IPhone SSL VPN Support

Similar Messages

• OS 4.0 brings SSL VPN support including OpenVPN?

  One of the new enterprise enhancements of the iPhone 4.0 will be to bring SSL VPN support. I want to hear more details on this enhancement, because I read that to mean it should support OpenVPN! OpenVPN = SSL VPN. Can anyone else shed some light on this?
  I hope it's true!!!!

  Can anyone else shed some light on this?
  The only official information available is what Apple has published on its web site and what is revealed in the video of the Announcement from yesterday.
  Any developers who reveal anything more will be speaking against the terms of the Non-Disclosure Agreement they signed with Apple.

• SSL VPN Client Error

  I setup a Cisco ASA 5510 SSL VPN with the folowing;
  IOS 7.2
  SSL VPN CLient sslclient-win-1.1.1.164.pkg
  Out of 400 users, there is one user having problem installing the SSL Client to his laptop. The user laptop information is;
  IBM Thinkpad T40
  Windows XP SP 2
  Internet Explorer 7
  All patches up-to-date
  All drivers up-to-date
  SSL VPN Client connection process;
  - User login with valid account and password
  - The SSL VPN Client package will automatically download and installed.
  - User will then be connected to SSL VPN
  The ERRORS;
  1. GUI (Cisco SSL VPN Client installation process)
  "The SSL VPN Client driver has Encountered an Error"
  2. Event Viewer
  The only error in this user event viewer that differs from other users who successfully connected are;
  a)
  Function: EnableVA
  Return code: 0
  File: e:\temp\build\workspace\SSLClient\Agent\VAMgr.cpp
  Line: 310
  Description: unknown
  b)
  Function: EnableVA
  Return code: 0xFE080007
  File: e:\temp\build\workspace\SSLClient\Agent\VpnMgr.cpp
  Line: 1145
  Description: VAMGR_ERROR_ENABLE_VA_FAILED
  Anyone know what thus the error means?
  BTW, anyone know the link to SSL VPN knowledgebase. i.e errors, root cause, solutions?
  Thanks

  The Cisco SVC provides end users running Microsoft Windows XP or Windows 2000 with the benefits of a Cisco IPSec VPN client without the administrative overhead required to install and configure an IPSec client. It supports applications and functions unavailable to a standard WebVPN connection.
  http://www.cisco.com/univercd/cc/td/doc/product/vpn/svc/svcrn110.htm

