[SOLVED] MS-CHAP[v2] auth, Microsoft VPN client setup with pptpclient

Similar Messages

• VPN Site-to-Site or VPN Client Server with Cisco IP Phone 8941 and 8945

  Hi everyone,
  I decide to deploy a CUCM (BE6K platform), SX20, and IP Phone 8941/8945 on Head Office and Cisco SX10 and IP Phone 8941/8945 for branch offices (actually 9 branch offices).
  The connection will use internet connection for HO and each branch offices.
  And the IT guy want to use kind a VPN client server or VPN site-to-site for the connection through internet,
  what kind of VPN client server or VPN site-to-site that recommended for this deployment?
  and what type of Cisco router that support that kind of VPN (the cheapest one will be great)?
  So the SX10 and IP Phone 8941/8945 in branch offices can work properly through internet connection?
  please advise
  Regards,
  Ovindo

  Hi Leo,
  technically, the ipsec users will not use up any premium license seats, so if you have 10 ipsec users connecting first, the premium seats are still free and so you can then still have 10 phones/anyconnect users connect.
  However, the 250 you mention is the global platform limit, so it refers to the sum of premium and non-premium connections. Or in other words, you can have 240 ipsec users and 10 phones,  but not 250 ipsec users and 10 phones.
  If 250 ipsec users and 10 phones would try to connect, it would be first-in, first-served, e.g. you could have 248 ipsec users and 2 phones connected.
  Note: since you have Essentials disabled I'm assuming you are referring to the legacy "Cisco vpnclient" (IKEv1 client) which does not require any license on the ASA. But for the benefit of others reading this thread: if  you do have Anyconnect clients (using SSL or IPsec/IKEv2) for which you currently have an Essentials license, then note that the Essentials and Premium license cannot co-exist. So for e.g. 240 Anyconnect users and no phones, you can use Essentials. For 240 Anyconnect users and 10 phones, you need a 250-seat Premium license (and a vpn phone license).
  hth
  Herbert

• Cisco VPN client crashes with Error 51 on Intel Mac Mini

  I am in the process of migrating from XP to Tiger on a brand-new Mac Mini (Intel Duo). Now I am stuck:
  I use v 4.8.00 of the Cisco VPN client supplied by my university's IT dept. to connect to the Campus intranet. I have been unable to succesfully use this software, as it crashes upon initializing with "Error 51: Cannot connect to the VPN subsystem." Re-installing the software does not change the state of affairs.
  After some research, I used a hack found here (http://www.versiontracker.com/php/feedback/article.php?story=20060107011305622 and http://www.versiontracker.com/php/feedback/article.php?story=20060107011305622) to manually restart the VPN daemon. The Terminal result looks like this:
  kld(): warning /System/Library/Extensions/CiscoVPN.kext/Contents/MacOS/CiscoVPN cputype (18, architecture ppc) does not match cputype (7 architecture i386) of objects files previously loaded (file not loaded)
  kextload: kldlookup("_kmodinfo") failed for module /System/Library/Extensions/CiscoVPN.kext/Contents/MacOS/CiscoVPN
  kextload: a link/load error occured for kernel extension /System/Library/Extensions/CiscoVPN.kext
  load failed for extension /System/Library/Extensions/CiscoVPN.kext
  (run kextload with -t for diagnostic output)
  Not being fluent in Darwin, I can only interpret this to mean that the VPN client is incompatible with the Intel chip in the Mac mini... Is this correct? Is the only way for me to use VPN to wait for a 4.8.x version to be made available?
  Hopeful still,
  felixx

  Also - the Mac VPN system will work with most Cisco networking devices. You can open up the PCF profile that your IT group wants you to use and figure out most of the questions Internet Connect will ask you to set up the VPN connection. For the rest, you have to ask the IT group or try some things and see what works...
  cheers,
  Mike

• Will Nortel's Contivity VPN Client work with Cisco's VPN 3000 concentrator?

  Hi, need help. We have VPN 3000 concentrator and a number of VPN clients (these are using Cisco VPN client).
  We have one user that wants to use Nortel's Contivity VPN Client. Will this work with the Cisco COncentrator 3000?

  Tricky question - in theory yes, if the nortel client follows all the ISPEC RFC's.
  I did try to get the cisco VPN client working on a Nortel Contivity once - did not get it working - but did'nt have that much time to test and get it working.
  My advise - Configure, TEST DEBUG TEST DEBUG!

• OEL ldap client setup with SSL against OID using either ldaps or starttls

  Hi, I've got OID 11.1.1.1.0 running with SSL enabled on port 3132. It's running in mode 2, SSL Server Authentication mode (orclsslauthentication is set to 32). I'd like to setup my OEL 5.3 and Solaris 10 ldap clients to connect to OID using SSL for user authentication. I have everything already working on the non-SSL port (3060), but I need to switch over to SSL. So far I can't get it to work on either OEL or Solaris. Does anyone out there know how to configure the client to use SSL?
  Here's my /etc/ldap.conf file on OEL 5.3.
  timelimit 120
  bind_timelimit 120
  idle_timelimit 3600
  nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
  URI ldaps://FQDN:3132/
  port 3132
  ssl yes
  host FQDN
  base dc=DOMAIN,dc=com
  pam_password clear
  tls_cacertdir /etc/oracle-certs
  tls_cacertfile /etc/oracle-certs/oid-test-ca.pem
  tls_ciphers SSLv3
  # filter to AND with uid=%s
  pam_filter objectclass=posixaccount
  #The search scope
  scope sub
  I have /etc/nsswitch.conf set to check for files first, then ldap
  passwd: files ldap
  shadow: files ldap
  group: files ldap
  Here's my /etc/openldap/ldap.conf file
  URI ldaps://FQDN:3132/
  BASE dc=DOMAIN,dc=com
  TLS_CACERT /etc/openldap/cacerts/oid-test-ca.pem
  TLS_CACERTDIR /etc/openldap/cacerts
  TLS_REQCERT allow
  TLS_CIPHERS SSLv3
  The oid-test-ca.pem is a self-signed cert from the OID server. I also have the hash file configured.
  4224de9f.0 -> oid-test-ca.pem
  I can run ldapsearch using ldaps and it works fine.
  ldapsearch -v -d 1 -x -H ldaps://FQDN:3132 -b "dc=DOMAIN,dc=com" -D "cn=user,cn=users,dc=DOMAIN,dc=com" -w somepass -s sub objectclass=* | more
  But when I run the 'getent passwd' command, it only shows me my local user accounts and none of my ldap accounts. I also can't SSH in using a ldap account.
  Solaris 10 is actually a whole other beast...I'm using the native Solaris ldap client (not PADL based) and I don't think it even works with SSL unless you're using the default ports (389/636).
  Does anyone out there know how to setup the client-side for ldap authentication using SSL? Any tips, howto docs, or advice are appreciated. Thanks!

