Cisco VPN with domain

Our company uses a Cisco VPN which requires a domain. When I connect using the client on my Mac or PC, the client asks for my name, password, and domain. On my iTouch, it asks for name, password, and domain, but only provides fields for name and password. The connection then fails. The log message in the iPhone Configuration Utility is:
Thu Sep 11 14:00:22 unknown configd[22] <Error>: IPSec Controller: Ignoring unsupported Xauth Domain
Any idea how to specify the Xauth Domain?

for what ever reason it just seemed to start working.

Similar Messages

  • Cisco VPN with window 8.1

    hi
    I have installed cisco VPN in my window 8.1 but when I enter my username and password the connection fails any idea how to overcome this issue.
    Thanks

    Hi,
    Based on my search,the Cisco VPN client is end of sales and not supported on Windows 8.1 (or Windows 8).
    http://www.cisco.com/en/US/products/sw/secursw/ps2308/
    I suggest you refer to the following article to check the result.
    https://supportforums.cisco.com/thread/2250992
    Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
    Regards,
    Kelvin hsu
    TechNet Community Support

  • Mac Lion can't connect to Cisco VPN with RSA authentication

    Hello,
    We have a problem with a manager who has upgrades his Mac to the latest Lion OS (64 bit), before uograding he could connect without any problem with his mac to our network and work on the terminal server. Since the upgrade he's not able to get it working in 64 bit (normal) mode.
    This our setup
    Cisco  PIX 515
    RSA Cisco Pix security Apliance.
    Does anybody have any advice to get this setup working.
    regards

    Hi Raymond,
    We have encounter the same issue with one of our sales director, the upgrade to MAC OS-X Lion breaks the VPN IPsec connexion. We have tryed various type of tunning with no sucess.
    Finally, as wordaround, we have installed the AnyConnect client and it works fine now.
    Vincent

