Cisco vpn client causing blue screen on xp

Similar Messages

• Cisco VPN Client causes blue screen crash on WindowsXP Pro (Satellite M30)

  Hi there,
  I've got a Satellite Pro M30 running Windows XP Professional.
  After starting a vpn Tunnel via a Cisco VPN Client (Version 4.6 and 4.7) the system crashes with a blue screen.
  I can see that the key exchange is successful, but immediatly after the vpn connection gets established Windows XP crashes with a blue screen.
  Has anyone an idea, how to solve this problem?
  Maybe by device driver update? And if so, which driver should be updated?
  Kind regards,
  Thorsten

  Hi R2D2 (and anyone else)!
  1st of all (concerning your link) - I'm not using the wireless adapter.
  I am connectet via 100Mbit via network-cable to my hub (all RJ45 TP Cat.5)
  I found several other Notebook users by google'ing who have the same problem different vpn-clients but most of them with a centrino processor inside the notebook.
  Almost all of them solved the problem by installing new drivers. But I can't use driver-patches from other Notebook to fix my Toshiba Drivers.
  What could help is information about which driver is responsible for the crash by vpn clients on centrino notebooks. Maybe there is an Intel driver for it, but when I do not know which one causes the problem it's like seeking a needle in a haystack... :(
  Disabling ALL other network devices (wireless, 1394-network adapter, modem, etc.) did not solve the problem.
  I used the Cisco VPN clients several times on my old Compaq Notebook without any problems, but here it just doesn't work.
  An idea which driver should be updated is kindly welcome!
  Thank you, Thorsten

• Vpn client causing blue screen on windows xp

  Hi all, we have rolled out cisco vpn client to most of our laptops, we have now lots of users experiencing the blue screen of death when remotley connected.
  Does anyone know why this is?
  Cheers
  Carl

  If you are using the VPN client 3.6.1 it might cause a Windows BlueScreen critical error. This problem results from incorrect processing by the VPN Client of a return DDNS packet from a DNS server that does not implement DDNS.
  If this problem is encountered, cvpndrv.sys (Cisco VPN Driver) would cause the blue screen.
  Release 3.6.3 resolves the issues

• VPN Client 4 blue screens Acer TravelMate Running W2K

  I have tried two different versions of the Cisco VPN Client (both of them Version 4 flavors), and the Acer TravelMate will Blue Screen after installation. If I boot to Safe Mode and uninstall the Client, the machine works fine. The machine is running Windows 2000.
  Has anyone else had this problem? If so, what did you to to solve it? Any help is appreciated. Thanks! Mike

  There are known issues with blue screen symptoms with VPN client. There are several bugs on 4.0 which may cause a blue screen: CSCdt31839, CSCdx57930, CSCal01761, CSCdx11597. These are only a few known issues regarding a blue screen on a windows machine. Check if there are others with Acer too using the Bug toolkit available on cisco.com/tac.