• No SSL VPN tunnel from AnyConnect to IOS

  Dear all
  Due to the annoying WWAN issues with the old Cisco VPN client (IPsec) I am trying to establish remote access to a LAN behind a Cisco 1803 using Anyconnect and SSL VPN.
  But I simply cannot make it work.
  I have a Cisco 1803 running IOS Version 12.4(15)T15 and I have tried Anyconnect 3.0 and 2.4 on Windows XP and MacOS 10.5, none of them established a VPN connection to the router, saying not a single word more but "Connection attempt has failed".
  Here is my configuration on the router:
  crypto pki trustpoint TP-self-signed-595019360
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-595019360
  revocation-check none
  rsakeypair TP-self-signed-595019360
  crypto pki certificate chain TP-self-signed-595019360
  certificate self-signed 01
    3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  [......skipped....]
  interface Loopback123
  ip address 192.168.123.254 255.255.255.0
  ip local pool GS-POOL 192.168.123.1 192.168.123.10
  webvpn gateway GS-GW
  hostname GS-VPN-test
  ip address x.x.x.x port 443
  ssl trustpoint TP-self-signed-595019360
  inservice
  webvpn install svc flash:/webvpn/svc.pkg
  webvpn context GS-CONTEXT
  ssl authenticate verify all
  policy group GS-POLICY
     functions svc-required
     svc address-pool "GS-POOL"
  default-group-policy GS-POLICY
  gateway GS-GW
  inservice
  These are my debug settings:
  #sh debug
  WebVPN Subsystem:
    WebVPN (verbose) debugging is on
    debug webvpn entry GS-CONTEXT
    WebVPN HTTP (verbose) debugging is on
    WebVPN AAA debugging is on
    WebVPN tunnel (verbose) debugging is on
    WebVPN Single Sign On debugging is on
  And these are all debug messages I get upon incoming connection:
  Sep 13 13:12:03.267 MEST: WV: sslvpn process rcvd context queue event
  Sep 13 13:12:03.271 MEST: WV: sslvpn process rcvd context queue event
  At this poibnt I have to accept the self-sigbned certificate in the AnyConnect client. Doing so repeats these messages again five times. Then I hav to accept the certificate in the client a second time (WHY?) Then the router gives these messages:
  Sep 13 13:14:10.754 MEST: WV: sslvpn process rcvd context queue event
  Sep 13 13:14:10.754 MEST: WV: sslvpn process rcvd context queue event
  Sep 13 13:14:10.766 MEST: WV: sslvpn process rcvd context queue event
  Sep 13 13:14:10.766 MEST: WV: http request: / with no cookie
  Sep 13 13:14:10.766 MEST: WV-HTTP: Deallocating HTTP info
  Sep 13 13:14:10.766 MEST: WV: Client side Chunk data written..
  buffer=0x84E54AA0 total_len=191 bytes=191 tcb=0x85066820
  Sep 13 13:14:10.766 MEST: WV: sslvpn process rcvd context queue event
  Sep 13 13:14:11.050 MEST: WV: sslvpn process rcvd context queue event
  Sep 13 13:14:11.054 MEST: WV: sslvpn process rcvd context queue event
  Sep 13 13:14:11.354 MEST: WV: sslvpn process rcvd context queue event
  Sep 13 13:14:11.354 MEST: WV: sslvpn process rcvd context queue event
  Sep 13 13:14:11.366 MEST: WV: sslvpn process rcvd context queue event
  Sep 13 13:14:11.366 MEST: WV: http request: /webvpn.html with domain cookie
  Sep 13 13:14:11.366 MEST: WV-HTTP: Deallocating HTTP info
  Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
  buffer=0x84E54AA0 total_len=1009 bytes=1009 tcb=0x83DABBF4
  Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
  buffer=0x84E54A80 total_len=1009 bytes=1009 tcb=0x83DABBF4
  Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
  buffer=0x84E54A60 total_len=1009 bytes=1009 tcb=0x83DABBF4
  Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
  buffer=0x84E54A40 total_len=1009 bytes=1009 tcb=0x83DABBF4
  Sep 13 13:14:11.370 MEST: WV: Client side Chunk data written..
  buffer=0x84E54A20 total_len=641 bytes=641 tcb=0x83DABBF4
  Sep 13 13:14:11.370 MEST: WV: sslvpn process rcvd context queue event
  At this point the Anyconnect client says "Connection attempt failed" and that's all.
  So please, any advice how to solve this?
  And do I have to install any particular svc.pkg in the flash? As far as I have found out you can install only one client package (how do you server different clients then?). But if I use permanently installed AnyConnect on my client system the installed svc.pkg on the router doesn't matter at all, right?
  Thanks a lot for any suggestions,
  Grischa

  Some more restrictions:
  12.4(15)T does not support Anyconnect in standalone mode, only web-launch (i.e. starting AC from the clientless portal). You need 12.4(20)T or later for standalone mode.
  In addition with an untrusted certificate you will run into this bug which is not resolved in 12.4(15)T:
  CSCtb73337    AnyConnect does not work with IOS if cert not trusted/name mismatch
  In short, if it's possible to upgrade, go to 15.0(1)M7  (or latest 12.4(24)Tx if 15.0 is out of the question)
  If you're stuck with 12.4(15)T,  only use AC 2.x with weblaunch and make sure the host trusts the router's certificate (create a trustpoint, enroll it, import the certificate on the client into the trusted root store).
  hth
  Herbert

