Cisco RV130W VPN firewall problems

Dear Supports:
I am newbie with Cisco, and I bought a Cisco RV130W wireless VPN router last week but
I got same problem with this router.
1)I have installed a DHCP server in our internal network so I have disabled the DHCP
service under network > LAN > LAN configuration > Server Settings(DHCP), but after
this action, all of our wireless device can not get IP again, finally I have
enabled the DHCP relay and put the DHCP server IP to "Remote DHCP Server" field, and
the problem seems fixed, may I know I have take a right action ? And if the answer
is yes, what is the usage for the DHCP Server "Disable" option ?
2)When I set DHCP to Disable, I find that dashboard still showing that the DHCP
server still in "Enabled" status (Dashboard right top corner > LAN (local network)
Interface > DHCP Server: Enabled), may I know it is a firmware bug or just some
setting I missed ?
3)WiFi signal is weak but I can not find any setting to control signal strong, some
times the SSID disappeared, finally I find that because I placed a Ext. USB 3.0 HDD
aside the router, after I remove the HDD and the SSID never disappear again, but I
don't know why this case happened and how can I prevent those case happened again?
4)In dashboard I find that VPN server > PPTP User: 0/1 , but in user manual I also
find that PPTP VPN > 10 PPTP tunnels for remote client access, may I know in
actually the router supports 1 or 10 PPTP user(s) ?
5)The PPTP VPN will disconnect automatically after connected 10~15 mins, I have try with 2 android device , one is running android 4.2 with native VPN client , and another one is running android 4.4.2 with apps "VpnRoot" , can you let me some hints how to trace and fix the problem ?
Thank for the support and I am wait for the reply , thanks.

This document demonstrates how to configure a connection between a router and the Cisco VPN Client 4.x using Remote Authentication Dial-In User Service (RADIUS) for user authentication. Cisco IOS? Software Releases 12.2(8)T and later support connections from Cisco VPN Client 3.x. The VPN Clients 3.x and 4.x use Diffie Hellman (DH) group 2 policy. The isakmp policy # group 2 command enables the VPN Clients to connect.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946b7.shtml

Similar Messages

Help with cisco 837 VPN firewall configuration

Hi guys,
I attempted to configure remote access VPN using cisco 837.IPSEC and firewall features were added already.However, the VPN client keeps saying "remote peer no longer responding".
Upon removing firewall and ACLs, VPN client works. Therefore, I believe these two parts went wrong. Could you please take a look on my config below and see what is going on. On the other hand, when i issue the same config to cisco 827, it does not work. My question is whether cisco 827 IOS 12.1(3)support IPSEC.
Any help would be highly appreciated.

This document demonstrates how to configure a connection between a router and the Cisco VPN Client 4.x using Remote Authentication Dial-In User Service (RADIUS) for user authentication. Cisco IOS? Software Releases 12.2(8)T and later support connections from Cisco VPN Client 3.x. The VPN Clients 3.x and 4.x use Diffie Hellman (DH) group 2 policy. The isakmp policy # group 2 command enables the VPN Clients to connect.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946b7.shtml