• Kernel panc & Cisco VPN client

  Can someone take a look at the below and tell me if the Cisco VPN client is crashing my system? Thanks.
  Interval Since Last Panic Report: 1353403 sec
  Panics Since Last Report: 1
  Anonymous UUID: 847B0480-8E72-4988-862B-D1FCA722F3BB
  Tue Oct 6 09:47:56 2009
  panic(cpu 0 caller 0x2a6ac2): Kernel trap at 0x002929e6, type 14=page fault, registers:
  CR0: 0x8001003b, CR2: 0x0829a2ec, CR3: 0x00100000, CR4: 0x000006e0
  EAX: 0x46a95b84, EBX: 0x00003b78, ECX: 0x000000af, EDX: 0x000005a4
  CR2: 0x0829a2ec, EBP: 0x5bd4be68, ESI: 0x0829a2ec, EDI: 0x46a95e6c
  EFL: 0x00010216, EIP: 0x002929e6, CS: 0x00000008, DS: 0x00000010
  Error code: 0x00000000
  Backtrace (CPU 0), Frame : Return Address (4 potential args on stack)
  0x5bd4bbf8 : 0x21acfa (0x5ce650 0x5bd4bc2c 0x223156 0x0)
  0x5bd4bc48 : 0x2a6ac2 (0x590a50 0x2929e6 0xe 0x590c1a)
  0x5bd4bd28 : 0x29c968 (0x5bd4bd40 0x50 0x5bd4be68 0x2929e6)
  0x5bd4bd38 : 0x2929e6 (0xe 0x5bd40048 0x10 0x5c730010)
  0x5bd4be68 : 0x5c7383e5 (0x5bd4bed0 0x5bd4becc 0x5bd4bed4 0x5bd4bed8)
  0x5bd4bef8 : 0x31772d (0x0 0x8247604 0x2 0x5bd4bf74)
  0x5bd4bf68 : 0x317b37 (0x0 0x5748ee00 0x0 0x7a6442c)
  0x5bd4bfc8 : 0x29c68c (0x7a64404 0x0 0x29c69b 0x7be07a8)
  Kernel Extensions in backtrace (with dependencies):
  com.cisco.nke.ipsec(2.0.1)@0x5c736000->0x5c7a4fff
  BSD process name corresponding to current thread: kernel_task
  Mac OS version:
  10B504
  Kernel version:
  Darwin Kernel Version 10.0.0: Fri Jul 31 22:47:34 PDT 2009; root:xnu-1456.1.25~1/RELEASE_I386
  System model name: MacBookPro3,1 (Mac-F4238BC8)
  System uptime in nanoseconds: 2747345949935
  unloaded kexts:
  com.apple.driver.AppleFileSystemDriver 2.0 (addr 0x556e2000, size 0x12288) - last unloaded 127144562322
  loaded kexts:
  com.cisco.nke.ipsec 2.0.1
  com.vmware.kext.vmnet 2.0.6
  com.vmware.kext.vmioplug 2.0.6
  com.vmware.kext.vmci 2.0.6
  com.vmware.kext.vmx86 2.0.6
  com.Logitech.Control Center.HID Driver 3.1.0
  com.apple.driver.AppleHWSensor 1.9.2d0 - last loaded 32472308361
  com.apple.driver.AppleUpstreamUserClient 3.0.5
  com.apple.DontSteal_Mac_OSX 7.0.0
  com.apple.GeForce 6.0.2
  com.apple.driver.AudioIPCDriver 1.1.0
  com.apple.driver.AppleHDA 1.7.4a1
  com.apple.driver.SMCMotionSensor 3.0.0d4
  com.apple.driver.AirPort.Atheros 411.19.4
  com.apple.kext.AppleSMCLMU 1.4.5d1
  com.apple.driver.AppleIntelMeromProfile 19
  com.apple.driver.AppleIRController 161
  com.apple.driver.ACPISMCPlatformPlugin 3.4.0a20
  com.apple.driver.AppleLPC 1.4.6
  com.apple.driver.AppleBacklight 170.0.2
  com.apple.iokit.AppleYukon2 3.1.14b1
  com.apple.filesystems.autofs 2.1.0
  com.apple.driver.AppleUSBTrackpad 1.8.0b4
  com.apple.driver.AppleUSBTCKeyEventDriver 1.8.0b4
  com.apple.driver.AppleUSBTCKeyboard 1.8.0b4
  com.apple.driver.Oxford_Semi 2.5.0
  com.apple.iokit.SCSITaskUserClient 2.5.1
  com.apple.iokit.IOAHCIBlockStorage 1.5.0
  com.apple.driver.AppleAHCIPort 2.0.0
  com.apple.driver.AppleUSBHub 3.7.8
  com.apple.driver.AppleIntelPIIXATA 2.5.0
  com.apple.BootCache 31
  com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0d1
  com.apple.driver.AppleFWOHCI 4.3.4
  com.apple.driver.AppleEFINVRAM 1.3.0
  com.apple.driver.AppleUSBEHCI 3.7.5
  com.apple.driver.AppleUSBUHCI 3.7.5
  com.apple.driver.AppleRTC 1.3
  com.apple.driver.AppleHPET 1.4
  com.apple.driver.AppleSmartBatteryManager 160.0.0
  com.apple.driver.AppleACPIButtons 1.3
  com.apple.driver.AppleSMBIOS 1.4
  com.apple.driver.AppleACPIEC 1.3
  com.apple.driver.AppleAPIC 1.4
  com.apple.security.sandbox 0
  com.apple.security.quarantine 0
  com.apple.nke.applicationfirewall 2.0.11
  com.apple.driver.AppleIntelCPUPowerManagementClient 90.0.0
  com.apple.driver.AppleIntelCPUPowerManagement 90.0.0
  com.apple.driver.AppleProfileReadCounterAction 17
  com.apple.driver.AppleProfileTimestampAction 10
  com.apple.driver.AppleProfileThreadInfoAction 14
  com.apple.driver.AppleProfileRegisterStateAction 10
  com.apple.driver.AppleProfileKEventAction 10
  com.apple.driver.AppleProfileCallstackAction 20
  com.apple.iokit.IOSurface 73.0
  com.apple.iokit.IOBluetoothSerialManager 2.2.1f7
  com.apple.iokit.IOSerialFamily 10.0.2
  com.apple.driver.DspFuncLib 1.7.4a1
  com.apple.iokit.IOAudioFamily 1.7.0fc16
  com.apple.kext.OSvKernDSPLib 1.3
  com.apple.nvidia.nv50hal 6.0.2
  com.apple.NVDAResman 6.0.2
  com.apple.iokit.IOFireWireIP 2.0.3
  com.apple.iokit.IO80211Family 300.20
  com.apple.iokit.AppleProfileFamily 40
  com.apple.driver.AppleHDAController 1.7.4a1
  com.apple.iokit.IOHDAFamily 1.7.4a1
  com.apple.driver.AppleSMC 3.0.1d2
  com.apple.driver.IOPlatformPluginFamily 3.4.0a20
  com.apple.iokit.IONDRVSupport 2.0
  com.apple.iokit.IOGraphicsFamily 2.0
  com.apple.iokit.IONetworkingFamily 1.8
  com.apple.driver.CSRUSBBluetoothHCIController 2.2.1f7
  com.apple.driver.AppleUSBBluetoothHCIController 2.2.1f7
  com.apple.iokit.IOBluetoothFamily 2.2.1f7
  com.apple.iokit.IOUSBHIDDriver 3.7.5
  com.apple.iokit.IOSCSIBlockCommandsDevice 2.5.1
  com.apple.driver.AppleUSBMergeNub 3.7.5
  com.apple.driver.AppleUSBComposite 3.7.5
  com.apple.iokit.IOFireWireSerialBusProtocolTransport 2.0.0
  com.apple.iokit.IOFireWireSBP2 4.0.5
  com.apple.iokit.IOSCSIMultimediaCommandsDevice 2.5.1
  com.apple.iokit.IOBDStorageFamily 1.6
  com.apple.iokit.IODVDStorageFamily 1.6
  com.apple.iokit.IOCDStorageFamily 1.6
  com.apple.iokit.IOATAPIProtocolTransport 2.5.0
  com.apple.iokit.IOSCSIArchitectureModelFamily 2.5.1
  com.apple.driver.XsanFilter 402.1
  com.apple.iokit.IOAHCIFamily 2.0.0
  com.apple.iokit.IOUSBUserClient 3.7.5
  com.apple.iokit.IOATAFamily 2.5.0
  com.apple.iokit.IOFireWireFamily 4.1.7
  com.apple.driver.AppleEFIRuntime 1.3.0
  com.apple.iokit.IOUSBFamily 3.7.8
  com.apple.iokit.IOHIDFamily 1.6.0
  com.apple.iokit.IOSMBusFamily 1.1
  com.apple.security.TMSafetyNet 6
  com.apple.kext.AppleMatch 1.0.0d1
  com.apple.driver.DiskImages 281
  com.apple.iokit.IOStorageFamily 1.6
  com.apple.driver.AppleACPIPlatform 1.3
  com.apple.iokit.IOPCIFamily 2.6
  com.apple.iokit.IOACPIFamily 1.3.0
  System Profile:
  Model: MacBookPro3,1, BootROM MBP31.0070.B07, 2 processors, Intel Core 2 Duo, 2.2 GHz, 4 GB, SMC 1.16f11
  Graphics: NVIDIA GeForce 8600M GT, GeForce 8600M GT, PCIe, 128 MB
  Memory Module: global_name
  AirPort: spairportwireless_card_type_airportextreme (0x168C, 0x87), Atheros 5416: 2.0.19.4
  Bluetooth: Version 2.2.1f7, 2 service, 0 devices, 1 incoming serial ports
  Network Service: AirPort, AirPort, en1
  PCI Card: pci168c,24, sppci_othernetwork, PCI Slot 5
  Serial ATA Device: FUJITSU MHW2120BH, 111.79 GB
  Parallel ATA Device: MATSHITADVD-R UJ-857E
  USB Device: Built-in iSight, 0x05ac (Apple Inc.), 0x8502, 0xfd400000
  USB Device: Apple Internal Keyboard / Trackpad, 0x05ac (Apple Inc.), 0x021a, 0x5d200000
  USB Device: IR Receiver, 0x05ac (Apple Inc.), 0x8242, 0x5d100000
  USB Device: Bluetooth USB Host Controller, 0x05ac (Apple Inc.), 0x8205, 0x1a100000
  USB Device: USB Receiver, 0x046d (Logitech Inc.), 0xc525, 0x1a200000
  FireWire Device: OEM ATA Device 00, G-TECH, Up to 800 Mb/sec