• SSL VPN on Cisco 1941 with Firewall woes

  Hi Folks,
  Been trying to setup SSL VPN on a 1941 with limited sucess.
  I can get the VPN configured and working but as soon as enable the firewall it blocks the VPN
  The VPN connects and I can ping the internal gateway address from a remote client  but I can't
  connect to any of the internal Lan address.
  Been round and round in circles, any help appreciated.
  Cheers
  Building configuration...
  Current configuration : 9532 bytes
  ! Last configuration change at 13:08:29 UTC Sun Feb 23 2014 by admin
  version 15.2
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname router
  boot-start-marker
  boot-end-marker
  no logging buffered
  enable secret 4 xxxxx
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  ip cef
  ip name-server 8.8.8.8
  ip name-server 4.4.4.4
  no ipv6 cef
  multilink bundle-name authenticated
  crypto pki trustpoint my-gw-ca
  enrollment selfsigned
  subject-name Cn=gw
  revocation-check crl
  rsakeypair gw-rsa
  crypto pki trustpoint test_trustpoint_config_created_for_sdm
  subject-name [email protected]
  revocation-check crl
  crypto pki certificate chain my-gw-ca
  certificate self-signed 01
    30820320 30820208 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    DAC0F948 A5B56EDD CD6DABBD 47463AB2 7E3F0DC3 DF4ECCE6 EAC5E916 B83DA4D0 C3119E9B
              quit
  crypto pki certificate chain test_trustpoint_config_created_for_sdm
  license udi pid CISCO1941/K9 sn
  username aaa privilege 15 secret 4
  username bbb privilege 0 secret 4
  username ccc privilege 15 view root secret 4
  redundancy
  class-map type inspect match-all CCP_SSLVPN
  match access-group name CCP_IP
  class-map type inspect match-any ccp-skinny-inspect
  match protocol skinny
  class-map type inspect match-any SDM_WEBVPN
  match access-group name SDM_WEBVPN
  class-map type inspect match-any ccp-h323nxg-inspect
  match protocol h323-nxg
  class-map type inspect match-any ccp-cls-icmp-access
  match protocol icmp
  match protocol tcp
  match protocol udp
  class-map type inspect match-any ccp-h225ras-inspect
  match protocol h225ras
  class-map type inspect match-any ccp-h323annexe-inspect
  match protocol h323-annexe
  class-map type inspect match-any ccp-cls-insp-traffic
  match protocol dns
  match protocol ftp
  match protocol https
  match protocol icmp
  match protocol imap
  match protocol pop3
  match protocol netshow
  match protocol shell
  match protocol realmedia
  match protocol rtsp
  match protocol smtp
  match protocol sql-net
  match protocol streamworks
  match protocol tftp
  match protocol vdolive
  match protocol tcp
  match protocol udp
  class-map type inspect match-any ccp-h323-inspect
  match protocol h323
  class-map type inspect match-all ccp-invalid-src
  match access-group 100
  class-map type inspect match-any ccp-sip-inspect
  match protocol sip
  class-map type inspect match-all ccp-protocol-http
  match protocol http
  class-map type inspect match-all SDM_WEBVPN_TRAFFIC
  match class-map SDM_WEBVPN
  match access-group 102
  class-map type inspect match-all ccp-insp-traffic
  match class-map ccp-cls-insp-traffic
  class-map type inspect match-all ccp-icmp-access
  match class-map ccp-cls-icmp-access
  policy-map type inspect ccp-inspect
  class type inspect ccp-invalid-src
    pass
  class type inspect ccp-protocol-http
    inspect
  class type inspect ccp-insp-traffic
    inspect
  class type inspect ccp-sip-inspect
    inspect
  class type inspect ccp-h323-inspect
    inspect
  class type inspect ccp-h323annexe-inspect
    inspect
  class type inspect ccp-h225ras-inspect
    inspect
  class type inspect ccp-h323nxg-inspect
    inspect
  class type inspect ccp-skinny-inspect
    inspect
