Secure login client is not working in VPN

Similar Messages

• Secure Login Client and Java

  Hi All,
  We are having a project to implement NW SSO for NWBC for HTML, Citrix XenApp will be used as the desktop environment. The requirement is that no Java allowed to be installed on the web browser.
  According to PAM, Secure Login Client is not support Microsoft Application Virtualization (App-V), so how can we deploy the Secure Login Client to Citrix environment?
  If we want to use Secure Login Web Client instead of Secure Login Client, does Secure Login Web Client requires Java installed on users' web browsers? In the latest Secure Login implementation guide (SSO 2.0), it does not mentioned anything about Java runtime. However, because as far as I understand, Secure Login Web Client is a feature of Secure Login Server, while Secure Login Server is pure Java application, I suspect that Secure Login Web Client also require Java runtime to run. Is that true?
  Best regards,
  Duy

  Hello Duy,
  The Product Availability Matrix states that Secure Login Web Client needs a Java runtime in the browser. See the footer of the Secure Login Web Client pages for Windows and Linux/MAC OS browser platform support. It says the following:
  For Windows: SupportedJava Runtime: Oracle (Sun) JSE 6, 7 and8, 32bit
  For Linux/MAC OS: Supported Java Runtime: Oracle (Sun) JSE 6.0 and7.0, 32bit/64bit depending on browser
  Best regards,
  Martin

• I have created my site with Muse and have uploaded to an external ftp hosting, now my secure log in will not work because I am not using BC. Is there a way to create a secure log in that will work with out being forced to use BC?

  I have created my site with Muse and have uploaded to an external ftp hosting, now my secure log in will not work because I am not using BC. Is there a way to create a secure log in that will work with out being forced to use BC?

  Hi
  Secure Zone login feature will only work if you host your website with Business catalyst.
  Please take a look to this as an alternative
  Password Protect Pages Widget for Adobe Muse
  Also, check this thread,
  Re: Can I create a login/password protection in Muse for a HTML5 page or two?

• BPC 7.5 Admin Client Links Not Working

  I am working in BPC 7.5 SP15 NW. I have recently upgraded to Windows 7 64-bit and now the links in the action pane in the desktop admin client are not working.  The cursor does not change from the nornal pointer to the hand.  That would indicate that the admin client is no longer recognizing them as links.  The links work fine in the desktop Excel client.  I am using 32-bit Excel 2010 with no other version of Office installed.
  Has anyone heard of this behavior and how to correct for it?

  Hi Kannan,
  i think this is a Osoft web site configuration issue, the error indicates that you have one duplicate section in the web site configuration file (web.config).
  If you didn't alter the web.config file then the problem may occur because when you use framework 4.0, the machine config already has some of the sections defined that were used in previous ASP.NEt versions.
  You should check which version of the MS Framework is configured for the application pool of the web site, change it to v2.
  Let me know if this solves the issue. Or if you need more help to resolve it.
  Kindest regards,

• [solved] NFS client will not work correctly

  I have all my $HOME on an NFS Server. So long I used suse and debian, now I want switch to arch but the nfs-client ist not working correctly:
  I start "portmap nfslock nfsd netfs" over rc.conf. When I do a "rpcinfo -p <ip-arch-system>" I got the following
  stefan:/home/stefan # rpcinfo -p 192.168.123.3
     Program Vers Proto   Port
      100000    2   tcp    111  portmapper
      100000    2   udp    111  portmapper
      100021    1   udp  32768  nlockmgr
      100021    3   udp  32768  nlockmgr
      100021    4   udp  32768  nlockmgr
      100003    2   udp   2049  nfs
      100003    3   udp   2049  nfs
      100003    4   udp   2049  nfs
      100021    1   tcp  48988  nlockmgr
      100021    3   tcp  48988  nlockmgr
      100021    4   tcp  48988  nlockmgr
      100003    2   tcp   2049  nfs
      100003    3   tcp   2049  nfs
      100003    4   tcp   2049  nfs
      100005    3   udp    891  mountd
      100005    3   tcp    894  mountd
  As you see "status" is missing, so the statd is not running. It sould look like the result on my suse box:
  stefan:/home/stefan # rpcinfo -p 192.168.123.2
     Program Vers Proto   Port
      100000    2   tcp    111  portmapper
      100000    2   udp    111  portmapper
      100024    1   udp  32768  status
      100021    1   udp  32768  nlockmgr
      100021    3   udp  32768  nlockmgr
      100021    4   udp  32768  nlockmgr
      100024    1   tcp  35804  status
      100021    1   tcp  35804  nlockmgr
      100021    3   tcp  35804  nlockmgr
      100021    4   tcp  35804  nlockmgr
  There is the "status" line and so the statd is running.
  How can I fix that problem, so that statd ist running on my arch box too?
  Last edited by stka (2007-06-10 15:59:48)