  I had the same problem, and I think Cisco VPN client causes crashes in SL ( I had at least 3 crashes everyday) after uninstalling Cisco VPN client I don't have crashes anymore
  for uninstalling :
  1- open terminal
  2-cd /
  3-type cd /usr/local/bin ( hit return)
  4-type ls and hit return ( to be sure that vpn_uninstall is there)
  5-Type sudo ./vpn_uninstall ( hit return)
  6- type your admin pass.
  7- for the question type yes( hit return)
  8- do the same as 7
  then your good to go
  for using built-in cisco vpn in snow leopard follow the instructions of this url
  http://erbmicha.com/2009/09/07/how-to-cisco-vpn-with-snow-leopard-via-pcf-file/

• Cisco VPN Client Blue Screen Windows Vista

  I am using Cisco Client IPSec VPN version 5.0.07.0410. Installed on a Windows Vista operating system. Blue screen in Windows occurs after I have entered userid and password. Can anyone shed any light on this? I know that Cisco operates fine with XP and Windows 7 but has had issues with Vista?
  Thank you
  Carlos                  

  Andrew,
               Thank you. As soon as we upgraded Vista to SP2, it worked. The issue was with the OS not having the proper updates to interact with the Cisco VPN client.
  Appreciate all the support.
  Carlos

• Cisco VPN client4.7.00.0533 causes blue screen on XP Pro

  I just installed the Cisco VPN client release 4.7.00.0533 on an XP pro machine at service pack 2. I now get a blue screen when attempting to connect. Should I try a newer version of the client? Thanks!