  class class-default
    pass
  policy-map type inspect ccp-sslvpn-pol
  class type inspect CCP_SSLVPN
    pass
  class class-default
    drop
  policy-map type inspect ccp-permit
  class type inspect SDM_WEBVPN_TRAFFIC
    inspect
  class class-default
    pass
  policy-map type inspect ccp-permit-icmpreply
  class type inspect ccp-icmp-access
    inspect
  class class-default
    pass
  zone security out-zone
  zone security in-zone
  zone security sslvpn-zone
  zone-pair security ccp-zp-self-out source self destination out-zone
  service-policy type inspect ccp-permit-icmpreply
  zone-pair security ccp-zp-in-out source in-zone destination out-zone
  service-policy type inspect ccp-inspect
  zone-pair security ccp-zp-out-self source out-zone destination self
  service-policy type inspect ccp-permit
  zone-pair security zp-out-zone-sslvpn-zone source out-zone destination sslvpn-zone
  service-policy type inspect ccp-sslvpn-pol
  zone-pair security zp-sslvpn-zone-out-zone source sslvpn-zone destination out-zone
  service-policy type inspect ccp-sslvpn-pol
  zone-pair security zp-in-zone-sslvpn-zone source in-zone destination sslvpn-zone
  service-policy type inspect ccp-sslvpn-pol
  zone-pair security zp-sslvpn-zone-in-zone source sslvpn-zone destination in-zone
  service-policy type inspect ccp-sslvpn-pol
  crypto vpn anyconnect flash0:/webvpn/anyconnect-win-3.1.05152-k9.pkg sequence 1
  interface Embedded-Service-Engine0/0
  no ip address
  shutdown
  interface GigabitEthernet0/0
  description $ETH-LAN$$FW_INSIDE$
  ip address 192.168.192.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  zone-member security in-zone
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  description $ETH-WAN$$FW_OUTSIDE$
  ip address 194.74.99.99 255.255.255.224
  ip nat outside
  ip virtual-reassembly in
  zone-member security out-zone
  duplex auto
  speed auto
  interface Virtual-Template1
  description $FW_INSIDE$
  ip unnumbered GigabitEthernet0/1
  zone-member security in-zone
  interface Virtual-Template2
  description $FW_INSIDE$
  ip unnumbered GigabitEthernet0/1
  zone-member security in-zone
  interface Virtual-Template3
  ip unnumbered GigabitEthernet0/1
  zone-member security sslvpn-zone
  ip local pool vpn-ssl-pool 192.168.192.200 192.168.192.210
  ip forward-protocol nd
  ip http server
  ip http authentication local
  no ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip dns server
  ip nat inside source list 1 interface GigabitEthernet0/1 overload
  ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
  ip access-list extended CCP_IP
  remark CCP_ACL Category=128
  permit ip any any
  ip access-list extended SDM_WEBVPN
  remark CCP_ACL Category=1
  permit tcp any any eq 4444
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.192.0 0.0.0.255
  access-list 100 remark CCP_ACL Category=128
  access-list 100 permit ip host 255.255.255.255 any
  access-list 100 permit ip 127.0.0.0 0.255.255.255 any
  access-list 101 remark CCP_ACL Category=0
  access-list 101 permit ip any host 192.168.192.2
  access-list 102 remark CCP_ACL Category=128
  access-list 102 permit ip any host 194.74.2.81
  control-plane
  webvpn gateway ssl_gw
  ip address 194.74.99.99 port 4444 
  ssl trustpoint my-gw-ca
  inservice
  webvpn context ssl-ctx
  acl "ssl-acl"
     permit ip 192.168.192.0 255.255.255.0 192.168.192.0 255.255.255.0
  gateway ssl_gw
  max-users 10
  ssl authenticate verify all
  inservice
  policy group ssl_policy
     functions svc-enabled
     filter tunnel ssl-acl
     svc address-pool "vpn-ssl-pool" netmask 255.255.255.0
     svc keep-client-installed
     svc split include 192.168.192.0 255.255.255.0
     svc dns-server primary 192.168.192.2
  default-group-policy ssl_policy
  end

  Hello Fahad,
  Please see my inline responses.
  1)I have some questions, does this 5500 Series of ASA firewall also have IDS(Intrusion Detection System)?
  You can have an IPS module if your ASA model supports it.
  2) My other question is that the configuration and troubleshooting of SSL VPN technique is  same on all ASA models?
  Yes, pretty much the same
  Regards,
  Jazib

• Cisco AnyConnect SSL VPN no split tunnel and no hairpinning internet access

  Greetings,
  I am looking to configure a Cisco ASA 5515X for Cisco AnyConnect Essentials SSL VPN where ALL SSL-VPN traffic is tunneled, no split tunneling or hairpinning on the outside interface. However users require internet access. I need to route traffic out the "trusted" or "inside" interface to another device that performs content-filtering and inspection which then egresses out to the internet from there. Typically this could be done using a route-map (which ASA's do not support) or with a VRF (again, not an option on the ASA). The default route points to the outside interface toward the internet.
  Is there no other method to force all my SSL-VPN traffic out the inside interface toward LAN subnets as needed and have another default route point toward the filtering device?
  OR 
  Am I forced to put the ASA behind the filtering device somehow?

  Hi Jim,
  You can use tunnel default route for vpn traffic:
  ASA(config)# route inside 0.0.0.0 0.0.0.0 <inside hop> tunneled
  configure mode commands/options:
    <1-255>   Distance metric for this route, default is 1
    track     Install route depending on tracked item
    tunneled  Enable the default tunnel gateway option, metric is set to 255
  This route is applicable for only vpn traffic.
  HTH,
  Shetty

• SSL VPN and Dynamic DNS - ddns on IOS

  Hello,
  I'm trying to configure a SSL VPN tunnel via SDM on a 877 Router. The router gets the public IP address dynamically from the ISP, so I have configured the DDNS to access remotely to the router. I would like to know if it's possible to configure the SSL VPN to support the dynamic IP via SDM o CLI.
  Regards
  Gerard

  Seems like i have fixed the problem using:
  webvpn gateway gateway_1
  ip interface Dialer0 port 443
  ssl trustpoint local
  inservice
  However when the router is rebooted, it results in this error:
  Invalid ip address First configure an IP address for the gateway
  Any idea how to delay the webvpn commands at startup until dialer0 gets a dynamic IP ?

• Ssl vpn and soft phone

  Does the ASA or IOS support an SSL VPN that includes the Cisco softphone like it does say RDP, SSH, etc?  I'm trying to determine if I can have a user connect a soft phone to our parent company's SSL VPN so they can use their Cisco phone system, while simultaneously having a remote access vpn tunnel to our division's data network.  In short, our employees need to use phones that don't exist on our network while having access to our data network.  I've been able to test having an SSL vpn session open at the same time as an IPSec remote access session, but the softphone is not an option in my current code of 8.4 on the ASA.  I thought I heard it might be available in 9.0.  It seems like it would work in reverse, i.e. having my users connect to my SSL VPN to use my data network and then IPSec to our parent company for the client's locally installed soft phone, but that's not an option for me.  The link below seems to suggest it's possible in IOS at least, but I haven't been able to find any details beyond the sales pitch it offers.
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/white_paper_securing_voice_traffic_with_cisco_ios_ssl_vpn.html
  thank you

  Following links may help you
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008072462a.shtml

• Jabber client and IP Phone SSL VPN to ASA using AnyConnect

  Also for Jabber 9.1 can the Jabber for X softphone client (CUCM) can fireup a SSL VPN direct to ASA, similar to how 7965s can? Anyone aware if Jabber 10 or next version will support Jabber client with ASA? I have this delpoyed with 7965s and certificates but I have to manually start a AnyConnect session for Jabber for Windows on my laptop.
  https://supportforums.cisco.com/docs/DOC-9124

  The embargo/NDA is being lifted. The ASA is not involved. Here's the jump page with info:
  http://www.cisco.com/en/US/netsol/ns1246/index.html
  PS- Jason could have found out details in advance since DiData has partner NDA status.
  Please remember to rate helpful responses and identify helpful or correct answers.

• IP Phone SSL VPN to ASA for multiple CUCM (CallManager)

  hi all,
  I have a case to support multiple CallManager clusters in different locations for internet SSL VPN IP Phone. We will deploy one ASA firewall for SSL VPN IP Phone connections. So, can we use single ASA firewall for mulitple CUCM clusters?? In order words, Internet IP Phone will connect to different CUCM via a single ASA firewall (by using SSL VPN).
  I tested I need to upload the ASA's certificate into CUCM and upload CUCM's certificate into ASA for one ASA to one CUCM. If I create multiple profile (e.g. different URL for phone logins) for different CUCM. Is it possible to do that?
  thanks for your input!
  Samuel

  Samuel,
  Did you ever find an answer to your question? I have a similar scenario.
  Any input would be appreciated.