  • Kernel panc & Cisco VPN client

    Can someone take a look at the below and tell me if the Cisco VPN client is crashing my system? Thanks.
    Interval Since Last Panic Report: 1353403 sec
    Panics Since Last Report: 1
    Anonymous UUID: 847B0480-8E72-4988-862B-D1FCA722F3BB
    Tue Oct 6 09:47:56 2009
    panic(cpu 0 caller 0x2a6ac2): Kernel trap at 0x002929e6, type 14=page fault, registers:
    CR0: 0x8001003b, CR2: 0x0829a2ec, CR3: 0x00100000, CR4: 0x000006e0
    EAX: 0x46a95b84, EBX: 0x00003b78, ECX: 0x000000af, EDX: 0x000005a4
    CR2: 0x0829a2ec, EBP: 0x5bd4be68, ESI: 0x0829a2ec, EDI: 0x46a95e6c
    EFL: 0x00010216, EIP: 0x002929e6, CS: 0x00000008, DS: 0x00000010
    Error code: 0x00000000
    Backtrace (CPU 0), Frame : Return Address (4 potential args on stack)
    0x5bd4bbf8 : 0x21acfa (0x5ce650 0x5bd4bc2c 0x223156 0x0)
    0x5bd4bc48 : 0x2a6ac2 (0x590a50 0x2929e6 0xe 0x590c1a)
    0x5bd4bd28 : 0x29c968 (0x5bd4bd40 0x50 0x5bd4be68 0x2929e6)
    0x5bd4bd38 : 0x2929e6 (0xe 0x5bd40048 0x10 0x5c730010)
    0x5bd4be68 : 0x5c7383e5 (0x5bd4bed0 0x5bd4becc 0x5bd4bed4 0x5bd4bed8)
    0x5bd4bef8 : 0x31772d (0x0 0x8247604 0x2 0x5bd4bf74)
    0x5bd4bf68 : 0x317b37 (0x0 0x5748ee00 0x0 0x7a6442c)
    0x5bd4bfc8 : 0x29c68c (0x7a64404 0x0 0x29c69b 0x7be07a8)
    Kernel Extensions in backtrace (with dependencies):
    com.cisco.nke.ipsec(2.0.1)@0x5c736000->0x5c7a4fff
    BSD process name corresponding to current thread: kernel_task
    Mac OS version:
    10B504
    Kernel version:
    Darwin Kernel Version 10.0.0: Fri Jul 31 22:47:34 PDT 2009; root:xnu-1456.1.25~1/RELEASE_I386
    System model name: MacBookPro3,1 (Mac-F4238BC8)
    System uptime in nanoseconds: 2747345949935
    unloaded kexts:
    com.apple.driver.AppleFileSystemDriver 2.0 (addr 0x556e2000, size 0x12288) - last unloaded 127144562322
    loaded kexts:
    com.cisco.nke.ipsec 2.0.1
    com.vmware.kext.vmnet 2.0.6
    com.vmware.kext.vmioplug 2.0.6
    com.vmware.kext.vmci 2.0.6
    com.vmware.kext.vmx86 2.0.6
    com.Logitech.Control Center.HID Driver 3.1.0
    com.apple.driver.AppleHWSensor 1.9.2d0 - last loaded 32472308361
    com.apple.driver.AppleUpstreamUserClient 3.0.5
    com.apple.DontSteal_Mac_OSX 7.0.0
    com.apple.GeForce 6.0.2
    com.apple.driver.AudioIPCDriver 1.1.0
    com.apple.driver.AppleHDA 1.7.4a1
    com.apple.driver.SMCMotionSensor 3.0.0d4
    com.apple.driver.AirPort.Atheros 411.19.4
    com.apple.kext.AppleSMCLMU 1.4.5d1
    com.apple.driver.AppleIntelMeromProfile 19
    com.apple.driver.AppleIRController 161
    com.apple.driver.ACPISMCPlatformPlugin 3.4.0a20
    com.apple.driver.AppleLPC 1.4.6
    com.apple.driver.AppleBacklight 170.0.2
    com.apple.iokit.AppleYukon2 3.1.14b1
    com.apple.filesystems.autofs 2.1.0
    com.apple.driver.AppleUSBTrackpad 1.8.0b4
    com.apple.driver.AppleUSBTCKeyEventDriver 1.8.0b4
    com.apple.driver.AppleUSBTCKeyboard 1.8.0b4
    com.apple.driver.Oxford_Semi 2.5.0
    com.apple.iokit.SCSITaskUserClient 2.5.1
    com.apple.iokit.IOAHCIBlockStorage 1.5.0
    com.apple.driver.AppleAHCIPort 2.0.0
    com.apple.driver.AppleUSBHub 3.7.8
    com.apple.driver.AppleIntelPIIXATA 2.5.0
    com.apple.BootCache 31
    com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0d1
    com.apple.driver.AppleFWOHCI 4.3.4
    com.apple.driver.AppleEFINVRAM 1.3.0
    com.apple.driver.AppleUSBEHCI 3.7.5
    com.apple.driver.AppleUSBUHCI 3.7.5
    com.apple.driver.AppleRTC 1.3
    com.apple.driver.AppleHPET 1.4
    com.apple.driver.AppleSmartBatteryManager 160.0.0
    com.apple.driver.AppleACPIButtons 1.3
    com.apple.driver.AppleSMBIOS 1.4
    com.apple.driver.AppleACPIEC 1.3
    com.apple.driver.AppleAPIC 1.4
    com.apple.security.sandbox 0
    com.apple.security.quarantine 0
    com.apple.nke.applicationfirewall 2.0.11
    com.apple.driver.AppleIntelCPUPowerManagementClient 90.0.0
    com.apple.driver.AppleIntelCPUPowerManagement 90.0.0
    com.apple.driver.AppleProfileReadCounterAction 17
    com.apple.driver.AppleProfileTimestampAction 10
    com.apple.driver.AppleProfileThreadInfoAction 14
    com.apple.driver.AppleProfileRegisterStateAction 10
    com.apple.driver.AppleProfileKEventAction 10
    com.apple.driver.AppleProfileCallstackAction 20
    com.apple.iokit.IOSurface 73.0
    com.apple.iokit.IOBluetoothSerialManager 2.2.1f7
    com.apple.iokit.IOSerialFamily 10.0.2
    com.apple.driver.DspFuncLib 1.7.4a1
    com.apple.iokit.IOAudioFamily 1.7.0fc16
    com.apple.kext.OSvKernDSPLib 1.3
    com.apple.nvidia.nv50hal 6.0.2
    com.apple.NVDAResman 6.0.2
    com.apple.iokit.IOFireWireIP 2.0.3
    com.apple.iokit.IO80211Family 300.20
    com.apple.iokit.AppleProfileFamily 40
    com.apple.driver.AppleHDAController 1.7.4a1
    com.apple.iokit.IOHDAFamily 1.7.4a1
    com.apple.driver.AppleSMC 3.0.1d2
    com.apple.driver.IOPlatformPluginFamily 3.4.0a20
    com.apple.iokit.IONDRVSupport 2.0
    com.apple.iokit.IOGraphicsFamily 2.0
    com.apple.iokit.IONetworkingFamily 1.8
    com.apple.driver.CSRUSBBluetoothHCIController 2.2.1f7
    com.apple.driver.AppleUSBBluetoothHCIController 2.2.1f7
    com.apple.iokit.IOBluetoothFamily 2.2.1f7
    com.apple.iokit.IOUSBHIDDriver 3.7.5
    com.apple.iokit.IOSCSIBlockCommandsDevice 2.5.1
    com.apple.driver.AppleUSBMergeNub 3.7.5
    com.apple.driver.AppleUSBComposite 3.7.5
    com.apple.iokit.IOFireWireSerialBusProtocolTransport 2.0.0
    com.apple.iokit.IOFireWireSBP2 4.0.5
    com.apple.iokit.IOSCSIMultimediaCommandsDevice 2.5.1
    com.apple.iokit.IOBDStorageFamily 1.6
    com.apple.iokit.IODVDStorageFamily 1.6
    com.apple.iokit.IOCDStorageFamily 1.6
    com.apple.iokit.IOATAPIProtocolTransport 2.5.0
    com.apple.iokit.IOSCSIArchitectureModelFamily 2.5.1
    com.apple.driver.XsanFilter 402.1
    com.apple.iokit.IOAHCIFamily 2.0.0
    com.apple.iokit.IOUSBUserClient 3.7.5
    com.apple.iokit.IOATAFamily 2.5.0
    com.apple.iokit.IOFireWireFamily 4.1.7
    com.apple.driver.AppleEFIRuntime 1.3.0
    com.apple.iokit.IOUSBFamily 3.7.8
    com.apple.iokit.IOHIDFamily 1.6.0
    com.apple.iokit.IOSMBusFamily 1.1
    com.apple.security.TMSafetyNet 6
    com.apple.kext.AppleMatch 1.0.0d1
    com.apple.driver.DiskImages 281
    com.apple.iokit.IOStorageFamily 1.6
    com.apple.driver.AppleACPIPlatform 1.3
    com.apple.iokit.IOPCIFamily 2.6
    com.apple.iokit.IOACPIFamily 1.3.0
    System Profile:
    Model: MacBookPro3,1, BootROM MBP31.0070.B07, 2 processors, Intel Core 2 Duo, 2.2 GHz, 4 GB, SMC 1.16f11
    Graphics: NVIDIA GeForce 8600M GT, GeForce 8600M GT, PCIe, 128 MB
    Memory Module: global_name
    AirPort: spairportwireless_card_type_airportextreme (0x168C, 0x87), Atheros 5416: 2.0.19.4
    Bluetooth: Version 2.2.1f7, 2 service, 0 devices, 1 incoming serial ports
    Network Service: AirPort, AirPort, en1
    PCI Card: pci168c,24, sppci_othernetwork, PCI Slot 5
    Serial ATA Device: FUJITSU MHW2120BH, 111.79 GB
    Parallel ATA Device: MATSHITADVD-R UJ-857E
    USB Device: Built-in iSight, 0x05ac (Apple Inc.), 0x8502, 0xfd400000
    USB Device: Apple Internal Keyboard / Trackpad, 0x05ac (Apple Inc.), 0x021a, 0x5d200000
    USB Device: IR Receiver, 0x05ac (Apple Inc.), 0x8242, 0x5d100000
    USB Device: Bluetooth USB Host Controller, 0x05ac (Apple Inc.), 0x8205, 0x1a100000
    USB Device: USB Receiver, 0x046d (Logitech Inc.), 0xc525, 0x1a200000
    FireWire Device: OEM ATA Device 00, G-TECH, Up to 800 Mb/sec

