IPhone OS 3.0 - internet tethering and Cisco VPN Client

Similar Messages

• Since I upgraded to Lion, my RSA securid token and Cisco VPN client doesn't work any longer. Anyone have suggestions on how to fix that?

  Since upgrading to Lion, I can no longer use VPN because my RSA securid token and CIsco VPN Client won't load. Any suggestioins out there?

  .

• Mac Lion and Cisco VPN client problems

  I just installed Lion 10.7 on my iMac and can no longer use the downloaded Cisco VPN client to connect to Microsoft Remote Desktop and access the PC in my company's office. When I try to launch the VPN client I get Error 51. I used to be able to enter a command in the Terminal as a workaround to use the VPN client when that happened, but that no longer works. I have tried booting into 32-bit mode; doesn't work. I tried to use the Cisco client built into Lion using settings provided by my company. When I try to connect I get the following message: "The negotiation with the VPN server failed. Verify the server address and try reconnecting."
  I have searched the web looking for a solution. My company's tech department is stumped; the Apple Geniuses haven't been able to help. Does anyone have any ideas how I can use either the downloaded Cisco VPN client or the client built into Lion?
  Sent from Cisco Technical Support iPad App

  Here is the link which you can use to configure the inbuilt VPN client in MAC Lion.
  http://glazenbakje.wordpress.com/2011/07/28/how-to-create-a-cisco-vpn-connection-in-apple-mac-os-x-lion/
  Make sure you configure the attributes correctly.
  Secondly the inbuilt VPN client code of Lion is made in collaboration with Cisco so there will not be any issues of compatibility.
  Cheers,
  Rohan

• Back To My Mac and Cisco VPN client

  I've used back to my mac for a while and love it. Recently I've had to start using the Cisco VPN client and every time I use it it says "Because Back to My Mac is turned on, your VPN connection cannot be established with the server. Would you like to turn off Back to My Mac?". Is there any way to run them both without having to keep starting and stopping back to my mac?

  I too have this issue.
  Every time I have to connect via VPN, I have to disable my Back to My Mac.
  Kinda *****.
  Any solution?

• AFP Freeze and Cisco VPN Client w/ new Macbook Pro

  I have an Intel Core Duo Macbook Pro with all software updates installed and running Cisco VPN client v4.9.01 (0030). If I try to connect to one of my clients via VPN and then connect to one of the server shares, afp basically freezes. I have added a snip of the log below. BUT - I take the same laptop onsite and try to connect to the same server, it works like a champ. I have tried the VPN connection from multiple source points (ie, different ISPs and routers/firewalls) and wired and wireless and all result in the same. I am frustrated and running out of options. Note that the same problem occurred with the previous Cisco VPN client and I thought the newer version would fix it - id didn't. Any help would be much appreciated.
  tia,
  Bill
  Oct 27 16:05:01 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: doing reconnect on /Volumes/ADVSERV
  Oct 27 16:05:01 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: connect to the server /Volumes/ADVSERV
  Oct 27 16:05:01 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: Opening session /Volumes/ADVSERV
  Oct 27 16:05:01 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: Logging in with uam 10 /Volumes/ADVSERV
  Oct 27 16:05:01 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: Restoring session /Volumes/ADVSERV
  Oct 27 16:05:01 my-computer KernelEventAgent[59]: tid 00000000 received VQ_NOTRESP event (1)
  Oct 27 16:06:02 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: doing reconnect on /Volumes/ADVSERV
  Oct 27 16:06:02 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: connect to the server /Volumes/ADVSERV
  Oct 27 16:06:02 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: Opening session /Volumes/ADVSERV
  Oct 27 16:06:02 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: Logging in with uam 10 /Volumes/ADVSERV
  Oct 27 16:06:03 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: Restoring session /Volumes/ADVSERV
  Oct 27 16:06:03 my-computer KernelEventAgent[59]: tid 00000000 received VQ_NOTRESP event (1)