  Hello again...
  after some research and work together with Oracle Support I found out how to get it to work:
  1. You have to create your own ConfigSet in OID using
  SSL-Server-Authentication
  (OpenSSL seems not to support SSL-encryption-only).
  The following link shows on how to do that:
  http://otn.oracle.com/products/oid/oidhtml/oidqs/html_masters/a_port01.htm
  2. Add the following lines to your $HOME/ldaprc
  TLS_CACERT /home/frank/oid-caroot.pem
  TLS_REQCERT allow
  TLS_CIPHERS SSLv3
  ssl on
  tls_checkpeer no
  oid-caroot.pem is the CA-Root Certificate you got
  during step 1
  3. you should now be able to use ldapsearch using SSL
  If you still can't connect using SSL you may have run into another issue with OpenSSL which affects systems using OpenSSL version 0.9.6d and above. The problem seems to be caused by an security fix which may not be compliant with the SSL implementation of Oracle.
  I opened an Bug for that problem with RedHat. This Bug Description also includes an proposal for an Patch which solves the problem (but may introduce some security risks). See the Bug at RedHat:
  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123849
  Bye
  Frank Berger

• Solaris 8 client setup with solaris 9 ldap

  I have managed to install iplanet directory server 5.1 that comes with solaris 9 using the utility idsconfig. As far as i can tell, all went well. Now i'm trying to initialize a solaris 8 client to authenticate to the iDS 5.1 on my solaris 9 box. What do i have to do on the solaris 8 client to "initialize it"? I've tried using ldapclient on the solaris 8 client as follows:
  # ldapclient -v -P default x.x.x.x
  but i keep getting the following errors:
  findDN rename(/var/ldap/ldap_client_file.orig, /var/ldap/ldap_client_file) failed!
  findDN rename(/var/ldap/ldap_client_cred.orig, /var/ldap/ldap_client_cred) failed!
  There are no files in /var/ldap. I thought that one uses ldapclient to create them. Am i wrong?
  Also, the output from idsconfig says that a 'NisDomainObject' was added to my domain but looking at the object classes in iDS5.1, there is no nisdomainobject.
  I also noticed that when i run the command domain on my solaris 8 box, there's no output. Do i need to set the domain on my solaris 8 client? I have the domain defined in /etc/resolv.conf.
  Stewart

  hi Stewart,
  You may find what you are looking for in the following technical note: http://knowledgebase.iplanet.com/ikb/kb/articles/7966.html
  It is called: "Cookbook for Solaris 8 client with Directory Server 5.1/Solaris 9" :-)
  Hope this will help you.
  Cheers / Damien.

• New SAP R/3 Client setup with SRM

  Hi Guys,
  Can anyone guide me if I am deleting my SAP R/3 backend client and setting up a new client then do I need to delete all the current material groups and do an Initial upload by setting up the middleware settings in new R/3 client.
  Also is it necessary to delete the settings of Old middleware settings?
  Please clarify me.
  Thanks !!!!
  Regards,
  Srujank

  Hi Nagarjun,
  If you look at the exporting and importing paramters of your Method EXECUTE_SYNC...
  You would find the abap equivalent of your Message Type.  Hence you know all the fields.
  No it depends on the business Logic, or ratheer what the RFC is suppose to be requested for is filled in an an Input paramter to the Method. 
  This can be an IDOC To, in that case your MT should be similar.  Fill in the transmiaaion IDOC values.
  OR you can Actually harcode the values, make your Itab, and send it across ( as this is just for test purposes )
  Hope this helps.
  Regards
  Abhishek

• Ical client setup with 10.6 server

  I have iCal server up and running on my 10.6 server and everything seems to be working right. however I have set the server side up to use ssl and have opened those ports on my firewall which works. My problem is that after setting up a user I send out the welcome email and that has the configure my mac link. Which was done before I change the iCal server settings to use ssl. And now every time I go in and manually set the server settings to use ssl on the client side and quit and reopen ical another account is added without the ssl settings. How do i get it to stop automatically adding an account to iCal?

  This looks like a bug in the iCal client. I, too, have had problems with delegated calendars and end users mistaking events for being missing, not updated or incorrect only because their local copy was not synced with the true copy on the server. The refresh rate on delegated calendars can be changed with the "Refresh calendars: [ Every 1 minute ]" preference. You can verify this by right-clicking or control-clicking on the delegated calendar and choosing "Show CalDAV Queue." This brings up a queue of activity with the iCal Server. You'll note at the top that it mentions "Refresh every 1 minute."
  The problem, of course, is if you quit iCal and recheck the "Show CalDAV Queue" on the delegated calendar, the refresh interval has reverted to some long interval like 300 or 900 minutes. This is a bug, for sure. For now, you can tell your clients not to quit iCal or to refresh manually or reset the refresh interval whenever they restart iCal/their computer, etc.