  The Problem ist solved.
  I use ldap for authentication. During the setup of the ldapclient I copied the nsswitch.ldap to nsswitch.conf. But the line for "hosts:" was:
  hosts:          dns ldap
  but in my dns ist no localhost entry. After I changed this line to:
  hosts:          files dns ldap
  everything was ok. The statd is now running and I can start to migrate to archlinux ;-)

• Maverick update now my login screen does not work please help.

  Hello hope you can help.  I have a 24 inch Mid 2007 Intel iMac.  It has been great until now.  I recently did the Maverick update and now my login screen does not work.  When I wake the computer up the screen appars with my picture icon.  When I click on it nothing happens.  If I click on it a second or third time the beach ball appears and nothing happens.  I have to shut the unit down with the power button and when the unit powers back up everything works normally.  Are there any suggestions out there?  I have updated the software without resolution. Is this computer too old?   Do I have to buy a new one?
  Thank you

  Your iMac can support Mavericks according to the requirements > OS X Mavericks: System Requirements
  Try a Safe Mode boot. That deletes some system caches that may help.
  Startup your Mac in Safe Mode
  A Safe Mode boot takes much longer than a normal boot so be patient.
  Once you are in Safe Mode, click Restart from the Apple () menu.
  See if there's an improvement for the login screen.

• My login password is not working when i try to log in to my macbook air. what should I do?

  my login password is not working when i try to log in to my macbook air. what should I do?
  Thanks, Debora

  You can reset the password.
  How you do it though depends on the version of OS X you are running.
  On Lion or Mountain Lion, you use the following technique to reset the Administrators password:
  Boot to your Recovery Partition, by holding down the Option key while starting, and then selecting the Recovery HD as the boot choice.
  Once booted, at the top of the screen is a menu ..., select Utilities / Terminal from the menu bar.
  In the Terminal window, type “resetpassword” (without the quotes) and press return. A “Reset Password” window will open. Select your boot volume (your SSD drive) if it is not already selected. Select your administrators username from the menu labeled “Select the user account” if it is not already selected. Follow the prompts to reset the password. Restart the computer from the apple menu.
  If you are using the Keychain, you will lose your existing one, and have to start a new one, unless  you remember the old password.

• WSX Login Cred. Not Working In Win. 7

  Hello,
  I have workstation 10 on a windows 7 machine which runs serveral VM's very well.  I moved one of them over to the shared VM section and installed WSX server on the same machine to try it out.  The install went fine and i can connect to the WSX server on the same machine and any other machine on the network but the windows login credentials do not work.  I have two admin accounts and neither of the logins work.....however, when i make a brand new admin account and try to login into WSX it works fine.  As soon as the machine restarts though that same login stops working. I have no idea what is going on, you guys have any ideas?
  Thanks,
  Brandon

  I have the same issue. I attempted the resolution by BlazerGT with no success. I have found the issue to be persistent with both domain and local accounts. For local accounts simply deleting the account and re-adding it was a workable solution but I have not found one with the domain accounts. If there is a log for failed authentication I would love for a developer to let me know where this is as it would be greatly helpful to be able to diagnose.

• Secure Login Client 2.0 SP04 Silent Installtion

  Hi Experts,
  I would like to seek assistance with mass roll-out of the secure login client. Is it possible to perform silent installation of the secure login client?
  Thank you.
  Regards,
  Tom

  Hi Thomas,
  you may start SapSetupSLC.exe with parameter "/silent".
  This installs SecureLoginClient (SLC) with it's default settings (all components except "Secure Login Server Support").
  For a customized installation it's required to use the SAP Installation Server.
  If your company is using SAP GUI there is possibly an Installation Server in place. SAPGUI and SLC are "SAPSetup"-packages hence it's possibly to integrate SLC into the SAPGUI package and distribute them together.
  The Installation Server is also part of the SecureLoginClient package.
  After extracting SapSetupSLC.exe with command line:C:\> SapSetupSLC.exe /x:C:\slc
  you find SAP Setup Guide.pdf which describes ho to setup and configure the installation server.
  You also find useful hints in the Secure Login Implementation Guide
  chapter 2.1.1 Unattended Installation with SAPSetup Installation Server
  Grüße / Kind regards,
  Frank

• [svn:bz-3.x] 5036: Bug: BLZ-347 - Secure amf polling channel not working correctly on IE in BlazeDS /3.x branch.