  Hi Bill,
  Do you have any comparison data on services that DO work? I don't connect remotely to any Apple services so can't vouch for AFP always working, but have no issues with RDP services for Windows servers. Running 4.9.00 (0050). I have however just quickly VPN'd to a client and successfully opened an AFP share and browsed around over VPN - didn't even hesitate in establishing the connection.
  When you mention taking the machine onsite i am assuming that you directly access the AFP shares and not via VPN, hence confirming that the VPN software is potentially the issue?
  Are you running IPSEC over UDP or TCP? My transport is over UDP.
  Good luck,
  Justin

• Windows Vista RTM (Build 6000) and Cisco VPN Client 5.8.01.0590

  I've sucessfully installed the above client and can access one of my VPN connections on TCP/10000 but I am unable to access any of my UDP enabled profiles.
  Anyone have any ideas??

  In the VPN client click on Under transport tab see if the IPsec over UDP is enabled.For more information refer URL
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml#vpnclient

• No Internet access after cisco vpn client connection

  Hi Experts,
  Kindly check below config.the problem is  vpn is connected but no internet access
  on computer after connecting vpn
  ASA Version 8.0(2)
  hostname ciscoasa
  enable password 8Ry2YjIyt7RRXU24 encrypted
  names
  interface Ethernet0/0
   nameif outside
   security-level 0
   ip address 192.168.10.10 255.255.255.0
  interface Ethernet0/1
   nameif inside
   security-level 100
   ip address 192.168.14.12 255.255.255.0
  interface Ethernet0/2
   shutdown
   no nameif
   no security-level
   no ip address
  interface Ethernet0/3
   shutdown
   no nameif
   no security-level
   no ip address
  interface Management0/0
   shutdown
   no nameif
   no security-level
   no ip address
  passwd 2KFQnbNIdI.2KYOU encrypted
  ftp mode passive
  access-list dubai_splitTunnelAcl standard permit 192.168.14.0 255.255.255.0
  access-list INSIDE_nat0_outbound extended permit ip any 192.168.14.240 255.255.2
  55.240
  pager lines 24
  mtu inside 1500
  mtu outside 1500
  ip local pool testpool 192.168.14.240-192.168.14.250
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list INSIDE_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  route outside 0.0.0.0 0.0.0.0 192.168.10.12 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.14.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set setFirstSet esp-3des esp-md5-hmac
  crypto dynamic-map dyn1 1 set transform-set setFirstSet
  crypto dynamic-map dyn1 1 set reverse-route
  crypto map mymap 1 ipsec-isakmp dynamic dyn1
  crypto map mymap interface outside
  crypto isakmp enable outside
  crypto isakmp policy 1
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 43200
  crypto isakmp policy 65535
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
  service-policy global_policy global
  username testuser password IqY6lTColo8VIF24 encrypted
  username khans password X5bLOVudYKsK1JS/ encrypted privilege 15
  tunnel-group mphone type remote-access
  tunnel-group mphone general-attributes
   address-pool testpool
  tunnel-group mphone ipsec-attributes
   pre-shared-key *
  prompt hostname context
  Cryptochecksum:059363cdf78583da4e3324e8dfcefbf0
  : end
  ciscoasa#

