IPhone SSL VPN Support
So I'll be going to George Washington University in the fall and I was curious this morning and looked into what type of WLAN they deploy to their students and it looks like they run a SSL VPN. I was just at the campus a couple of weeks ago and got the network to work with my Macbook Pro but could not get it to work with my iPhone. Now that the new 2.0 software update is out I was wondering if Apple added support for SSL VPN networks. Does anyone know if they did or if there are any current solutions to making an iPhone to work with such a network?
Can anyone else shed some light on this?
The only official information available is what Apple has published on its web site and what is revealed in the video of the Announcement from yesterday.
Any developers who reveal anything more will be speaking against the terms of the Non-Disclosure Agreement they signed with Apple.
Similar Messages
-
OS 4.0 brings SSL VPN support including OpenVPN?
One of the new enterprise enhancements of the iPhone 4.0 will be to bring SSL VPN support. I want to hear more details on this enhancement, because I read that to mean it should support OpenVPN! OpenVPN = SSL VPN. Can anyone else shed some light on this?
I hope it's true!!!!Can anyone else shed some light on this?
The only official information available is what Apple has published on its web site and what is revealed in the video of the Announcement from yesterday.
Any developers who reveal anything more will be speaking against the terms of the Non-Disclosure Agreement they signed with Apple. -
I setup a Cisco ASA 5510 SSL VPN with the folowing;
IOS 7.2
SSL VPN CLient sslclient-win-1.1.1.164.pkg
Out of 400 users, there is one user having problem installing the SSL Client to his laptop. The user laptop information is;
IBM Thinkpad T40
Windows XP SP 2
Internet Explorer 7
All patches up-to-date
All drivers up-to-date
SSL VPN Client connection process;
- User login with valid account and password
- The SSL VPN Client package will automatically download and installed.
- User will then be connected to SSL VPN
The ERRORS;
1. GUI (Cisco SSL VPN Client installation process)
"The SSL VPN Client driver has Encountered an Error"
2. Event Viewer
The only error in this user event viewer that differs from other users who successfully connected are;
a)
Function: EnableVA
Return code: 0
File: e:\temp\build\workspace\SSLClient\Agent\VAMgr.cpp
Line: 310
Description: unknown
b)
Function: EnableVA
Return code: 0xFE080007
File: e:\temp\build\workspace\SSLClient\Agent\VpnMgr.cpp
Line: 1145
Description: VAMGR_ERROR_ENABLE_VA_FAILED
Anyone know what thus the error means?
BTW, anyone know the link to SSL VPN knowledgebase. i.e errors, root cause, solutions?
ThanksThe Cisco SVC provides end users running Microsoft Windows XP or Windows 2000 with the benefits of a Cisco IPSec VPN client without the administrative overhead required to install and configure an IPSec client. It supports applications and functions unavailable to a standard WebVPN connection.
http://www.cisco.com/univercd/cc/td/doc/product/vpn/svc/svcrn110.htm -
No SSL VPN tunnel from AnyConnect to IOS
Dear all
Due to the annoying WWAN issues with the old Cisco VPN client (IPsec) I am trying to establish remote access to a LAN behind a Cisco 1803 using Anyconnect and SSL VPN.
But I simply cannot make it work.
I have a Cisco 1803 running IOS Version 12.4(15)T15 and I have tried Anyconnect 3.0 and 2.4 on Windows XP and MacOS 10.5, none of them established a VPN connection to the router, saying not a single word more but "Connection attempt has failed".
Here is my configuration on the router:
crypto pki trustpoint TP-self-signed-595019360
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-595019360
revocation-check none
rsakeypair TP-self-signed-595019360
crypto pki certificate chain TP-self-signed-595019360
certificate self-signed 01
3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
[......skipped....]
interface Loopback123
ip address 192.168.123.254 255.255.255.0
ip local pool GS-POOL 192.168.123.1 192.168.123.10
webvpn gateway GS-GW
hostname GS-VPN-test
ip address x.x.x.x port 443
ssl trustpoint TP-self-signed-595019360
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn context GS-CONTEXT
ssl authenticate verify all
policy group GS-POLICY
functions svc-required
svc address-pool "GS-POOL"
default-group-policy GS-POLICY
gateway GS-GW
inservice
These are my debug settings:
#sh debug
WebVPN Subsystem:
WebVPN (verbose) debugging is on
debug webvpn entry GS-CONTEXT
WebVPN HTTP (verbose) debugging is on
WebVPN AAA debugging is on
WebVPN tunnel (verbose) debugging is on
WebVPN Single Sign On debugging is on
And these are all debug messages I get upon incoming connection:
Sep 13 13:12:03.267 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:12:03.271 MEST: WV: sslvpn process rcvd context queue event
At this poibnt I have to accept the self-sigbned certificate in the AnyConnect client. Doing so repeats these messages again five times. Then I hav to accept the certificate in the client a second time (WHY?) Then the router gives these messages:
Sep 13 13:14:10.754 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:10.754 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:10.766 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:10.766 MEST: WV: http request: / with no cookie
Sep 13 13:14:10.766 MEST: WV-HTTP: Deallocating HTTP info
Sep 13 13:14:10.766 MEST: WV: Client side Chunk data written..
buffer=0x84E54AA0 total_len=191 bytes=191 tcb=0x85066820
Sep 13 13:14:10.766 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.050 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.054 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.354 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.354 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.366 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.366 MEST: WV: http request: /webvpn.html with domain cookie
Sep 13 13:14:11.366 MEST: WV-HTTP: Deallocating HTTP info
Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
buffer=0x84E54AA0 total_len=1009 bytes=1009 tcb=0x83DABBF4
Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
buffer=0x84E54A80 total_len=1009 bytes=1009 tcb=0x83DABBF4
Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
buffer=0x84E54A60 total_len=1009 bytes=1009 tcb=0x83DABBF4
Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
buffer=0x84E54A40 total_len=1009 bytes=1009 tcb=0x83DABBF4
Sep 13 13:14:11.370 MEST: WV: Client side Chunk data written..
buffer=0x84E54A20 total_len=641 bytes=641 tcb=0x83DABBF4
Sep 13 13:14:11.370 MEST: WV: sslvpn process rcvd context queue event
At this point the Anyconnect client says "Connection attempt failed" and that's all.
So please, any advice how to solve this?
And do I have to install any particular svc.pkg in the flash? As far as I have found out you can install only one client package (how do you server different clients then?). But if I use permanently installed AnyConnect on my client system the installed svc.pkg on the router doesn't matter at all, right?
Thanks a lot for any suggestions,
GrischaSome more restrictions:
12.4(15)T does not support Anyconnect in standalone mode, only web-launch (i.e. starting AC from the clientless portal). You need 12.4(20)T or later for standalone mode.
In addition with an untrusted certificate you will run into this bug which is not resolved in 12.4(15)T:
CSCtb73337 AnyConnect does not work with IOS if cert not trusted/name mismatch
In short, if it's possible to upgrade, go to 15.0(1)M7 (or latest 12.4(24)Tx if 15.0 is out of the question)
If you're stuck with 12.4(15)T, only use AC 2.x with weblaunch and make sure the host trusts the router's certificate (create a trustpoint, enroll it, import the certificate on the client into the trusted root store).
hth
Herbert -
SSL VPN on Cisco 1941 with Firewall woes
Hi Folks,
Been trying to setup SSL VPN on a 1941 with limited sucess.
I can get the VPN configured and working but as soon as enable the firewall it blocks the VPN
The VPN connects and I can ping the internal gateway address from a remote client but I can't
connect to any of the internal Lan address.
Been round and round in circles, any help appreciated.
Cheers
Building configuration...