  Shawn
  I would certainly think that a newer version of code would be the appropriate thing to try.
  HTH
  Rick

• Need HELPS! ASA 5505 8.4 Cisco VPN Client cannot ping any internal host

  Hi:
  Need your great help for my new ASA 5505 (8.4)
  I just set a new ASA 5505 with 8.4. However, I cannot ping any host after VPN in with Cisco VPN client. Please see below posted configuration file, thanks for any suggestion.
  ASA Version 8.4(3)
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  switchport access vlan 2
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 172.29.8.254 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 177.164.222.140 255.255.255.248
  ftp mode passive
  clock timezone GMT 0
  dns server-group DefaultDNS
  domain-name ABCtech.com
  same-security-traffic permit inter-interface
  object network obj_any
  subnet 172.29.8.0 255.255.255.0
  object service RDP
  service tcp source eq 3389
  object network orange
  host 172.29.8.151
  object network WAN_173_164_222_138
  host 177.164.222.138
  object service SMTP
  service tcp source eq smtp
  object service PPTP
  service tcp source eq pptp
  object service JT_WWW
  service tcp source eq www
  object service JT_HTTPS
  service tcp source eq https
  object network obj_lex
  subnet 172.29.88.0 255.255.255.0
  description Lexington office network
  object network obj_HQ
  subnet 172.29.8.0 255.255.255.0
  object network guava
  host 172.29.8.3
  object service L2TP
  service udp source eq 1701
  access-list VPN_Tunnel_User standard permit 172.29.8.0 255.255.255.0
  access-list VPN_Tunnel_User standard permit 172.29.88.0 255.255.255.0
  access-list inside_access_in extended permit icmp any any
  access-list inside_access_in extended deny tcp any any eq 135
  access-list inside_access_in extended deny tcp any eq 135 any
  access-list inside_access_in extended deny udp any eq 135 any
  access-list inside_access_in extended deny udp any any eq 135
  access-list inside_access_in extended deny tcp any any eq 1591
  access-list inside_access_in extended deny tcp any eq 1591 any
  access-list inside_access_in extended deny udp any eq 1591 any
  access-list inside_access_in extended deny udp any any eq 1591
  access-list inside_access_in extended deny tcp any any eq 1214
  access-list inside_access_in extended deny tcp any eq 1214 any
  access-list inside_access_in extended deny udp any any eq 1214
  access-list inside_access_in extended deny udp any eq 1214 any
  access-list inside_access_in extended permit ip any any
  access-list inside_access_in extended permit tcp any any eq www
  access-list inside_access_in extended permit tcp any eq www any
  access-list outside_access_in extended permit icmp any any
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq 33
  89
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq sm
  tp
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq pp
  tp
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ww
  w
  access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ht
  tps
  access-list outside_access_in extended permit gre any host 177.164.222.138
  access-list outside_access_in extended permit udp any host 177.164.222.138 eq 17
  01
  access-list outside_access_in extended permit ip any any
  access-list inside_access_out extended permit icmp any any
  access-list inside_access_out extended permit ip any any
  access-list outside_cryptomap extended permit ip 172.29.8.0 255.255.255.0 172.29
  .88.0 255.255.255.0
  access-list inside_in extended permit icmp any any
  access-list inside_in extended permit ip any any
  access-list inside_in extended permit udp any any eq isakmp
  access-list inside_in extended permit udp any eq isakmp any
  access-list inside_in extended permit udp any any
  access-list inside_in extended permit tcp any any
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool ABC_HQVPN_DHCP 172.29.8.210-172.29.8.230 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  asdm history enable
  arp timeout 14400
  nat (inside,outside) source static orange interface service RDP RDP
  nat (inside,outside) source static obj_HQ obj_HQ destination static obj_lex obj_
  lex route-lookup
  nat (inside,outside) source static guava WAN_173_164_222_138 service JT_WWW JT_W
  WW
  nat (inside,outside) source static guava WAN_173_164_222_138 service JT_HTTPS JT
  _HTTPS
  nat (inside,outside) source static guava WAN_173_164_222_138 service RDP RDP
  nat (inside,outside) source static guava WAN_173_164_222_138 service SMTP SMTP
  nat (inside,outside) source static guava WAN_173_164_222_138 service PPTP PPTP
  nat (inside,outside) source static guava WAN_173_164_222_138 service L2TP L2TP
  object network obj_any
  nat (inside,outside) dynamic interface
  access-group inside_in in interface inside
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 177.164.222.142 1
  route inside 172.29.168.0 255.255.255.0 172.29.8.253 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server Guava protocol nt
  aaa-server Guava (inside) host 172.29.8.3
  timeout 15
  nt-auth-domain-controller guava
  user-identity default-domain LOCAL
  http server enable
  http 172.29.8.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set Remote_VPN_Set esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set Remote_vpn_set esp-3des esp-md5-hmac
  crypto ipsec ikev2 ipsec-proposal AES256
  protocol esp encryption aes-256
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES192
  protocol esp encryption aes-192
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES
  protocol esp encryption aes
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal 3DES
  protocol esp encryption 3des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal DES
  protocol esp encryption des
  protocol esp integrity sha-1 md5
  crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set Remote_VPN_Set
  crypto dynamic-map outside_dyn_map 20 set reverse-route
  crypto map outside_map 1 match address outside_cryptomap
  crypto map outside_map 1 set peer 173.190.123.138
  crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5
  ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ES
  P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto ikev2 policy 1
  encryption aes-256
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 10
  encryption aes-192
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 20
  encryption aes
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 30
  encryption 3des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 40
  encryption des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 enable outside
  crypto ikev1 enable outside
  crypto ikev1 policy 1
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 43200
  crypto ikev1 policy 10
  authentication crack
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 120
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet 192.168.1.0 255.255.255.0 inside
  telnet 172.29.8.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside vpnclient-wins-override
  dhcprelay server 172.29.8.3 inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  enable outside
  group-policy ABCtech_VPN internal
  group-policy ABCtech_VPN attributes
  dns-server value 172.29.8.3
  vpn-tunnel-protocol ikev1
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPN_Tunnel_User
  default-domain value ABCtech.local
  group-policy GroupPolicy_10.8.8.1 internal
  group-policy GroupPolicy_10.8.8.1 attributes
  vpn-tunnel-protocol ikev1 ikev2
  username who password eicyrfJBrqOaxQvS encrypted
  tunnel-group 10.8.8.1 type ipsec-l2l
  tunnel-group 10.8.8.1 general-attributes
  default-group-policy GroupPolicy_10.8.8.1
  tunnel-group 10.8.8.1 ipsec-attributes
  ikev1 pre-shared-key *****
  ikev2 remote-authentication pre-shared-key *****
  ikev2 remote-authentication certificate
  ikev2 local-authentication pre-shared-key *****
  tunnel-group ABCtech type remote-access
  tunnel-group ABCtech general-attributes
  address-pool ABC_HQVPN_DHCP
  authentication-server-group Guava
  default-group-policy ABCtech_VPN
  tunnel-group ABCtech ipsec-attributes
  ikev1 pre-shared-key *****
  tunnel-group 173.190.123.138 type ipsec-l2l
  tunnel-group 173.190.123.138 general-attributes
  default-group-policy GroupPolicy_10.8.8.1
  tunnel-group 173.190.123.138 ipsec-attributes
  ikev1 pre-shared-key *****
  ikev2 remote-authentication pre-shared-key *****
  ikev2 remote-authentication certificate
  ikev2 local-authentication pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect pptp
    inspect ftp
    inspect netbios
  smtp-server 172.29.8.3
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:6a26676668b742900360f924b4bc80de
  : end