  Hi Harish,
  Please check the o/ps below and route print in attached file
  Latest ASA Config
  ASA Version 8.0(2)
  hostname ciscoasa
  enable password 8Ry2YjIyt7RRXU24 encrypted
  names
  interface Ethernet0/0
   nameif outside
   security-level 0
   ip address 192.168.10.10 255.255.255.0
  interface Ethernet0/1
   nameif inside
   security-level 100
   ip address 192.168.14.12 255.255.255.0
  interface Ethernet0/2
   shutdown
   no nameif
   no security-level
   no ip address
  interface Ethernet0/3
   shutdown
   no nameif
   no security-level
   no ip address
  interface Management0/0
   shutdown
   no nameif
   no security-level
   no ip address
  passwd 2KFQnbNIdI.2KYOU encrypted
  ftp mode passive
  access-list dubai_splitTunnelAcl standard permit 192.168.14.0 255.255.255.0
  access-list INSIDE_nat0_outbound extended permit ip any 192.168.14.0 255.255.255
  .0
  pager lines 24
  mtu outside 1500
  mtu inside 1500
  ip local pool testpool 192.168.15.240-192.168.15.250
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  route outside 0.0.0.0 0.0.0.0 192.168.10.12 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.14.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set setFirstSet esp-3des esp-md5-hmac
  crypto dynamic-map dyn1 1 set transform-set setFirstSet
  crypto dynamic-map dyn1 1 set reverse-route
  crypto map mymap 1 ipsec-isakmp dynamic dyn1
  crypto map mymap interface outside
  crypto isakmp enable outside
  crypto isakmp policy 1
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 43200
  crypto isakmp policy 65535
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  no crypto isakmp nat-traversal
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
  service-policy global_policy global
  group-policy mphone internal
  group-policy mphone attributes
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value dubai_splitTunnelAcl
  username testuser password IqY6lTColo8VIF24 encrypted privilege 15
  username testuser attributes
   vpn-group-policy mphone
  username khans password X5bLOVudYKsK1JS/ encrypted privilege 15
  username khans attributes
   vpn-group-policy mphone
  tunnel-group mphone type remote-access
  tunnel-group mphone general-attributes
   address-pool testpool
  tunnel-group mphone ipsec-attributes
   pre-shared-key *
  prompt hostname context
  Cryptochecksum:12308d7ff6c6df3d71181248e8d38ba8
  : end
  ciscoasa#
  Route Print after vpn connection 
  C:\>route print
  ===========================================================================
  Interface List
  0x1 ........................... MS TCP Loopback interface
  0x40003 ...00 24 01 a2 e6 f1 ...... D-Link DFE-520TX PCI Fast Ethernet Adapter -
   Packet Scheduler Miniport
  0x250004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Packet Schedule
  r Miniport
  ===========================================================================
  ===========================================================================
  Active Routes:
  Network Destination        Netmask          Gateway       Interface  Metric
            0.0.0.0          0.0.0.0     192.168.10.1  192.168.10.211       20
          127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
       192.168.10.0    255.255.255.0   192.168.10.211  192.168.10.211       20
     192.168.10.211  255.255.255.255        127.0.0.1       127.0.0.1       20
     192.168.10.255  255.255.255.255   192.168.10.211  192.168.10.211       20
       192.168.14.0    255.255.255.0     192.168.15.1  192.168.15.240       1
       192.168.15.0    255.255.255.0   192.168.15.240  192.168.15.240       20
     192.168.15.240  255.255.255.255        127.0.0.1       127.0.0.1       20
     192.168.15.255  255.255.255.255   192.168.15.240  192.168.15.240       20
      213.42.233.97  255.255.255.255     192.168.10.1  192.168.10.211       1
          224.0.0.0        240.0.0.0   192.168.10.211  192.168.10.211       20
          224.0.0.0        240.0.0.0   192.168.15.240  192.168.15.240       20
    255.255.255.255  255.255.255.255   192.168.10.211  192.168.10.211       1
    255.255.255.255  255.255.255.255   192.168.15.240  192.168.15.240       1
  Default Gateway:      192.168.10.1
  ===========================================================================
  Persistent Routes:
    None
  C:\>
  C:\>ipconfig /all
  Windows IP Configuration
          Host Name . . . . . . . . . . . . : asu
          Primary Dns Suffix  . . . . . . . :
          Node Type . . . . . . . . . . . . : Unknown
          IP Routing Enabled. . . . . . . . : No
          WINS Proxy Enabled. . . . . . . . : No
  Ethernet adapter Local Area Connection 7:
          Connection-specific DNS Suffix  . :
          Description . . . . . . . . . . . : D-Link DFE-520TX PCI Fast Ethernet A
  dapter
          Physical Address. . . . . . . . . : 00-24-01-A2-E6-F1
          Dhcp Enabled. . . . . . . . . . . : No
          IP Address. . . . . . . . . . . . : 192.168.10.211
          Subnet Mask . . . . . . . . . . . : 255.255.255.0
          Default Gateway . . . . . . . . . : 192.168.10.1
          DNS Servers . . . . . . . . . . . : 213.42.20.20
                                              195.229.241.222
  Ethernet adapter Local Area Connection 8:
          Connection-specific DNS Suffix  . :
          Description . . . . . . . . . . . : Cisco Systems VPN Adapter
          Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
          Dhcp Enabled. . . . . . . . . . . : No
          IP Address. . . . . . . . . . . . : 192.168.15.240
          Subnet Mask . . . . . . . . . . . : 255.255.255.0
          Default Gateway . . . . . . . . . :