Cisco vpn connect problem with 3g dongle

Hi,
I am trying to connect cisco vpn but every time i am getting following error while trying to connect from huawei 3g usb dongle in win8. for win7 it works fine with no issue. Also the problem is only form datacard, form lan and wireless interaface i can easily connect to vpn without any issue. Any help/idea/suggestion highly appreciated?
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.2.9200
25     08:06:46.846 12/25/13 Sev=Info/4    CM/0x63100002
Begin connection process
26     08:06:46.848 12/25/13 Sev=Info/4    CM/0x63100004
Establish secure connection
27     08:06:46.848 12/25/13 Sev=Info/4    CM/0x63100024
Attempt connection with server "116.68.208.113"
28     08:06:46.849 12/25/13 Sev=Info/6    IKE/0x6300003B
Attempting to establish a connection with 116.68.208.113.
29     08:06:46.855 12/25/13 Sev=Info/4    IKE/0x63000001
Starting IKE Phase 1 Negotiation
30     08:06:46.858 12/25/13 Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 116.68.208.113
31     08:06:47.145 12/25/13 Sev=Info/4    IPSEC/0x63700008
IPSec driver successfully started
32     08:06:47.145 12/25/13 Sev=Info/4    IPSEC/0x63700014
Deleted all keys
33     08:06:52.144 12/25/13 Sev=Info/4    IKE/0x63000021
Retransmitting last packet!
34     08:06:52.144 12/25/13 Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 116.68.208.113
35     08:06:57.144 12/25/13 Sev=Info/4    IKE/0x63000021
Retransmitting last packet!
36     08:06:57.144 12/25/13 Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 116.68.208.113
37     08:07:02.145 12/25/13 Sev=Info/4    IKE/0x63000021
Retransmitting last packet!
38     08:07:02.145 12/25/13 Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 116.68.208.113
39     08:07:07.145 12/25/13 Sev=Info/4    IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=97205EA6A12866F0 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
40     08:07:07.645 12/25/13 Sev=Info/4    IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=97205EA6A12866F0 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
41     08:07:07.645 12/25/13 Sev=Info/4    CM/0x63100014
Unable to establish Phase 1 SA with server "116.68.208.113" because of "DEL_REASON_PEER_NOT_RESPONDING"
42     08:07:07.645 12/25/13 Sev=Info/5    CM/0x63100025
Initializing CVPNDrv
43     08:07:07.645 12/25/13 Sev=Info/6    CM/0x63100046
Set tunnel established flag in registry to 0.
44     08:07:07.645 12/25/13 Sev=Info/4    IKE/0x63000001
IKE received signal to terminate VPN connection
45     08:07:08.146 12/25/13 Sev=Info/4    IPSEC/0x63700014
Deleted all keys
46     08:07:08.146 12/25/13 Sev=Info/4    IPSEC/0x63700014
Deleted all keys
47     08:07:08.146 12/25/13 Sev=Info/4    IPSEC/0x63700014
Deleted all keys
48     08:07:08.146 12/25/13 Sev=Info/4    IPSEC/0x6370000A
IPSec driver successfully stopped
49     08:19:59.202 12/25/13 Sev=Info/4    CM/0x63100002
Begin connection process
50     08:19:59.202 12/25/13 Sev=Info/4    CM/0x63100004
Establish secure connection
51     08:19:59.202 12/25/13 Sev=Info/4    CM/0x63100024
Attempt connection with server "116.68.208.113"
52     08:19:59.202 12/25/13 Sev=Info/6    IKE/0x6300003B
Attempting to establish a connection with 116.68.208.113.
53     08:19:59.202 12/25/13 Sev=Info/4    IKE/0x63000001
Starting IKE Phase 1 Negotiation
54     08:19:59.218 12/25/13 Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 116.68.208.113
55     08:19:59.656 12/25/13 Sev=Info/4    IPSEC/0x63700008
IPSec driver successfully started
56     08:19:59.656 12/25/13 Sev=Info/4    IPSEC/0x63700014
Deleted all keys
57     08:20:04.656 12/25/13 Sev=Info/4    IKE/0x63000021
Retransmitting last packet!
58     08:20:04.656 12/25/13 Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 116.68.208.113
59     08:20:09.656 12/25/13 Sev=Info/4    IKE/0x63000021
Retransmitting last packet!
60     08:20:09.656 12/25/13 Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 116.68.208.113
61     08:20:14.656 12/25/13 Sev=Info/4    IKE/0x63000021
Retransmitting last packet!
62     08:20:14.656 12/25/13 Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to 116.68.208.113
63     08:20:19.656 12/25/13 Sev=Info/4    IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=46B8917FD54C64AC R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
64     08:20:20.156 12/25/13 Sev=Info/4    IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=46B8917FD54C64AC R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
65     08:20:20.156 12/25/13 Sev=Info/4    CM/0x63100014
Unable to establish Phase 1 SA with server "116.68.208.113" because of "DEL_REASON_PEER_NOT_RESPONDING"
66     08:20:20.156 12/25/13 Sev=Info/5    CM/0x63100025
Initializing CVPNDrv
67     08:20:20.156 12/25/13 Sev=Info/6    CM/0x63100046
Set tunnel established flag in registry to 0.
68     08:20:20.156 12/25/13 Sev=Info/4    IKE/0x63000001
IKE received signal to terminate VPN connection
69     08:20:20.156 12/25/13 Sev=Info/4    IPSEC/0x63700014
Deleted all keys
70     08:20:20.156 12/25/13 Sev=Info/4    IPSEC/0x63700014
Deleted all keys
71     08:20:20.156 12/25/13 Sev=Info/4    IPSEC/0x63700014
Deleted all keys
72     08:20:20.156 12/25/13 Sev=Info/4    IPSEC/0x6370000A
IPSec driver successfully stopped