  Revision: 5036
  Author: [email protected]
  Date: 2009-02-23 06:24:31 -0800 (Mon, 23 Feb 2009)
  Log Message:
  Bug: BLZ-347 - Secure amf polling channel not working correctly on IE in BlazeDS/3.x branch.
  QA: Yes
  Doc: No
  Checkintests: Pass
  Details: This is BlazeDS part of the fix. For MSIE over HTTPS, we need to add additional Cache-Control headers.
  Ticket Links:
  http://bugs.adobe.com/jira/browse/BLZ-347
  Modified Paths:
  blazeds/branches/3.x/modules/core/src/java/flex/messaging/endpoints/AbstractEndpoint.java

  Revision: 5036
  Author: [email protected]
  Date: 2009-02-23 06:24:31 -0800 (Mon, 23 Feb 2009)
  Log Message:
  Bug: BLZ-347 - Secure amf polling channel not working correctly on IE in BlazeDS/3.x branch.
  QA: Yes
  Doc: No
  Checkintests: Pass
  Details: This is BlazeDS part of the fix. For MSIE over HTTPS, we need to add additional Cache-Control headers.
  Ticket Links:
  http://bugs.adobe.com/jira/browse/BLZ-347
  Modified Paths:
  blazeds/branches/3.x/modules/core/src/java/flex/messaging/endpoints/AbstractEndpoint.java

• Juniper Java Secure Application Manager does not work with Snow Leopard

  Anyone else having issues as well? I'm not using a client - its basically the Java based application manager for VPN connections to work (so I can remote desktop to my work PC).
  Once logged in, it gives a "Restart your browser" error.
  Thanks for your help

  OK - so I got it to work. Here's what I did. Let me know if it works for you:
  I wasn't able to follow the instructions exactly as noted in the original link I posted above.
  The terminal command, specifically wget would not work - there is no wget.
  I manually downloaded the Java 1.5 version, by following the link (just clicked on it). I 'unzipped' it and moved it into the library/frameworks/JavaVM.framework/versions folder.
  So now the 1.5.0 is not an alias (as it is by default in SL), but the older version of Java.
  I then followed the instruction related to changing the order in JAVA PREFERENCES.
  The final stop - and I think this is key, is that I forced Safari to start in 32 bit mode. You can do this by going to Applications, highlighting Safari and hitting CMD-I. Then check the 32 bit option.
  Start Safari, go to the appropriate URL and login. The Java Secure Application Manager should then start as it used to do in Leopard. You should be all set.
  Hope this helps - let me know if someone has questions.