• Connecting Cisco VPN client v5 to asa 5505

  I am having problem configuring remote vpn between ASA5505 and Cisco VPN client v5. I can successfully establish connection between ASA and Vpn client and receive IP address from ASA. VPN client statistics windows shows that packets are send and encrypted but none of the packets is Received/Decrypted.
  Can not ping asa 5505
  Any ideas on what I have missed?

  Your NAT configuration is incomplete, enter the following commands to your configuration:
  access-list nonat extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0
  nat (inside) 0 access-list nonat
  This tells the ASA that the traffic destined for the VPN Client should not be NATted and should be sent directly to the client via the VPN Tunnel!
  Please rate if the post helps!
  Regards,
  Michael

• Why doesn't my iPhone 4 have an 'Internet tethering' options? Is it carrier related or iOs related? Please help me find the solution for this. thanx

  Why doesn't my iPhone 4 have an 'Internet tethering' options? Is it carrier related or iOs related? Please help me find the solution for this. thanx

  Personal Hot spot
  http://support.apple.com/kb/HT3574
  Understanding
  http://support.apple.com/kb/HT4517
  Trouble Shooting
  http://support.apple.com/kb/TS2756

• Boot camp with Cisco VPN client and smart card

  Looking at a Macbook or Macbook Air and the only reason I need to run windows is to be able to access my work network through the Cisco VPN client and my Smartcard then use remote desktop. From my understanding if I run Bootcamp it should work am I correct? Im going to an Apple store tomorrow hopefully they can help too.
  Thanks

  mrbacklash wrote:
  Ok with that being said will the MBA 11.6 1.4ghz have the guts to make it run mostly internet based programs over the VPN connection?
  I think if you are running apps over the Internet the bottleneck will be the Internet and your VPN bandwidth. Your computer can certainly execute faster than Internet communications.
  Besides, Internet or remote applications run on the remote server. All your local computer does is local processing of the data if necessary.
  Message was edited by: BobTheFisherman

• Problem with Cisco VPN client and HP elitebook 2530p windows 7 64-bit

  Hi there
  I have a HP Elitebook 2530p which i upgraded to windows 7 64-bit. I installed the Cisco VPN client application (ver. 5.0.07.0290 and also 64-bit) and the HP connection manager to connect to the internet through a modem Qualcomm gobi 1000 (that is inside the laptop). When I connect to the VPN, it connects (I write the username and password) but there is no traffic inside de virtual adapter for my servers. When I connect to the internet through wire or wireless internet, I connect de VPN client and there is no problem to establish communication to my servers.
  I tried everything, also change the driver and an earlier version of the HP connection manager application. I also talked to HP and they told me that there was a report with this kind of problem and it was delivered to Cisco. I don’t know where is the problem.
  Could anyone help me?
  Thanks to all.

  You can try to update Deterministic Network Enhancer to the below listed release which supports
  WWAN Drivers.
  http://www.citrix.com/lang/English/lp/lp_1680845.asp.
  DNE now supports WWAN devices in Win7.  Before downloading the latest version of DNEUpdate from the links below,  be sure you have the latest
  drivers for your network adapters by downloading them from the vendors’ websites.
  For 64-bit: ftp://files.citrix.com/dneupdate64.msi
  Hope that helps.