Hi Karsten,
Thank you for the reply !!! & best wishes for the new year 2014.
The problem is like this, if i select datacard connection type to NDIS it works but it doesnt work when i select RAS(modem) connection type for 3G datacard it doesnt. (NDIS and RAS(Modem) connection types are the 2 modes currently supporetd by the datacard.). Is there any case the users are experiencing from the similar problem? and what they have done to solve the issues? And thank you for the workaroung, i have checked the shrew-soft with win7 and it was working fine but not on win8, i will check shrew-soft on win8 very soon. Also we can move to the anyconnect solution but just want to know if this can solve our problem or not? whether there will be any issues with anyconnect solution for win 8 or not? can you please confim.
Thank you

Problem using SunRay with Cisco AnyConnect VPN Client

I am using Cisco AnyConnect VPN Client Version 2.5.3046
I have a PC and a SunRay connected to my router. I use VPN to connect my SunRay and my PC to my work computer. My PC works fine, I am able to connect to the internet and also run cisco VPN to connect to my work computer. But when I try to use my SunRay, I get a window on the screen with the message:
VPN IKE Phase 1 agg I msg1This window keeps moving around on the screen. I am not able to connect my SunRay through VPN to my work computer. Any idea what could be wrong and how I can fix this?

2.2 is definitely better.
On one PC, I'm fine. On another -- very similar -- it tells me it can't start the VPN even after uninstalling and re-installing and everything else I can think of, with plenty of re-boots inbetween.
Aaaaarrrrrrggggggghhhh.

TS2709 I have AppleTV and Ipad2 running VJay app to my TV over a private cisco router disabled firewall but I keep loosing the video on my TV after a few minutes what can I do?

I have AppleTV and Ipad2 running VJay app to my TV over a private cisco router disabled firewall but I keep loosing the video on my TV after a few minutes what can I do?

I also get this problem on my iPad, so probably not related to the AppleTV. On the iPad I restarted Airport Extreme this time, and then the iPad saw my Home Sharing.
So to recap, restarting the router or Airport Express allowed the iPad and AppleTV to see Home Sharing. Restarting AppleTV also allows AppleTV to see Home Sharing.
So does anyone have any idea?
Thanks

Cisco AnyConnect VPN won't install, says There is a newer version of the AnyConnect client already installed

I had an issue with my Cisco Anyconnect VPN not working, so uninstalled it. I've tried a new install and now I get the message "There is a newer version of the AnyConnect client installed" and it won't tell me install it at all. I've gone through various recommendations on the site included this :-
Go to "Regedit" and search for "Deterministic Networks" and delete it.
HKEY_LOCAL_MACHINE \SOFTWARE\Deterministic Networks
Search with the following keywords in the registry, under "Uninstall" or "Components" folders and delete any related entries.
Vpnapi
Vpngui
Cisco
CVPND
CVPNDRA
Ipsecdialer
Source: https://supportforums.cisco.com/message/3728011#3728011
But I've still got the same problem, and just cant find anything to help !

Disable Internet Connection Sharing (ICS) and then try You can disable ICS in two ways:
Per Adapter:
Click the Start button.
Click on Control Panel.
Click on View Network Status and Tasks
Click on Change adapter settings
Right-click the shared connection and choose Properties
Click the Sharing tab
Clear the Allow other network users to connect through this computer's Internet connection checkbox
Click OK
System Wide:
Click the Start button (Windows' orb)
Type: services.msc and press ENTER
Double-Click on Internet Connection Sharing (ICS)
Change Startup Type to Disabled
Reboot the computer
You can now try reinstalling the WiscVPN client again

Adding NetGear Prosafe 8-port Gigabit VPN Firewall to existing TimeCapsule Network