    I had the same problem, and I think Cisco VPN client causes crashes in SL ( I had at least 3 crashes everyday) after uninstalling Cisco VPN client I don't have crashes anymore
    for uninstalling :
    1- open terminal
    2-cd /
    3-type cd /usr/local/bin ( hit return)
    4-type ls and hit return ( to be sure that vpn_uninstall is there)
    5-Type sudo ./vpn_uninstall ( hit return)
    6- type your admin pass.
    7- for the question type yes( hit return)
    8- do the same as 7
    then your good to go
    for using built-in cisco vpn in snow leopard follow the instructions of this url
    http://erbmicha.com/2009/09/07/how-to-cisco-vpn-with-snow-leopard-via-pcf-file/

  • Having trouble installing cisco vpn 2.2.0128

    Anyone having trouble installing vpn 2.2.0128? I am getting a run postflight script failure when trying to use the installer.

    How To: Cisco VPN with Snow Leopard via .pcf File
    Make sure you completely uninstall Cisco's software. It's garbage.

  • Cisco VPN Certificate

    I was trying to setup the Cisco VPN with SL. I just got to the point where I have to select the certificate (instead of shared secret key). Everytime I click on "Select..." it says "Keine Rechner-Zertifikate gefunden" (in English: "No computer certificates found")
    What's the exact problem?

    i have the same problem! Please Help

  • Does mountain lion support CISCO VPN client ?