• Cisco 1841 as PPTP client Does not work

  Dear All,
  I have Cisco 1841 router running the below roles       
  1) SSL VPN Server
  2) PPTP Server
  3) Site to Site Connection with Sonicwall router
  I want the router to be configured a pptp client to internet vpn server (so that i will get a fixed public ip )
  Once i get this ip address i want to use this connection to accept in coming connection and forward ports to internal host,
  I went through below
  http://www.mreji.eu/content/cisco-router-pptp-client
  https://supportforums.cisco.com/thread/2167562
  But it does not work as i do not have the option for the below 2 commands in vpdn-group 2 section.(Please see section in blue)
  protocol pptp
    rotary-group 4
  Please Advise and Help
  Regards
  Hasan Reza
  My Current Config is as below
  =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.06.09 17:55:23 =~=~=~=~=~=~=~=~=~=~=~=
  exit
  Gateway#show run |      
  Building configuration...
  Current configuration : 25109 bytes
  ! Last configuration change at 13:33:57 UTC Sun Jun 9 2013 by admin
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname Gateway
  boot-start-marker
  boot system flash c1841-advsecurityk9-mz.151-2.T1.bin
  boot-end-marker
  logging buffered 4096
  no logging console
  enable secret 5 $1$SciF$TlX1tR5qaG9ZE7pdZHcRJ/
  no aaa new-model
  dot11 syslog
  ip source-route
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.236.5.1 10.236.5.20
  ip dhcp excluded-address 10.236.5.21 10.236.5.50
  ip dhcp excluded-address 172.21.51.2 172.21.51.50
  ip dhcp pool ContosoPool
     network 10.236.5.0 255.255.255.0
     default-router 10.236.5.254
     dns-server 213.42.20.20 195.229.241.222
  ip dhcp pool DMZ
     network 172.21.51.0 255.255.255.0
     dns-server 172.21.51.10
     default-router 172.21.51.1
     domain-name contoso.local
  ip cef
  ip domain name contoso.local
  ip name-server 213.42.20.20
  ip name-server 195.229.241.22
  ip name-server 195.229.241.222
  ip ddns update method dyndns
  HTTP
    add http://xxxxxx:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
    remove http://xxxxxx:yyyyy@@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
  interval maximum 0 1 0 0
  multilink bundle-name authenticated
  vpdn enable
  vpdn-group 2
  request-dialin
    protocol l2tp
  initiate-to ip 173.195.0.42
  vpdn-group RAS-VPN
  ! Default PPTP VPDN group
  accept-dialin
    protocol pptp
    virtual-template 1
  l2tp tunnel timeout no-session 15
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP.StartSSL.CA
  enrollment terminal pem
  revocation-check none
  crypto pki trustpoint TP.StartSSL-vpn
  enrollment terminal pem
  usage ssl-server
  serial-number none
  fqdn ssl.spktelecom.com
  ip-address none
  revocation-check crl
  rsakeypair RSA.StartSSL-vpn
  crypto pki trustpoint TP-self-signed-1981248591
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1981248591
  revocation-check none
  rsakeypair TP-self-signed-1981248591
  crypto pki trustpoint VMWare
  enrollment terminal
  revocation-check crl
  crypto pki trustpoint OWA
  enrollment terminal pem
  revocation-check crl
  crypto pki certificate chain TP.StartSSL.CA
  certificate ca 01
    (removed the certificate info for clarity)
     quit
  crypto pki certificate chain TP.StartSSL-vpn
  certificate 0936E1
      (removed the certificate info for clarity)9
     quit
  certificate ca 18
    (removed the certificate info for clarity)
     quit
  crypto pki certificate chain TP-self-signed-1981248591
  certificate self-signed 01
      (removed the certificate info for clarity)
     quit
  crypto pki certificate chain VMWare
  certificate ca 008EDCE6DBCE6B
      (removed the certificate info for clarity)
     quit
  crypto pki certificate chain OWA
     (removed the certificate info for clarity)
  license udi pid CISCO1841 sn FCZ122191TW
  archive
  log config
    hidekeys
  username admin privilege 15 password 7 1304131F02023B7B7977
  username ali password 7 06070328
  redundancy
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  lifetime 84000
  crypto isakmp key admin_123 address 0.0.0.0 0.0.0.0
  crypto isakmp keepalive 10
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