I need some help and direction with this one...
What I currently have setup and what I am doing on a day to day is as follows;
Cox Cable Broadband > ISP Cable Model > Time Capsule >Airport Express v1 + Airport Express v2 (Both extending wireless). I have a Dell/Windows Server setup as a Media Server and also have it setup to accept VPN connection as well. I remote into my network quite a bit as well as VPN into it quite a bit, I RDP into the Dell Server as well as an iMAC and MacBook Pro from time to time. I have PS3, Xbox360, Apple TV 1stG and 2ndG, 2011iMac, 2011MacBookPro, iPAD3 and various other wireless clients. I would really like to add as much security as I possibly can and thought adding a Hardware firewall would be a good step.
So I Purchased a NetGear ProSafe 8-port Gigabit VPN Firewall that I would install on my network and have everything behind that. The problem is I have no idea how to set it up for the best protection and performance. Only thing I found online is putting it behind my TC which would then leave my Wireless Clients outside the Firewall? I'm usually pretty good with this stuff, but this time I'm just completely confused and not even sure if I need this or if it's completely useles. I do like the TimeCapsule also running 2 Airport Express (v1 & v2) to extend my wireless network, but I'm not sure if it's as secure as it could be.
If this was a good step buying a hardware firewall and from what I've read the model I bought (FVS318G) is pretty good, it's also solving a problem I have had with my network is needed Ethernet access. Time Capsule only has 3 ports so I figured this would also solve the lack of Ethernet ports as well.
I'm thinking I would go from Modem > NetGear(DHCP Enabled) > Time Capsule (Somehow turn DHCP/Router off) > all my network clients.
Can Anyone offer advice?? How I should configure this? Is it pointless? Return the Netgear Firewall? Buy a different hardware firewall???
*BTW* I have software security covered, just want to add hardware as well.
Any help/suggestions would be extremely helpful!
Thank you!

I am not sure who made the suggestion for the vpn router to be behind the TC.. they do that sometimes for connection to vpn for downloading TV shows etc.. but your proposed network layout is correct.
I'm thinking I would go from Modem > NetGear(DHCP Enabled) > Time Capsule (Somehow turn DHCP/Router off) > all my network clients.
All correct.. The Netgear has to be the one and only router.. otherwise the VPN will not give you access to the rest of the network behind the NAT.
So easy peasy.. bridge the TC.. use the 5.6 utility if LIon.. you will need to download and install it..
http://support.apple.com/kb/DL1482
Lion v6 is a toy..
Go to manual setup, internet tab. Connection sharing.. off, bridge mode. update the TC.. voila you are done.
You should probably reboot the whole network. As the expresses will need to now get IP from the netgear not the TC. Tell us if you run into trouble, but everything should work, although it may require a reset and redo setup of the TC and express to get everything smooth again.
Next issue.. hardware and software firewalls.. sometimes produces the great wall of china.. very secure... oh so secure nothing gets in.. or out. I do not know the Netgear.. but I would start with whatever the lowest preset is for the firewall. And see if you have issues.
And of course then do the vpn setup.. which is a lot of fun.. (read strong sarcasm). But once you establish the tunnel should then give you access to the whole network.. you will not need to use RDP unless you need to actually take over a computer.
VPN firewall is the RIGHT WAY.. albeit it can be painful in the initial stages.

Profile for Cisco IPsec VPN does not set shared secret correctly

Hi,
We have a shared secret configuration for a Cisco IPsec (connecting to an ASA). I can correctly configure a profile for the Cisco IPsec VPN and deliver it to the device. However, the VPN connection fails due to an invalid shared secret. If I then go into the VPN settings on the device itself and manually retype the shared secret, it works fine.
I have noticed this when generating the mobileconfig profile both from Apple's iPhone Configuration Utility and also when using the MobileIron management platform to generate and push profiles.
Has anyone else seen this problem? I'm really confident that I'm typing the shared secret correctly in the iPCU generated profile as I've tried it many times. It also has happened across every flavor of iOS 3.x and 4.x (including the 4.2 betas).
thanks

Hi,
Thanks for the reply but it is a bit of a strange one. What makes you think the shared secret we are using - which you don't know - is more than 32 characters long. I can promise you it isn't. There's a bug in the way mobileconfig files are storing the encrypted shared secret values. I've now seen it on a third party mobile device management platform too.