• Asa 5505 vpn from internet native vpn client, tcp discarted 1723

  Hello to all,
  I'm configuring this asa for to connect home users to my network using the native microsoft vpn clients with windows xp over internet.
  This asa have on the outside interface one public intenet ip and in the inside inferface have configured in the the network 192.168.0.x and i want to acces to this network from internet users using native vpn clients.
  I tested with one pc connected directly to the outside interface and works well, but when i connect this interface to internet and tried to connect on user to the vpn i can see in the logs this, and can't connect with error 800.
  TCP request discarded from "public_ip_client/61648" to outside:publicip_outside_interface/1723"
  Can help me please?, Very thanks in advance !
  (running configuration)
  : Saved
  ASA Version 8.4(3)
  hostname ciscoasa
  enable password *** encrypted
  passwd *** encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.0.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address publicinternetaddress 255.255.255.0
  ftp mode passive
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network gatewayono
  host gatewayofinternetprovideraccess
  description salida gateway ono
  object service remotointerno
  service tcp destination eq 3389
  description remoto
  object network pb_clienteing_2
  host 192.168.0.15
  description Pebble cliente ingesta 2
  object service remotoexternopebble
  service tcp destination eq 5353
  description remotoexterno
  object network actusmon
  host 192.168.0.174
  description Actus monitor web
  object service Web
  service tcp destination eq www
  description 80
  object network irdeto
  host 192.168.0.31
  description Irdeto
  object network nmx_mc_p
  host 192.168.0.60
  description NMX Multicanal Principal
  object network nmx_mc_r
  host 192.168.0.61
  description NMX multicanal reserva
  object network tarsys
  host 192.168.0.10
  description Tarsys
  object network nmx_teuve
  host 192.168.0.30
  description nmx cabecera teuve
  object network tektronix
  host 192.168.0.20
  description tektronix vnc
  object service vnc
  service tcp destination eq 5900
  description Acceso vnc
  object service exvncnmxmcr
  service tcp destination eq 5757
  description Acceso vnc externo nmx mc ppal
  object service exvncirdeto
  service tcp destination eq 6531
  description Acceso vnc externo irdeto
  object service exvncnmxmcp
  service tcp destination eq 5656
  object service exvnctektronix
  service tcp destination eq 6565
  object service exvncnmxteuve
  service tcp destination eq 6530
  object service ssh
  service tcp destination eq ssh
  object service sshtedialexterno
  service tcp destination eq 5454
  object-group service puertosabiertos tcp
  description remotedesktop
  port-object eq 3389
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group network DM_INLINE_NETWORK_1
  network-object object irdeto
  network-object object nmx_mc_p
  network-object object nmx_mc_r
  network-object object nmx_teuve
  network-object object tektronix
  object-group service vpn udp
  port-object eq 1723
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq https
  port-object eq pptp
  object-group network DM_INLINE_NETWORK_2
  network-object object actusmon
  network-object object tarsys
  access-list inside_access_in extended permit object remotointerno any any
  access-list inside_access_in extended permit object ssh any any
  access-list inside_access_in extended permit object-group TCPUDP any any eq www
  access-list inside_access_in extended permit icmp any any
  access-list inside_access_in extended permit object vnc any any
  access-list inside_access_in extended permit ip any any
  access-list outside_access_in extended permit object remotointerno any object pb_clienteing_2
  access-list outside_access_in extended permit object-group TCPUDP any object actusmon eq www
  access-list outside_access_in remark Acceso tedial ssh
  access-list outside_access_in extended permit tcp any object tarsys eq ssh
  access-list outside_access_in extended permit object vnc any object-group DM_INLINE_NETWORK_1
  access-list outside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1
  access-list outside_access_in extended deny icmp any any
  access-list corporativa standard permit 192.168.0.0 255.255.255.0
  access-list Split-Tunnel-ACL standard permit 192.168.0.0 255.255.255.0
  pager lines 24
  logging enable
  logging monitor debugging
  logging asdm debugging
  logging debug-trace
  mtu inside 1500
  mtu outside 1500
  ip local pool clientesvpn 192.168.0.100-192.168.0.110 mask 255.255.255.0
  ip local pool clientesvpn2 192.168.1.120-192.168.1.130 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  icmp permit any outside
  no asdm history enable
  arp timeout 14400
  nat (outside,inside) source static any interface destination static interface actusmon service Web Web unidirectional
  nat (outside,inside) source static any interface destination static interface tarsys service sshtedialexterno ssh unidirectional
  nat (outside,inside) source static any interface destination static interface pb_clienteing_2 service remotoexternopebble remotointerno unidirectional
  nat (outside,inside) source static any interface destination static interface irdeto service exvncirdeto vnc unidirectional
  nat (outside,inside) source static any interface destination static interface nmx_mc_p service exvncnmxmcp vnc unidirectional
  nat (outside,inside) source static any interface destination static interface nmx_mc_r service exvncnmxmcr vnc unidirectional
  nat (outside,inside) source static any interface destination static interface nmx_teuve service exvncnmxteuve vnc unidirectional
  nat (outside,inside) source static any interface destination static interface tektronix service exvnctektronix vnc unidirectional
  nat (any,outside) source dynamic DM_INLINE_NETWORK_2 interface
  access-group inside_access_in in interface inside
  access-group outside_access_in in interface outside per-user-override
  route outside 0.0.0.0 0.0.0.0 gatewayinternetprovideracces 1
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  eou allow none
  aaa local authentication attempts max-fail 10
  http server enable
  http 192.168.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  no sysopt connection permit-vpn
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec ikev1 transform-set clientewindowsxp esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set clientewindowsxp mode transport
  crypto ipsec ikev1 transform-set L2TP-IKE1-Transform-Set esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set L2TP-IKE1-Transform-Set mode transport
  crypto ipsec ikev2 ipsec-proposal DES
  protocol esp encryption des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal 3DES
  protocol esp encryption 3des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES
  protocol esp encryption aes
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES192
  protocol esp encryption aes-192
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES256
  protocol esp encryption aes-256
  protocol esp integrity sha-1 md5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set ikev1 transform-set clientewindowsxp
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
  crypto dynamic-map L2TP-MAP 10 set ikev1 transform-set L2TP-IKE1-Transform-Set
  crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map inside_map interface inside
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map L2TP-VPN-MAP 20 ipsec-isakmp dynamic L2TP-MAP
  crypto map L2TP-VPN-MAP interface outside
  crypto ca trustpoint _SmartCallHome_ServerCA
  crl configure
  crypto ikev2 policy 1
  encryption aes-256
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 10
  encryption aes-192
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 20
  encryption aes
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 30
  encryption 3des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 40
  encryption des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 enable outside client-services port 443
  crypto ikev2 remote-access trustpoint Ingenieria
  crypto ikev1 enable inside
  crypto ikev1 enable outside
  crypto ikev1 policy 5
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 10
  authentication crack
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet 192.168.0.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd dns 8.8.8.8
  dhcpd auto_config outside
  dhcpd address 192.168.0.5-192.168.0.36 inside
  dhcpd dns 8.8.8.8 8.8.4.4 interface inside
  dhcpd auto_config outside interface inside
  dhcpd enable inside
  no threat-detection basic-threat
  no threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl trust-point Ingenieria outside
  webvpn
  tunnel-group-list enable
  group-policy DefaultRAGroup internal
  group-policy DefaultRAGroup attributes
  wins-server none
  dns-server value 192.168.0.1
  vpn-tunnel-protocol l2tp-ipsec
  default-domain none
  group-policy DfltGrpPolicy attributes
  dns-server value 8.8.8.8
  vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
  group-policy ingenieria internal
  group-policy ingenieria attributes
  vpn-tunnel-protocol l2tp-ipsec
  default-domain none
  group-policy L2TP-Policy internal
  group-policy L2TP-Policy attributes
  dns-server value 8.8.8.8
  vpn-tunnel-protocol l2tp-ipsec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value Split-Tunnel-ACL
  intercept-dhcp enable
  username ingenieria password 4fD/5xY/6BwlkjGqMZbnKw== nt-encrypted privilege 0
  username ingenieria attributes
  vpn-group-policy ingenieria
  username rjuve password SjBNOLNgSkUi5KWk/TUsTQ== nt-encrypted
  tunnel-group DefaultRAGroup general-attributes
  address-pool clientesvpn
  address-pool clientesvpn2
  authentication-server-group (outside) LOCAL
  authorization-server-group LOCAL
  default-group-policy L2TP-Policy
  authorization-required
  tunnel-group DefaultRAGroup ipsec-attributes
  ikev1 pre-shared-key *****
  tunnel-group DefaultRAGroup ppp-attributes
  no authentication chap
  authentication ms-chap-v2
  class-map inspection_default
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  prompt hostname context
  call-home reporting anonymous
  Cryptochecksum:59b54f1d10fe829aeb47bafee57ba95e
  : end
  no asdm history enable

