Set MTU - Cisco VPN x64
I've installed the Cisco Client many times before on x32 systems but having just installed same on an x64 System (Win-7 Pro) I just noticed the "Set MTU". Client version I am using is 5.0.07.0290.
What is the purpose for this, and what setting should I use?
Thanks,
Ron
Here is more explaination on "Set MTU" on VPN Client for your reference:
http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client500_501/administration/5vcAch11.html#wpmkr1157551
Basically it is only needed when you are troubleshooting issue with performance as default MTU on internet devices is typically 1500, and if the VPN Client is sending bigger file than 1500, then it would cause fragmentation which could possibly be blocked along the path, and/or taking the server end sometime to reconstruct the fragmented vpn packets.
However, in normal circumstance, the "Set MTU" setting should not be interfere.
Similar Messages
-
Cisco VPN client & Microsoft ISA firewall client.
Hi all,
could someone give me advice how to set
up Cisco VPN client to route traffic
to our proxy ISA 2004. We have installed
Microsoft firewall client on PCs but we dont know how to set up routing of IPSEC
to Proxy.
I know that this is maybe problem of Microsoft but maybe it is possible to do this directly in Cisco VPN client.
Any suggestions?
BR
jlBe sure that the Department or organizational unit (OU) corresponds to the Cisco VPN Client group name, as configured in the PIX vpngroup name. Select the correct Certificate Service Provider (CSP) appropriate for your setup
http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094e69.shtml -
Cisco VPN client x64 for win7 - will not install
Hello guys,
I have fresh windows 7 x64 installation and I try install Cisco VPN client (vpnclient-winx64-msi-5.0.07.0290-k9.exe). Installation ends with fatal error "Installation ended prematurely of an error". I red lot of 'step-by-step' how to solve this problem (run as administrator, even though that I'm administrator; UAC disabled; run in WinXP-mode; etc), without success.
I tried run installation process from cmd with verbose logging "msiexec /i vpnclient_setup.msi /lv log.txt" (and other 'recomended' optional parameters). The same result - fatal error.
Can anybody tell me where is the problem? (installation file is not corupted)
Verbose log ends with this (whole log is attached):
<cut>
Action ended 22:35:25: WiseNextDlg. Return value 3.
DEBUG: Error 2896: Executing action WiseNextDlg failed.
Internal Error 2896. WiseNextDlg
Action ended 22:35:25: Welcome_Dialog. Return value 3.
MSI (c) (70:2C) [22:35:25:997]: Doing action: Fatal_Error
Action start 22:35:25: Fatal_Error.
MSI (c) (70:2C) [22:35:25:998]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'Fatal_Error'
MSI (c) (70:18) [22:35:26:725]: Doing action: WiseCleanup
Action start 22:35:26: WiseCleanup.
MSI (c) (70:1C) [22:35:26:736]: Invoking remote custom action. DLL: C:\Users\kyrcm\AppData\Local\Temp\MSI2023.tmp, Entrypoint: Cleanup
Action ended 22:35:26: WiseCleanup. Return value 1.
Action ended 22:35:26: Fatal_Error. Return value 2.
Action ended 22:35:26: INSTALL. Return value 3.
MSI (c) (70:2C) [22:35:26:791]: Destroying RemoteAPI object.
MSI (c) (70:4C) [22:35:26:792]: Custom Action Manager thread ending.
=== Logging stopped: 4. 10. 2010 22:35:26 ===
MSI (c) (70:2C) [22:35:26:794]: Note: 1: 1708
MSI (c) (70:2C) [22:35:26:794]: Product: Cisco Systems VPN Client 5.0.07.0290 -- Installation operation failed.
</cut>
thanks,
martinLOG:
=== Verbose logging started: 13.10.2010 14:58:45 Build type: SHIP UNICODE 5.00.7600.00 Calling process: C:\Windows\SysWOW64\msiexec.exe ===
MSI (c) (48:6C) [14:58:45:636]: Font created. Charset: Req=0, Ret=0, Font: Req=, Ret=Arial
MSI (c) (48:6C) [14:58:45:636]: Font created. Charset: Req=0, Ret=0, Font: Req=, Ret=Arial
MSI (c) (48:AC) [14:58:45:657]: Resetting cached policy values
MSI (c) (48:AC) [14:58:45:657]: Machine policy value 'Debug' is 0
MSI (c) (48:AC) [14:58:45:657]: ******* RunEngine:
******* Product: vpnclient_setup.msi
******* Action:
******* CommandLine: **********
MSI (c) (48:AC) [14:58:45:666]: Machine policy value 'DisableUserInstalls' is 0
MSI (c) (48:AC) [14:58:45:683]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi' against software restriction policy
MSI (c) (48:AC) [14:58:45:683]: Note: 1: 2262 2: DigitalSignature 3: -2147287038
MSI (c) (48:AC) [14:58:45:683]: SOFTWARE RESTRICTION POLICY: C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi is not digitally signed
MSI (c) (48:AC) [14:58:45:685]: SOFTWARE RESTRICTION POLICY: C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi is permitted to run at the 'unrestricted' authorization level.
MSI (c) (48:AC) [14:58:45:738]: Cloaking enabled.
MSI (c) (48:AC) [14:58:45:738]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (48:AC) [14:58:45:744]: End dialog not enabled
MSI (c) (48:AC) [14:58:45:744]: Original package ==> C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi
MSI (c) (48:AC) [14:58:45:744]: Package we're running from ==> C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi
MSI (c) (48:AC) [14:58:45:749]: APPCOMPAT: Compatibility mode property overrides found.
MSI (c) (48:AC) [14:58:45:749]: APPCOMPAT: looking for appcompat database entry with ProductCode '{467D5E81-8349-4892-9E81-C3674ED8E451}'.
MSI (c) (48:AC) [14:58:45:749]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (48:AC) [14:58:45:753]: MSCOREE not loaded loading copy from system32
MSI (c) (48:AC) [14:58:45:755]: Machine policy value 'TransformsSecure' is 0
MSI (c) (48:AC) [14:58:45:755]: User policy value 'TransformsAtSource' is 0
MSI (c) (48:AC) [14:58:45:756]: Machine policy value 'DisablePatch' is 0
MSI (c) (48:AC) [14:58:45:756]: Machine policy value 'AllowLockdownPatch' is 0
MSI (c) (48:AC) [14:58:45:756]: Machine policy value 'DisableLUAPatching' is 0
MSI (c) (48:AC) [14:58:45:756]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (c) (48:AC) [14:58:45:756]: APPCOMPAT: looking for appcompat database entry with ProductCode '{467D5E81-8349-4892-9E81-C3674ED8E451}'.
MSI (c) (48:AC) [14:58:45:756]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (48:AC) [14:58:45:757]: Transforms are not secure.