Browsing Oracle application using CISCO SSL VPN forms not opening

Hi all,
Any idea why am not able to access my application using CISCO SSL VPN.Normal clients are able to use our application there is no problem.i have modifyed the "certdb.txt",still i am having the same problem.here am attaching the Java console output.
java.net.ConnectException: Operation timed out: connect
     at java.net.PlainSocketImpl.socketConnect(Native Method)
     at java.net.PlainSocketImpl.doConnect(Unknown Source)
     at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
     at java.net.PlainSocketImpl.connect(Unknown Source)
     at java.net.Socket.<init>(Unknown Source)
     at java.net.Socket.<init>(Unknown Source)
     at oracle.jinitiator.protocol.https.HttpsClient.doConnect(Unknown Source)
     at sun.net.www.http.HttpClient.openServer(Unknown Source)
     at sun.net.www.http.HttpClient.openServer(Unknown Source)
     at sun.net.www.http.HttpClient.<init>(Unknown Source)
     at sun.net.www.http.HttpClient.<init>(Unknown Source)
     at sun.plugin.protocol.jdk12.http.HttpClient.<init>(Unknown Source)
     at oracle.jinitiator.protocol.https.HttpsClient.<init>(Unknown Source)
     at oracle.jinitiator.protocol.https.HttpsClient.New(Unknown Source)
     at oracle.jinitiator.protocol.https.HttpsURLConnection$1.run(Unknown Source)
     at java.security.AccessController.doPrivileged(Native Method)
     at oracle.jinitiator.protocol.https.HttpsURLConnection.connect(Unknown Source)
     at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
     at oracle.jre.protocol.jar.HttpUtils.followRedirects(Unknown Source)
     at oracle.jre.protocol.jar.JarCache$CachedJarLoader.download(Unknown Source)
     at oracle.jre.protocol.jar.JarCache$CachedJarLoader.load(Unknown Source)
     at oracle.jre.protocol.jar.JarCache.get(Unknown Source)
     at oracle.jre.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
     at oracle.jre.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
     at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
     at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
     at sun.misc.URLClassPath$2.run(Unknown Source)
     at java.security.AccessController.doPrivileged(Native Method)
     at sun.misc.URLClassPath.getLoader(Unknown Source)
     at sun.misc.URLClassPath.getLoader(Unknown Source)
     at sun.misc.URLClassPath.getResource(Unknown Source)
     at java.net.URLClassLoader$1.run(Unknown Source)
     at java.security.AccessController.doPrivileged(Native Method)
     at java.net.URLClassLoader.findClass(Unknown Source)
     at sun.applet.AppletClassLoader.findClass(Unknown Source)
     at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
     at java.lang.ClassLoader.loadClass(Unknown Source)
     at sun.applet.AppletClassLoader.loadClass(Unknown Source)
     at java.lang.ClassLoader.loadClass(Unknown Source)
     at sun.applet.AppletClassLoader.loadCode(Unknown Source)
     at sun.applet.AppletPanel.createApplet(Unknown Source)
     at sun.plugin.AppletViewer.createApplet(Unknown Source)
     at sun.applet.AppletPanel.runLoader(Unknown Source)
     at sun.applet.AppletPanel.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
WARNING: Unable to cache https://212.72.22.86/+CSCO+1a756767633A2F2F62656E6A726F322E7A75712E70622E627A++/forms/java/frmwebutil.jar
java.net.ConnectException: Operation timed out: connect
     at java.net.PlainSocketImpl.socketConnect(Native Method)
     at java.net.PlainSocketImpl.doConnect(Unknown Source)
     at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
     at java.net.PlainSocketImpl.connect(Unknown Source)
     at java.net.Socket.<init>(Unknown Source)
     at java.net.Socket.<init>(Unknown Source)
     at oracle.jinitiator.protocol.https.HttpsClient.doConnect(Unknown Source)
     at sun.net.www.http.HttpClient.openServer(Unknown Source)
     at sun.net.www.http.HttpClient.openServer(Unknown Source)
     at sun.net.www.http.HttpClient.<init>(Unknown Source)
     at sun.net.www.http.HttpClient.<init>(Unknown Source)
     at sun.plugin.protocol.jdk12.http.HttpClient.<init>(Unknown Source)
     at oracle.jinitiator.protocol.https.HttpsClient.<init>(Unknown Source)
     at oracle.jinitiator.protocol.https.HttpsClient.New(Unknown Source)
     at oracle.jinitiator.protocol.https.HttpsURLConnection$1.run(Unknown Source)
     at java.security.AccessController.doPrivileged(Native Method)
     at oracle.jinitiator.protocol.https.HttpsURLConnection.connect(Unknown Source)
     at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
     at oracle.jre.protocol.jar.HttpUtils.followRedirects(Unknown Source)
     at oracle.jre.protocol.jar.JarCache$CachedJarLoader.download(Unknown Source)
     at oracle.jre.protocol.jar.JarCache$CachedJarLoader.load(Unknown Source)
     at oracle.jre.protocol.jar.JarCache.get(Unknown Source)
     at oracle.jre.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
     at oracle.jre.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
     at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
     at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
     at sun.misc.URLClassPath$2.run(Unknown Source)
     at java.security.AccessController.doPrivileged(Native Method)
     at sun.misc.URLClassPath.getLoader(Unknown Source)
     at sun.misc.URLClassPath.getLoader(Unknown Source)
     at sun.misc.URLClassPath.getResource(Unknown Source)
     at java.net.URLClassLoader$1.run(Unknown Source)
     at java.security.AccessController.doPrivileged(Native Method)
     at java.net.URLClassLoader.findClass(Unknown Source)
     at sun.applet.AppletClassLoader.findClass(Unknown Source)
     at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
     at java.lang.ClassLoader.loadClass(Unknown Source)
     at sun.applet.AppletClassLoader.loadClass(Unknown Source)
     at java.lang.ClassLoader.loadClass(Unknown Source)
     at sun.applet.AppletClassLoader.loadCode(Unknown Source)
     at sun.applet.AppletPanel.createApplet(Unknown Source)
     at sun.plugin.AppletViewer.createApplet(Unknown Source)
     at sun.applet.AppletPanel.runLoader(Unknown Source)
     at sun.applet.AppletPanel.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
WARNING: Unable to cache https://212.72.22.86/+CSCO+1a756767633A2F2F62656E6A726F322E7A75712E70622E627A++/forms/java/frmall_jinit.jar
java.net.ConnectException: Operation timed out: connect