  Yes with this command creates this
  policy-map global_policy
      class inspection_default
       inspect pptp
  But don't work. I also tried to add the pptp and gre in the outside access rules but nothing...
  I don't understand why if a connect directly to the outside interface with the same outside network works well.
  ej: the pc have 89.120.145.14 ip and the outside asa have 89.120.145.140 and if I create one vpn in this pc the outside ip 89.120.145.140 with the correct parameters the asa don't discart 1723 and connect ok but if this ip is not of this range discards 1723...

• We NEED L2TP support on the Playbook VPN client!

  The Playbook will never be useful for our company if it doesn't support a VPN client that uses "Layer Two Tunneling Protocol(L2TP)".
  We use a standard Microsoft VPN server, configured with "MS-CHAP V2", but we like to use L2TP because it is more secure than PPTP.
  When will RIM support this on the Playbook?
  I love it when things don't work the way they are supposed to, because then I get to fix them.

  I would add a request for L2TP over IPSec. Our institution has over 25000 users and VPN access is important. Android 3.x supports it. Would expect the same from OS v2.0.
  Thanks

• Cisco VPN client x64 for win7 - will not install

  Hello guys,
  I have fresh windows 7 x64 installation and I try install Cisco VPN client (vpnclient-winx64-msi-5.0.07.0290-k9.exe). Installation ends with fatal error "Installation ended prematurely of an error". I red lot of 'step-by-step' how to solve this problem (run as administrator, even though that I'm administrator; UAC disabled; run in WinXP-mode; etc), without success.
  I tried run installation process from cmd with verbose logging "msiexec /i vpnclient_setup.msi /lv log.txt" (and other 'recomended' optional parameters). The same result - fatal error.
  Can anybody tell me where is the problem? (installation file is not corupted)
  Verbose log ends with this (whole log is attached):
  <cut>
  Action ended 22:35:25: WiseNextDlg. Return value 3.
  DEBUG: Error 2896:  Executing action WiseNextDlg failed.
  Internal Error 2896. WiseNextDlg
  Action ended 22:35:25: Welcome_Dialog. Return value 3.
  MSI (c) (70:2C) [22:35:25:997]: Doing action: Fatal_Error
  Action start 22:35:25: Fatal_Error.
  MSI (c) (70:2C) [22:35:25:998]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'Fatal_Error'
  MSI (c) (70:18) [22:35:26:725]: Doing action: WiseCleanup
  Action start 22:35:26: WiseCleanup.
  MSI (c) (70:1C) [22:35:26:736]: Invoking remote custom action. DLL: C:\Users\kyrcm\AppData\Local\Temp\MSI2023.tmp, Entrypoint: Cleanup
  Action ended 22:35:26: WiseCleanup. Return value 1.
  Action ended 22:35:26: Fatal_Error. Return value 2.
  Action ended 22:35:26: INSTALL. Return value 3.
  MSI (c) (70:2C) [22:35:26:791]: Destroying RemoteAPI object.
  MSI (c) (70:4C) [22:35:26:792]: Custom Action Manager thread ending.
  === Logging stopped: 4. 10. 2010  22:35:26 ===
  MSI (c) (70:2C) [22:35:26:794]: Note: 1: 1708
  MSI (c) (70:2C) [22:35:26:794]: Product: Cisco Systems VPN Client 5.0.07.0290 -- Installation operation failed.
  </cut>
  thanks,
  martin