    Does OS X 10.8 mountain lion support CISCO VPN client? if yes which version ?, Does OS X 10.8 mountain lion support CISCO VPN client? if yes which version ?

    If you have issues, try this link
    http://erbmicha.com/2009/09/07/how-to-cisco-vpn-with-snow-leopard-via-pcf-file/
    works for Mountain Lion as well

  • Is it possible to use ICS with a Cisco VPN client to allow pass through access for Domain login for a second machine.

    I have a current machine Windows 7 Pro with a Cisco VPN 3.5v client that currently connects with access to a customers network.
    They shipped a second machine Windows 8.1 Pro without adding local accounts, that is pre-joined to a sub-domain the first system has access to.
    Would it be possible to use the first machine as a ICS or Router to allow the second machine to see or access for log in, without returning to the customer site and plugging in for a log in point?
    Trying to save a 3 to 4 hr trip and lugging a system back for myself and the rest of the team.
    Thanks

    Hi,
    Please refer to this part
    http://windows.microsoft.com/en-hk/windows/using-internet-connection-sharing#1TC=windows-7
    ICS and VPN connections
    If you create a virtual private network (VPN) connection on your  host computer to a corporate network and then enable  ICS on that connection, all Internet traffic is routed to the corporate network and all of the computers on your home network
    can access the corporate network. If you don't enable ICS on the VPN connection, other computers won't have access to the Internet or corporate network while the VPN connection is active on the host computer
    Yolanda Zhu
    TechNet Community Support

  • ASA , Cisco VPN client with RADIUS authentication

    Hi,
    I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
    All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
    Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
    Thank you.
    Kind regards,
    Alex

    Hi Alex,
    It is working as it should.
    You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
    thanks
    John

  • Need help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 8.2(1)

    Need urgent help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 - 8.2(1).
    The following is the Layout:
    There are two Leased Lines for Internet access - 1.1.1.1 & 2.2.2.2, the latter being the Standard Default route, the former one is for backup.
    I have been able to configure  Client to Site IPSec VPN
    1) With access from Outside to only the Internal Network (172.16.0.0/24) behind the asa
    2) With Split tunnel with simultaneous assess to internal LAN and Outside Internet.
    But I have not been able to make tradiotional Hairpinng model work in this scenario.
    I followed every possible sugestions made in this regard in many Discussion Topics but still no luck. Can someone please help me out here???
    Following is the Running-Conf with Normal Client to Site IPSec VPN configured with No internat Access:
    LIMITATION: Can't Boot into any other ios image for some unavoidable reason, must use 8.2(1)
    running-conf  --- Working  normal Client to Site VPN without internet access/split tunnel
    ASA Version 8.2(1)
    hostname ciscoasa
    domain-name cisco.campus.com
    enable password xxxxxxxxxxxxxx encrypted
    passwd xxxxxxxxxxxxxx encrypted
    names
    interface GigabitEthernet0/0
    nameif internet1-outside
    security-level 0
    ip address 1.1.1.1 255.255.255.240
    interface GigabitEthernet0/1
    nameif internet2-outside
    security-level 0
    ip address 2.2.2.2 255.255.255.224
    interface GigabitEthernet0/2
    nameif dmz-interface
    security-level 0
    ip address 10.0.1.1 255.255.255.0
    interface GigabitEthernet0/3
    nameif campus-lan
    security-level 0
    ip address 172.16.0.1 255.255.0.0
    interface Management0/0
    nameif CSC-MGMT
    security-level 100
    ip address 10.0.0.4 255.255.255.0
    boot system disk0:/asa821-k8.bin
    boot system disk0:/asa843-k8.bin
    ftp mode passive
    dns server-group DefaultDNS
    domain-name cisco.campus.com
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group network cmps-lan
    object-group network csc-ip
    object-group network www-inside
    object-group network www-outside
    object-group service tcp-80
    object-group service udp-53
    object-group service https
    object-group service pop3
    object-group service smtp
    object-group service tcp80
    object-group service http-s
    object-group service pop3-110
    object-group service smtp25
    object-group service udp53
    object-group service ssh
    object-group service tcp-port
    object-group service udp-port
    object-group service ftp
    object-group service ftp-data
    object-group network csc1-ip
    object-group service all-tcp-udp
    access-list INTERNET1-IN extended permit ip host 1.2.2.2 host 2.2.2.3
    access-list CSC-OUT extended permit ip host 10.0.0.5 any
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq www
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq https
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ssh
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ftp
    access-list CAMPUS-LAN extended permit udp 172.16.0.0 255.255.0.0 any eq domain
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq smtp
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq pop3
    access-list CAMPUS-LAN extended permit ip any any
    access-list csc-acl remark scan web and mail traffic
    access-list csc-acl extended permit tcp any any eq smtp
    access-list csc-acl extended permit tcp any any eq pop3
    access-list csc-acl remark scan web and mail traffic
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 993
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq imap4
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 465
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq www
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq https
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq smtp
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq pop3
    access-list INTERNET2-IN extended permit ip any host 1.1.1.2
    access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
    access-list DNS-inspect extended permit tcp any any eq domain
    access-list DNS-inspect extended permit udp any any eq domain
    access-list capin extended permit ip host 172.16.1.234 any
    access-list capin extended permit ip host 172.16.1.52 any
    access-list capin extended permit ip any host 172.16.1.52
    access-list capin extended permit ip host 172.16.0.82 host 172.16.0.61
    access-list capin extended permit ip host 172.16.0.61 host 172.16.0.82
    access-list capout extended permit ip host 2.2.2.2 any
    access-list capout extended permit ip any host 2.2.2.2
    access-list campus-lan_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.150.0 255.255.255.0
    pager lines 24
    logging enable
    logging buffered debugging
    logging asdm informational
    mtu internet1-outside 1500
    mtu internet2-outside 1500
    mtu dmz-interface 1500
    mtu campus-lan 1500
    mtu CSC-MGMT 1500
    ip local pool vpnpool1 192.168.150.2-192.168.150.250 mask 255.255.255.0
    ip verify reverse-path interface internet2-outside
    ip verify reverse-path interface dmz-interface
    ip verify reverse-path interface campus-lan
    ip verify reverse-path interface CSC-MGMT
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-621.bin
    no asdm history enable
    arp timeout 14400
    global (internet1-outside) 1 interface
    global (internet2-outside) 1 interface
    nat (campus-lan) 0 access-list campus-lan_nat0_outbound
    nat (campus-lan) 1 0.0.0.0 0.0.0.0
    nat (CSC-MGMT) 1 10.0.0.5 255.255.255.255
    static (CSC-MGMT,internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255
    access-group INTERNET2-IN in interface internet1-outside
    access-group INTERNET1-IN in interface internet2-outside
    access-group CAMPUS-LAN in interface campus-lan
    access-group CSC-OUT in interface CSC-MGMT
    route internet2-outside 0.0.0.0 0.0.0.0 2.2.2.5 1
    route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    aaa authentication enable console LOCAL
    http server enable
    http 10.0.0.2 255.255.255.255 CSC-MGMT
    http 10.0.0.8 255.255.255.255 CSC-MGMT
    http 1.2.2.2 255.255.255.255 internet2-outside
    http 1.2.2.2 255.255.255.255 internet1-outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map internet2-outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map internet2-outside_map interface internet2-outside
    crypto ca trustpoint _SmartCallHome_ServerCA
    crl configure
    crypto ca certificate chain _SmartCallHome_ServerCA
    certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy
            a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as
      quit
    crypto isakmp enable internet2-outside
    crypto isakmp policy 10
    authentication pre-share
    encryption aes
    hash md5
    group 2
    lifetime 86400
    telnet 10.0.0.2 255.255.255.255 CSC-MGMT
    telnet 10.0.0.8 255.255.255.255 CSC-MGMT
    telnet timeout 5
    ssh 1.2.3.3 255.255.255.240 internet1-outside
    ssh 1.2.2.2 255.255.255.255 internet1-outside
    ssh 1.2.2.2 255.255.255.255 internet2-outside
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    group-policy VPN_TG_1 internal
    group-policy VPN_TG_1 attributes
    vpn-tunnel-protocol IPSec
    username ssochelpdesk password xxxxxxxxxxxxxx encrypted privilege 15
    username administrator password xxxxxxxxxxxxxx encrypted privilege 15
    username vpnuser1 password xxxxxxxxxxxxxx encrypted privilege 0
    username vpnuser1 attributes
    vpn-group-policy VPN_TG_1
    tunnel-group VPN_TG_1 type remote-access
    tunnel-group VPN_TG_1 general-attributes
    address-pool vpnpool1
    default-group-policy VPN_TG_1
    tunnel-group VPN_TG_1 ipsec-attributes
    pre-shared-key *
    class-map cmap-DNS
    match access-list DNS-inspect
    class-map csc-class
    match access-list csc-acl
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class csc-class
      csc fail-open
    class cmap-DNS
      inspect dns preset_dns_map
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y
    : end
    Neither Adding dynamic NAT for 192.168.150.0/24 on outside interface works, nor does the sysopt connection permit-vpn works
    Please tell what needs to be done here, to hairpin all the traffic to internet comming from VPN Clients.
    That is I need clients conected via VPN tunnel, when connected to internet, should have their IP's NAT'ted  against the internet2-outside interface address 2.2.2.2, as it happens for the Campus Clients (172.16.0.0/16)
    I'm not much conversant with everything involved in here, therefore please be elaborative in your replies. Please let me know if you need any more information regarding this setup to answer my query.
    Thanks & Regards
    maxs