• IPhone 2.1 now supports Cisco VPN Client to IOS router

  Just tested it. The Cisco VPN Client in iPhone 2.1 now connects to my IOS router. Excellent.

  I have a Cisco 1812 with 12.4(20)T. I know that 12.4(6)T and some other versions have an issue with the negotiation of IPSec policies which basically means that only the first proposal is considered. If the first proposal matches you have a connection. If it does not match, the connection is refused even though other proposals would be O.K.
  The relevant isakmp/ipsec config should be:
  crypto isakmp policy 3
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group myvpn
  key mysecretkey
  dns 10.0.0.2 10.0.0.3
  wins 10.0.0.2
  domain mydomain.example.com
  pool ippool
  acl 150
  split-dns mydomain.example.com
  netmask 255.255.255.0
  crypto isakmp profile ike-myvpn-profile
  match identity group myvpn
  client authentication list userauthen
  isakmp authorization list groupauthor
  client configuration address respond
  virtual-template 2
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec profile myvpn
  set transform-set ESP-3DES-SHA
  set isakmp-profile ike-myvpn-profile
  interface Virtual-Template2 type tunnel
  ip unnumbered FastEthernet1
  ip nat inside
  ip virtual-reassembly
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile myvpn
  See also http://www.cisco.com/en/US/docs/ios/security/configuration/guide/secipsec_virt_tunnl_ps6441_TSD_Products_Configuration_GuideChapter.html
  If you have IOS 12.4(6)T or similar which has the bug I have mentioned you have to use aes instead of 3des for the transform set. The first proposal of the iPhone is aes. Be sure to check the "debug crypto ipsec" and "debug crypto isakmp" output for troubleshooting.

• Cisco VPN client and mac mail

  Hi all,
  I wonder if someone can be more helpful than my uni IT department who take a minimum of a week to get you an IP address...
  My new uni uses Cisco VPN client for connection to the Wi-Fi network. It all works great apart from one (very annoying problem):-my e-mail accounts in mac mail don't seem to be able to connect via the VPN. I have had both an IMAP and a POP server e-mail account work automatically wherever I connect in the world for over a year now-so its not the way I've set up the accounts.
  Is there any way to get mac mail to "see" the VPN connection. If I have to physically plug-in my mac this seems a tad ridiculous when it works in every coffee shop with free wi-fi.
  My uni are not helpful as they want people to use either outlook or better still log-on to their e-mail using the web. I don't even want to use their e-mail-what is the point when I move jobs again in a year. What I do currently is use an IMAP account from my last job which I've set to forward to my "e-mail for life" from my undergrad uni. I basically only give out my life e-mail address and this also goes on all my papers.
  If I can't access this easily and sort all my mail in all the folders I've created to filter out things like facebook etc. I'm wondering what the point of mac mail is.

  Yeah, that stuff normally works for me. Unfortunately this is a situation where you have to use an external Cisco VPN client software, whether you like it or not. Its this horrible clunky thing (which at least half works I guess). So its only like normal wi-fi in terms of selecting the network, then you have to open up this application and put in your log-in etc. Most of the settings on this client seem locked, so there isn't much I can do to configure it.
  I've just got to my (temporary) accommodation which doesn't have wi-fi or VPN (just ethernet) and my mail is working again-so it must be the VPN. Goodness knows how it works with an iPod touch (interested in getting one but kind of pointless if I spend most of my time at work and it doesn't work...)
  Thanks for your suggestions though!

• Cisco VPN Client and Border Manager

  Don't know if this is the correct spot, but here goes. We are using BM 3.8sp4 using proxy, and NAT. We have a contractor that needs to access his company network using a Cisco VPN Client Ver 5. They have Enable Transparent Tunneling checked in the client and IPSec over TCP port 1000.
  Is this a filter exception to let it out or something else I need to set up?