  Hello Wayne,
  Can you use a different subnet range than the internal interface, this could cause you a LOT of issues and hours on troubleshooting, so use a dedicated different Ip address range...
  I can see that the local Pool range is included into the inside interface Ip address subnet range, change that and the related config ( NAT,etc, ) and let us know what happens,
  Regards,
  Julio
  Security Trainer

• Cisco VPN Client and Quick VPN interaction?

  I have both a Cisco VPN client for connecting to my company LAN and a QuickVPN client for connecting to my home LAN installed on my W2K laptop.  Both start and run correctly, and both connect just as they should.  My home LAN uses a WRV54G router to provide VPN connection.  I can alternate back and forth between the two clients and connect to each LAN with no obvious issues, but not at the same time, of course.
  Here's the question.  When I connect to the home LAN, I can log on with no problem and I can remotely administer the WRV54G with no problem.  I can ping all of the wired and wireless W2K computers on my home LAN with no problem.  However, I cannot "see", browse or map any of the shared resources on my home LAN.  I have created user accounts on the home LAN computers for my laptop and router logins and I have given these accounts permissions to my shared resources, but I still cannot get to them.  Linksys tech support has been absolutely no help whatsoever, even after repeated attempts.
  While trying to troubleshoot this myself, I've noticed that when the Cisco VPN client is running and I'm connected to my company LAN, the IP address and subnet of my computer is changed to ones assigned by the DHCP server at my company.  This seems to happen because the Cisco client activates the "Local Area Connection Number 2" on my laptop and assigns IP addresses using it.  However, when I'm using the QuickVPN client to connect to my home, the IP address and subnet of my laptop continues to be those assigned by whatever local network I'm connected to (e.g. hotel, etc).
  I'm wondering if the QuickVPN is supposed to be assigning an IP address and subnet to my laptop from the WRV54G's DHCP server when I connect to my home LAN.  If so, could the Cisco VPN client installed on my laptop be preventing that from happening?
  Sorry for the long post, but I'm at my wit's end on this one and Linksys is just no help at all.