Current configuration : 9532 bytes
! Last configuration change at 13:08:29 UTC Sun Feb 23 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname router
boot-start-marker
boot-end-marker
no logging buffered
enable secret 4 xxxxx
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
ip cef
ip name-server 8.8.8.8
ip name-server 4.4.4.4
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint my-gw-ca
enrollment selfsigned
subject-name Cn=gw
revocation-check crl
rsakeypair gw-rsa
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki certificate chain my-gw-ca
certificate self-signed 01
30820320 30820208 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
DAC0F948 A5B56EDD CD6DABBD 47463AB2 7E3F0DC3 DF4ECCE6 EAC5E916 B83DA4D0 C3119E9B
quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
license udi pid CISCO1941/K9 sn
username aaa privilege 15 secret 4
username bbb privilege 0 secret 4
username ccc privilege 15 view root secret 4
redundancy
class-map type inspect match-all CCP_SSLVPN
match access-group name CCP_IP
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any SDM_WEBVPN
match access-group name SDM_WEBVPN
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-all SDM_WEBVPN_TRAFFIC
match class-map SDM_WEBVPN
match access-group 102
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
pass
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
pass
policy-map type inspect ccp-sslvpn-pol
class type inspect CCP_SSLVPN
pass
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_WEBVPN_TRAFFIC
inspect
class class-default
pass
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
zone security out-zone
zone security in-zone
zone security sslvpn-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security zp-out-zone-sslvpn-zone source out-zone destination sslvpn-zone
service-policy type inspect ccp-sslvpn-pol
zone-pair security zp-sslvpn-zone-out-zone source sslvpn-zone destination out-zone
service-policy type inspect ccp-sslvpn-pol
zone-pair security zp-in-zone-sslvpn-zone source in-zone destination sslvpn-zone
service-policy type inspect ccp-sslvpn-pol
zone-pair security zp-sslvpn-zone-in-zone source sslvpn-zone destination in-zone
service-policy type inspect ccp-sslvpn-pol
crypto vpn anyconnect flash0:/webvpn/anyconnect-win-3.1.05152-k9.pkg sequence 1
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description $ETH-LAN$$FW_INSIDE$
ip address 192.168.192.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
duplex auto
speed auto
interface GigabitEthernet0/1
description $ETH-WAN$$FW_OUTSIDE$
ip address 194.74.99.99 255.255.255.224
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
duplex auto
speed auto
interface Virtual-Template1
description $FW_INSIDE$
ip unnumbered GigabitEthernet0/1
zone-member security in-zone
interface Virtual-Template2
description $FW_INSIDE$
ip unnumbered GigabitEthernet0/1
zone-member security in-zone
interface Virtual-Template3
ip unnumbered GigabitEthernet0/1
zone-member security sslvpn-zone
ip local pool vpn-ssl-pool 192.168.192.200 192.168.192.210
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
ip access-list extended CCP_IP
remark CCP_ACL Category=128
permit ip any any
ip access-list extended SDM_WEBVPN
remark CCP_ACL Category=1
permit tcp any any eq 4444
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.192.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.192.2
access-list 102 remark CCP_ACL Category=128
access-list 102 permit ip any host 194.74.2.81
control-plane
webvpn gateway ssl_gw
ip address 194.74.99.99 port 4444
ssl trustpoint my-gw-ca
inservice
webvpn context ssl-ctx
acl "ssl-acl"
permit ip 192.168.192.0 255.255.255.0 192.168.192.0 255.255.255.0
gateway ssl_gw
max-users 10
ssl authenticate verify all
inservice
policy group ssl_policy
functions svc-enabled
filter tunnel ssl-acl
svc address-pool "vpn-ssl-pool" netmask 255.255.255.0
svc keep-client-installed
svc split include 192.168.192.0 255.255.255.0
svc dns-server primary 192.168.192.2
default-group-policy ssl_policy
endHello Fahad,
Please see my inline responses.
1)I have some questions, does this 5500 Series of ASA firewall also have IDS(Intrusion Detection System)?
You can have an IPS module if your ASA model supports it.
2) My other question is that the configuration and troubleshooting of SSL VPN technique is same on all ASA models?
Yes, pretty much the same
Regards,
Jazib -
Cisco AnyConnect SSL VPN no split tunnel and no hairpinning internet access
Greetings,
I am looking to configure a Cisco ASA 5515X for Cisco AnyConnect Essentials SSL VPN where ALL SSL-VPN traffic is tunneled, no split tunneling or hairpinning on the outside interface. However users require internet access. I need to route traffic out the "trusted" or "inside" interface to another device that performs content-filtering and inspection which then egresses out to the internet from there. Typically this could be done using a route-map (which ASA's do not support) or with a VRF (again, not an option on the ASA). The default route points to the outside interface toward the internet.
Is there no other method to force all my SSL-VPN traffic out the inside interface toward LAN subnets as needed and have another default route point toward the filtering device?