  Port 1000, or 10000? (10,000 is something I've seen in the past, and
  is what I used for the example in my BMgr filtering book. See URL
  below).
  You would probably need to open two ports up, in FILTCFG, from private
  to public interfaces. First, IKE-st (UDP 500). Next, make a custom
  stateful one for port 1000 (or whatever), probably UDP.
  The last Cisco IPSec VPN client I used through BMgr needed UDP 500 and
  UDP 4500 opened, just like the Novell IPSec VPN client. So I was able
  to use the definitions supplied by Novell in FILTCFG. In your case,
  you will probably have to add at least one custom exception.
  Filter debug will tell you what is being filtered, if you know how to
  use it. Or get PKTSCAN.NLM from download.novell.com, load it on the
  server, and capture packets. Look at them on the server, or use
  Wireshark, and you will see what protocol/ports are being sent from the
  client IP address.
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to http://www.craigjconsulting.com ***

• Cisco VPN client and License

  Hello,
  We have a Cisco ASA 5520 with the VPN PLus License and 8.04 IOS installed, we want to set up vpn access to our users. We can use the cisco VPN client which works on WIndows Platform, but we also have MAC OS 10.7 which works only with Cisco Anyconnect.
  I am a little bit lost with all the client and the license, actually we can't setup more than 2 vpn session with an Anyconnect client installed on MAC or Windows. The authentication is by Certificate, the first two connect fine, but the third one don't connect and prompt for a username / password.
  I joined a SH VER of my ASA, if anyome can tell me what is wrong on the license or perhaps it's a configuration problem?
  Thanks a lot for the answer.
  Mathieu.
  fw-eps-02# sh ver
  Cisco Adaptive Security Appliance Software Version 8.0(4)
  Device Manager Version 6.4(1)
  Compiled on Thu 07-Aug-08 20:53 by builders
  System image file is "disk0:/asa804-k8.bin"
  Config file at boot was "startup-config"
  fw-eps-02 up 1 hour 36 mins
  Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
  Internal ATA Compact Flash, 256MB
  BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
  Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                               Boot microcode   : CN1000-MC-BOOT-2.00
                               SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                               IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
  0: Ext: GigabitEthernet0/0  : address is c84c.75da.9a58, irq 9
  1: Ext: GigabitEthernet0/1  : address is c84c.75da.9a59, irq 9
  2: Ext: GigabitEthernet0/2  : address is c84c.75da.9a5a, irq 9
  3: Ext: GigabitEthernet0/3  : address is c84c.75da.9a5b, irq 9
  4: Ext: Management0/0       : address is c84c.75da.9a5c, irq 11
  5: Int: Not used            : irq 11
  6: Int: Not used            : irq 5
  Licensed features for this platform:
  Maximum Physical Interfaces  : Unlimited
  Maximum VLANs                : 150
  Inside Hosts                 : Unlimited
  Failover                     : Active/Active
  VPN-DES                      : Enabled
  VPN-3DES-AES                 : Enabled
  Security Contexts            : 2
  GTP/GPRS                     : Disabled
  VPN Peers                    : 750
  WebVPN Peers                 : 2
  AnyConnect for Mobile        : Disabled
  AnyConnect for Linksys phone : Disabled
  Advanced Endpoint Assessment : Disabled
  UC Proxy Sessions            : 2
  This platform has an ASA 5520 VPN Plus license.
  Serial Number: JMX1433L0Y3
  Running Activation Key: 0x3a17c153 0x8c141630 0xe0f3b5d4 0x86044ccc 0x47193392
  Configuration register is 0x40 (will be 0x1 at next reload)
  Configuration last modified by mgeffroy at 15:33:11.409 CEST Mon Jan 23 2012
  fw-eps-02#

  why don't you use built-in client in mac osx? it supports certificate authentication also.
  another solution would be to buy additional ssl vpn licences: there is a limit of two ssl vpn sessions by default.
  Sent from Cisco Technical Support iPad App