  1. The Cisco VPN client creates a virtual interface on your computer. This allows you to route traffic to the tunnel. The QuickVPN client is simpler. It only encrypts the traffic to the other end. It does not use a virtual interface. That's why you don't have another IP address when connected with QuickVPN. QuickVPN only encrypts IP packets with IPSec from your computer to 192.168.1.* (or whatever you may use on your WRV LAN) and sends them to the WRV's public IP address.
  2. Microsoft Windows file sharing and LAN network browsing depends on network broadcasts. Those only work inside a LAN. If you connect from the outside to a LAN, broadcasts won't go through the VPN tunnel. This means you cannot use standard name windows workgroup name resolution to access shares. Those are propagated with broadcasts which will never go through the VPN tunnel. This means you are not able to use workgroup browsing. All you can to do access your shares is to use the IP address of the other computer.
  In short:
  \\mycomputer\share won't work
  \\192.168.1.50\share works
  (assuming the general sharing setup is O.K., i.e. you can use sharing correctly inside your LAN).
  Of course, firewalls on the server end may cause problems. Access comes in from a public IP address. This may be blocked. Check the firewall logs on the server to find out if this is the case or not.
  Moreover, establishing the VPN connection from a private LAN to a private LAN may not work. This is due to the double network address translation which breaks IPSec and thus the connection. If the hotel uses private IP addresses, this may be the case. But in that case you won't get ping responses from your WRV LAN.
  What definitively won't work is in case when the hotel uses the same IP address subnet as you. If the hotel uses 192.168.1.* addresses and your WRV uses 192.168.1.* addresses you cannot connect. QuickVPN does only IPSec tunneling. There is no address translation in QuickVPN. Therefore connecting the identical private IP address subnet through QuickVPN will never work because all addresses exists twice, once on either side.

• Cisco VPN Client and Windows XP Home

  Hello,
  I cannot find any information to tell me whether Windows XP Home (Not XP Professional) is supported under ant Cisco VPN client 4.xx or 5.xx.
  We have several "home" users and when trying to install it just causes the pc to do a looping reboot.
  Can anyone advise please ?
  Scott

  Scott,
  Not sure if you read the release notes, but here they are are for V4.06 and V5.0:
  http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client46/release/notes/46clnt.html#wp1207576
  http://www.cisco.com/en/US/products/sw/secursw/ps2308/prod_release_note09186a0080884df5.html#wp1207576
  I'm not seeing anything that prohibits XP Home, but there are several caveats that may have direct bearing on why your user's can't get it installed (administrative access to internal firewalls).
  HTH
  Steve

• Is there really a Cisco VPN client for Linux? _Really?_

  Hello folks,           
          I've finally after almost experiencing a brain aneurysm by trying to think too hard got my Cisco 881-SEC-K9 router properly configured for a multipoint IPSec VPN tunnel to my Amazon Virtual Private Cloud, so that hurdle is finally passed and I actually feel it was a very important milestone in my life somehow. I never thought I'd see the day I actually got my hands on a legitimate Cisco non-stink... erm.. I mean, non-linksys router. Now I just can't seem to find a 'client' VPN program for Linux. I'm currently running a Xen Hypervisor environment on openSUSE Linux because it's the only Linux distribution that completes all of my strenous requirements in a Linux server environment. It's also the most mature, and secure Linux on this planet, making it the most appreciable Linux distribution for my research needs.  Using NetworkManager is not really an option for a basic Linux server environment, and OpenVPN is just too confusing to comprehend for my tiny little head.  I've heard mention of some mysterious "Easy VPN" but after hours of digging online can't find any information about it, even the Cisco download link leads to a Page Not Found error.  I do see a Linux VPN API for the AnyConnect program, but is that an actual VPN client, or just an API?  It seems to want my money to download it but I don't have any money nor do I really know what it is because it's all secretive-like, closed source, and I can't even find a simple README file on it explaining what it is exactly.  I'm just an out-of-work software developer trying to connect to my home router for personal use and I can't really afford to fork over a million and a half dollars for a single program that I'm only going to need to download once in my lifetime that should have been included with the router in the first place. I more than likely won't even be able to figure out how to use the program anyways because I don't know anything about VPN connections which is why I bought this router so I can try to figure it all out as part of the not-for-profit open source, volunteer research I'm presently trying to conduct.  Is there some kind of evaluation or trial period for personal use? That would be really nice so I could at least figure out if I'm going to be able to figure it out or not.  I hate throwing money away when it's in such short supply these days. There's really no alternative to a Cisco router.  It's an absolute necessity for the things I'm trying to accomplish, so trying to settle for something else and going on with my life is not really an option. No, this is something I just need to face head on and get it over with.
  <Rant>
         Maybe I have a little too much crazy in me for my own good, but I don't see why it should take so much money just to learn how to do something for personal reference, it's not really a skill I would ever use otherwise.  Wouldn't it be great if Cisco made their VPN client open source and free to the public to use and modify, to improve on, to learn and to grow and bring the whole world closer together as a community? Even the source code to the old discontinued Cisco VPN client could be used as a valuable learning tool for some poor starving college student or Open Source Software developer somewhere trying to get by on Ramen Noodles and Ramen Noodle Sauce on Toast (don't tell me you never thought about it).  Through the ripple effect, It would drastically improve sales over the course of time, because it would open the door to a whole new market where those who previously could not afford to participate now could. That's the true power of Open Source. It creates a more skilled work force for the future by openly contributing and sharing knowledge together. What if the next big internet technology and the solution to world tyranny - the solution to end all wars forever - were locked in the mind of an unemployed software developer who couldn't afford to upgrade their cisco router software or access the software they needed because it was closed source and required committing to an expensive service contract to download?  That would be just terrible, wouldn't it?  I guess there's no way to ever know for sure. I suppose I'd be just as happy if some kind soul out there could point me to an easy to use alternative to an always on VPN connection that runs in the background which doesn't require NetworkManager or having to spend days upon days digging through and trying to comprehend either some really poor or extremely complex documentation?  I apologize for all the run on sentences posed as questions, but I've just got some serious mental burnout from all of this, being unemployed is some hard work folks. I could really use a vacation.  Perhaps a camping trip to the coast is in order after I get this working, that sounds nice, doesn't it? Nothing like a good summer thunder storm on the ocean beach - far away from technology - to refresh the mind.
  </Rant>