  crypto ipsec transform-set strongsha esp-3des esp-sha-hmac
  crypto dynamic-map mydyn 10
  set transform-set strongsha
  crypto map Dxb-Auh 1000 ipsec-isakmp dynamic XXXXXXXXXX
  interface FastEthernet0/0
  description Internal Network (Protected Interface)
  ip address 10.236.5.254 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  duplex auto
  speed auto
  interface FastEthernet0/1
  no ip address
  duplex auto
  speed auto
  pppoe enable group global
  pppoe-client dial-pool-number 1
  interface ATM0/0/0
  no ip address
  shutdown
  no atm ilmi-keepalive
  interface BRI0/1/0
  no ip address
  encapsulation hdlc
  shutdown
  interface Virtual-Template1
  ip unnumbered Dialer1
  peer default ip address dhcp-pool ContosoPool
  ppp encrypt mppe auto required
  ppp authentication ms-chap ms-chap-v2 eap
  interface Dialer1
  ip ddns update hostname XXXXXXX.dyndns.org
  ip ddns update dyndns
  ip address negotiated
  ip nat outside
  ip virtual-reassembly in
  encapsulation ppp
  ip tcp adjust-mss 1450
  dialer pool 1
  ppp pap sent-username vermam password 7 13044E155E0913323B
  crypto map Dxb-Auh
  interface Dialer2
  mtu 1460
  ip address negotiated
  ip nat outside
  ip virtual-reassembly in
  encapsulation ppp
  dialer in-band
  dialer idle-timeout 0
  dialer string 123
  dialer vpdn
  dialer-group 2
  ppp pfc local request
  ppp pfc remote apply
  ppp encrypt mppe auto
  ppp authentication ms-chap ms-chap-v2 callin
  ppp eap refuse
  ppp chap hostname hasanreza
  ppp chap password 7 070E2541470726544541
  interface Dialer995
  no ip address
  ip local pool webssl 10.236.6.10 10.236.6.30
  ip forward-protocol nd
  ip http server
  ip http secure-server
  ip nat inside source list nat interface Dialer1 overload
  ip nat inside source static tcp 10.236.5.12 25 interface Dialer1 25
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip route 172.21.51.0 255.255.255.0 10.236.5.253
  ip access-list extended internal
  permit ip any 10.236.5.0 0.0.0.255
  ip access-list extended nat
  deny   ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
  deny   ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
  permit ip 10.236.5.0 0.0.0.255 any
  ip access-list extended nonat
  permit ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
  permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
  ip access-list extended sslacl
  ip access-list extended webvpn
  permit tcp any any eq 443
  logging esm config
  access-list 101 permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
  control-plane
  line con 0
  line aux 0
  line vty 0 4
  exec-timeout 0 0
  login local
  transport preferred ssh
  transport input telnet ssh
  line vty 5 15
  exec-timeout 0 0
  login local
  transport preferred ssh
  transport input telnet ssh
  scheduler allocate 20000 1000
  webvpn gateway gateway1
  ip interface Dialer1 port 443
  ssl encryption rc4-md5
  ssl trustpoint TP.StartSSL-vpn
  inservice
  webvpn install svc flash:/webvpn/anyconnect-win-3.1.00495-k9.pkg sequence 1
  webvpn install csd flash:/webvpn/sdesktop.pkg
  webvpn context webvpn
  ssl authenticate verify all
  url-list "Webservers"
     heading "SimpleIT Technologies NBNS Servers"
     url-text "Google" url-value "www.google.com"
     url-text "Mainframe" url-value "10.236.5.2"
     url-text "Mainframe2" url-value "https://10.236.5.2"
  nbns-list "ContosoServer"
     nbns-server 10.236.5.10
     nbns-server 10.236.5.11
     nbns-server 10.236.5.12
  port-forward "PortForwarding"
     local-port 3389 remote-server "10.236.5.10" remote-port 3389 description "Server-DC01"
  policy group policy1
     url-list "Webservers"
     port-forward "PortForwarding"
     nbns-list "ContosoServer"
     functions file-access
     functions file-browse
     functions file-entry
     functions svc-enabled
     svc address-pool "webssl"
     svc default-domain "Contoso.Local"
     svc keep-client-installed
     svc split include 10.236.5.0 255.255.255.0
     svc split include 10.236.6.0 255.255.255.0
     svc split include 172.31.1.0 255.255.255.0
     svc split include 172.21.51.0 255.255.255.0
     svc dns-server primary 172.21.51.10
  default-group-policy policy1
  gateway gateway1
  inservice
  end
  Gateway#          