  LOG:
  === Verbose logging started: 13.10.2010  14:58:45  Build type: SHIP UNICODE 5.00.7600.00  Calling process: C:\Windows\SysWOW64\msiexec.exe ===
  MSI (c) (48:6C) [14:58:45:636]: Font created.  Charset: Req=0, Ret=0, Font: Req=, Ret=Arial
  MSI (c) (48:6C) [14:58:45:636]: Font created.  Charset: Req=0, Ret=0, Font: Req=, Ret=Arial
  MSI (c) (48:AC) [14:58:45:657]: Resetting cached policy values
  MSI (c) (48:AC) [14:58:45:657]: Machine policy value 'Debug' is 0
  MSI (c) (48:AC) [14:58:45:657]: ******* RunEngine:
             ******* Product: vpnclient_setup.msi
             ******* Action:
             ******* CommandLine: **********
  MSI (c) (48:AC) [14:58:45:666]: Machine policy value 'DisableUserInstalls' is 0
  MSI (c) (48:AC) [14:58:45:683]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi' against software restriction policy
  MSI (c) (48:AC) [14:58:45:683]: Note: 1: 2262 2:  DigitalSignature 3: -2147287038
  MSI (c) (48:AC) [14:58:45:683]: SOFTWARE RESTRICTION POLICY: C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi is not digitally signed
  MSI (c) (48:AC) [14:58:45:685]: SOFTWARE RESTRICTION POLICY: C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi is permitted to run at the 'unrestricted' authorization level.
  MSI (c) (48:AC) [14:58:45:738]: Cloaking enabled.
  MSI (c) (48:AC) [14:58:45:738]: Attempting to enable all disabled privileges before calling Install on Server
  MSI (c) (48:AC) [14:58:45:744]: End dialog not enabled
  MSI (c) (48:AC) [14:58:45:744]: Original package ==> C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi
  MSI (c) (48:AC) [14:58:45:744]: Package we're running from ==> C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi
  MSI (c) (48:AC) [14:58:45:749]: APPCOMPAT: Compatibility mode property overrides found.
  MSI (c) (48:AC) [14:58:45:749]: APPCOMPAT: looking for appcompat database entry with ProductCode '{467D5E81-8349-4892-9E81-C3674ED8E451}'.
  MSI (c) (48:AC) [14:58:45:749]: APPCOMPAT: no matching ProductCode found in database.
  MSI (c) (48:AC) [14:58:45:753]: MSCOREE not loaded loading copy from system32
  MSI (c) (48:AC) [14:58:45:755]: Machine policy value 'TransformsSecure' is 0
  MSI (c) (48:AC) [14:58:45:755]: User policy value 'TransformsAtSource' is 0
  MSI (c) (48:AC) [14:58:45:756]: Machine policy value 'DisablePatch' is 0
  MSI (c) (48:AC) [14:58:45:756]: Machine policy value 'AllowLockdownPatch' is 0
  MSI (c) (48:AC) [14:58:45:756]: Machine policy value 'DisableLUAPatching' is 0
  MSI (c) (48:AC) [14:58:45:756]: Machine policy value 'DisableFlyWeightPatching' is 0
  MSI (c) (48:AC) [14:58:45:756]: APPCOMPAT: looking for appcompat database entry with ProductCode '{467D5E81-8349-4892-9E81-C3674ED8E451}'.
  MSI (c) (48:AC) [14:58:45:756]: APPCOMPAT: no matching ProductCode found in database.
  MSI (c) (48:AC) [14:58:45:757]: Transforms are not secure.
  MSI (c) (48:AC) [14:58:45:757]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\log.txt'.
  MSI (c) (48:AC) [14:58:45:757]: Command Line: CURRENTDIRECTORY=C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9 CLIENTUILEVEL=0 CLIENTPROCESSID=7496
  MSI (c) (48:AC) [14:58:45:757]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{A8E53AA2-297F-4262-9996-753440EF4AB0}'.
  MSI (c) (48:AC) [14:58:45:757]: Product Code passed to Engine.Initialize:           ''
  MSI (c) (48:AC) [14:58:45:757]: Product Code from property table before transforms: '{467D5E81-8349-4892-9E81-C3674ED8E451}'
  MSI (c) (48:AC) [14:58:45:757]: Product Code from property table after transforms:  '{467D5E81-8349-4892-9E81-C3674ED8E451}'
  MSI (c) (48:AC) [14:58:45:757]: Product not registered: beginning first-time install
  MSI (c) (48:AC) [14:58:45:757]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
  MSI (c) (48:AC) [14:58:45:757]: Entering CMsiConfigurationManager::SetLastUsedSource.
  MSI (c) (48:AC) [14:58:45:757]: User policy value 'SearchOrder' is 'nmu'
  MSI (c) (48:AC) [14:58:45:757]: Adding new sources is allowed.
  MSI (c) (48:AC) [14:58:45:757]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
  MSI (c) (48:AC) [14:58:45:757]: Package name extracted from package path: 'vpnclient_setup.msi'
  MSI (c) (48:AC) [14:58:45:757]: Package to be registered: 'vpnclient_setup.msi'
  MSI (c) (48:AC) [14:58:45:758]: Note: 1: 2262 2: AdminProperties 3: -2147287038
  MSI (c) (48:AC) [14:58:45:758]: Machine policy value 'DisableMsi' is 0
  MSI (c) (48:AC) [14:58:45:758]: Machine policy value 'AlwaysInstallElevated' is 0
  MSI (c) (48:AC) [14:58:45:758]: User policy value 'AlwaysInstallElevated' is 0
  MSI (c) (48:AC) [14:58:45:758]: Product installation will be elevated because user is admin and product is being installed per-machine.
  MSI (c) (48:AC) [14:58:45:758]: Running product '{467D5E81-8349-4892-9E81-C3674ED8E451}' with elevated privileges: Product is assigned.
  MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9'.
  MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '0'.
  MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '7496'.
  MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'.
  MSI (c) (48:AC) [14:58:45:758]: TRANSFORMS property is now:
  MSI (c) (48:AC) [14:58:45:758]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
  MSI (c) (48:AC) [14:58:45:758]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming
  MSI (c) (48:AC) [14:58:45:759]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\Favorites
  MSI (c) (48:AC) [14:58:45:759]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Network Shortcuts
  MSI (c) (48:AC) [14:58:45:759]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\Documents
  MSI (c) (48:AC) [14:58:45:759]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
  MSI (c) (48:AC) [14:58:45:760]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Recent