• IP Phone SSL VPN to ASA using AnyConnect

  I have a CUCM 7.1.5. We are using Phone proxy today. I wanted to upgrade to IP phone SSL VPN.
  I know in 8.x and 9.x the Proxy phone is not supported and Cisco supports SSL VPN.
  However, The question is: if CUCM 7.1.5 supports Phone SSL VPN.
  Lastly,
  I hear about Collaboration Edge in CUCM 10.x
  If CUCM 10.x is deployed then how the ASA concept plays a role here.
  What type of license I would need for Collaboration Edge to register the endpoints\phones from outside of network. 
  I cant find any information about the Colaboration Edge on the Internet...
  Message was edited by: Sean Poure

  The embargo/NDA is being lifted. The ASA is not involved. Here's the jump page with info:
  http://www.cisco.com/en/US/netsol/ns1246/index.html
  PS- Jason could have found out details in advance since DiData has partner NDA status.
  Please remember to rate helpful responses and identify helpful or correct answers.

• Since the last update I can no longer connect remotely to an SSL VPN system

  I connect to work remotely (SSL VPN site, whatever that means), and was always able to do so successfully until this week. I can reach the log-in site, my password is accepted, but then when I click "Connect", I am left forever on the screen that says, "Launching Connection, please wait..."

  Hello jmichel216,
  It sounds like you are unable to connect to any Wi-Fi network after updating your iOS version. I recommend the troubleshooting from the article named:
  iOS: Troubleshooting Wi-Fi networks and connections
  http://support.apple.com/kb/ts1398
  Restart your iOS device.
  Unable to connect to a Wi-Fi network
  Verify that you're attempting to connect to your desired Wi-Fi network.
  Make sure you're entering your Wi-Fi password correctly. Passwords may be case sensitive and may contain numbers or special characters.
  Reset network settings by tapping Settings > General > Reset > Reset Network Settings. Note: This will reset all network settings including:
  previously connected Wi-Fi networks and passwords
  recently used Bluetooth accessories
  VPN and APN settings
  Thank you for using Apple Support Communities.
  Take care,
  Sterling