MSI (c) (48:AC) [14:58:45:757]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\log.txt'.
MSI (c) (48:AC) [14:58:45:757]: Command Line: CURRENTDIRECTORY=C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9 CLIENTUILEVEL=0 CLIENTPROCESSID=7496
MSI (c) (48:AC) [14:58:45:757]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{A8E53AA2-297F-4262-9996-753440EF4AB0}'.
MSI (c) (48:AC) [14:58:45:757]: Product Code passed to Engine.Initialize: ''
MSI (c) (48:AC) [14:58:45:757]: Product Code from property table before transforms: '{467D5E81-8349-4892-9E81-C3674ED8E451}'
MSI (c) (48:AC) [14:58:45:757]: Product Code from property table after transforms: '{467D5E81-8349-4892-9E81-C3674ED8E451}'
MSI (c) (48:AC) [14:58:45:757]: Product not registered: beginning first-time install
MSI (c) (48:AC) [14:58:45:757]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (c) (48:AC) [14:58:45:757]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (c) (48:AC) [14:58:45:757]: User policy value 'SearchOrder' is 'nmu'
MSI (c) (48:AC) [14:58:45:757]: Adding new sources is allowed.
MSI (c) (48:AC) [14:58:45:757]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (c) (48:AC) [14:58:45:757]: Package name extracted from package path: 'vpnclient_setup.msi'
MSI (c) (48:AC) [14:58:45:757]: Package to be registered: 'vpnclient_setup.msi'
MSI (c) (48:AC) [14:58:45:758]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (c) (48:AC) [14:58:45:758]: Machine policy value 'DisableMsi' is 0
MSI (c) (48:AC) [14:58:45:758]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (c) (48:AC) [14:58:45:758]: User policy value 'AlwaysInstallElevated' is 0
MSI (c) (48:AC) [14:58:45:758]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (c) (48:AC) [14:58:45:758]: Running product '{467D5E81-8349-4892-9E81-C3674ED8E451}' with elevated privileges: Product is assigned.
MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9'.
MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '0'.
MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '7496'.
MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'.
MSI (c) (48:AC) [14:58:45:758]: TRANSFORMS property is now:
MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (c) (48:AC) [14:58:45:758]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming
MSI (c) (48:AC) [14:58:45:759]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\Favorites
MSI (c) (48:AC) [14:58:45:759]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (c) (48:AC) [14:58:45:759]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\Documents
MSI (c) (48:AC) [14:58:45:759]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (c) (48:AC) [14:58:45:760]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Recent
MSI (c) (48:AC) [14:58:45:760]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\SendTo
MSI (c) (48:AC) [14:58:45:760]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Templates
MSI (c) (48:AC) [14:58:45:760]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Local
MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\Pictures
MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (c) (48:AC) [14:58:45:762]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (c) (48:AC) [14:58:45:762]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (c) (48:AC) [14:58:45:762]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (48:AC) [14:58:45:763]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (48:AC) [14:58:45:763]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (c) (48:AC) [14:58:45:763]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (c) (48:AC) [14:58:45:763]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\Desktop
MSI (c) (48:AC) [14:58:45:764]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (c) (48:AC) [14:58:45:764]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
MSI (c) (48:AC) [14:58:45:765]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (c) (48:AC) [14:58:45:769]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
MSI (c) (48:AC) [14:58:45:769]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (c) (48:AC) [14:58:45:769]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'CIO'.
MSI (c) (48:AC) [14:58:45:769]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding COMPANYNAME property. Its value is 'Accenture'.
MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi'.
MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi'.
MSI (c) (48:AC) [14:58:45:769]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\'.
MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\'.
MSI (c) (48:6C) [14:58:45:770]: PROPERTY CHANGE: Adding VersionHandler property. Its value is '5.00'.
=== Logging started: 13.10.2010 14:58:45 ===
MSI (c) (48:AC) [14:58:45:776]: Note: 1: 2205 2: 3: PatchPackage
MSI (c) (48:AC) [14:58:45:776]: Machine policy value 'DisableRollback' is 0
MSI (c) (48:AC) [14:58:45:776]: User policy value 'DisableRollback' is 0
MSI (c) (48:AC) [14:58:45:776]: PROPERTY CHANGE: Adding UILevel property. Its value is '5'.
MSI (c) (48:AC) [14:58:45:776]: Note: 1: 2262 2: Font 3: -2147287038
MSI (c) (48:AC) [14:58:45:777]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
MSI (c) (48:AC) [14:58:45:777]: PROPERTY CHANGE: Adding SHIMFLAGS property. Its value is '512'.
MSI (c) (48:AC) [14:58:45:777]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (c) (48:AC) [14:58:45:777]: Doing action: INSTALL
Action start 14:58:45: INSTALL.
MSI (c) (48:AC) [14:58:45:777]: UI Sequence table 'InstallUISequence' is present and populated.
MSI (c) (48:AC) [14:58:45:777]: Running UISequence
MSI (c) (48:AC) [14:58:45:777]: PROPERTY CHANGE: Adding EXECUTEACTION property. Its value is 'INSTALL'.
MSI (c) (48:AC) [14:58:45:778]: Doing action: WiseStartup
Action start 14:58:45: WiseStartup.
MSI (c) (48:AC) [14:58:45:778]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'WiseStartup'
MSI (c) (48:8C) [14:58:45:791]: Invoking remote custom action. DLL: C:\Users\ANDREA\AppData\Local\Temp\MSI8E45.tmp, Entrypoint: Startup
MSI (c) (48:B0) [14:58:45:793]: Cloaking enabled.
MSI (c) (48:B0) [14:58:45:793]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (48:B0) [14:58:45:793]: Connected to service for CA interface.
Action ended 14:58:45: WiseStartup. Return value 1.
MSI (c) (48:AC) [14:58:45:926]: Doing action: LaunchConditions
Action start 14:58:45: LaunchConditions.
Action ended 14:58:45: LaunchConditions. Return value 1.
MSI (c) (48:AC) [14:58:45:927]: Doing action: SetDLLDIR
Action start 14:58:45: SetDLLDIR.
MSI (c) (48:AC) [14:58:45:927]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetDLLDIR'
MSI (c) (48:AC) [14:58:45:927]: PROPERTY CHANGE: Adding DLLDIR property. Its value is '{467D5E81-8349-4892-9E81-C3674ED8E451}'.
Action ended 14:58:45: SetDLLDIR. Return value 1.
MSI (c) (48:AC) [14:58:45:927]: Doing action: SetDLLLOC
Action start 14:58:45: SetDLLLOC.