    Hi Jouni,
    Thanks again for your help, got it working. Actually the problem was ASA needed some time after configuring to work properly ( ?????? ). I configured and tested several times within a short period, during the day and was not working initially, GUI packet tracer was showing some problems (IPSEC Spoof detected) and also there was this left out dns. Its working fine now.
    But my problem is not solved fully here.
    Does hairpinning model allow access to the campus LAN behind ASA also?. Coz the setup is working now as i needed, and I can access Internet with the NAT'ed ip address (outside-interface). So far so good. But now I cannot access the Campus LAN behind the asa.
    Here the packet tracer output for the traffic:
    packet-tracer output
    asa# packet-tracer input internet2-outside tcp 192.168.150.1 56482 172.16.1.249 22
    Phase: 1
    Type: ACCESS-LIST
    Subtype:
    Result: ALLOW
    Config:
    Implicit Rule
    Additional Information:
    MAC Access list
    Phase: 2
    Type: FLOW-LOOKUP
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Found no matching flow, creating a new flow
    Phase: 3
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   172.16.0.0      255.255.0.0     campus-lan
    Phase: 4
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   192.168.150.1   255.255.255.255 internet2-outside
    Phase: 5
    Type: ACCESS-LIST
    Subtype: log
    Result: ALLOW
    Config:
    access-group internnet1-in in interface internet2-outside
    access-list internnet1-in extended permit ip 192.168.150.0 255.255.255.0 any
    Additional Information:
    Phase: 6
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 7
    Type: CP-PUNT
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 8
    Type: VPN
    Subtype: ipsec-tunnel-flow
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 9
    Type: NAT-EXEMPT
    Subtype: rpf-check
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 10
    Type: NAT
    Subtype:     
    Result: DROP
    Config:
    nat (internet2-outside) 1 192.168.150.0 255.255.255.0
      match ip internet2-outside 192.168.150.0 255.255.255.0 campus-lan any
        dynamic translation to pool 1 (No matching global)
        translate_hits = 14, untranslate_hits = 0
    Additional Information:
    Result:
    input-interface: internet2-outside
    input-status: up
    input-line-status: up
    output-interface: internet2-outside
    output-status: up
    output-line-status: up
    Action: drop
    Drop-reason: (acl-drop) Flow is denied by configured rule
    The problem here as you can see is the Rule for dynamic nat that I added to make hairpin work at first place
    dynamic nat
    asa(config)#nat (internet2-outside) 1 192.168.150.0 255.255.255.0
    Is it possible to access both
    1)LAN behind ASA
    2)INTERNET via HAIRPINNING  
    simultaneously via a single tunnel-group?
    If it can be done, how do I do it. What changes do I need to make here to get simultaneous access to my LAN also?
    Thanks & Regards
    Abhijit

  • Boot camp with Cisco VPN client and smart card

    Looking at a Macbook or Macbook Air and the only reason I need to run windows is to be able to access my work network through the Cisco VPN client and my Smartcard then use remote desktop. From my understanding if I run Bootcamp it should work am I correct? Im going to an Apple store tomorrow hopefully they can help too.
    Thanks

    mrbacklash wrote:
    Ok with that being said will the MBA 11.6 1.4ghz have the guts to make it run mostly internet based programs over the VPN connection?
    I think if you are running apps over the Internet the bottleneck will be the Internet and your VPN bandwidth. Your computer can certainly execute faster than Internet communications.
    Besides, Internet or remote applications run on the remote server. All your local computer does is local processing of the data if necessary.
    Message was edited by: BobTheFisherman

  • Problem with Cisco VPN client and HP elitebook 2530p windows 7 64-bit

    Hi there
    I have a HP Elitebook 2530p which i upgraded to windows 7 64-bit. I installed the Cisco VPN client application (ver. 5.0.07.0290 and also 64-bit) and the HP connection manager to connect to the internet through a modem Qualcomm gobi 1000 (that is inside the laptop). When I connect to the VPN, it connects (I write the username and password) but there is no traffic inside de virtual adapter for my servers. When I connect to the internet through wire or wireless internet, I connect de VPN client and there is no problem to establish communication to my servers.
    I tried everything, also change the driver and an earlier version of the HP connection manager application. I also talked to HP and they told me that there was a report with this kind of problem and it was delivered to Cisco. I don’t know where is the problem.
    Could anyone help me?
    Thanks to all.

