational
logging mail TEST
logging from-address [email protected]
logging recipient-address [email protected] level errors
mtu outside 1500
mtu guest 1500
mtu inside 1500
mtu insidewifi 1500
ip local pool SSLClientPool 172.16.9.1-172.16.9.2 mask 255.255.255.0
ip audit name FW01-INFO info action alarm
ip audit name FW01-ATTACK attack action alarm reset
ip audit interface outside FW01-INFO
ip audit interface outside FW01-ATTACK
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2004 disable
ip audit signature 2005 disable
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply outside
icmp permit any guest
icmp permit any inside
icmp permit any insidewifi
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (guest) 1 172.16.10.0 255.255.255.0
nat (inside) 0 access-list nonat_inside
nat (inside) 1 172.16.1.0 255.255.255.0
nat (insidewifi) 0 access-list nonat_insidewifi
nat (insidewifi) 1 172.16.2.0 255.255.255.0
static (inside,outside) tcp interface 3389 172.16.1.200 3389 netmask 255.255.255.255
static (inside,guest) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
static (inside,insidewifi) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
access-group Outside_In in interface outside
access-group guest in interface guest
access-group inside in interface inside
access-group insidewifi in interface insidewifi
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record SSLVPNPolicy
description "SSL VPN Policy (AD Login)"
dynamic-access-policy-record DfltAccessPolicy
action terminate
aaa-server LDAP protocol ldap
aaa-server LDAP (inside) host 172.16.1.102
server-port 389
ldap-base-dn DC=MOORE,DC=NET
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=LDAP Service Account,OU=ServiceAccounts,OU=MooreNetwork,DC=moore,DC=net
server-type microsoft
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 172.16.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
fragment chain 1 outside
sysopt noproxyarp outside
service resetoutside
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn sslvpn.moore.net
subject-name CN=sslvpn.moore.net
keypair sslvpnkeypair
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 956e1350
308201ef 30820158 a0030201 02020495 6e135030 0d06092a 864886f7 0d010105
0500303c 31193017 06035504 03131073 736c7670 6e2e6d6f 6f72652e 6e657431
1f301d06 092a8648 86f70d01 09021610 73736c76 706e2e6d 6f6f7265 2e6e6574
301e170d 31323037 32383034 34363133 5a170d32 32303732 36303434 3631335a
303c3119 30170603 55040313 1073736c 76706e2e 6d6f6f72 652e6e65 74311f30
1d06092a 864886f7 0d010902 16107373 6c76706e 2e6d6f6f 72652e6e 65743081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100c8 167e2c3d
04c16a6c b6639fda c60f085a 8ea6a2ea 6e0bcafb acb3ec8e 3c659274 37636c34
0df9e770 17fb97f6 c2b8641e ff3675f3 3d906e01 a7056bb0 9c0bf54c 3475729e
74caf157 068464d3 e235c46f a8525867 c3911d9c 760253d0 c7bbb7c8 84f91f92
858866c6 e0c1033d 6cfba6f0 b732158f 3d2d7ef5 9bbb0821 4d093f02 03010001
300d0609 2a864886 f70d0101 05050003 81810062 65e2455a cb4e87ea 7879099d
06ed1c5e 7eab180a 4d7564be c36810eb fe6a5bb9 94348ded 1336d811 d0949342
2718400c 8cc32395 23e7d722 3e2758a9 a2116a38 07500bd5 5b96f3c2 1d7c5769
dc5b876b 858cb447 355aa323 abbaf45d bed3814d a04f503a 21cddb47 aaecd5aa
1c82f701 22969424 f6845937 a21568a1 ecaa0e
quit
telnet timeout 5
ssh 172.16.1.0 255.255.255.0 inside
ssh timeout 20
console timeout 0
management-access inside
dhcpd dns 172.16.1.102
dhcpd ping_timeout 750
dhcprelay server 172.16.1.102 inside
dhcprelay enable guest
dhcprelay enable insidewifi
dhcprelay setroute guest
dhcprelay setroute insidewifi
dhcprelay timeout 60
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address 172.16.0.0 255.255.0.0
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 211.233.40.78
ntp server 61.153.197.226
ntp server 202.150.213.154 prefer
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
svc image disk0:/anyconnect-dart-win-2.5.6005-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy SSLClientPolicy internal
group-policy SSLClientPolicy attributes
dns-server value 172.16.1.102 172.16.1.103
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SSLClientProfile_SPLIT
default-domain value moore.net
address-pools value SSLClientPool
username gmoore_a password PNUmTwjDhevRqhkT encrypted privilege 15
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
authentication-server-group LDAP LOCAL
default-group-policy SSLClientPolicy
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
smtp-server 68.1.17.8
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:db7d3afda8f35ce1733b3fcd3f5f468d
: end
no asdm history enable -
iam getting the following error when doing the cisco unity express initialization wizard;
"JTAPI login failed. Error while determining CCM version-1"
ive done a search on the cisco error decoder but found nothing.
please helpHi Celso,
Here are some examples of where I think this went wrong. You may be trying to use the wrong License file;
For Callmanager (which I think you have used)
cue-vm-license_12mbx_ccm_3.0.2.pkg
License information package for a 12-mailbox version of the Cisco Unity Express with VoiceMail application that works with Cisco Unified CallManager. For all Cisco Unity Express modules: AIM-CUE, NM-CUE, NM-CUE-EC & NME-CUE.
For Callmanager Express - CME (which I think you need)
cue-vm-license_12mbx_cme_3.0.2.pkg
License information package for a 12-mailbox version of the Cisco Unity Express with VoiceMail application that works with Cisco Unified CallManager Express. For all Cisco Unity Express modules: AIM-CUE, NM-CUE, NM-CUE-EC & NME-CUE
From this link;
http://www.cisco.com/cgi-bin/tablebuild.pl/cue-302-licenses
Hope this helps!
Rob -
Incompability with CISCO AnyConnect
I can't connect to my work VPN server from my Leopard 10.5.2 machine using CISCO AnyConnect. It disconnects immediately.
I know from the PC side that this was a Bonjour issue, but after unloading Bonjour on the Mac, the problem persists.
Anyone have any suggestions? (I also run Tunnelblick, but this is uninstalled for this trial.)
Thanks.I solved this for myself by restarting the Cisco kext files during login.
Using a freeware program called Lingon I added the following terminal command to run with root access at login:
sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart
Add it as a User Daemon and make sure to check off run at login.
I hope this help others here. -
New vpn conncetion using Cisco Anyconnect Secure Mobility Client
(Not sure if I'm in the right forum.)
I'd like to connect via VPN to complete work tasks while not on the network. My Windows 8 laptop came with Cisco Anyconnect Secure Mobility. How do I or where do I go to add the new settings for this new vpn location? I have connections in the drop down list that I no longer use/need.
The VPN connetion failed due to unsuccessful domain name resolution.Right now I'm testing on a single access point (autonomous) with WEP! The same laptop works fine without the Cisco client. Usually it is several hours, 12 or more when it happens, but I've seen it less than that. And I've seen it up for over a day and a half. At this point I just don't trust the client to roll out to a larger audience.
-
Cisco AnyConnect Secure Mobility Client
I have a Cisco ASA 5525-X.
Behind the firewall I have six seperate networks, with interface 0 connected to the Internet.
Cisco Anyconnect clients can connect from the Internet without any problems.
What I want to do is restrict users/groups to specific networks.
For instance -group1 can only connect to network1 after authentication.
The problem I have is that users that are NOT part of the tunnelgroup are still authenticated and get access to a network they shouldn't have access to.
In short I want six groups for six networks but can't seem to make this work.
The reason for this is that these networks are six distinct networks with one Internet feed.
I would be most gratefull if somebody can point me in the right direction.
thanksHi,
I got to admit that I am a bit rusty on the VPN Client side.
In some of our environments we utilize the default RA (Remote Access) "tunnel-group" only and use a separate AAA server to return the correct group for the user based on their login information.
Now if we had to do this with just the ASA then I am not 100% sure how to set it up. I wonder if the solution would then be to remove all the non default "tunnel-group" configurations related to the type of VPN you are using and simply using the default "tunnel-group" and assigning "username" different "group-policy" based on their need?
In other words using only the default "tunnel-group" there would be nothing to choose from in the drop down menu but the "group-policy" attached to the "username" would define to which networks traffic would be tunneled and so on.
I guess this would still require you to configure an "address-pool" under the default "tunnel-group" or you would have to define each users IP address under the "username attributes".
To view the default "tunnel-group" and "group-policy" configurations on the CLI of the ASA you would have to use this command
show run all tunnel-group
show run all group-policy
Do take note that these commands print out a lot more information/configurations than the usual "show run" variation. This is because the command also shows the default settings which arent otherwise visible in the "show run" output.
Would really need to test this myself to be able to give you an 100% sure answer.
- Jouni
Maybe you are looking for
-
Oracle 9i Client and System.Data.OracleClient Problems
I have an application server that has an ASP.NET webpage that queries an Oracle database on another machine through ODP.NET. The app server's machine's OS is Microsoft Windows XP SP2 with IIS and .NET 2.0 Framework installed and configured correctly.
-
Reserve functionality no longer working
I have several workflows where the reserve functionality is no longer getting set when a user clicks on an item and exits out. We have several workflows that use the DECISION object PROCESS method in a customer defined task. We have a Budget Transfer
-
hi, sap gurus, how do we handle third party returns thnaxs, balaji.t 09990019711.
-
Download Email attachment?
- What method or functions to be included in an APP so that the App could be visible (as an option) in the email when downloading an email attachment? For example, similar to pdf reader or drop box apps, our own App can also come up when we try to do
-
I seek the Mac OS X 10.7.5 path to where my iPhoto files are located
Whenever I wish to upload a bunch of photos to a website, I can't grasp how to do it with iPhoto other than creating a new Desktop folder, highlighting the photos in an iPhoto Event and copying them in order to enable me to reference those photos wit