Hi,
From your description, my understanding is that you get invalid workflowinstanceid error when you click on workflow link like "inprogress” in the current list.
Please check the URL of workflow “inprogress” (also URL for workflow approval instance to open task form) to see if it’s correct.
Please use your company network directly instead of CISCO SSL VPN, then access SharePoint portal url “https://vpnssl.companyname.com/”, see if the issue still occur.
Also, check the ULS log on the SharePoint server based on the Correlation ID value, get more detailed information about this error message.
And you could refer to this similar issue:
https://social.technet.microsoft.com/Forums/en-US/08aa6b33-cef6-4b01-8af7-6c25ed7d9953/invalid-workflowinstanceid-parameter-in-url?forum=sharepointgeneralprevious.
Best Regards
Vincent Han
TechNet Community Support

IOS4 and VPN/Firewall routers

Hello,
I am trying to get VPN connection from iPhone and iPad(3G). I have tested Linksys (Cisco) RV042 -router. But I was told by Cisco that RV042 does not support connection from iPhone...
So, I would like to ask which VPN/Firewall devices you have used succesfully with iPhone or iPad?
Message was edited by: Sarnikorpi

They will be like any other exam, three years valid towards any eligible path.

Cisco Systems VPN Driver installed without my authorization

I just did a system software update, installing just the Security Update 2010-004. After rebooting I looked in the syslog and noticed for the first time a report of starting a Cisco Systems VPN driver:
Wed Jul 21 14:03:59 mhackslab kernel[0] <Debug>: yukon: Ethernet address 00:1b:63:be:3c:6e
Wed Jul 21 14:04:01 mhackslab rpc.statd[70] <Notice>: statd.notify - no notifications needed
Wed Jul 21 14:04:01 mhackslab bootlog[85] <Notice>: BOOT_TIME: 1279742620 0
Wed Jul 21 14:04:02 mhackslab com.apple.launchd[1] (com.apple.distccdConfigd[81]) <Warning>: Exited with exit code: 255
Wed Jul 21 14:04:02 mhackslab fseventsd[77] <Critical>: bumping event counter to: 0x2bdc081c (current 0x0) from log file
Wed Jul 21 14:04:12 mhackslab kextd[17] <Notice>: writing kernel link data to /var/run/mach.sym
Wed Jul 21 14:04:12 mhackslab /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow[73] <Error>: Login
Wed Jul 21 14:04:13 mhackslab /usr/sbin/ocspd[104] <Alert>: starting
Wed Jul 21 14:04:13 mhackslab com.apple.SystemStarter[68] <Notice>: Starting Cisco Systems VPN Driver
Wed Jul 21 14:04:14 mhackslab com.apple.SystemStarter[68] <Notice>: kextload: /System/Library/Extensions/CiscoVPN.kext l
Wed Jul 21 14:04:15 mhackslab kernel[0] <Debug>: CiscoVPN : attempting to attach to all available ethernet interfaces.
Wed Jul 21 14:04:15 mhackslab kernel[0] <Debug>: CiscoVPN : checking if we are already attached to interface: en0
Wed Jul 21 14:04:15 mhackslab kernel[0] <Debug>: CiscoVPN : no, not yet attached to interface: en0
Wed Jul 21 14:04:15 mhackslab kernel[0] <Debug>: CiscoVPN : interface: en0, filter attached.
Wed Jul 21 14:04:15 mhackslab kernel[0] <Debug>: CiscoVPN : current MTU for en0 is 1500, saving it.
Wed Jul 21 14:04:15 mhackslab kernel[0] <Debug>: CiscoVPN : checking if we are already attached to interface: en1
Wed Jul 21 14:04:15 mhackslab kernel[0] <Debug>: CiscoVPN : no, not yet attached to interface: en1
Wed Jul 21 14:04:15 mhackslab kernel[0] <Debug>: CiscoVPN : interface: en1, filter attached.
Wed Jul 21 14:04:15 mhackslab kernel[0] <Debug>: CiscoVPN : current MTU for en1 is 1500, saving it.
Wed Jul 21 14:04:15 mhackslab kernel[0] <Debug>: CiscoVPN : loading cisco ipsec kernel module.
Wed Jul 21 14:04:21 mhackslab kernel[0] <Debug>: display: Not usable
My syslog goes back over a year and there is no prior report of such a driver being started. I don't think I have ever manually installed this driver. I have also listed all services by doing 'sudo launchctl list' and 'sudo launchctl bslist' and did not see any report of a Cisco service.
I would like to know why the driver is now being started every time on bootup, what caused this to occur, and how I can prevent it.
thanks,
William Knight