• SA540 SSL VPN Client will not install on Windows 7

  I had the SSL VPN Client working on my Windows 7 laptop.  I tried to use the SSL VPN through Firefox and now my client does not work on IE anymore.
  The install process beings and the progress bar makes it halfway before I get an error saying the install failed.
  I tried everything I could to remove the SSL VPN client manually.  I even followed the instructions posted at the end of this forum posting:  https://cisco-support.hosted.jivesoftware.com/thread/2018716?decorator=print&displayFullThread=true
  Nothing has worked.
  The best I can find is the VPN Client is crashing during install.  I saw this in the Event Log.
  Fault bucket 177244756, type 5
  Event Name: PnPDriverInstallError
  Response: Not available
  Cab Id: 0
  Problem signature:
  P1: x64
  P2: E0000234
  P3: ssldrv.inf
  P4: 93775c2b0faa616bc11a47d4ff617aa8d00cd56f
  P5: SSLDrv.Ndi
  P6:
  P7:
  P8:
  P9:
  P10:
  Attached files:
  C:\Users\shudson\AppData\Local\Temp\DMIE984.tmp.log.xml
  C:\Windows\inf\oem54.inf
  These files may be available here:
  C:\Users\shudson\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_d317f66069d2e3b17f6bc1e7306afd9085494a_1020fe2c
  Analysis symbol:
  Rechecking for solution: 0
  Report Id: 75c67e96-1882-11e0-8e4d-5c260a0235ed
  Report Status: 0
  I then used AppCrashView to see the crash report and I get this:
  Version=1
  EventType=APPCRASH
  EventTime=129386443518175301
  ReportType=2
  Consent=1
  UploadTime=129386443518799293
  ReportIdentifier=2a4c4f0a-183c-11e0-aac2-5c260a0235ed
  IntegratorReportIdentifier=2a4c4f09-183c-11e0-aac2-5c260a0235ed
  WOW64=1
  Response.BucketId=2007535968
  Response.BucketTable=1
  Response.type=4
  Sig[0].Name=Application Name
  Sig[0].Value=VirtualPassageExe.exe
  Sig[1].Name=Application Version
  Sig[1].Value=1.7.3.1
  Sig[2].Name=Application Timestamp
  Sig[2].Value=4b20cf25
  Sig[3].Name=Fault Module Name
  Sig[3].Value=OLEAUT32.dll
  Sig[4].Name=Fault Module Version
  Sig[4].Value=6.1.7600.16567
  Sig[5].Name=Fault Module Timestamp
  Sig[5].Value=4bbc2f3d
  Sig[6].Name=Exception Code
  Sig[6].Value=c0000005
  Sig[7].Name=Exception Offset
  Sig[7].Value=00004660
  DynamicSig[1].Name=OS Version
  DynamicSig[1].Value=6.1.7600.2.0.0.256.48
  DynamicSig[2].Name=Locale ID
  DynamicSig[2].Value=1033
  DynamicSig[22].Name=Additional Information 1
  DynamicSig[22].Value=0a9e
  DynamicSig[23].Name=Additional Information 2
  DynamicSig[23].Value=0a9e372d3b4ad19135b953a78882e789
  DynamicSig[24].Name=Additional Information 3
  DynamicSig[24].Value=0a9e
  DynamicSig[25].Name=Additional Information 4
  DynamicSig[25].Value=0a9e372d3b4ad19135b953a78882e789
  UI[2]=C:\Users\shudson\CiscoCisco-SSLVPN-Tunnel\VirtualPassageExe.exe
  UI[3]=VirtualPassageExe MFC Application has stopped working
  UI[4]=Windows can check online for a solution to the problem.
  UI[5]=Check online for a solution and close the program
  UI[6]=Check online for a solution later and close the program
  UI[7]=Close the program
  LoadedModule[0]=C:\Users\shudson\CiscoCisco-SSLVPN-Tunnel\VirtualPassageExe.exe
  LoadedModule[1]=C:\Windows\SysWOW64\ntdll.dll
  LoadedModule[2]=C:\Windows\syswow64\kernel32.dll
  LoadedModule[3]=C:\Windows\syswow64\KERNELBASE.dll
  LoadedModule[4]=C:\Windows\system32\MFC42.DLL
  LoadedModule[5]=C:\Windows\syswow64\msvcrt.dll
  LoadedModule[6]=C:\Windows\syswow64\USER32.dll
  LoadedModule[7]=C:\Windows\syswow64\GDI32.dll
  LoadedModule[8]=C:\Windows\syswow64\LPK.dll
  LoadedModule[9]=C:\Windows\syswow64\USP10.dll
  LoadedModule[10]=C:\Windows\syswow64\ADVAPI32.dll
  LoadedModule[11]=C:\Windows\SysWOW64\sechost.dll
  LoadedModule[12]=C:\Windows\syswow64\RPCRT4.dll
  LoadedModule[13]=C:\Windows\syswow64\SspiCli.dll
  LoadedModule[14]=C:\Windows\syswow64\CRYPTBASE.dll
  LoadedModule[15]=C:\Windows\syswow64\ole32.dll
  LoadedModule[16]=C:\Windows\syswow64\OLEAUT32.dll
  LoadedModule[17]=C:\Windows\system32\ODBC32.dll
  LoadedModule[18]=C:\Windows\syswow64\SHELL32.dll
  LoadedModule[19]=C:\Windows\syswow64\SHLWAPI.dll
  LoadedModule[20]=C:\Windows\system32\apphelp.dll
  LoadedModule[21]=C:\Windows\AppPatch\AcLayers.DLL
  LoadedModule[22]=C:\Windows\system32\USERENV.dll
  LoadedModule[23]=C:\Windows\system32\profapi.dll
  LoadedModule[24]=C:\Windows\system32\WINSPOOL.DRV
  LoadedModule[25]=C:\Windows\system32\MPR.dll
  LoadedModule[26]=C:\Windows\system32\IMM32.DLL
  LoadedModule[27]=C:\Windows\syswow64\MSCTF.dll
  LoadedModule[28]=C:\Windows\system32\odbcint.dll
  LoadedModule[29]=C:\Windows\system32\uxtheme.dll
  LoadedModule[30]=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.DLL
  LoadedModule[31]=C:\Windows\system32\dwmapi.dll
  State[0].Key=Transport.DoneStage1
  State[0].Value=1
  FriendlyEventName=Stopped working
  ConsentKey=APPCRASH
  AppName=VirtualPassageExe MFC Application
  AppPath=C:\Users\shudson\CiscoCisco-SSLVPN-Tunnel\VirtualPassageExe.exe
  None of this makes any sense to me, but may someone can tell me why the install is failing?
  Thanks,
  Scott

  Mario,
  I tried everything you mentioned.  I cleared cookies and temporary files.  I enabled SSL 3.0. I restarted IE.
  I get the same thing.  The install process starts and then ends at suddenly saying the install failed.
  Scott

• Port forwarding for clientless SSL VPN access

  Hello,
  I am currently trying to set up clientless SSL VPN access for some remote sites that our company does business with. Since their machines are not owned by my company, we don't want to install/support a VPN client. Therefore, SSL is a great option.
  However, I'm running into an issue. I'm trying to set up port forwarding for a few remote servers. These remote servers are different and have distinct IP addresses. They are attempting to connect with two different servers here.
  But my issue is that both servers are trying to use the same TCP port. The ASDM is not letting me use two different port forwarding rules for the same TCP port. The rules can exist side-by-side, but they cannot be used at the same time.
  Why? It's not trying to access the same TCP port on a server when it's already in use. Is there anyway I can get around this?
  If this doesn't make sense, please let me know and I'll do my best to explain it better.

  Hi Caleb,
  if you mean clientless webvpn port-forwarding lists, then you should be able to get your requirments. even the same port of the same server can be mapped to different ports bound to the loopback IP.
  CLI:
  ciscoasa(config) webvpn
  ciscoasa(config-webvpn)# port-forward PF 2323 192.168.1.100 23
  ciscoasa(config-webvpn)# port-forward PF 2300 192.168.1.200 23
  then you apply the port-forwarder list under a group-policy
  Hope this helps
  Mashal
  Mashal Alshboul

• RV320 SSL VPN ActiveX and Virtual Passage driver on Windows 7 64-bit

  Hi,
  My company has just purchased a new RV320 router and only afterwards found out from the release notes that there are issues with the SSL VPN in this unit and other small business routers. Is there any news on when these issues will be fixed?
  1) ActiveX controls have expired certificate dated 24/9/14 - this prevents them from running unless without changing IE security settings to prompt or allow unsigned controls, which is a big security risk.
  2) ActiveX controls do not work on Windows 64-bit. Release notes state Windows 7 IE10 and Windows 8.1 IE11, however they also fail on Windows 7 IE11. Even adding router to Trusted Sites to force 32-bit mode results in error message stating that IE is required for the controls.
  3) Virtual Passage driver will not install - crashes IE10/IE11 with a BEX violation.  From a dig around the web it appears that the Netgear SRX5308 uses the same Cavium chipset and a Virtual Passage driver that works with Windows 7 64-bit, and installs fine using IE10/11 (and if you install the Netgear driver it works with the Cisco RV routers too, proving that the driver is fully compatible...) - if Netgear can get this working, why can't Cisco?
  I've only just started setting us this router and show stopper issues like this might end up with an RMA being requested as it appears to be unsuitable for purpose, already run into other issues with I've posted about. :(
  EDIT: Got (2) sort of working on IE11 - seems that the Cisco interface is specifically looking for old style IE user agent strings, so using developer tools to set the user agent to IE9, and changing security settings in Trusted Sites to prompt for unsigned controls (due to issue (1)), allows the controls to install and load. These issues are pretty simple to fix, requiring just a string check change and updated signed controls. Fingers crossed these are fixed in the new firmware due soon, awaiting response from Cisco support to my open ticket.
  Looks like (3) is prevented from working by (1), and also because the certificate has expired it is treated as software without a valid publisher which cannot be installed in Windows 7 without fiddling in the registry. Releasing an updated version with a certificate that isn't expired should solve that issue too.
  These are ridiculously simple fixes to push out, I can't believe a major hardware vendor like Cisco hasn't already solved these issues.

  I've had a reply from Cisco support regarding this issue, and it's a bleak outlook. This is a copy from the email I received:
  "Engineering has no plans to support SSL VPN on RV32x due to chipset limitations. Pretty much, it will work for old XP and Win7 32-bits."
  So Cisco are falsely advertising that the RV320 has SSL VPN capabilities when there are no plans to update it so that it works with 64-bit Windows (which is now the major install base for Windows as most new systems are 64-bit based), and as the certificates have expired in the SSL VPN components they are not even useable on 32-bit systems without overriding a number of security settings.
  Dan