MSI (c) (48:AC) [14:58:45:927]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetDLLLOC'
MSI (c) (48:AC) [14:58:45:927]: PROPERTY CHANGE: Adding DLLLOC property. Its value is 'C:\Users\ANDREA\AppData\Local\Temp\{467D5E81-8349-4892-9E81-C3674ED8E451}\'.
Action ended 14:58:45: SetDLLLOC. Return value 1.
MSI (c) (48:AC) [14:58:45:927]: Doing action: CsCa_CopyInstHelperDll
Action start 14:58:45: CsCa_CopyInstHelperDll.
MSI (c) (48:AC) [14:58:45:928]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'CsCa_CopyInstHelperDll'
MSI (c) (48:DC) [14:58:45:939]: Invoking remote custom action. DLL: C:\Users\ANDREA\AppData\Local\Temp\MSI8EE2.tmp, Entrypoint: f0
MSI (c) (48!40) [14:58:45:960]: PROPERTY CHANGE: Adding CsProp_CopyInstHelperDll property. Its value is '1'.
Action ended 14:58:45: CsCa_CopyInstHelperDll. Return value 1.
MSI (c) (48:AC) [14:58:45:961]: Skipping action: ClearDisableUAP (condition is false)
MSI (c) (48:AC) [14:58:45:961]: Skipping action: CsCaErr_NTNotSupported1 (condition is false)
MSI (c) (48:AC) [14:58:45:961]: Skipping action: CsCaErr_Win64BitNotSupported2 (condition is false)
MSI (c) (48:AC) [14:58:45:961]: Skipping action: SetPatchMode (condition is false)
MSI (c) (48:AC) [14:58:45:961]: Skipping action: SetPatchReinstallMode (condition is false)
MSI (c) (48:AC) [14:58:45:961]: Doing action: CsCaDll_AreWeInstalled1
Action start 14:58:45: CsCaDll_AreWeInstalled1.
MSI (c) (48:AC) [14:58:45:961]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'CsCaDll_AreWeInstalled1'
MSI (c) (48:04) [14:58:45:972]: Invoking remote custom action. DLL: C:\Users\ANDREA\AppData\Local\Temp\MSI8F02.tmp, Entrypoint: f2
MSI (c) (48!C0) [14:58:45:997]: PROPERTY CHANGE: Adding CLIENT_INSTALLED property. Its value is '0'.
Action ended 14:58:45: CsCaDll_AreWeInstalled1. Return value 1.
MSI (c) (48:AC) [14:58:45:998]: Skipping action: CsCaDll_AreWeInstalled (condition is false)
MSI (c) (48:AC) [14:58:45:998]: Skipping action: CsCaProp_SetLegacyClient2Unity (condition is false)
MSI (c) (48:AC) [14:58:45:998]: Skipping action: CsCaDll_ClientAlreadyInstalledOnVista (condition is false)
MSI (c) (48:AC) [14:58:45:998]: Doing action: Setup_Dialog
Action start 14:58:45: Setup_Dialog.
MSI (c) (48:AC) [14:58:45:999]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'Setup_Dialog'
Info 2898. For MSSansSerif8 textstyle, the system created a 'MS Sans Serif' font, in 1 character set, of 13 pixels height.
Info 2898. For Arial10 textstyle, the system created a 'Arial' font, in 1 character set, of 16 pixels height.
Info 2898. For Arial14 textstyle, the system created a 'Arial' font, in 1 character set, of 22 pixels height.
Action ended 14:58:46: Setup_Dialog. Return value 1.
MSI (c) (48:AC) [14:58:46:030]: Doing action: FindRelatedProducts
Action start 14:58:46: FindRelatedProducts.
MSI (c) (48:AC) [14:58:46:031]: Note: 1: 2262 2: Upgrade 3: -2147287038
Action ended 14:58:46: FindRelatedProducts. Return value 1.
MSI (c) (48:AC) [14:58:46:031]: Doing action: AppSearch
Action start 14:58:46: AppSearch.
MSI (c) (48:AC) [14:58:46:032]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (c) (48:AC) [14:58:46:032]: Note: 1: 2262 2: CompLocator 3: -2147287038
MSI (c) (48:AC) [14:58:46:033]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNE\Parameters\Order 3: 2
MSI (c) (48:AC) [14:58:46:033]: Note: 1: 2262 2: IniLocator 3: -2147287038
MSI (c) (48:AC) [14:58:46:033]: Note: 1: 2262 2: DrLocator 3: -2147287038
Action ended 14:58:46: AppSearch. Return value 1.
MSI (c) (48:AC) [14:58:46:033]: Skipping action: CCPSearch (condition is false)
MSI (c) (48:AC) [14:58:46:033]: Skipping action: CCPDialog (condition is false)
MSI (c) (48:AC) [14:58:46:033]: Skipping action: RMCCPSearch (condition is false)
MSI (c) (48:AC) [14:58:46:033]: Doing action: ValidateProductID
Action start 14:58:46: ValidateProductID.
Action ended 14:58:46: ValidateProductID. Return value 1.
MSI (c) (48:AC) [14:58:46:033]: Doing action: CostInitialize
Action start 14:58:46: CostInitialize.
MSI (c) (48:AC) [14:58:46:034]: Machine policy value 'MaxPatchCacheSize' is 10
MSI (c) (48:AC) [14:58:46:035]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'C:\'.
MSI (c) (48:AC) [14:58:46:036]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
Action ended 14:58:46: CostInitialize. Return value 1.
MSI (c) (48:AC) [14:58:46:036]: Doing action: FileCost
Action start 14:58:46: FileCost.
MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: MsiAssembly 3: -2147287038
MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: RemoveFile 3: -2147287038
MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: MoveFile 3: -2147287038
MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: DuplicateFile 3: -2147287038
MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: Class 3: -2147287038
MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: TypeLib 3: -2147287038
MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: IniFile 3: -2147287038
MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: ReserveCost 3: -2147287038
Action ended 14:58:46: FileCost. Return value 1.
MSI (c) (48:AC) [14:58:46:038]: Doing action: IsolateComponents
Action start 14:58:46: IsolateComponents.
MSI (c) (48:AC) [14:58:46:040]: Note: 1: 2262 2: BindImage 3: -2147287038
MSI (c) (48:AC) [14:58:46:041]: Note: 1: 2262 2: IsolatedComponent 3: -2147287038
MSI (c) (48:AC) [14:58:46:041]: Note: 1: 2205 2: 3: Patch
Action ended 14:58:46: IsolateComponents. Return value 1.
MSI (c) (48:AC) [14:58:46:041]: Doing action: CostFinalize
Action start 14:58:46: CostFinalize.
MSI (c) (48:AC) [14:58:46:041]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (c) (48:AC) [14:58:46:042]: Note: 1: 2205 2: 3: Patch
MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'C:\'.
MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding WWWROOT property. Its value is 'C:\'.
MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding GAC property. Its value is 'C:\'.
MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding System16Folder property. Its value is 'C:\Windows\'.
MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding Drivers property. Its value is 'C:\Windows\system32\Drivers\'.
MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding WinSxS property. Its value is 'C:\Windows\'.
MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding ProfilesFolder property. Its value is 'C:\Windows\'.
MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding Cisco_Systems_VPN_Client property. Its value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client\'.
MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding Cisco_Systems property. Its value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding CommonFiles64Folder.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D property. Its value is 'C:\Program Files\Common Files\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding D64_CFDetNet.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D property. Its value is 'C:\Program Files\Common Files\Deterministic Networks\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding D64_DNCF.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D property. Its value is 'C:\Program Files\Common Files\Deterministic Networks\Common Files\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding D64_DNE.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D property. Its value is 'C:\Program Files\Common Files\Deterministic Networks\DNE\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding CommonFiles64Folder.0525718E_E263_4E57_A46E_C584C25A7F93 property. Its value is 'C:\Program Files\Common Files\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding INSTALLDIR2 property. Its value is 'C:\Program Files (x86)\VPN Client\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding INSTALLDIR1 property. Its value is 'C:\Program Files (x86)\Cisco Systems\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding INSTALLDIR property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding updates property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\updates\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding TempInstall property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\TempInstall\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Resources property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Resources\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Profiles property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Logs property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Logs\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding include property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\include\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Certificates property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Certificates\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding accessible property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\accessible\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Setup property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Setup\'.
MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Languages property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Languages\'.
MSI (c) (48:AC) [14:58:46:043]: Target path resolution complete. Dumping Directory table...
MSI (c) (48:AC) [14:58:46:043]: Note: target paths subject to change (via custom actions or browsing)
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: TARGETDIR , Object: C:\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: WWWROOT , Object: C:\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: GAC , Object: C:\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: MyPicturesFolder , Object: C:\Users\andrea\Pictures\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonAppDataFolder , Object: C:\ProgramData\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: WindowsFolder , Object: C:\Windows\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: System16Folder , Object: C:\Windows\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: TemplateFolder , Object: C:\ProgramData\Microsoft\Windows\Templates\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: AdminToolsFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: System64Folder , Object: C:\Windows\system32\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Drivers , Object: C:\Windows\system32\Drivers\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: WinSxS , Object: C:\Windows\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: SystemFolder , Object: C:\Windows\SysWOW64\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: FontsFolder , Object: C:\Windows\Fonts\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: TempFolder , Object: C:\Users\ANDREA\AppData\Local\Temp\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: ProfilesFolder , Object: C:\Windows\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: AppDataFolder , Object: C:\Users\andrea\AppData\Roaming\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: FavoritesFolder , Object: C:\Users\andrea\Favorites\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: NetHoodFolder , Object: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: DesktopFolder , Object: C:\Users\Public\Desktop\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: RecentFolder , Object: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Recent\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: StartMenuFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: ProgramMenuFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Cisco_Systems_VPN_Client , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: StartupFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Cisco_Systems , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: PersonalFolder , Object: C:\Users\andrea\Documents\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: SendToFolder , Object: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\SendTo\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: PrintHoodFolder , Object: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: LocalAppDataFolder , Object: C:\Users\andrea\AppData\Local\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: ProgramFiles64Folder , Object: C:\Program Files\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonFiles64Folder , Object: C:\Program Files\Common Files\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonFiles64Folder.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D , Object: C:\Program Files\Common Files\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: D64_CFDetNet.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D , Object: C:\Program Files\Common Files\Deterministic Networks\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: D64_DNCF.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D , Object: C:\Program Files\Common Files\Deterministic Networks\Common Files\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: D64_DNE.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D , Object: C:\Program Files\Common Files\Deterministic Networks\DNE\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonFiles64Folder.0525718E_E263_4E57_A46E_C584C25A7F93 , Object: C:\Program Files\Common Files\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: ProgramFilesFolder , Object: C:\Program Files (x86)\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonFilesFolder , Object: C:\Program Files (x86)\Common Files\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: INSTALLDIR2 , Object: C:\Program Files (x86)\VPN Client\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: INSTALLDIR1 , Object: C:\Program Files (x86)\Cisco Systems\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: INSTALLDIR , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: updates , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\updates\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: TempInstall , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\TempInstall\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Resources , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Resources\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Profiles , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Logs , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Logs\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: include , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\include\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Certificates , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Certificates\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: accessible , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\accessible\
MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Setup , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Setup\
MSI (c) (48:AC) [14:58:46:044]: Dir (target): Key: Languages , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Languages\
MSI (c) (48:AC) [14:58:46:045]: Note: 1: 2262 2: RemoveFile 3: -2147287038
Action ended 14:58:46: CostFinalize. Return value 1.
MSI (c) (48:AC) [14:58:46:045]: Doing action: MigrateFeatureStates
Action start 14:58:46: MigrateFeatureStates.
Action ended 14:58:46: MigrateFeatureStates. Return value 0.
MSI (c) (48:AC) [14:58:46:047]: Doing action: SetWizardProperty1
Action start 14:58:46: SetWizardProperty1.
MSI (c) (48:AC) [14:58:46:048]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetWizardProperty1'
MSI (c) (48:AC) [14:58:46:048]: PROPERTY CHANGE: Adding WiseCurrentWizard property. Its value is 'Welcome_Dialog'.
Action ended 14:58:46: SetWizardProperty1. Return value 1.
MSI (c) (48:AC) [14:58:46:048]: Doing action: Welcome_Dialog
Action start 14:58:46: Welcome_Dialog.
MSI (c) (48:AC) [14:58:46:049]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'Welcome_Dialog'
MSI (c) (48:2C) [14:58:46:068]: Note: 1: 2262 2: DuplicateFile 3: -2147287038
MSI (c) (48:2C) [14:58:46:068]: Note: 1: 2262 2: ReserveCost 3: -2147287038
MSI (c) (48:2C) [14:58:46:068]: Note: 1: 2205 2: 3: _RemoveFilePath
MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: TypeLib 3: -2147287038
MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Class 3: -2147287038
MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Class 3: -2147287038
MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Class 3: -2147287038
MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Class 3: -2147287038
MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Class 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Class 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Class 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: BindImage 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: ProgId 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: PublishComponent 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: SelfReg 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Font 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Class 3: -2147287038
MSI (c) (48:2C) [14:58:46:076]: PROPERTY CHANGE: Modifying PrimaryVolumeSpaceAvailable property. Its current value is '0'. Its new value: '60293640'.