Hi,
I suggest you to install the Latest Version of Cisco VPN 5.0.07.0440 : http://software.cisco.com/download/release.html?mdfid=281940730&softwareid=282364316&release=5.0.07.0440&os=Windows
if you get the same Error try to turn off the Firewall and Connect again, if doesn't solve it you should contact with Cisco VPN Support: https://supportforums.cisco.com/community/netpro/security/vpn
Regards,
MCT / MCITP / MCTS / MCSA / MCSE / MCP / C|EH / CCNA

Mail and SMTP server settings of ASA Certificate Authority for cisco anyconnect VPN

Dear All,
i have the folloing case :
i am using ASA as Certificate authority for cisco anyconnect VPN users,the authentication happens based on the local database of the ASA,
i want to issue a new certificate every 72 hours for the users ,and i want to send the one time password via email to each user.
so what the setting of the mail and smtp server should be ,
was i understand i should put my smtp server ip address then i have to create the local users again under(Remte VPN VPN--Certificate management--Local certificate authority --Manage user Database) along with their email addresses to send the one time passsword to them via their emails.
i sent the email manually ,hwo can automate sending the OTP to our VPN users automatically vi their emails?
Best regards,

Thanks Jennifer.
I did manage to configure LDAP attribute map to the specific group policy.
Nevertheless, I was thinking whether I can have fixed IP address tied to individual user.
Using legacy Cisco VPN Client, I can do it using IPSEC(IKEv1) Connection profile, where I set Pre-Shared Key and Client Address Pools. Each Client Address Pools has only 1 fix IP address.
Example: let say my username is LLH.
Connection Profile for me is : LLH-Connection-Profile, my profile is protected by preshared key.
Client Address Pool for me is : LLH-pool, and the IP is 172.16.1.11
Only me know the preshared key and only me can login with my Connection Profile.
Using AnyConnect, I have problem. User can use any connection profile because I cannot set preshared key for AnyConnect. In that case, I cannot control who can use my Connection Profile and pretend to be me.
Example:
AnyConnect Connection Profile for me is : LLH-Connection-Profile, without any password
Client Address Pool for me is : LLH-pool, IP is 172.16.1.11
Any body can use LLH-Connection-Profile, login with another user name, let say user-abc which is a valid user in LDAP server. In that case, ASA assign 172.16.1.11 to user-abc and this user-abc can access server which only allow my IP to access.
I hope above description can paint the scenario clearer.
Thanks in advance for all the help and comment given.

Cisco ASA 5505 Firewall Not Allowing Incoming Traffic

Hello,
I am wondering if there is a very friendly cisco guru out there who can help me out. I am trying to switch out a cisco pix 501 firewall with a cisco ASA 5505 firewall. I am not very familiar with all of the commands for the firewalls and have always relied on a standard command line script that I use when building a new one. Unfortunately, my script is not working with the 5505. Can someone please let me know what I am doing wrong with the following script? I've masked public IP info with xxx.xxx.xxx and I run it right after restoring the firewall to the factory defaults. I am able to get out to the internet if I browse directly from one of the servers, but cannot access a web page when trying to browse to it from an outside network.
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
ip address outside xxx.xxx.xxx.94 255.255.255.224
ip address inside 192.168.1.1 255.255.255.0
global (outside) 1 xxx.xxx.xxx.106-xxx.xxx.xxx.116
global (outside) 1 xxx.xxx.xxx.95
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0 0 xxx.xxx.xxx.93
access-group 100 in interface outside
nat (inside) 1 192.168.1.0 255.255.255.0
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.93 1 DHCP static
static (inside,outside) xxx.xxx.xxx.95 192.168.1.95 netmask 255.255.255.255 0 0
access-list 100 permit tcp any host xxx.xxx.xxx.95 eq www
static (inside,outside) xxx.xxx.xxx.96 192.168.1.96 netmask 255.255.255.255 0 0
access-list 100 permit tcp any host xxx.xxx.xxx.96 eq www