  MSI (c) (48:AC) [14:58:45:760]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\SendTo
  MSI (c) (48:AC) [14:58:45:760]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Templates
  MSI (c) (48:AC) [14:58:45:760]: SHELL32::SHGetFolderPath returned: C:\ProgramData
  MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Local
  MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\Pictures
  MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
  MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
  MSI (c) (48:AC) [14:58:45:761]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
  MSI (c) (48:AC) [14:58:45:762]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
  MSI (c) (48:AC) [14:58:45:762]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
  MSI (c) (48:AC) [14:58:45:762]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
  MSI (c) (48:AC) [14:58:45:763]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
  MSI (c) (48:AC) [14:58:45:763]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
  MSI (c) (48:AC) [14:58:45:763]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Start Menu
  MSI (c) (48:AC) [14:58:45:763]: SHELL32::SHGetFolderPath returned: C:\Users\andrea\Desktop
  MSI (c) (48:AC) [14:58:45:764]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
  MSI (c) (48:AC) [14:58:45:764]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
  MSI (c) (48:AC) [14:58:45:765]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
  MSI (c) (48:AC) [14:58:45:769]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
  MSI (c) (48:AC) [14:58:45:769]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
  MSI (c) (48:AC) [14:58:45:769]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'CIO'.
  MSI (c) (48:AC) [14:58:45:769]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding COMPANYNAME property. Its value is 'Accenture'.
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi'.
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\vpnclient_setup.msi'.
  MSI (c) (48:AC) [14:58:45:769]: Machine policy value 'MsiDisableEmbeddedUI' is 0
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\'.
  MSI (c) (48:AC) [14:58:45:769]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'C:\Users\andrea\Downloads\Cisco VPN client\NEW\vpnclient-winx64-msi-5.0.07.0290-k9\'.
  MSI (c) (48:6C) [14:58:45:770]: PROPERTY CHANGE: Adding VersionHandler property. Its value is '5.00'.
  === Logging started: 13.10.2010  14:58:45 ===
  MSI (c) (48:AC) [14:58:45:776]: Note: 1: 2205 2:  3: PatchPackage
  MSI (c) (48:AC) [14:58:45:776]: Machine policy value 'DisableRollback' is 0
  MSI (c) (48:AC) [14:58:45:776]: User policy value 'DisableRollback' is 0
  MSI (c) (48:AC) [14:58:45:776]: PROPERTY CHANGE: Adding UILevel property. Its value is '5'.
  MSI (c) (48:AC) [14:58:45:776]: Note: 1: 2262 2: Font 3: -2147287038
  MSI (c) (48:AC) [14:58:45:777]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
  MSI (c) (48:AC) [14:58:45:777]: PROPERTY CHANGE: Adding SHIMFLAGS property. Its value is '512'.
  MSI (c) (48:AC) [14:58:45:777]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
  MSI (c) (48:AC) [14:58:45:777]: Doing action: INSTALL
  Action start 14:58:45: INSTALL.
  MSI (c) (48:AC) [14:58:45:777]: UI Sequence table 'InstallUISequence' is present and populated.
  MSI (c) (48:AC) [14:58:45:777]: Running UISequence
  MSI (c) (48:AC) [14:58:45:777]: PROPERTY CHANGE: Adding EXECUTEACTION property. Its value is 'INSTALL'.
  MSI (c) (48:AC) [14:58:45:778]: Doing action: WiseStartup
  Action start 14:58:45: WiseStartup.
  MSI (c) (48:AC) [14:58:45:778]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'WiseStartup'
  MSI (c) (48:8C) [14:58:45:791]: Invoking remote custom action. DLL: C:\Users\ANDREA\AppData\Local\Temp\MSI8E45.tmp, Entrypoint: Startup
  MSI (c) (48:B0) [14:58:45:793]: Cloaking enabled.
  MSI (c) (48:B0) [14:58:45:793]: Attempting to enable all disabled privileges before calling Install on Server
  MSI (c) (48:B0) [14:58:45:793]: Connected to service for CA interface.
  Action ended 14:58:45: WiseStartup. Return value 1.
  MSI (c) (48:AC) [14:58:45:926]: Doing action: LaunchConditions
  Action start 14:58:45: LaunchConditions.
  Action ended 14:58:45: LaunchConditions. Return value 1.
  MSI (c) (48:AC) [14:58:45:927]: Doing action: SetDLLDIR
  Action start 14:58:45: SetDLLDIR.
  MSI (c) (48:AC) [14:58:45:927]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetDLLDIR'
  MSI (c) (48:AC) [14:58:45:927]: PROPERTY CHANGE: Adding DLLDIR property. Its value is '{467D5E81-8349-4892-9E81-C3674ED8E451}'.
  Action ended 14:58:45: SetDLLDIR. Return value 1.
  MSI (c) (48:AC) [14:58:45:927]: Doing action: SetDLLLOC
  Action start 14:58:45: SetDLLLOC.
  MSI (c) (48:AC) [14:58:45:927]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetDLLLOC'
  MSI (c) (48:AC) [14:58:45:927]: PROPERTY CHANGE: Adding DLLLOC property. Its value is 'C:\Users\ANDREA\AppData\Local\Temp\{467D5E81-8349-4892-9E81-C3674ED8E451}\'.
  Action ended 14:58:45: SetDLLLOC. Return value 1.
  MSI (c) (48:AC) [14:58:45:927]: Doing action: CsCa_CopyInstHelperDll
  Action start 14:58:45: CsCa_CopyInstHelperDll.
  MSI (c) (48:AC) [14:58:45:928]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'CsCa_CopyInstHelperDll'
  MSI (c) (48:DC) [14:58:45:939]: Invoking remote custom action. DLL: C:\Users\ANDREA\AppData\Local\Temp\MSI8EE2.tmp, Entrypoint: f0
  MSI (c) (48!40) [14:58:45:960]: PROPERTY CHANGE: Adding CsProp_CopyInstHelperDll property. Its value is '1'.
  Action ended 14:58:45: CsCa_CopyInstHelperDll. Return value 1.
  MSI (c) (48:AC) [14:58:45:961]: Skipping action: ClearDisableUAP (condition is false)
  MSI (c) (48:AC) [14:58:45:961]: Skipping action: CsCaErr_NTNotSupported1 (condition is false)