  Dear All,
  I have Cisco 1841 router running the below roles       
  1) SSL VPN Server
  2) PPTP Server
  3) Site to Site Connection with Sonicwall router
  I want the router to be configured a pptp client to internet vpn server (so that i will get a fixed public ip )
  Once i get this ip address i want to use this connection to accept in coming connection and forward ports to internal host,
  I went through below
  http://www.mreji.eu/content/cisco-router-pptp-client
  https://supportforums.cisco.com/thread/2167562
  But it does not work as i do not have the option for the below 2 commands in vpdn-group 2 section.(Please see section in blue)
  protocol pptp
    rotary-group 4
  Please Advise and Help
  Regards
  Hasan Reza
  My Current Config is as below
  =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.06.09 17:55:23 =~=~=~=~=~=~=~=~=~=~=~=
  exit
  Gateway#show run |      
  Building configuration...
  Current configuration : 25109 bytes
  ! Last configuration change at 13:33:57 UTC Sun Jun 9 2013 by admin
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname Gateway
  boot-start-marker
  boot system flash c1841-advsecurityk9-mz.151-2.T1.bin
  boot-end-marker
  logging buffered 4096
  no logging console
  enable secret 5 $1$SciF$TlX1tR5qaG9ZE7pdZHcRJ/
  no aaa new-model
  dot11 syslog
  ip source-route
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.236.5.1 10.236.5.20
  ip dhcp excluded-address 10.236.5.21 10.236.5.50
  ip dhcp excluded-address 172.21.51.2 172.21.51.50
  ip dhcp pool ContosoPool
     network 10.236.5.0 255.255.255.0
     default-router 10.236.5.254
     dns-server 213.42.20.20 195.229.241.222
  ip dhcp pool DMZ
     network 172.21.51.0 255.255.255.0
     dns-server 172.21.51.10
     default-router 172.21.51.1
     domain-name contoso.local
  ip cef
  ip domain name contoso.local
  ip name-server 213.42.20.20
  ip name-server 195.229.241.22
  ip name-server 195.229.241.222
  ip ddns update method dyndns
  HTTP
    add http://xxxxxx:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
    remove http://xxxxxx:yyyyy@@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
  interval maximum 0 1 0 0
  multilink bundle-name authenticated
  vpdn enable
  vpdn-group 2
  request-dialin
    protocol l2tp
  initiate-to ip 173.195.0.42
  vpdn-group RAS-VPN
  ! Default PPTP VPDN group
  accept-dialin
    protocol pptp
    virtual-template 1
  l2tp tunnel timeout no-session 15
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP.StartSSL.CA
  enrollment terminal pem
  revocation-check none
  crypto pki trustpoint TP.StartSSL-vpn
  enrollment terminal pem
  usage ssl-server
  serial-number none
  fqdn ssl.spktelecom.com
  ip-address none
  revocation-check crl
  rsakeypair RSA.StartSSL-vpn
  crypto pki trustpoint TP-self-signed-1981248591
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1981248591
  revocation-check none
  rsakeypair TP-self-signed-1981248591
  crypto pki trustpoint VMWare
  enrollment terminal
  revocation-check crl
  crypto pki trustpoint OWA
  enrollment terminal pem
  revocation-check crl
  crypto pki certificate chain TP.StartSSL.CA
  certificate ca 01
    (removed the certificate info for clarity)
     quit
  crypto pki certificate chain TP.StartSSL-vpn
  certificate 0936E1
      (removed the certificate info for clarity)9
     quit
  certificate ca 18
    (removed the certificate info for clarity)
     quit
  crypto pki certificate chain TP-self-signed-1981248591
  certificate self-signed 01
      (removed the certificate info for clarity)
     quit
  crypto pki certificate chain VMWare
  certificate ca 008EDCE6DBCE6B
      (removed the certificate info for clarity)
     quit
  crypto pki certificate chain OWA
     (removed the certificate info for clarity)
  license udi pid CISCO1841 sn FCZ122191TW
  archive
  log config
    hidekeys
  username admin privilege 15 password 7 1304131F02023B7B7977
  username ali password 7 06070328
  redundancy
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  lifetime 84000
  crypto isakmp key admin_123 address 0.0.0.0 0.0.0.0
  crypto isakmp keepalive 10
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
  crypto ipsec transform-set strongsha esp-3des esp-sha-hmac
  crypto dynamic-map mydyn 10
  set transform-set strongsha
  crypto map Dxb-Auh 1000 ipsec-isakmp dynamic XXXXXXXXXX
  interface FastEthernet0/0
  description Internal Network (Protected Interface)
  ip address 10.236.5.254 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  duplex auto
  speed auto
  interface FastEthernet0/1
  no ip address
  duplex auto
  speed auto
  pppoe enable group global
  pppoe-client dial-pool-number 1
  interface ATM0/0/0
  no ip address
  shutdown
  no atm ilmi-keepalive
  interface BRI0/1/0
  no ip address
  encapsulation hdlc
  shutdown
  interface Virtual-Template1
  ip unnumbered Dialer1
  peer default ip address dhcp-pool ContosoPool
  ppp encrypt mppe auto required
  ppp authentication ms-chap ms-chap-v2 eap
  interface Dialer1
  ip ddns update hostname XXXXXXX.dyndns.org
  ip ddns update dyndns
  ip address negotiated
  ip nat outside
  ip virtual-reassembly in
  encapsulation ppp
  ip tcp adjust-mss 1450
  dialer pool 1
  ppp pap sent-username vermam password 7 13044E155E0913323B
  crypto map Dxb-Auh
  interface Dialer2
  mtu 1460
  ip address negotiated
  ip nat outside
  ip virtual-reassembly in
  encapsulation ppp
  dialer in-band
  dialer idle-timeout 0
  dialer string 123
  dialer vpdn
  dialer-group 2
  ppp pfc local request
  ppp pfc remote apply
  ppp encrypt mppe auto
  ppp authentication ms-chap ms-chap-v2 callin
  ppp eap refuse
  ppp chap hostname hasanreza
  ppp chap password 7 070E2541470726544541
  interface Dialer995
  no ip address
  ip local pool webssl 10.236.6.10 10.236.6.30
  ip forward-protocol nd
  ip http server
  ip http secure-server
  ip nat inside source list nat interface Dialer1 overload
  ip nat inside source static tcp 10.236.5.12 25 interface Dialer1 25
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip route 172.21.51.0 255.255.255.0 10.236.5.253
  ip access-list extended internal
  permit ip any 10.236.5.0 0.0.0.255
  ip access-list extended nat
  deny   ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
  deny   ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
  permit ip 10.236.5.0 0.0.0.255 any
  ip access-list extended nonat
  permit ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
  permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
  ip access-list extended sslacl
  ip access-list extended webvpn
  permit tcp any any eq 443
  logging esm config
  access-list 101 permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
  control-plane
  line con 0
  line aux 0
  line vty 0 4
  exec-timeout 0 0
  login local
  transport preferred ssh
  transport input telnet ssh
  line vty 5 15
  exec-timeout 0 0
  login local
  transport preferred ssh
  transport input telnet ssh
  scheduler allocate 20000 1000
  webvpn gateway gateway1
  ip interface Dialer1 port 443
  ssl encryption rc4-md5
  ssl trustpoint TP.StartSSL-vpn
  inservice
  webvpn install svc flash:/webvpn/anyconnect-win-3.1.00495-k9.pkg sequence 1
  webvpn install csd flash:/webvpn/sdesktop.pkg
  webvpn context webvpn
  ssl authenticate verify all
  url-list "Webservers"
     heading "SimpleIT Technologies NBNS Servers"
     url-text "Google" url-value "www.google.com"
     url-text "Mainframe" url-value "10.236.5.2"
     url-text "Mainframe2" url-value "https://10.236.5.2"
  nbns-list "ContosoServer"
     nbns-server 10.236.5.10
     nbns-server 10.236.5.11
     nbns-server 10.236.5.12
  port-forward "PortForwarding"
     local-port 3389 remote-server "10.236.5.10" remote-port 3389 description "Server-DC01"
  policy group policy1
     url-list "Webservers"
     port-forward "PortForwarding"
     nbns-list "ContosoServer"
     functions file-access
     functions file-browse
     functions file-entry
     functions svc-enabled
     svc address-pool "webssl"
     svc default-domain "Contoso.Local"
     svc keep-client-installed
     svc split include 10.236.5.0 255.255.255.0
     svc split include 10.236.6.0 255.255.255.0
     svc split include 172.31.1.0 255.255.255.0
     svc split include 172.21.51.0 255.255.255.0
     svc dns-server primary 172.21.51.10
  default-group-policy policy1
  gateway gateway1
  inservice
  end
  Gateway#          

• AnyConnect Secure Mobility Client v3.1.04066 "The VPN client driver encountered an error"

  Hello, I am a software engineer and have been trying to connect to my client's VPN using the AnyConnect Secure Mobility Client (version 3.1.04066) and keep receiving the error "The VPN client driver encountered an error. Please try again or restart your system."
  I am on a Windows 7 system with an intel i7-2670QM cpu. My computer model is an HP Pavilion dv7.
  I have tried uninstalling the software, re-installing it. I've tried restarting my system multiple times through the process. I've checked the registry and made sure the name was setup correctly. I have checked and made sure that the correct services are not enabled. I have also tried what was suggested on the support page and checked the integrity of catroot2 as well as renaming it and regenerating the folder. None of these have been able to fix my problem.
  For information, this is the message history when I try to connect:
  [12/8/2014 8:55:49 AM] Ready to connect.
  [12/8/2014 9:27:19 AM] Contacting vpn.[hostaddressremoved].com.
  [12/8/2014 9:27:22 AM] Please enter your username and password.
  [12/8/2014 9:27:29 AM] User credentials entered.
  [12/8/2014 9:27:30 AM] Please respond to banner.
  [12/8/2014 9:27:31 AM] User accepted banner.
  [12/8/2014 9:27:31 AM] Establishing VPN session...
  [12/8/2014 9:27:32 AM] Checking for profile updates...
  [12/8/2014 9:27:32 AM] Checking for product updates...
  [12/8/2014 9:27:32 AM] Checking for customization updates...
  [12/8/2014 9:27:32 AM] Performing any required updates...
  [12/8/2014 9:27:32 AM] Establishing VPN session...
  [12/8/2014 9:27:32 AM] Establishing VPN - Initiating connection...
  [12/8/2014 9:27:33 AM] Establishing VPN - Examining system...
  [12/8/2014 9:27:33 AM] Establishing VPN - Activating VPN adapter...
  [12/8/2014 9:27:33 AM] Establishing VPN - Attempting to repair VPN adapter...
  [12/8/2014 9:27:33 AM] Disconnect in progress, please wait...
  [12/8/2014 9:28:22 AM] Connection attempt has failed.
  [12/8/2014 9:28:24 AM] Ready to connect.
  I have tried every kind of search I can think of to find any other solutions to try, and I cannot find anything else. Does anyone have any other recommendations of what to try in order to be able to connect to my client?
  -TheJayDude