MSI (c) (48:2C) [14:58:46:077]: PROPERTY CHANGE: Modifying PrimaryVolumeSpaceRequired property. Its current value is '0'. Its new value: '50274'.
MSI (c) (48:2C) [14:58:46:077]: PROPERTY CHANGE: Modifying PrimaryVolumeSpaceRemaining property. Its current value is '0'. Its new value: '60243366'.
MSI (c) (48:2C) [14:58:46:077]: PROPERTY CHANGE: Adding PrimaryVolumePath property. Its value is 'C:'.
MSI (c) (48:6C) [14:58:46:746]: Doing action: WiseNextDlg
Action start 14:58:46: WiseNextDlg.
MSI (c) (48:6C) [14:58:46:746]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'WiseNextDlg'
Action ended 14:58:46: WiseNextDlg. Return value 3.
DEBUG: Error 2896: Executing action WiseNextDlg failed.
Internal Error 2896. WiseNextDlg
Action ended 14:58:46: Welcome_Dialog. Return value 3.
MSI (c) (48:AC) [14:58:46:753]: Doing action: Fatal_Error
Action start 14:58:46: Fatal_Error.
MSI (c) (48:AC) [14:58:46:754]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'Fatal_Error'
MSI (c) (48:6C) [14:58:47:418]: Doing action: WiseCleanup
Action start 14:58:47: WiseCleanup.
MSI (c) (48:6C) [14:58:47:418]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'WiseCleanup'
MSI (c) (48:40) [14:58:47:445]: Invoking remote custom action. DLL: C:\Users\ANDREA\AppData\Local\Temp\MSI94AE.tmp, Entrypoint: Cleanup
Action ended 14:58:47: WiseCleanup. Return value 1.
Action ended 14:58:47: Fatal_Error. Return value 2.
Action ended 14:58:47: INSTALL. Return value 3.
MSI (c) (48:AC) [14:58:47:467]: Destroying RemoteAPI object.
MSI (c) (48:B0) [14:58:47:487]: Custom Action Manager thread ending.
=== Logging stopped: 13.10.2010 14:58:47 ===
MSI (c) (48:AC) [14:58:47:488]: Note: 1: 1708
MSI (c) (48:AC) [14:58:47:488]: Product: Cisco Systems VPN Client 5.0.07.0290 -- Installation operation failed.
MSI (c) (48:AC) [14:58:47:489]: Windows Installer installed the product. Product Name: Cisco Systems VPN Client 5.0.07.0290. Product Version: 5.0.7. Product Language: 1033. Manufacturer: Cisco Systems, Inc.. Installation success or error status: 1603.
MSI (c) (48:AC) [14:58:47:491]: Grabbed execution mutex.
MSI (c) (48:AC) [14:58:47:491]: Cleaning up uninstalled install packages, if any exist
MSI (c) (48:AC) [14:58:47:493]: MainEngineThread is returning 1603
=== Verbose logging stopped: 13.10.2010 14:58:47 === -
Setting up IPsec VPNs to use with Cisco Anyconnect
So I've been having trouble setting up vpns on our ASA 5510. I would like to use IPsec VPNs so that we don't have to worry about licensing issues, but from what I've read you can do this with and still use Cisco Anyconnect. My knowledge on how to set up VPNs especially in iOS verion 8.4 is limited so I've been using a combination of command line and ASDM.
I'm finally able to connect from a remote location but once I connect, nothing else works. From what I've read, you can use IPsec for client-to-lan connections. I've been using a preshared key for this. Documentation is limited on what should happen after you connect? Shouldn't I be able to access computers that are local to the vpn connection? I'm trying to set this up from work. If I VPN from home, shouldn't I be able to access all resources at work? I think because I've used the command line as well as ASDM I've confused some of the configuration. Plus I think some of the default policies are confusing me too. So I probably need a lot of help. Below is my current configuration with IP address altered and stuff that is completely non-related to vpns removed.
NOTE: We are still testing this ASA and it isn't in production.
Any help you can give me is much appreciated.
ASA Version 8.4(2)
hostname ASA
domain-name domain.com
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/1
nameif outside
security-level 0
ip address 50.1.1.225 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
no nameif
security-level 100
ip address 192.168.1.1 255.255.255.0
boot system disk0:/asa842-k8.bin
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
same-security-traffic permit intra-interface
object network NETWORK_OBJ_192.168.0.224_27
subnet 192.168.0.224 255.255.255.224
object-group service VPN
service-object esp
service-object tcp destination eq ssh
service-object tcp destination eq https
service-object udp destination eq 443
service-object udp destination eq isakmp
access-list ips extended permit ip any any
ip local pool VPNPool 192.168.0.225-192.168.0.250 mask 255.255.255.0
no failover
failover timeout -1
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.0.224_27 NETWORK_OBJ_192.168.0.224_27 no-proxy-arp route-lookup
object network LAN
nat (inside,outside) dynamic interface
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 50.1.1.250 1
sysopt noproxyarp inside
sysopt noproxyarp outside
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=ASA
crl configure
crypto ca server
shutdown
crypto ca certificate chain ASDM_TrustPoint0
certificate d2c18c4e
308201f3 3082015c a0030201 020204d2 c18c4e30 0d06092a 864886f7 0d010105
0500303e 3110300e 06035504 03130741 53413535 3130312a 30280609 2a864886
f70d0109 02161b41 53413535 31302e64 69676974 616c6578 7472656d 65732e63
6f6d301e 170d3131 31303036 31393133 31365a17 0d323131 30303331 39313331
365a303e 3110300e 06035504 03130741 53413535 3130312a 30280609 2a864886
f70d0109 02161b41 53413535 31302e64 69676974 616c6578 7472656d 65732e63
6f6d3081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100b2
8acbe1f4 5aa19dc5 d3379bf0 f0e1177d 79b2b7cf cc6b4623 d1d97d4c 53c9643b
37f32caf b13b5205 d24457f2 b5d674cb 399f86d0 e6c3335f 031d54f4 d6ca246c
234b32b2 b3ad2bf6 e3f824c0 95bada06 f5173ad2 329c28f8 20daaccf 04c51782
3ca319d0 d5d415ca 36a9eaff f9a7cf9c f7d5e6cc 5f7a3412 98e71de8 37150f02
03010001 300d0609 2a864886 f70d0101 05050003 8181009d d2d4228d 381112a1
cfd05ec1 0f51a828 0748172e 3ff7b480 26c197f5 fd07dd49 01cd9db6 9152c4dc
18d0f452 50f5d0f5 4a8279c4 4c1505f9 f5e691cc 59173dd1 7b86de4f 4e804ac6
beb342d1 f2db1d1f 878bb086 981536cf f4094dbf 36c5371f e1a0db0a 75685bef
af72e31f a1c4a892 d0acc618 888b53d1 9b888669 70e398
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 10
console timeout 0
management-access inside
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect image disk0:/anyconnect-linux-2.5.2014-k9.pkg 2
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3
anyconnect profiles VPN disk0:/devpn.xml
anyconnect enable
tunnel-group-list enable
group-policy VPN internal
group-policy VPN attributes
wins-server value 50.1.1.17 50.1.1.18
dns-server value 50.1.1.17 50.1.1.18
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
default-domain value digitalextremes.com
webvpn
anyconnect profiles value VPN type user
always-on-vpn profile-setting
username administrator password xxxxxxxxx encrypted privilege 15
username VPN1 password xxxxxxxxx encrypted
tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
address-pool (inside) VPNPool
address-pool VPNPool
authorization-server-group LOCAL
default-group-policy VPN
tunnel-group VPN webvpn-attributes
group-alias VPN enable
tunnel-group VPN ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
class-map ips
match access-list ips
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
class ips
ips inline fail-open
class class-default
user-statistics accountingHi Marvin, thanks for the quick reply.
It appears that we don't have Anyconnect Essentials.
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5510 Security Plus license.
So then what does this mean for us VPN-wise? Is there any way we can set up multiple VPNs with this license? -
Cisco vpn on Windows 8/8.1 x64
Hi!
I know that the support for Cisco VPN Clinet is suspended a long time.
But, it is only client that operates with a support for Etoken.
Here, it is the same problem for this issue:
https://supportforums.cisco.com/discussion/11882951/cisco-vpn-client-windows-8?recent=false
It is a problem with certificate storage in Windows 8 x64.
Can you tell us, it is possible to make a small update to repair this error.
On Windows 8 x32 all it is perfect with Etoken.TheGreenBow works with hundreds of different kinds of VPN hosts/servers. The trial version is fully functional so that you can test it. Cisco is no longer developing their VPN client so I don't think you're going to get your question answered.
-
Difference between setting up a vpn with windows 7 and cisco routers
Hi.I was wondering what the main difference Is between setting up a vpn with windows 7 or configuring It on cisco routers.
When you setup the vpn on windows 7 or xp do the client and server pc's take care of the encryption and decryption whereas configuring vpn on routers , the encryption and decryption Is done solely by the routers?
If I want to setup a connection where an IP In the same Internal lan Is assigned to the client pc I'm guessing I'd have to use a router configuration.
ThanksThank you for the response, lucky for me there was another option. Threatened to cancel with the ISP on the NAT side unless they assigned us a public static ip/gateway/subnet. They ended up doing that and the VPN connected as soon as the changes were made in the Linksys.
-
Cisco VPN on iPad - remember password setting
I've tried to configure some iPad's to connect to Cisco VPN by hand and via IPCU. It appears that the user's password for VPN is saved when initially entered (both by hand and by IPCU), but upon connection to the concentrator, the user is prompted for the password and then the field is changed to "Ask Every Time". Even if you go back and enter a password here and save, it will go back to "Ask Every Time". I've changed our Cisco concentrators to allow the users to save passwords for this particular VPN group, but that didn't fix the problem either. To me, it appears a bug, but wondering if others had seen this or not.
We changed on our ASA 5500 as below and all VPN passwords stored on iPhone 3.1.3, 4.0, iPad 3.2.1...
Cisco VPN Client Password Storage Configuration
If you have numerous Cisco VPN Clients, it is very hard to remember all the VPN Client usernames and passwords. In order to store the passwords in the VPN Client machine, configure the ASA/PIX and the VPN Client as this section describes.
ASA/PIX
Use the group-policy attributes command in global configuration mode:
group-policy VPNusers attributes
password-storage enable -
Need HELPS! ASA 5505 8.4 Cisco VPN Client cannot ping any internal host
Hi:
Need your great help for my new ASA 5505 (8.4)
I just set a new ASA 5505 with 8.4. However, I cannot ping any host after VPN in with Cisco VPN client. Please see below posted configuration file, thanks for any suggestion.
ASA Version 8.4(3)
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.29.8.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 177.164.222.140 255.255.255.248
ftp mode passive
clock timezone GMT 0
dns server-group DefaultDNS
domain-name ABCtech.com
same-security-traffic permit inter-interface
object network obj_any
subnet 172.29.8.0 255.255.255.0
object service RDP
service tcp source eq 3389
object network orange
host 172.29.8.151
object network WAN_173_164_222_138
host 177.164.222.138
object service SMTP
service tcp source eq smtp
object service PPTP
service tcp source eq pptp
object service JT_WWW
service tcp source eq www
object service JT_HTTPS
service tcp source eq https
object network obj_lex
subnet 172.29.88.0 255.255.255.0
description Lexington office network
object network obj_HQ
subnet 172.29.8.0 255.255.255.0
object network guava
host 172.29.8.3
object service L2TP
service udp source eq 1701
access-list VPN_Tunnel_User standard permit 172.29.8.0 255.255.255.0
access-list VPN_Tunnel_User standard permit 172.29.88.0 255.255.255.0
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended deny tcp any any eq 135
access-list inside_access_in extended deny tcp any eq 135 any
access-list inside_access_in extended deny udp any eq 135 any
access-list inside_access_in extended deny udp any any eq 135
access-list inside_access_in extended deny tcp any any eq 1591
access-list inside_access_in extended deny tcp any eq 1591 any
access-list inside_access_in extended deny udp any eq 1591 any
access-list inside_access_in extended deny udp any any eq 1591
access-list inside_access_in extended deny tcp any any eq 1214
access-list inside_access_in extended deny tcp any eq 1214 any
access-list inside_access_in extended deny udp any any eq 1214
access-list inside_access_in extended deny udp any eq 1214 any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any any eq www
access-list inside_access_in extended permit tcp any eq www any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq 33
89
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq sm
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq pp
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ww
w
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ht
tps
access-list outside_access_in extended permit gre any host 177.164.222.138
access-list outside_access_in extended permit udp any host 177.164.222.138 eq 17
01
access-list outside_access_in extended permit ip any any
access-list inside_access_out extended permit icmp any any
access-list inside_access_out extended permit ip any any
access-list outside_cryptomap extended permit ip 172.29.8.0 255.255.255.0 172.29
.88.0 255.255.255.0
access-list inside_in extended permit icmp any any
access-list inside_in extended permit ip any any
access-list inside_in extended permit udp any any eq isakmp
access-list inside_in extended permit udp any eq isakmp any
access-list inside_in extended permit udp any any
access-list inside_in extended permit tcp any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool ABC_HQVPN_DHCP 172.29.8.210-172.29.8.230 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
nat (inside,outside) source static orange interface service RDP RDP
nat (inside,outside) source static obj_HQ obj_HQ destination static obj_lex obj_
lex route-lookup
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_WWW JT_W
WW
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_HTTPS JT
_HTTPS
nat (inside,outside) source static guava WAN_173_164_222_138 service RDP RDP
nat (inside,outside) source static guava WAN_173_164_222_138 service SMTP SMTP
nat (inside,outside) source static guava WAN_173_164_222_138 service PPTP PPTP
nat (inside,outside) source static guava WAN_173_164_222_138 service L2TP L2TP
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 177.164.222.142 1
route inside 172.29.168.0 255.255.255.0 172.29.8.253 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Guava protocol nt
aaa-server Guava (inside) host 172.29.8.3
timeout 15
nt-auth-domain-controller guava
user-identity default-domain LOCAL
http server enable
http 172.29.8.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_VPN_Set esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_vpn_set esp-3des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set Remote_VPN_Set
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 173.190.123.138
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5
ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ES
P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet 172.29.8.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside vpnclient-wins-override
dhcprelay server 172.29.8.3 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
group-policy ABCtech_VPN internal
group-policy ABCtech_VPN attributes
dns-server value 172.29.8.3
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_Tunnel_User
default-domain value ABCtech.local
group-policy GroupPolicy_10.8.8.1 internal
group-policy GroupPolicy_10.8.8.1 attributes
vpn-tunnel-protocol ikev1 ikev2
username who password eicyrfJBrqOaxQvS encrypted
tunnel-group 10.8.8.1 type ipsec-l2l
tunnel-group 10.8.8.1 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 10.8.8.1 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
tunnel-group ABCtech type remote-access
tunnel-group ABCtech general-attributes
address-pool ABC_HQVPN_DHCP
authentication-server-group Guava
default-group-policy ABCtech_VPN
tunnel-group ABCtech ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 173.190.123.138 type ipsec-l2l
tunnel-group 173.190.123.138 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 173.190.123.138 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect pptp
inspect ftp
inspect netbios
smtp-server 172.29.8.3
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:6a26676668b742900360f924b4bc80de
: endHello Wayne,
Can you use a different subnet range than the internal interface, this could cause you a LOT of issues and hours on troubleshooting, so use a dedicated different Ip address range...
I can see that the local Pool range is included into the inside interface Ip address subnet range, change that and the related config ( NAT,etc, ) and let us know what happens,
Regards,
Julio
Security Trainer -
Mac Pro kernel Panic with Cisco VPN Client
After Having to rebuild my new Mac Pro 3 times I finally found that it was the Cisco VPN Client that was released for Intel in Feb. of this year that does not play nice with the new machines. Don't install or if it's too late boot into Safe Boot mode by holding your shift key during startup and then follow the instructions at the link below.
http://itinfo.mit.edu/answer.php?id=8171Just a heads-up;
the new Cisco VPN Client has now been released and fixes this issue.
The version 4.9.01.0030 specifically resolves the following bugs:
CSCsd51113 feature unity nonwindows set mtu vpnclient.ini field
CSCsd51126 unity mac ppp intel fails with mismatch log message 10.4
CSCsc56445 unity mac rebranding volume name voids rebranding files
CSCsf19841 unity mac does not support 64 bit mac pro platform
Cheers,
Dan -
Cisco VPN client can't ping remote network.
I have recently installed a Cisco 5505 and have problems with some of the Cisco VPN Hosts I connect to using the Cisco VPN dialer. The Cisco Dialer connects fine but I am unable to connect to any computers on the remote network.
I have tracked the issue down to the ones that work & the ones that don't. If the remote Cisco is on the same sub-net as the computers I am connecting to it works fine. If the remote Cisco is on a differant sub-net then the computer I am trying to connect to it won't work unless I set up a static nat for a given pc on my network.
When I run through the dynamic Nat for my network I get the following error on the 5505.
regular translation creation failed for protocol 50 src inside:192.168.97.215 dst outside:xx.xxx.xx.xxx
I have been trying to find a solution to this issue ever since I installed the router and have not had any luck with any of the suggestions I have found on the Web. I have attached my config.
Any help would be appreciated.
MikeThanks for your response.
Yes that exactly the setup we are trying to get to work.
I have a call into them now and will check on their set up but I have no control over how they configure their routers I can only make requests.
I was hoping there was something causing it on my side as I deal with Hospitals and they can get very picky about their security.
I guess what is confusing me is it works if it goes through a Static Nat but not if it runs through our dynamic Nat.
Mike -
I cannot route to remote subnets from cisco vpn client and pptp client
Hi guys,
I've a big problem, I configured a 877 cisco router as a cisco vpn server (the customer use it to connect to his network from pc) and a pptp vpn server (he use it to connet to the network from a smartphone).
In this router I created 2 vlan, one for wired network (192.168.10.0/24) and the second one (10.0.0.0/24) for wireless clients and I use fastethernet 3 port to connect these to the router.
this is the issue, when the customer try to connect to a wireless network from both of vpn clients he cannot do this, but if he try to connect to a wired network client all working fine.
following the addresses taken from the router.
- encrypted vpn client -
ip address. 192.168.10.20
netmask 255.255.255.0
Default Gateway. none (blank)
- pptp vpn client -
ip address. 192.168.10.21
netmask. 255.255.255.255
Default Gateway. 192.168.10.21
Is possible that I cannot reach the remote subnet because the clients doesn't receive a gateway (in the first case) or receive the wrong subnet/gateway (in the second one)..?
There is anyone can help me..?
Thank you very much.
Many Kisses and Kindly Regards..
IlariaThe default gateway on your PC is not the problem, it will always show as the same IP address (this is no different when you dial up to an ISP, your DG will again be set to your negotiated IP address).
The issue will be routing within the campus network and more importantly on the PIX itself. The campus network needs a route to the VPN pool of addresses that eventually points back to the PIX.
The issue here is that the PIX will have a default gateway pointing back out towards your laptop. When you establish a VPN and try and go to an Internet address, the PIX is going to route this packet according to its routing table and send it back out the interface it came in on. The PIX won't do this, and the packet will be dropped. Unless you can set the PIX's routing table to forward Internet packets to the campus network, there's no way around this. Of course if you do that then you'll break connectivity thru the PIX for all the internal users.
The only way to do this is to configure split tunnelling on the PIX, so that packets destined for the Internet are sent directly from your laptop in the clear just like normal, and any packet destined for the campus network is encrypted and sent over the tunnel.
Here's the format of the command:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/tz.htm#1048524 -
Hi all,
I wonder if someone can be more helpful than my uni IT department who take a minimum of a week to get you an IP address...