  MSI (c) (48:AC) [14:58:45:961]: Skipping action: CsCaErr_Win64BitNotSupported2 (condition is false)
  MSI (c) (48:AC) [14:58:45:961]: Skipping action: SetPatchMode (condition is false)
  MSI (c) (48:AC) [14:58:45:961]: Skipping action: SetPatchReinstallMode (condition is false)
  MSI (c) (48:AC) [14:58:45:961]: Doing action: CsCaDll_AreWeInstalled1
  Action start 14:58:45: CsCaDll_AreWeInstalled1.
  MSI (c) (48:AC) [14:58:45:961]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'CsCaDll_AreWeInstalled1'
  MSI (c) (48:04) [14:58:45:972]: Invoking remote custom action. DLL: C:\Users\ANDREA\AppData\Local\Temp\MSI8F02.tmp, Entrypoint: f2
  MSI (c) (48!C0) [14:58:45:997]: PROPERTY CHANGE: Adding CLIENT_INSTALLED property. Its value is '0'.
  Action ended 14:58:45: CsCaDll_AreWeInstalled1. Return value 1.
  MSI (c) (48:AC) [14:58:45:998]: Skipping action: CsCaDll_AreWeInstalled (condition is false)
  MSI (c) (48:AC) [14:58:45:998]: Skipping action: CsCaProp_SetLegacyClient2Unity (condition is false)
  MSI (c) (48:AC) [14:58:45:998]: Skipping action: CsCaDll_ClientAlreadyInstalledOnVista (condition is false)
  MSI (c) (48:AC) [14:58:45:998]: Doing action: Setup_Dialog
  Action start 14:58:45: Setup_Dialog.
  MSI (c) (48:AC) [14:58:45:999]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'Setup_Dialog'
  Info 2898. For MSSansSerif8 textstyle, the system created a 'MS Sans Serif' font, in 1 character set, of 13 pixels height.
  Info 2898. For Arial10 textstyle, the system created a 'Arial' font, in 1 character set, of 16 pixels height.
  Info 2898. For Arial14 textstyle, the system created a 'Arial' font, in 1 character set, of 22 pixels height.
  Action ended 14:58:46: Setup_Dialog. Return value 1.
  MSI (c) (48:AC) [14:58:46:030]: Doing action: FindRelatedProducts
  Action start 14:58:46: FindRelatedProducts.
  MSI (c) (48:AC) [14:58:46:031]: Note: 1: 2262 2: Upgrade 3: -2147287038
  Action ended 14:58:46: FindRelatedProducts. Return value 1.
  MSI (c) (48:AC) [14:58:46:031]: Doing action: AppSearch
  Action start 14:58:46: AppSearch.
  MSI (c) (48:AC) [14:58:46:032]: Note: 1: 2262 2: Signature 3: -2147287038
  MSI (c) (48:AC) [14:58:46:032]: Note: 1: 2262 2: CompLocator 3: -2147287038
  MSI (c) (48:AC) [14:58:46:033]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNE\Parameters\Order 3: 2
  MSI (c) (48:AC) [14:58:46:033]: Note: 1: 2262 2: IniLocator 3: -2147287038
  MSI (c) (48:AC) [14:58:46:033]: Note: 1: 2262 2: DrLocator 3: -2147287038
  Action ended 14:58:46: AppSearch. Return value 1.
  MSI (c) (48:AC) [14:58:46:033]: Skipping action: CCPSearch (condition is false)
  MSI (c) (48:AC) [14:58:46:033]: Skipping action: CCPDialog (condition is false)
  MSI (c) (48:AC) [14:58:46:033]: Skipping action: RMCCPSearch (condition is false)
  MSI (c) (48:AC) [14:58:46:033]: Doing action: ValidateProductID
  Action start 14:58:46: ValidateProductID.
  Action ended 14:58:46: ValidateProductID. Return value 1.
  MSI (c) (48:AC) [14:58:46:033]: Doing action: CostInitialize
  Action start 14:58:46: CostInitialize.
  MSI (c) (48:AC) [14:58:46:034]: Machine policy value 'MaxPatchCacheSize' is 10
  MSI (c) (48:AC) [14:58:46:035]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'C:\'.
  MSI (c) (48:AC) [14:58:46:036]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
  Action ended 14:58:46: CostInitialize. Return value 1.
  MSI (c) (48:AC) [14:58:46:036]: Doing action: FileCost
  Action start 14:58:46: FileCost.
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: MsiAssembly 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: RemoveFile 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: MoveFile 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: DuplicateFile 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: TypeLib 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: IniFile 3: -2147287038
  MSI (c) (48:AC) [14:58:46:037]: Note: 1: 2262 2: ReserveCost 3: -2147287038
  Action ended 14:58:46: FileCost. Return value 1.
  MSI (c) (48:AC) [14:58:46:038]: Doing action: IsolateComponents
  Action start 14:58:46: IsolateComponents.
  MSI (c) (48:AC) [14:58:46:040]: Note: 1: 2262 2: BindImage 3: -2147287038
  MSI (c) (48:AC) [14:58:46:041]: Note: 1: 2262 2: IsolatedComponent 3: -2147287038
  MSI (c) (48:AC) [14:58:46:041]: Note: 1: 2205 2:  3: Patch
  Action ended 14:58:46: IsolateComponents. Return value 1.
  MSI (c) (48:AC) [14:58:46:041]: Doing action: CostFinalize
  Action start 14:58:46: CostFinalize.
  MSI (c) (48:AC) [14:58:46:041]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
  MSI (c) (48:AC) [14:58:46:042]: Note: 1: 2205 2:  3: Patch
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'C:\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding WWWROOT property. Its value is 'C:\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding GAC property. Its value is 'C:\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding System16Folder property. Its value is 'C:\Windows\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding Drivers property. Its value is 'C:\Windows\system32\Drivers\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding WinSxS property. Its value is 'C:\Windows\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding ProfilesFolder property. Its value is 'C:\Windows\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding Cisco_Systems_VPN_Client property. Its value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client\'.