OR
Am I forced to put the ASA behind the filtering device somehow?Hi Jim,
You can use tunnel default route for vpn traffic:
ASA(config)# route inside 0.0.0.0 0.0.0.0 <inside hop> tunneled
configure mode commands/options:
<1-255> Distance metric for this route, default is 1
track Install route depending on tracked item
tunneled Enable the default tunnel gateway option, metric is set to 255
This route is applicable for only vpn traffic.
HTH,
Shetty -
SSL VPN and Dynamic DNS - ddns on IOS
Hello,
I'm trying to configure a SSL VPN tunnel via SDM on a 877 Router. The router gets the public IP address dynamically from the ISP, so I have configured the DDNS to access remotely to the router. I would like to know if it's possible to configure the SSL VPN to support the dynamic IP via SDM o CLI.
Regards
GerardSeems like i have fixed the problem using:
webvpn gateway gateway_1
ip interface Dialer0 port 443
ssl trustpoint local
inservice
However when the router is rebooted, it results in this error:
Invalid ip address First configure an IP address for the gateway
Any idea how to delay the webvpn commands at startup until dialer0 gets a dynamic IP ? -
Does the ASA or IOS support an SSL VPN that includes the Cisco softphone like it does say RDP, SSH, etc? I'm trying to determine if I can have a user connect a soft phone to our parent company's SSL VPN so they can use their Cisco phone system, while simultaneously having a remote access vpn tunnel to our division's data network. In short, our employees need to use phones that don't exist on our network while having access to our data network. I've been able to test having an SSL vpn session open at the same time as an IPSec remote access session, but the softphone is not an option in my current code of 8.4 on the ASA. I thought I heard it might be available in 9.0. It seems like it would work in reverse, i.e. having my users connect to my SSL VPN to use my data network and then IPSec to our parent company for the client's locally installed soft phone, but that's not an option for me. The link below seems to suggest it's possible in IOS at least, but I haven't been able to find any details beyond the sales pitch it offers.
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/white_paper_securing_voice_traffic_with_cisco_ios_ssl_vpn.html
thank youFollowing links may help you
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008072462a.shtml -
Jabber client and IP Phone SSL VPN to ASA using AnyConnect
Also for Jabber 9.1 can the Jabber for X softphone client (CUCM) can fireup a SSL VPN direct to ASA, similar to how 7965s can? Anyone aware if Jabber 10 or next version will support Jabber client with ASA? I have this delpoyed with 7965s and certificates but I have to manually start a AnyConnect session for Jabber for Windows on my laptop.
https://supportforums.cisco.com/docs/DOC-9124The embargo/NDA is being lifted. The ASA is not involved. Here's the jump page with info:
http://www.cisco.com/en/US/netsol/ns1246/index.html
PS- Jason could have found out details in advance since DiData has partner NDA status.
Please remember to rate helpful responses and identify helpful or correct answers. -
IP Phone SSL VPN to ASA for multiple CUCM (CallManager)
hi all,
I have a case to support multiple CallManager clusters in different locations for internet SSL VPN IP Phone. We will deploy one ASA firewall for SSL VPN IP Phone connections. So, can we use single ASA firewall for mulitple CUCM clusters?? In order words, Internet IP Phone will connect to different CUCM via a single ASA firewall (by using SSL VPN).
I tested I need to upload the ASA's certificate into CUCM and upload CUCM's certificate into ASA for one ASA to one CUCM. If I create multiple profile (e.g. different URL for phone logins) for different CUCM. Is it possible to do that?
thanks for your input!
SamuelSamuel,
Did you ever find an answer to your question? I have a similar scenario.
Any input would be appreciated. -
IP Phone SSL VPN to ASA using AnyConnect
I have a CUCM 7.1.5. We are using Phone proxy today. I wanted to upgrade to IP phone SSL VPN.
I know in 8.x and 9.x the Proxy phone is not supported and Cisco supports SSL VPN.
However, The question is: if CUCM 7.1.5 supports Phone SSL VPN.
Lastly,
I hear about Collaboration Edge in CUCM 10.x
If CUCM 10.x is deployed then how the ASA concept plays a role here.
What type of license I would need for Collaboration Edge to register the endpoints\phones from outside of network.
I cant find any information about the Colaboration Edge on the Internet...
Message was edited by: Sean PoureThe embargo/NDA is being lifted. The ASA is not involved. Here's the jump page with info:
http://www.cisco.com/en/US/netsol/ns1246/index.html
PS- Jason could have found out details in advance since DiData has partner NDA status.
Please remember to rate helpful responses and identify helpful or correct answers. -
Since the last update I can no longer connect remotely to an SSL VPN system
I connect to work remotely (SSL VPN site, whatever that means), and was always able to do so successfully until this week. I can reach the log-in site, my password is accepted, but then when I click "Connect", I am left forever on the screen that says, "Launching Connection, please wait..."
Hello jmichel216,
It sounds like you are unable to connect to any Wi-Fi network after updating your iOS version. I recommend the troubleshooting from the article named:
iOS: Troubleshooting Wi-Fi networks and connections
http://support.apple.com/kb/ts1398
Restart your iOS device.
Unable to connect to a Wi-Fi network
Verify that you're attempting to connect to your desired Wi-Fi network.
Make sure you're entering your Wi-Fi password correctly. Passwords may be case sensitive and may contain numbers or special characters.
Reset network settings by tapping Settings > General > Reset > Reset Network Settings. Note: This will reset all network settings including:
previously connected Wi-Fi networks and passwords
recently used Bluetooth accessories
VPN and APN settings
Thank you for using Apple Support Communities.
Take care,
Sterling -
SA540 SSL VPN Client will not install on Windows 7
I had the SSL VPN Client working on my Windows 7 laptop. I tried to use the SSL VPN through Firefox and now my client does not work on IE anymore.
The install process beings and the progress bar makes it halfway before I get an error saying the install failed.
I tried everything I could to remove the SSL VPN client manually. I even followed the instructions posted at the end of this forum posting: https://cisco-support.hosted.jivesoftware.com/thread/2018716?decorator=print&displayFullThread=true
Nothing has worked.
The best I can find is the VPN Client is crashing during install. I saw this in the Event Log.
Fault bucket 177244756, type 5
Event Name: PnPDriverInstallError
Response: Not available
Cab Id: 0
Problem signature:
P1: x64
P2: E0000234
P3: ssldrv.inf
P4: 93775c2b0faa616bc11a47d4ff617aa8d00cd56f
P5: SSLDrv.Ndi
P6:
P7:
P8:
P9:
P10:
Attached files:
C:\Users\shudson\AppData\Local\Temp\DMIE984.tmp.log.xml
C:\Windows\inf\oem54.inf
These files may be available here:
C:\Users\shudson\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_d317f66069d2e3b17f6bc1e7306afd9085494a_1020fe2c
Analysis symbol:
Rechecking for solution: 0
Report Id: 75c67e96-1882-11e0-8e4d-5c260a0235ed
Report Status: 0
I then used AppCrashView to see the crash report and I get this:
Version=1
EventType=APPCRASH
EventTime=129386443518175301
ReportType=2
Consent=1
UploadTime=129386443518799293
ReportIdentifier=2a4c4f0a-183c-11e0-aac2-5c260a0235ed
IntegratorReportIdentifier=2a4c4f09-183c-11e0-aac2-5c260a0235ed
WOW64=1
Response.BucketId=2007535968
Response.BucketTable=1
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=VirtualPassageExe.exe
Sig[1].Name=Application Version
Sig[1].Value=1.7.3.1
Sig[2].Name=Application Timestamp
Sig[2].Value=4b20cf25
Sig[3].Name=Fault Module Name
Sig[3].Value=OLEAUT32.dll
Sig[4].Name=Fault Module Version
Sig[4].Value=6.1.7600.16567
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=4bbc2f3d
Sig[6].Name=Exception Code
Sig[6].Value=c0000005
Sig[7].Name=Exception Offset
Sig[7].Value=00004660
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7600.2.0.0.256.48
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=0a9e
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=0a9e372d3b4ad19135b953a78882e789
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=0a9e
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=0a9e372d3b4ad19135b953a78882e789
UI[2]=C:\Users\shudson\CiscoCisco-SSLVPN-Tunnel\VirtualPassageExe.exe
UI[3]=VirtualPassageExe MFC Application has stopped working
UI[4]=Windows can check online for a solution to the problem.
UI[5]=Check online for a solution and close the program
UI[6]=Check online for a solution later and close the program
UI[7]=Close the program
LoadedModule[0]=C:\Users\shudson\CiscoCisco-SSLVPN-Tunnel\VirtualPassageExe.exe
LoadedModule[1]=C:\Windows\SysWOW64\ntdll.dll
LoadedModule[2]=C:\Windows\syswow64\kernel32.dll
LoadedModule[3]=C:\Windows\syswow64\KERNELBASE.dll
LoadedModule[4]=C:\Windows\system32\MFC42.DLL
LoadedModule[5]=C:\Windows\syswow64\msvcrt.dll
LoadedModule[6]=C:\Windows\syswow64\USER32.dll
LoadedModule[7]=C:\Windows\syswow64\GDI32.dll
LoadedModule[8]=C:\Windows\syswow64\LPK.dll
LoadedModule[9]=C:\Windows\syswow64\USP10.dll
LoadedModule[10]=C:\Windows\syswow64\ADVAPI32.dll
LoadedModule[11]=C:\Windows\SysWOW64\sechost.dll
LoadedModule[12]=C:\Windows\syswow64\RPCRT4.dll
LoadedModule[13]=C:\Windows\syswow64\SspiCli.dll
LoadedModule[14]=C:\Windows\syswow64\CRYPTBASE.dll
LoadedModule[15]=C:\Windows\syswow64\ole32.dll
LoadedModule[16]=C:\Windows\syswow64\OLEAUT32.dll
LoadedModule[17]=C:\Windows\system32\ODBC32.dll
LoadedModule[18]=C:\Windows\syswow64\SHELL32.dll
LoadedModule[19]=C:\Windows\syswow64\SHLWAPI.dll
LoadedModule[20]=C:\Windows\system32\apphelp.dll
LoadedModule[21]=C:\Windows\AppPatch\AcLayers.DLL
LoadedModule[22]=C:\Windows\system32\USERENV.dll
LoadedModule[23]=C:\Windows\system32\profapi.dll
LoadedModule[24]=C:\Windows\system32\WINSPOOL.DRV
LoadedModule[25]=C:\Windows\system32\MPR.dll
LoadedModule[26]=C:\Windows\system32\IMM32.DLL
LoadedModule[27]=C:\Windows\syswow64\MSCTF.dll
LoadedModule[28]=C:\Windows\system32\odbcint.dll
LoadedModule[29]=C:\Windows\system32\uxtheme.dll
LoadedModule[30]=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.DLL
LoadedModule[31]=C:\Windows\system32\dwmapi.dll
State[0].Key=Transport.DoneStage1
State[0].Value=1
FriendlyEventName=Stopped working
ConsentKey=APPCRASH
AppName=VirtualPassageExe MFC Application
AppPath=C:\Users\shudson\CiscoCisco-SSLVPN-Tunnel\VirtualPassageExe.exe
None of this makes any sense to me, but may someone can tell me why the install is failing?
Thanks,
ScottMario,
I tried everything you mentioned. I cleared cookies and temporary files. I enabled SSL 3.0. I restarted IE.
I get the same thing. The install process starts and then ends at suddenly saying the install failed.
Scott -
Port forwarding for clientless SSL VPN access
Hello,
I am currently trying to set up clientless SSL VPN access for some remote sites that our company does business with. Since their machines are not owned by my company, we don't want to install/support a VPN client. Therefore, SSL is a great option.
However, I'm running into an issue. I'm trying to set up port forwarding for a few remote servers. These remote servers are different and have distinct IP addresses. They are attempting to connect with two different servers here.
But my issue is that both servers are trying to use the same TCP port. The ASDM is not letting me use two different port forwarding rules for the same TCP port. The rules can exist side-by-side, but they cannot be used at the same time.
Why? It's not trying to access the same TCP port on a server when it's already in use. Is there anyway I can get around this?
If this doesn't make sense, please let me know and I'll do my best to explain it better.Hi Caleb,
if you mean clientless webvpn port-forwarding lists, then you should be able to get your requirments. even the same port of the same server can be mapped to different ports bound to the loopback IP.
CLI:
ciscoasa(config) webvpn
ciscoasa(config-webvpn)# port-forward PF 2323 192.168.1.100 23
ciscoasa(config-webvpn)# port-forward PF 2300 192.168.1.200 23
then you apply the port-forwarder list under a group-policy
Hope this helps
Mashal
Mashal Alshboul -
RV320 SSL VPN ActiveX and Virtual Passage driver on Windows 7 64-bit
Hi,
My company has just purchased a new RV320 router and only afterwards found out from the release notes that there are issues with the SSL VPN in this unit and other small business routers. Is there any news on when these issues will be fixed?
1) ActiveX controls have expired certificate dated 24/9/14 - this prevents them from running unless without changing IE security settings to prompt or allow unsigned controls, which is a big security risk.
2) ActiveX controls do not work on Windows 64-bit. Release notes state Windows 7 IE10 and Windows 8.1 IE11, however they also fail on Windows 7 IE11. Even adding router to Trusted Sites to force 32-bit mode results in error message stating that IE is required for the controls.
3) Virtual Passage driver will not install - crashes IE10/IE11 with a BEX violation. From a dig around the web it appears that the Netgear SRX5308 uses the same Cavium chipset and a Virtual Passage driver that works with Windows 7 64-bit, and installs fine using IE10/11 (and if you install the Netgear driver it works with the Cisco RV routers too, proving that the driver is fully compatible...) - if Netgear can get this working, why can't Cisco?
I've only just started setting us this router and show stopper issues like this might end up with an RMA being requested as it appears to be unsuitable for purpose, already run into other issues with I've posted about. :(
EDIT: Got (2) sort of working on IE11 - seems that the Cisco interface is specifically looking for old style IE user agent strings, so using developer tools to set the user agent to IE9, and changing security settings in Trusted Sites to prompt for unsigned controls (due to issue (1)), allows the controls to install and load. These issues are pretty simple to fix, requiring just a string check change and updated signed controls. Fingers crossed these are fixed in the new firmware due soon, awaiting response from Cisco support to my open ticket.
Looks like (3) is prevented from working by (1), and also because the certificate has expired it is treated as software without a valid publisher which cannot be installed in Windows 7 without fiddling in the registry. Releasing an updated version with a certificate that isn't expired should solve that issue too.
These are ridiculously simple fixes to push out, I can't believe a major hardware vendor like Cisco hasn't already solved these issues.I've had a reply from Cisco support regarding this issue, and it's a bleak outlook. This is a copy from the email I received:
"Engineering has no plans to support SSL VPN on RV32x due to chipset limitations. Pretty much, it will work for old XP and Win7 32-bits."
So Cisco are falsely advertising that the RV320 has SSL VPN capabilities when there are no plans to update it so that it works with 64-bit Windows (which is now the major install base for Windows as most new systems are 64-bit based), and as the certificates have expired in the SSL VPN components they are not even useable on 32-bit systems without overriding a number of security settings.
Dan
Maybe you are looking for
-
Help, was clearing HD out and now will not start up!
I think I may have deleted some files i shouldn't have whilst trying to free up some space on my imac. If I turn it on it goes to the screen with the grey box telling me to restart my computer. Over the screen there is loads of text starting with, pa
-
Using Premier Pro CS5 can not set up an external hard drive using Mac osx 10.9.5
get an error message when I try to set up a scratch disk from an EXTERNAL hard drive 7200rpm .. using a Mac Book Pro OSX 10.9.5
-
Will Apps play on TV with composite A/V cable?
I need help. I am a music teacher and have downloaded some great Christmas apps. onto my TOuch I want to show them on a tv or an LCD projector. I have a composite cable and have everything hooked up, but I can't get a signal on my projector. When I h
-
From a couple of weeks my macbook pro (15" 2.4 Ghz i7 4gb OS X 10.7.4) has this problem: when i close the screen it goes to stop and when i open it goes out the stop normaly but the fan and the temperature increase and the battery last nothing. So i
-
How to retrieve from structure RQM02?
Hi all, Now, i have problem on retrieving value of NAME_QMSM field from RQM02 structure. However, I just able to get partner number from PARNR field of QMSM table. Is there got relationship between partner number PARNR with NAME_QMSM? Got any