Hey Craig,
Based on your commands I think you were using 6.3 version on PIX and now you must be moving to ASA ver 8.2.x.
On 8.4 for interface defining use below mentioned example :
int eth0/0
ip add x.x.x.x y.y.y.y
nameif outside
no shut
int eth0/1
ip add x.x.x.x y.y.y.y
nameif inside
no shut
nat (inside) 1 192.168.1.0 255.255.255.0
global (outside) 1 xxx.xxx.xxx.106-xxx.xxx.xxx.116
global (outside) 1 xxx.xxx.xxx.95
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
static (inside,outside) xxx.xxx.xxx.95 192.168.1.95 netmask 255.255.255.255 0 0
access-list 100 permit tcp any host xxx.xxx.xxx.95 eq www
static (inside,outside) xxx.xxx.xxx.96 192.168.1.96 netmask 255.255.255.255 0 0
access-list 100 permit tcp any host xxx.xxx.xxx.96 eq www
route outside 0 0 xxx.xxx.xxx.93
access-group 100 in interface outside
You can use two global statements as first statement would be used a dynamic NAT and second as PAT.
If you're still not able to reach.Paste your entire config and version that you are using on ASA.

I need helping!!! configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.

I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
I need to allow the following IP addresses to have RDP access to my server:
66.237.238.193-66.237.238.222
69.195.249.177-69.195.249.190
69.65.80.240-69.65.80.249
My external WAN server info is - 99.89.69.333
The internal IP address of my server is - 192.168.6.2
The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
THE FOLLOWING IS MY CONFIGURATION FILE
Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
Also the bolded lines are the modifications I made but that arent working.
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password DowJbZ7jrm5Nkm5B encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.6.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 99.89.69.233 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network EMRMC
network-object 10.1.2.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 172.16.0.0 255.255.0.0
network-object 192.168.9.0 255.255.255.0
object-group service RDP tcp
description RDP
port-object eq 3389
object-group service GMED tcp
description GMED
port-object eq 3390
object-group service MarsAccess tcp
description MarsAccess
port-object range pcanywhere-data 5632
object-group service MarsFTP tcp
description MarsFTP
port-object range ftp-data ftp
object-group service MarsSupportAppls tcp
description MarsSupportAppls
port-object eq 1972
object-group service MarsUpdatePort tcp
description MarsUpdatePort
port-object eq 7835
object-group service NM1503 tcp
description NM1503
port-object eq 1503
object-group service NM1720 tcp
description NM1720
port-object eq h323
object-group service NM1731 tcp
description NM1731
port-object eq 1731
object-group service NM389 tcp
description NM389
port-object eq ldap
object-group service NM522 tcp
description NM522
port-object eq 522
object-group service SSL tcp
description SSL
port-object eq https
object-group service rdp tcp
port-object eq 3389
access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.6.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 68.156.148.5
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
tunnel-group 68.156.148.5 type ipsec-l2l
tunnel-group 68.156.148.5 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
: end
ciscoasa(config-network)#

Unclear what did not work. In your original post you include said some commands were added but don't work:
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
and later you state you add another command that gets an error:
static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface. Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive? Static PAT usually makes sense when you need to change the TCP port number. In your example, you are not changing the TCP port 3389.

Cisco IPSec VPN Client and sending a specific Radius A-V value to ACS 5.2

This setup is to try routing Cisco VPN to either RSA or Entrust from Cisco ACS 5.2, depending on some parameter in incoming AUTH request from Cisco IPSec VPN Client 5.x. Tried playing with pcf files and user names/identity stores, none seems working

Hi Tony,
to the best of my knowledge this is currently not possible, but will be once this enhancement is implemented:
CSCsw31922 Radius upstream VSAs (Tunnel Group,Client type) for VPN policy decisions
You may want to try and ask in the AAA forum if there is anything you can do on ACS...
hth
Herbert

Cisco RV130W VPN firewall problems

Similar Messages

Maybe you are looking for