  I do tend to talk too much and I don't mince any words either.  What I am however, is really appreciative for the help. I know you hear that all the time, but you have no idea how much time and headache you just saved me.  I think vpnc might be just what I've been looking for, unless someone can think of a client for Linux that I might be able to throw a little further.  I'm very security minded now, after the backlash of Blackhat 2013, there's no telling which direction the internet might head next. Oh, you didn't hear? Well wether they realize it or not, DARPA basically declared war with other government agencies by releasing their own version of a spy program for civilians to use against the whoever -- possibly even the governmnet itself. They even went so far as to suggest it's private usage to blanket entire cities in information gathering. Civilians are a powerful foe, as they are not bound by the oath of office, any evidence they obtain is admissible in court, wether they know that or not. There's a very important reason for that. It's to prevent another civil war from ever happening, we shed enough blood the first time around less people forgot.  It's something that can and will be avoided because our civilization has advanced beyond the need for bloodshed. The courts have to obey the majority rule, no matter what. For the first time in history, cyberwarfare can reach into the physical world to cause serious damage to physical structures like the nuclear facility incident in Iran.  There's scarry bills trying to sneak through congress that are changing the landscape of technology forever for the entire world. We're at a pivotal point now where things can happen. It will be interesting to see how it all plays out over the next decade or so. No matter which way you look at it, just be preparerd to sell a whole lot of routers.

• Cisco VPN Client after Windows Vista Update (KB941229)

  I had the Cisco VPN client 5 installed on my laptop and configured by the IT department at work. It was working fine all day until I restarted and KB941229 was automatically installed. When it turned back on the Cisco VPN service (CVPND) would attempt to run then stop. If I started it manually it would run for about a minute then stop again. Without the service running the VPN client won't open, let alone let me connect.
  I know this vista update is fairly recent so I'm not sure there will be a fix but maybe somebody can think of a workaround or some way to fix this situation.
  Things I've tried:
  1) Uninstalling the windows update
  2) restarting
  3) restarting (in denial that this was happening)
  4) configuring a vista VPN connection to attempt to connect to the company VPN (this failed too)
  Uninstalling the update caused me to be unable to ping for some reason. This meant the VPN client would run but be unable to connect to the server and yet I was entirely able to access the internet locally. I reinstalled the update assuming maybe the installation went badly but that caused the same problem with the VPN service stopping itself (or being stopped) after a minute.

  Hello
  my issue has been resolved.
  there is a service called Base Filtering Services running in background for Vista and has to disabled to make IP Sec VPN Client working.
  after doing so it works smoothly.
  - Dhaval Tandel

• IP Communicator doesn't work with Cisco VPN Client

  Hi,
  Im having problem to connect  IP Communicator (either ver 2 or 7 )whenever using Cisco VPN Client 5.0.06.0160 for windows
  the IPC didn't register to the CUCM
  There's nothing showing on the screen
  but whenever im using  Anyconnect VPN Client, it works perfectly
  The remote side is using ASA5505
  Anyone can help ??
  Thanks

       It's probably an issue with the ASA configuration in your "group-policy attributes".  The "split-tunnel-network-list value" is pointing to an access list without the subnet for the call manager.  While your ssl group-policy for webvpn has a "split-tunnel network-list value" access-list which does contain the subnet for the call manager.
       The other issue could be that your using different ip pools for ipsec and ssl vpn.  The ip pool subnet that you might be giving out for ipsec might not be in your "no nat" acl.
  Jason