  MSI (c) (48:AC) [14:58:46:042]: PROPERTY CHANGE: Adding Cisco_Systems property. Its value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding CommonFiles64Folder.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D property. Its value is 'C:\Program Files\Common Files\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding D64_CFDetNet.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D property. Its value is 'C:\Program Files\Common Files\Deterministic Networks\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding D64_DNCF.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D property. Its value is 'C:\Program Files\Common Files\Deterministic Networks\Common Files\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding D64_DNE.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D property. Its value is 'C:\Program Files\Common Files\Deterministic Networks\DNE\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding CommonFiles64Folder.0525718E_E263_4E57_A46E_C584C25A7F93 property. Its value is 'C:\Program Files\Common Files\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding INSTALLDIR2 property. Its value is 'C:\Program Files (x86)\VPN Client\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding INSTALLDIR1 property. Its value is 'C:\Program Files (x86)\Cisco Systems\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding INSTALLDIR property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding updates property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\updates\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding TempInstall property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\TempInstall\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Resources property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Resources\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Profiles property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Logs property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Logs\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding include property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\include\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Certificates property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Certificates\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding accessible property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\accessible\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Setup property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Setup\'.
  MSI (c) (48:AC) [14:58:46:043]: PROPERTY CHANGE: Adding Languages property. Its value is 'C:\Program Files (x86)\Cisco Systems\VPN Client\Languages\'.
  MSI (c) (48:AC) [14:58:46:043]: Target path resolution complete. Dumping Directory table...
  MSI (c) (48:AC) [14:58:46:043]: Note: target paths subject to change (via custom actions or browsing)
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: TARGETDIR    , Object: C:\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: WWWROOT    , Object: C:\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: GAC    , Object: C:\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: MyPicturesFolder    , Object: C:\Users\andrea\Pictures\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonAppDataFolder    , Object: C:\ProgramData\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: WindowsFolder    , Object: C:\Windows\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: System16Folder    , Object: C:\Windows\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: TemplateFolder    , Object: C:\ProgramData\Microsoft\Windows\Templates\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: AdminToolsFolder    , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: System64Folder    , Object: C:\Windows\system32\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Drivers    , Object: C:\Windows\system32\Drivers\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: WinSxS    , Object: C:\Windows\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: SystemFolder    , Object: C:\Windows\SysWOW64\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: FontsFolder    , Object: C:\Windows\Fonts\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: TempFolder    , Object: C:\Users\ANDREA\AppData\Local\Temp\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: ProfilesFolder    , Object: C:\Windows\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: AppDataFolder    , Object: C:\Users\andrea\AppData\Roaming\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: FavoritesFolder    , Object: C:\Users\andrea\Favorites\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: NetHoodFolder    , Object: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: DesktopFolder    , Object: C:\Users\Public\Desktop\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: RecentFolder    , Object: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Recent\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: StartMenuFolder    , Object: C:\ProgramData\Microsoft\Windows\Start Menu\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: ProgramMenuFolder    , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Cisco_Systems_VPN_Client    , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: StartupFolder    , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Cisco_Systems    , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: PersonalFolder    , Object: C:\Users\andrea\Documents\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: SendToFolder    , Object: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\SendTo\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: PrintHoodFolder    , Object: C:\Users\andrea\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: LocalAppDataFolder    , Object: C:\Users\andrea\AppData\Local\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: ProgramFiles64Folder    , Object: C:\Program Files\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonFiles64Folder    , Object: C:\Program Files\Common Files\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonFiles64