How to implement XP Cisco VPN client. Please help!!!

Hi,
I am trying to configure remote access for XP desktops using CVPN client software and a Cisco 805 router with IOS IPSec capable( authentication should be local). The remote desktops are behind adsl router wich does nat translations but allow IPSes passthrough.
I have configured it but does not working.
Can you please help me?
Thanks in advance
David

Hi guys, Solved.
This very useful link:
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=General&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd7d54c/0
David

Similar Messages

How long does Cisco VPN client keeps its logs

Hi,
How long does the Cisco VPN client keeps its logs? It seems like 2 weeks. Is it right?

February 18, 2010
Due to popular demand, the Cisco VPN Client v5.0.7 open beta is now available!
In addition to serving as a general maintenance release, the Cisco VPN Client 5.0.7 beta is compatible with Windows 7 & Windows Vista 64-bit environments.
A 64-bit specific compatible image is available for installation on these platforms.
Please have communicate feedback (both positive and problems) to [email protected]
Key Capabilities available for Beta Testing:
New Platform support – Windows 7 & Windows Vista 64-bit platform compatibility
Software Access: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=281940730 (under 5.BETA)
Software is available for download by any customer with a Cisco.com SMARTnet™ enabled login.
Release Notes will be available next week via a link once the download image is selected.
There are currently no plans to support Windows XP 64 bit in the VPN client.

Cisco VPN client & Microsoft ISA firewall client.

Hi all,
could someone give me advice how to set
up Cisco VPN client to route traffic
to our proxy ISA 2004. We have installed
Microsoft firewall client on PCs but we dont know how to set up routing of IPSEC
to Proxy.
I know that this is maybe problem of Microsoft but maybe it is possible to do this directly in Cisco VPN client.
Any suggestions?
BR
jl

Be sure that the Department or organizational unit (OU) corresponds to the Cisco VPN Client group name, as configured in the PIX vpngroup name. Select the correct Certificate Service Provider (CSP) appropriate for your setup
http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094e69.shtml

VPN issue please help???

Hi,
I am trying to connect vpn client (Win XP) and its works just fine. It is also communicating with radius server and internal network no issues in that. However, when using vpn client on Win 7 it does not connect. I can see from the debug in firewall that phase 2 is complete, but the client does not connect and I can see the error 809 in Win 7 (32 bit and 64 bit) clients. I would really appreciate if anyone can just guide me in right direction. Please see below the code that is working fine for XP.
nat (inside,outside) source static obj-172.16.0.0-nonat obj-172.16.0.0-nonat destination static obj-192.168.0.0-nonat obj-192.168.0.0-nonat no-proxy-arp route-lookup
aaa-server int-radius-group protocol radius
aaa-server int-radius-group (inside) host 172.16.5.100
key ***
radius-common-pw ***
crypto ipsec ikev1 transform-set RA-VPN-Set-3desmd5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-3desmd5 mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-aes128sha esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-aes128sha mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-aes256sha esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-aes256sha mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-aes256md5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-aes256md5 mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-dessha esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-dessha mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-3dessha esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-3dessha mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-desmd5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-desmd5 mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-aes192md5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-aes192md5 mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-aes192sha esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-aes192sha mode transport
crypto ipsec ikev1 transform-set RA-VPN-Set-aesmd5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set RA-VPN-Set-aesmd5 mode transport
crypto dynamic-map dyn-ra-vpn 65000 set ikev1 transform-set RA-VPN-Set-3desmd5 RA-VPN-Set-aes128sha RA-VPN-Set-aes256s-dessha RA-VPN-Set-3dessha RA-VPN-Set-desmd5 RA-VPN-Set-aes192md5 RA-VPN-Set-aes192sha RA-VPN-Set-aesmd5
crypto dynamic-map dyn-ra-vpn 65000 set reverse-route
crypto map ASA-VPN-SITE 65000 ipsec-isakmp dynamic dyn-ra-vpn
crypto map ASA-VPN-SITE interface outside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
group-policy RA-VPN-GP internal
group-policy RA-VPN-GP attributes
dns-server value 172.16.5.31 172.16.5.32
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain value mydomain.com
intercept-dhcp enable
client-firewall none
tunnel-group DefaultRAGroup general-attributes
address-pool ra-vpn-ippool
authentication-server-group int-radius-group
default-group-policy RA-VPN-GP
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
Thanks & Regards
Rohit

We are using VPN client v5.0.05.0290 without a problem. Here is a link that I found initially when testing with Windows 7 and the VPN client...maybe it will help you resolve your issue.
http://weblogs.asp.net/bhouse/archive/2009/01/15/how-to-successfully-install-cisco-vpn-client-on-windows-7.aspx
I didn't have to use this procedure on windows 7 pro 32bit.
On a different note, can you pass traffic to hosts on your internal LAN by IP address or hostname? I found an issue using the AnyConnect client - I didn't configure the connection profile to tell the connecting client what our internal domain name was...so my clients weren't able to make connections inbound withougt manually appending the domain name to the end of the hostname...shot in the dark...
Good Luck!!
"please rate me if post helpful"

Please Help - CISCO VPN client disconnecting over wireless adapter

Hi,
I connect to my work network when at home using the CISCO VPN client. I have a wireless connection at home. My vpn conection had no problem until my laptop once dropped hitting the wireless card reader side on the floor. since then, my vpn disconnects after some time. And this also disconnects my wireless connection at home. When I am not connected to work through th eVPN, we have no problems with my wireless connection. But, when I need to work from home, my vpn keeps getting disconnected and throws me off my wireless conenction too everytime. Can someone please tell me how to check if anything is wrong with the laptop?

Ok lets see if we can clear somethings up.
Using wireless and VPN before the "Drop" was ok?
Using Wireless and no VPN after the "Drop" is fine?
Using Wireless and VPN after the "Drop" causes the wireless adapter to disconnect?
If this is correct probally the best thing to do is to remove the cisco VPN software and reinstall it.
It can't be anything to do with the "Drop" as using normal wireless is working fine you say.
and the Cisco VPN Adapter is Virtual.
Let me know how you get on.

How to uninstall Cisco VPN client 5.0.07.0440, using SCCM \group policy?

How to uninstall Cisco VPN client 5.0.07.0440, using SCCM \group policy or may be a login script?
msiexec /u "vpnclient_setup.msi" /q /norestart , but it did not worked.
msiexec /x "vpnclient_setup.msi" /q /norestart , but it did not worked.
I hav apprx 500+ win 8 clients.
Thanks in Advance

Looks like I have to follow this exactly:
http://myitforum.com/cs2/blogs/smchugh/archive/2006/11/15/automating-removing-the-cisco-vpn-client.aspx
msiexec.exe /uninstall {Cisco VPN 5.x guid} /qn
MsiExec.exe/X{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D} /q /norestart

Since I upgraded to Lion, my RSA securid token and Cisco VPN client doesn't work any longer. Anyone have suggestions on how to fix that?

Since upgrading to Lion, I can no longer use VPN because my RSA securid token and CIsco VPN Client won't load. Any suggestioins out there?

.

I cannot install Cisco VPN Client 64-bit in windows 8

Hi
I bought new laptop which is preinstalled with widows 8 EM OS.. But for my usage i need to install cisco vpn client (64-bit version) software in my windows 8 EM OS.. which i cannot proceed actually because of the following error :
Error 28000 : Before installing the cisco systems vpn client 5.0.7.0290, you must uninstall the previous version of cisco systems vpn client 5.0.7.0290, using the Add/Remove program files option in the control panel, then restart your system
Following the above popup again a popup prompts displaying :
I have tried to uninstall the program from control panel but i could not find vpn client installed in my system at all... Please give me suggestion how to uninstall and install the new one..
Could you please advise how i can resolve the above issue and setup Cisco vpn client in my windows 8 OS? your reply is more worthy to carry on my work...

Hello,
The TechNet Wiki Forum is a place for the TechNet Wiki Community to engage, question, organize, debate, help, influence and foster the TechNet Wiki content, platform and Community.
Please note that this forum exists to discuss TechNet Wiki as a technology/application. If you have a question about another technology (such as Windows), you can ask in another forum. If you're unsure which forum, a Bing search often works the fastest or ask
here: http://social.microsoft.com/Forums/en-US/whatforum/threads
However, I'd ask in the
Windows 8 forum on Microsoft Community.
Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join ('6F6C646B61726C40686F746D61696C2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

Cisco VPN Client 5.0.07.0440 Fails Installation on Win7 64

Dears,
I went to istall the Cisco VPN Client SW. I used "vpnclient-winx64-msi-5.0.07.0440-k9" installator. But the installation on my laptoop finished with the Error 1722.
Here is fagment from the log file:
MSI (s) (74:B0) [12:07:23:006]: Product: Cisco Systems VPN Client 5.0.07.0440 -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action CsCaExe_VAInstall, location: C:\Program Files (x86)\Cisco Systems\VPN Client\VAInst64.exe, command: nopopup i "C:\Program Files (x86)\Cisco Systems\VPN Client\Setup\CVirtA64.inf CS_VirtA
I use the Windows 7 Home Premium 64bit on my laptop, the UAC is switched OFF and the antivir SW is uninstalled and my account has administrators rights.
I looked for it on the net but I did not found satisfactory solution.
Please do knows somebody how can I solve this issue??
Thanks Milan

Hello Paul,
This seems to be a known issue:
Client cvpnd.exe errors on bootup if certain vendor's firewall installed.
However, just to try further options, what if you try this?
Restart VPN Client Service if You Install VPN Client before Zone Alarm
Also check: Check Point Integrity Firewall Incompatibility, found in the link above.
From the Zone Alarm FW, make sure you have the following advanced firewall options enabled:
Allow VPN protocols
Allow uncommon protocols at high security
Enable IPv6 networking
HTH
Portu.

Which ports to open in PIX for outgoing Cisco VPN client connections ?

I have Cisco vpn clients behind the PIX and i want them to connect to a vpn 3005 which i behind another PIX . Can anybody tell me which ports i have to open on both the PIX firewalls ?

It depends on how you have deployed your VPN Remote Access users.
By default, if you enable IPSec-Over-TCP or IPSec-over-UDP, then port 10000 is used for both, these methods are Cisco Proprietary and can be changed.
If you use NAT-T (NAT Traversal), the Standards-based implementation, then it uses UDP-4500).
either way, the operation of the VPN depends on:
1) Whether these service have been enable on the VPN Concentrator
2) Enabling the relevant transport settings on the VPN Client connection Properties.
Regarding the PIX infront of the VPNC3005, you will need to allow these above ports inbound to your VPNC3005 Public interface.
Locally, it depends if you filter outbound connections through your PIX. If you don't, then the PIX will allow the connection for the VPN Client attempting to access the remote VPNC3005

Cisco vpn client causing blue screen on xp

Hi all, We have just done a rollout of cisco vpn client 4.6 on our laptops, since this alot of them seem to be blue screening aka blue screen on death, they are all running xp with service pack 2, does anyone know of any issues with this and how to solve it?
cheers
Carl

If you are using the VPN client 3.6.1 it might cause a Windows BlueScreen critical error. This problem results from incorrect processing by the VPN Client of a return DDNS packet from a DNS server that does not implement DDNS.
If this problem is encountered, cvpndrv.sys (Cisco VPN Driver) would cause the blue screen.
Release 3.6.3 resolves the issues

Need HELPS! ASA 5505 8.4 Cisco VPN Client cannot ping any internal host

Hi:
Need your great help for my new ASA 5505 (8.4)
I just set a new ASA 5505 with 8.4. However, I cannot ping any host after VPN in with Cisco VPN client. Please see below posted configuration file, thanks for any suggestion.
ASA Version 8.4(3)
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.29.8.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 177.164.222.140 255.255.255.248
ftp mode passive
clock timezone GMT 0
dns server-group DefaultDNS
domain-name ABCtech.com
same-security-traffic permit inter-interface
object network obj_any
subnet 172.29.8.0 255.255.255.0
object service RDP
service tcp source eq 3389
object network orange
host 172.29.8.151
object network WAN_173_164_222_138
host 177.164.222.138
object service SMTP
service tcp source eq smtp
object service PPTP
service tcp source eq pptp
object service JT_WWW
service tcp source eq www
object service JT_HTTPS
service tcp source eq https
object network obj_lex
subnet 172.29.88.0 255.255.255.0
description Lexington office network
object network obj_HQ
subnet 172.29.8.0 255.255.255.0
object network guava
host 172.29.8.3
object service L2TP
service udp source eq 1701
access-list VPN_Tunnel_User standard permit 172.29.8.0 255.255.255.0
access-list VPN_Tunnel_User standard permit 172.29.88.0 255.255.255.0
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended deny tcp any any eq 135
access-list inside_access_in extended deny tcp any eq 135 any
access-list inside_access_in extended deny udp any eq 135 any
access-list inside_access_in extended deny udp any any eq 135
access-list inside_access_in extended deny tcp any any eq 1591
access-list inside_access_in extended deny tcp any eq 1591 any
access-list inside_access_in extended deny udp any eq 1591 any
access-list inside_access_in extended deny udp any any eq 1591
access-list inside_access_in extended deny tcp any any eq 1214
access-list inside_access_in extended deny tcp any eq 1214 any
access-list inside_access_in extended deny udp any any eq 1214
access-list inside_access_in extended deny udp any eq 1214 any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any any eq www
access-list inside_access_in extended permit tcp any eq www any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq 33
89
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq sm
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq pp
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ww
w
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ht
tps
access-list outside_access_in extended permit gre any host 177.164.222.138
access-list outside_access_in extended permit udp any host 177.164.222.138 eq 17
01
access-list outside_access_in extended permit ip any any
access-list inside_access_out extended permit icmp any any
access-list inside_access_out extended permit ip any any
access-list outside_cryptomap extended permit ip 172.29.8.0 255.255.255.0 172.29
.88.0 255.255.255.0
access-list inside_in extended permit icmp any any
access-list inside_in extended permit ip any any
access-list inside_in extended permit udp any any eq isakmp
access-list inside_in extended permit udp any eq isakmp any
access-list inside_in extended permit udp any any
access-list inside_in extended permit tcp any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool ABC_HQVPN_DHCP 172.29.8.210-172.29.8.230 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
nat (inside,outside) source static orange interface service RDP RDP
nat (inside,outside) source static obj_HQ obj_HQ destination static obj_lex obj_
lex route-lookup
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_WWW JT_W
WW
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_HTTPS JT
_HTTPS
nat (inside,outside) source static guava WAN_173_164_222_138 service RDP RDP
nat (inside,outside) source static guava WAN_173_164_222_138 service SMTP SMTP
nat (inside,outside) source static guava WAN_173_164_222_138 service PPTP PPTP
nat (inside,outside) source static guava WAN_173_164_222_138 service L2TP L2TP
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 177.164.222.142 1
route inside 172.29.168.0 255.255.255.0 172.29.8.253 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Guava protocol nt
aaa-server Guava (inside) host 172.29.8.3
timeout 15
nt-auth-domain-controller guava
user-identity default-domain LOCAL
http server enable
http 172.29.8.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_VPN_Set esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_vpn_set esp-3des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set Remote_VPN_Set
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 173.190.123.138
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5
ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ES
P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet 172.29.8.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside vpnclient-wins-override
dhcprelay server 172.29.8.3 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
group-policy ABCtech_VPN internal
group-policy ABCtech_VPN attributes
dns-server value 172.29.8.3
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_Tunnel_User
default-domain value ABCtech.local
group-policy GroupPolicy_10.8.8.1 internal
group-policy GroupPolicy_10.8.8.1 attributes
vpn-tunnel-protocol ikev1 ikev2
username who password eicyrfJBrqOaxQvS encrypted
tunnel-group 10.8.8.1 type ipsec-l2l
tunnel-group 10.8.8.1 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 10.8.8.1 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
tunnel-group ABCtech type remote-access
tunnel-group ABCtech general-attributes
address-pool ABC_HQVPN_DHCP
authentication-server-group Guava
default-group-policy ABCtech_VPN
tunnel-group ABCtech ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 173.190.123.138 type ipsec-l2l
tunnel-group 173.190.123.138 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 173.190.123.138 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect pptp
inspect ftp
inspect netbios
smtp-server 172.29.8.3
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:6a26676668b742900360f924b4bc80de
: end

Hello Wayne,
Can you use a different subnet range than the internal interface, this could cause you a LOT of issues and hours on troubleshooting, so use a dedicated different Ip address range...
I can see that the local Pool range is included into the inside interface Ip address subnet range, change that and the related config ( NAT,etc, ) and let us know what happens,
Regards,
Julio
Security Trainer

Cisco VPN client and mac mail

Hi all,
I wonder if someone can be more helpful than my uni IT department who take a minimum of a week to get you an IP address...
My new uni uses Cisco VPN client for connection to the Wi-Fi network. It all works great apart from one (very annoying problem):-my e-mail accounts in mac mail don't seem to be able to connect via the VPN. I have had both an IMAP and a POP server e-mail account work automatically wherever I connect in the world for over a year now-so its not the way I've set up the accounts.
Is there any way to get mac mail to "see" the VPN connection. If I have to physically plug-in my mac this seems a tad ridiculous when it works in every coffee shop with free wi-fi.
My uni are not helpful as they want people to use either outlook or better still log-on to their e-mail using the web. I don't even want to use their e-mail-what is the point when I move jobs again in a year. What I do currently is use an IMAP account from my last job which I've set to forward to my "e-mail for life" from my undergrad uni. I basically only give out my life e-mail address and this also goes on all my papers.
If I can't access this easily and sort all my mail in all the folders I've created to filter out things like facebook etc. I'm wondering what the point of mac mail is.

Yeah, that stuff normally works for me. Unfortunately this is a situation where you have to use an external Cisco VPN client software, whether you like it or not. Its this horrible clunky thing (which at least half works I guess). So its only like normal wi-fi in terms of selecting the network, then you have to open up this application and put in your log-in etc. Most of the settings on this client seem locked, so there isn't much I can do to configure it.
I've just got to my (temporary) accommodation which doesn't have wi-fi or VPN (just ethernet) and my mail is working again-so it must be the VPN. Goodness knows how it works with an iPod touch (interested in getting one but kind of pointless if I spend most of my time at work and it doesn't work...)
Thanks for your suggestions though!

Cisco VPN Client and Border Manager

Don't know if this is the correct spot, but here goes. We are using BM 3.8sp4 using proxy, and NAT. We have a contractor that needs to access his company network using a Cisco VPN Client Ver 5. They have Enable Transparent Tunneling checked in the client and IPSec over TCP port 1000.
Is this a filter exception to let it out or something else I need to set up?

Port 1000, or 10000? (10,000 is something I've seen in the past, and
is what I used for the example in my BMgr filtering book. See URL
below).
You would probably need to open two ports up, in FILTCFG, from private
to public interfaces. First, IKE-st (UDP 500). Next, make a custom
stateful one for port 1000 (or whatever), probably UDP.
The last Cisco IPSec VPN client I used through BMgr needed UDP 500 and
UDP 4500 opened, just like the Novell IPSec VPN client. So I was able
to use the definitions supplied by Novell in FILTCFG. In your case,
you will probably have to add at least one custom exception.
Filter debug will tell you what is being filtered, if you know how to
use it. Or get PKTSCAN.NLM from download.novell.com, load it on the
server, and capture packets. Look at them on the server, or use
Wireshark, and you will see what protocol/ports are being sent from the
client IP address.
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Cisco VPN client and SSH

Hi,
I am using Cisco VPN client 4.9.01.0180 to connect to remote server. From the Cisco client, I see that I am connecting to the remote server.
Using the terminal, with command:
ssh 192.168.1.2 or ssh [email protected] to connect to the remote server.
However, the output is:
ssh: connect to host 192.168.1.2 port 22: Operation timed out
I don't know what is going wrong. The Cisco client 's setting is simple, and no problem using Windows. Do I have to modify the Mac OS?
Regards,
Terence

hi,
sorry for asking stupid. how and what did you change your subnet to ?
i have almost the exact same problem (same client and on Windows it does work and I cannot ssh to a Mac in the work office) furthermore i am using a wireless connection (via Airport Express) ... not sure if that matters.
do i just go into the Network Prefs and select the tcp/ip tab, and manually change the ip-addresses ?
my settings (DHCP) currently are
ip 10.0.1.2
Subnet Mask 255.255.255.0
Router 10.0.1.1
The strange thing for me is that if I Remote Desktop to a PC (via VPN) on the same office net as the above Mac I cannot ssh (via Putty), but when i am physically at the PC i am able to ssh.
any help appreciated
./allan

How to implement XP Cisco VPN client. Please help!!!

Similar Messages

Maybe you are looking for