  Yes, I am sorry to say that several people have seen the same issue.  It seems like the issue is specific to Yosemite and Anyconnect. My very technical staff and I have tried many things.  The default route is missing and the file /var/run/resolv.conf is also missing which means that both the route and DNS server are messed up.  We re-added the default route manually which allows us to ping the servers and even access them via the IP address
  Run the command below before starting the VPN to get the default route
  netstat -nr | grep default
  Then run the following to re-add the default route.
  route add default xxx.xxx.xxx.xxx
  BUT there is no way that I can find to fix the DNS entry. 
  We tried re-adding the DNS entries in the /var/run/resolv.conf  and then restarting the DNS service
  $ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.discoveryd.plist                                                                              
  Password:
  $ sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.discoveryd.plist 
  BUT THIS DOES NOT WORK!
  If anyone can help us solve the DNS issue, at least we have a work-around for our technical people until Cisco and/or Apple can resolve it.
  Here is a link to the same issue at Cisco.
  https://supportforums.cisco.com/discussion/12334071/cisco-anyconnect-secure-mobi lity-client-os-x-yosemite-vpn-not-working-if-mac

• Mail, iCal Server and iChat server will not work over VPN

  I have an Airport Extreme Base Station at the office running the network. Behind it sits a Mac Mini Snow Leopard server running 10.6.3. The ports necessary for Mail, iCal Server and iChat work fine through that external connection. I can also connect with VPN from my 10.6.3 clients.
  HOWEVER, when I connect with the VPN clients, I am suddenly unable to access the Mail, iCal Server, Wiki server and iChat server. All connections time out. I can ping the server and I can do other things that do NOT work on the public Airport like ssh or VNC. ssh and VNC are closed at the airport extreme.
  So it's pretty odd. When I'm connected via the VPN, all ports that are forwarded to the Snow Leopard server time out over the VPN.
  I've tried various and sundry configurations with the VPN client. This includes trying to send all traffic over the VPN, moving it up in the service order, etc. etc. Nothing fixes it. DNS resolution is working fine, however when I do a wireshark capture of ppp0 traffic, I notice that SSL and TLSv1 handshakes appear to occur on the public IP address instead of the private network IP address... and they're all resets.
  Has anyone gotten this to work successfully? Like I said, all ports that are NOT forwarded through the Airport work fine over the VPN, but will not work when connected to the VPN. It's really bizarre.

  New data: any ports that are normally forwarded on the Airport Extreme to the Mac Mini server will not work when connected to the VPN.
  For instance, if I have imaps/993 forwarded from the Airport Extreme to the Mac Mini, it works fine over the Internet. If I connect to the VPN, I can connect to all OTHER services on the Mac Mini, but Mail, for instance, will not work.

• Client provisioning not working on ISE after 1.2 Migration

  Working on an initial piloted roleout of ISE with a customer. We initially had a single server setup as a pilot using 1.1.1.4 to pilot things like client supplicant provision, and then stood up a new VM as a secondary and upgraded that to 1.2. Today we tested client provisioning that work fine before, and it is failing for iOS (we haven't gotten to the other OS'es yet). What occurs is the user authenticates using PEAP and the client gets the request to install the root certificate. After this the client accepts the root certificate the connection drops. When you click the SSID to start the process again we see the redirect to the mydevices portal, but before you can click to register the client it redirected to accept the root certificate again, creating an endless loop. Has anyone else run into this bug?

  Please update the patch useing the below details and try it.
  To upload offline client provisioning resources, complete the following steps:
  Step 1 Go to the Download Software web page at http://www.cisco.com/cisco/software/navigator.html?a=a&i=rpm. You may need to provide login credentials.
  Step 2 Navigate to Products > Security > Access Control and Policy > Cisco Identity Services Engine > Cisco Identity Services Engine Software.
  Choose from the following Off-Line Installation Packages available for download:
  •win_spw--isebundle.zip— Off-Line SPW Installation Package for Windows
  •mac-spw-.zip — Off-Line SPW Installation Package for Mac OS X
  •compliancemodule--isebundle.zip — Off-Line Compliance Module Installation Package
  •macagent--isebundle.zip — Off-Line Mac Agent Installation Package
  •nacagent--isebundle.zip — Off-Line NAC Agent Installation Package
  •webagent--isebundle.zip — Off-Line Web Agent Installation Package
  Step 3 Click Download or Add to Cart.