My new uni uses Cisco VPN client for connection to the Wi-Fi network. It all works great apart from one (very annoying problem):-my e-mail accounts in mac mail don't seem to be able to connect via the VPN. I have had both an IMAP and a POP server e-mail account work automatically wherever I connect in the world for over a year now-so its not the way I've set up the accounts.
Is there any way to get mac mail to "see" the VPN connection. If I have to physically plug-in my mac this seems a tad ridiculous when it works in every coffee shop with free wi-fi.
My uni are not helpful as they want people to use either outlook or better still log-on to their e-mail using the web. I don't even want to use their e-mail-what is the point when I move jobs again in a year. What I do currently is use an IMAP account from my last job which I've set to forward to my "e-mail for life" from my undergrad uni. I basically only give out my life e-mail address and this also goes on all my papers.
If I can't access this easily and sort all my mail in all the folders I've created to filter out things like facebook etc. I'm wondering what the point of mac mail is.Yeah, that stuff normally works for me. Unfortunately this is a situation where you have to use an external Cisco VPN client software, whether you like it or not. Its this horrible clunky thing (which at least half works I guess). So its only like normal wi-fi in terms of selecting the network, then you have to open up this application and put in your log-in etc. Most of the settings on this client seem locked, so there isn't much I can do to configure it.
I've just got to my (temporary) accommodation which doesn't have wi-fi or VPN (just ethernet) and my mail is working again-so it must be the VPN. Goodness knows how it works with an iPod touch (interested in getting one but kind of pointless if I spend most of my time at work and it doesn't work...)
Thanks for your suggestions though! -
Cisco VPN Client and Border Manager
Don't know if this is the correct spot, but here goes. We are using BM 3.8sp4 using proxy, and NAT. We have a contractor that needs to access his company network using a Cisco VPN Client Ver 5. They have Enable Transparent Tunneling checked in the client and IPSec over TCP port 1000.
Is this a filter exception to let it out or something else I need to set up?Port 1000, or 10000? (10,000 is something I've seen in the past, and
is what I used for the example in my BMgr filtering book. See URL
below).
You would probably need to open two ports up, in FILTCFG, from private
to public interfaces. First, IKE-st (UDP 500). Next, make a custom
stateful one for port 1000 (or whatever), probably UDP.
The last Cisco IPSec VPN client I used through BMgr needed UDP 500 and
UDP 4500 opened, just like the Novell IPSec VPN client. So I was able
to use the definitions supplied by Novell in FILTCFG. In your case,
you will probably have to add at least one custom exception.
Filter debug will tell you what is being filtered, if you know how to
use it. Or get PKTSCAN.NLM from download.novell.com, load it on the
server, and capture packets. Look at them on the server, or use
Wireshark, and you will see what protocol/ports are being sent from the
client IP address.
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com *** -
Hello,
We have a Cisco ASA 5520 with the VPN PLus License and 8.04 IOS installed, we want to set up vpn access to our users. We can use the cisco VPN client which works on WIndows Platform, but we also have MAC OS 10.7 which works only with Cisco Anyconnect.
I am a little bit lost with all the client and the license, actually we can't setup more than 2 vpn session with an Anyconnect client installed on MAC or Windows. The authentication is by Certificate, the first two connect fine, but the third one don't connect and prompt for a username / password.
I joined a SH VER of my ASA, if anyome can tell me what is wrong on the license or perhaps it's a configuration problem?
Thanks a lot for the answer.
Mathieu.
fw-eps-02# sh ver
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.4(1)
Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"
fw-eps-02 up 1 hour 36 mins
Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: GigabitEthernet0/0 : address is c84c.75da.9a58, irq 9
1: Ext: GigabitEthernet0/1 : address is c84c.75da.9a59, irq 9
2: Ext: GigabitEthernet0/2 : address is c84c.75da.9a5a, irq 9
3: Ext: GigabitEthernet0/3 : address is c84c.75da.9a5b, irq 9
4: Ext: Management0/0 : address is c84c.75da.9a5c, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 750
WebVPN Peers : 2
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has an ASA 5520 VPN Plus license.
Serial Number: JMX1433L0Y3
Running Activation Key: 0x3a17c153 0x8c141630 0xe0f3b5d4 0x86044ccc 0x47193392
Configuration register is 0x40 (will be 0x1 at next reload)
Configuration last modified by mgeffroy at 15:33:11.409 CEST Mon Jan 23 2012
fw-eps-02#why don't you use built-in client in mac osx? it supports certificate authentication also.
another solution would be to buy additional ssl vpn licences: there is a limit of two ssl vpn sessions by default.
Sent from Cisco Technical Support iPad App -
Hi,
I am using Cisco VPN client 4.9.01.0180 to connect to remote server. From the Cisco client, I see that I am connecting to the remote server.
Using the terminal, with command:
ssh 192.168.1.2 or ssh [email protected] to connect to the remote server.
However, the output is:
ssh: connect to host 192.168.1.2 port 22: Operation timed out
I don't know what is going wrong. The Cisco client 's setting is simple, and no problem using Windows. Do I have to modify the Mac OS?
Regards,
Terencehi,
sorry for asking stupid. how and what did you change your subnet to ?
i have almost the exact same problem (same client and on Windows it does work and I cannot ssh to a Mac in the work office) furthermore i am using a wireless connection (via Airport Express) ... not sure if that matters.
do i just go into the Network Prefs and select the tcp/ip tab, and manually change the ip-addresses ?
my settings (DHCP) currently are
ip 10.0.1.2
Subnet Mask 255.255.255.0
Router 10.0.1.1
The strange thing for me is that if I Remote Desktop to a PC (via VPN) on the same office net as the above Mac I cannot ssh (via Putty), but when i am physically at the PC i am able to ssh.
any help appreciated
./allan
Maybe you are looking for
-
How can i use "icloud backup" with ios 4.2.1?
How can i use "icloud backup" with ios 4.2.1? I tried to update my ihpone 3G wih the newest IOs. Seems not to be possible.
-
How to debug global values in UDF in a graphical mapping
Hi Every one, I got a situation in PI where i have to use global values in graphical mapping UDF. I can't able to get the values in "Display Queue " option. Can you please tell me what is the best way of debugging global variable in graphical mappin
-
i have put a mini cd into the slot drive and cannot get it out. how would i get it out?
-
2x LabVIEW Systems Engineer Full Time Positions – Sheffield and Bristol, UK
2x LabVIEW Systems Engineer - Full Time Positions – Sheffield and Bristol, UK 1.0 Description: As a Systems Engineer, you'll be part of a team that is responsible for developing both hardware and software applications based on Object Oriented Te
-
Nightmare! Files all goofed up!
I recently had my external drive crash, no backup before this happened, of course. I have a number of clients I do site development and maintenance for so to restore all the site files I lost in the crash, I FTP'd to each remote server and download e