    You can try to update Deterministic Network Enhancer to the below listed release which supports
    WWAN Drivers.
    http://www.citrix.com/lang/English/lp/lp_1680845.asp.
    DNE now supports WWAN devices in Win7.  Before downloading the latest version of DNEUpdate from the links below,  be sure you have the latest
    drivers for your network adapters by downloading them from the vendors’ websites.
    For 64-bit: ftp://files.citrix.com/dneupdate64.msi
    Hope that helps.

  • Azure Site to Site VPN with Cisco ASA 5505

    I have got Cisco ASA 5505 device (version 9.0(2)). And i cannot connect S2S with azure (azure network alway in "connecting" state). In my cisco log:
    IP = 104.40.182.93, Keep-alives configured on but peer does not support keep-alives (type = None)
    Group = 104.40.182.93, IP = 104.40.182.93, QM FSM error (P2 struct &0xcaaa2a38, mess id 0x1)!
    Group = 104.40.182.93, IP = 104.40.182.93, Removing peer from correlator table failed, no match!
    Group = 104.40.182.93, IP = 104.40.182.93,Overriding Initiator's IPSec rekeying duration from 102400000 to 4608000 Kbs
    Group = 104.40.182.93, IP = 104.40.182.93, PHASE 1 COMPLETED
    I have done all cisco s2s congiguration over standard wizard cos seems your script for 8.x version of asa only?
    (Does azure support 9.x version of asa?)
    How can i fix it?

    Hi,
    As of now, we do not have any scripts for Cisco ASA 9x series.
    Thank you for your interest in Windows Azure. The Dynamic routing is not supported for the Cisco ASA family of devices.
    Unfortunately, a dynamic routing VPN gateway is required for Multi-Site VPN, VNet to VNet, and Point-to-Site.
    However, you should be able to setup a site-to-site VPN with Cisco ASA 5505 series security appliance as
    demonstrated in this blog:
    Step-By-Step: Create a Site-to-Site VPN between your network and Azure
    http://blogs.technet.com/b/canitpro/archive/2013/10/09/step-by-step-create-a-site-to-site-vpn-between-your-network-and-azure.aspx
    You can refer to this article for Cisco ASA templates for Static routing:
    http://msdn.microsoft.com/en-us/library/azure/dn133793.aspx
    Did you download the VPN configuration file from the dashboard and copy the content of the configuration
    file to the Command Line Interface of the Cisco ASDM application? It seems that there is no specified IP address in the access list part and maybe that is why the states message appeared.
    According to the
    Cisco ASA template, it should be similar to this:
    access-list <RP_AccessList>
    extended permit ip object-group
    <RP_OnPremiseNetwork> object-group <RP_AzureNetwork>
    nat (inside,outside) source static <RP_OnPremiseNetwork>
    <RP_OnPremiseNetwork> destination static <RP_AzureNetwork>
    <RP_AzureNetwork>
    Based on my experience, to establish
    IPSEC tunnel, you need to allow the ESP protocol and UDP Port 500. Please make sure that the
    VPN device cannot be located behind a NAT. Besides, since Cisco ASA templates are not
    compatible for dynamic routing, please make sure that you chose the static routing.
    Since you configure the VPN device yourself, it's important that you would be familiar with the device and its configuration settings.
    Hope this helps you.
    Girish Prajwal

  • My cisco vpn no longer works with Lion

    After installing Lion, my cisco vpn no longer works. If I force boot in 32 bit mode it works fine, so appears to be a cisco client issue. Does anyone know if CISCO is working on  64bit client compatible with Lion?

    Not sure this answer helps me or anyone else. My VPN connection no longer works in Lion. How do I re-set the parameters of my VPN connection to work in Lion?
    Below is what my VPN screen look like:

  • Cisco VPN no longer works with the E4200

    VPN issue with the E4200.  Validated that VPN passthrough is enabled.  Using Cisco VPN as the client.  Used to work prior to the firmware upgrade so not sure what has changed.  Error code on the Cisco VPN client is "Secure VPN connection terminated by local client.  Reason 414.  Failed to establish a TCP connection."
    Any help would be appreciated.

    Hi all,
    i just had time to to a network capture
    The ip have been changed but btw :
    - 172.20.10.2 = A computer conntect to internet that will try to reach the vpn server behind the E4200
    - 77.56.226.107 = The internet valid ip address of the Linksys E4200 router.
    So below is the  proof that GRE protocol is not forwarded/passing the router.
    Frames 29/30/31 : Standard TCP/IP communication intialization. SYN, SNY ACK, ACK....
    Frames 32/34/36/37/38/39 : initialization of pp2p using port 1723
    Frame 43 : ACK of 39
    Frames 40,52,67,80... Request send using protocol 47 GRE... and the server not responding as the router blocks them...
    No.
    Time
    Source
    Destination
    Protocol
    Length
    Info
    28
    7.122278
    138.188.101.189
    172.20.10.2
    DNS
    198
    Standard query response A 77.56.226.107
    29
    7.141732
    172.20.10.2
    77.56.226.107
    TCP
    62
    49395 &gt; pptp [SYN] Seq=0 Win=8192 Len=0 MSS=1460 SACK_PERM=1
    30
    7.217517
    77.56.226.107
    172.20.10.2
    TCP
    62
    pptp &gt; 49395 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1380 SACK_PERM=1
    31
    7.217835
    172.20.10.2
    77.56.226.107
    TCP
    54
    49395 &gt; pptp [ACK] Seq=1 Ack=1 Win=16560 Len=0
    32
    7.221922
    172.20.10.2
    77.56.226.107
    PPTP
    210
    Start-Control-Connection-Request
    34
    7.294936
    77.56.226.107
    172.20.10.2
    TCP
    54
    pptp &gt; 49395 [ACK] Seq=1 Ack=157 Win=6432 Len=0
    36
    7.351526
    77.56.226.107
    172.20.10.2
    PPTP
    210
    Start-Control-Connection-Reply
    37
    7.351622
    172.20.10.2
    77.56.226.107
    PPTP
    222
    Outgoing-Call-Request
    38
    7.428474
    77.56.226.107
    172.20.10.2
    PPTP
    86
    Outgoing-Call-Reply
    39
    7.445873
    172.20.10.2
    77.56.226.107
    PPTP
    78
    Set-Link-Info
    40
    7.453787
    172.20.10.2
    77.56.226.107
    GRE
    71
    Encapsulated PPP
    43
    7.549399
    77.56.226.107
    172.20.10.2
    TCP
    54
    pptp &gt; 49395 [ACK] Seq=189 Ack=349 Win=7504 Len=0
    52
    9.469811
    172.20.10.2
    77.56.226.107
    GRE
    71
    Encapsulated PPP
    67
    12.511434
    172.20.10.2
    77.56.226.107
    GRE
    71
    Encapsulated PPP
    80
    16.567525
    172.20.10.2
    77.56.226.107
    GRE
    71
    Encapsulated PPP
    81
    20.623443
    172.20.10.2
    77.56.226.107
    GRE
    71
    Encapsulated PPP
    83
    24.679479
    172.20.10.2
    77.56.226.107
    GRE
    71
    Encapsulated PPP
    85
    28.735523
    172.20.10.2
    77.56.226.107
    GRE
    71
    Encapsulated PPP
    86
    32.791514
    172.20.10.2
    77.56.226.107
    GRE
    71
    Encapsulated PPP
    87
    36.847452
    172.20.10.2
    77.56.226.107
    GRE
    71
    Encapsulated PPP
    88
    37.797042
    77.56.226.107
    172.20.10.2
    TCP
    54
    pptp &gt; 49395 [FIN, ACK] Seq=189 Ack=349 Win=7504 Len=0
    89
    37.797165
    172.20.10.2
    77.56.226.107
    TCP
    54
    49395 &gt; pptp [ACK] Seq=349 Ack=190 Win=16372 Len=0
    90
    37.801537
    172.20.10.2
    77.56.226.107
    TCP
    54
    49395 &gt; pptp [FIN, ACK] Seq=349 Ack=190 Win=16372 Len=0
    93
    37.876767
    77.56.226.107
    172.20.10.2
    TCP
    54
    pptp &gt; 49395 [ACK] Seq=190 Ack=350 Win=7504 Len=0

Maybe you are looking for

  • Applet not running Jama Package.

    Hello! I am trying to create an applet which at some point should solve a linear system. I tried using the Jama Package. I have written a program which does exactly the same thing as the applet and everything works fine.However when i try to run the

  • PP CS6 PageUp & PageDn shortcut keys not working

    Heads up... This may look like a simple topic that's been covered before, but read on and you'll see it's different. I've been using Premiere since v5.5 (Windows 95, not CS 5.5!). I use lots of shortcut keys for all my apps. Premiere has always used

  • Pa0128-Notification issue in HR-ABAP

    Hi all, Can any one help me. I want to display notifaction Text in Pa0128 infotype . Please help me. Its urgent. Regards, Vasu.

  • Space.bar.is.not.responding.

    I.was.using.my.keyboard.and.I.think.I.have.hit.a.key.by.mistake.as.suddenly.my.space.bar.stopped.responding.this.is.the.only.way.I.can.type.anything.please.help

  • Renew-subscription doesnt work

    Hi, I have a lapsed subscription to AE that I needed to renew. I went online paid for my renewal I open my software but it keeps saying i need to renew my subscription! I have logged out , restarted my computer, I have waited hrs before opening the s