• Problems w/ VPN Server & Cisco VPN Client on same machine

  I really wish that I read about how the developer of the program iVPN no longer supports his work BEFORE I paid for it. It's a great, simple, GUI frontend to the existing Leopard VPN server built in to regular (non-server) OSX...
  Anyway, on my Mac that stays @ home:
  (1) - I have the iVPN server set up & running to allow me to connect (from my iphone or another computer on the road) to my Mac @ home using L2TP.
  (2) - When I'm @ home and need to connect to my company's network, I need to use the Cisco VPN Client (which uses IPSec etc).
  So, I found out that when I need to use my Mac to connect to work, I first have to open up the iVPN server to click "Stop Server" (which has me enter my password twice sometimes). Now I close iVPN until I'm done, then open up Activity Monitor for the purpose of finding the still-running process "racoon". I realized this not because it's published info, but because if I don't do this, and try to connect to work using the Cisco VPN Client, it simply will not connect. So, I quit the process "racoon" (which also has me enter my password because it's running as root yada yada). NOW, I can load Cisco VPN Client and successfully connect to my company's network. When I'm finished here, I disconnect the C.V.C., then reopen iVPN Server and restart my server (enter password again).
  Is there any way I can make the process "racoon" quit automatically when I turn off the iVPN server? I'd email the developer but I guess that's a lost cause now. It's a shame because he did a fabulous job making iVPN & gave the less computer-networking-literate-user the ability to create their own VPN server without using Terminal.
  I thought about the possibility of using iVPN to create a PPTP connection instead of L2TP - thinking that would allow me to keep my iVPN PPTP server running at all times, even when I wanted to use the CVC to connect OUT to work - but:
  (1) - I would like the increased security of L2TP.
  (2) - When I tried running a PPTP server, and connecting to it from iPhone or other computer, I was NOT able to access the other devices on my network, or the internet. I couldn't even open up a webpage to check whatismyip.com (while sending all traffic over VPN). And yes, the IP Address Range that I have iVPN handing out is within my normal home network's range.
  My end goal for all of this when using my Mac is to be able to leave my iVPN server running at all times, while still being able to run the Cisco VPN CLIENT to connect to my company's network.
  Or, at least not having to open up Activity Monitor to quit the process racoon... let alone having to enter my password 3 times after opening up iVPN, again to stop the server, again to quit the process racoon. Then a forth when I'm all done and need to start the iVPN server again.
  Am I going about this the wrong way? Is there an easier way to accomplish these secure connections? There is a slight possibility of me upgrading and running a dedicated Mac Mini server of some sort perhaps with the real OSX Server. But not right now. I think I'm over complicating this. I mean, my needs are pretty simple:
  (1) - Need to connect TO my Mac from IPhone / someone else's Mac or PC for: VNC over SSH, SSH/SFTP file level access, in the future shared network volumes (time capsule). I'd use Back To My Mac for all of this but I don't always connect FROM a Mac.
  (2) - Need to connect FROM my Mac to work VPN for: VNC to my work PC to access our company's Windows-only program (dual booting into boot camp or using a virtual machine is out of the question), using Mocha for AS400 access, thinking about using file sharing on work PC but not needed so far.
  So it's really just VNC and sometimes SFTP. The "S" being important to me. That's why I don't like the idea of doing away with my iVPN server and just forwarding the outside ports. I use the Vine VNC Server which when checked, only allows access over SSH. The only other remote-logins are used from my iphone using an app called BriefCase (SSH to browse files on remote machine), or using an SFTP client on a computer.
  Thank you for reading all of this, and in advance for any insight you can offer.

  If the two servers need the same ports, then hosting two different VPN packages on the same box usually won't work.
  A firewall-based VPN service can be an option; that external box can deal with NAT and routing and other such and can field incoming or LAN-to-LAN VPNs, and your internal Mac boxes located "behind" that box can be free to initiate outbound VPNs.

• CISCO VPN CLIENT RUNNING KERNEL 64 MODE (DOESN'T WORK!?)

  Hi,
  I switched my Mac to Kernel 64 and some days after, trying to run my Cisco VPN Client (vpnclient-darwin-4.9.01.0180-universal-k9), give me back the classic "*ERROR 51: Unable to communicate with the VPN subsystem*"
  I'm not sure that the kernel 64 is the cause, but I believe it.
  I've just tried the reinstall (also all fix and work around findable on the web and forums), but nothing to do.
  The "+sudo SystemStarter restart CiscoVPN+" by terminal doesn't work, and it give back this message:
  "+(kernel) Kext com.cisco.nke.ipsec not found for unload request.+
  +Failed to unload com.cisco.nke.ipsec - (libkern/kext) not found.+
  +Starting Cisco Systems VPN Driver+
  +/System/Library/Extensions/CiscoVPN.kext failed to load - (libkern/kext) requested architecture/executable not found; check the system/kernel logs for errors or try kextutil(8).+"
  Someone has the same problem?
  (p.s.: sorry for my GOOD English...)

  Do you really need to run a 64 bit kernel? One of the reasons Apple boots into a 32 bit kernel is because not all 3rd party drivers are 64 bit capable.
  Unless you have a 64 bit only driver that you must run, or you have something like 32GB or more of RAM, the 32 bit Mac OS X kernel will work just as well as the 64 bit kernel. Both kernels will equally run 64 bit applications, so there is no downside to a 32 bit kernel for most users.
  There are some other posts in this forum where someone ran Mac benchmarks with a 32 bit and 64 bit kernel, and the results were essentially identical. The best performance improvement came from having a 64 bit application, but having a 64 bit kernel didn't affect performance at all.
  I too have to use the Cisco VPN Client, and as I do not see any advantage to running a 64 bit kernel, I will be happy running the 32 bit kernel starting Thursday, when my 27" iMac arrives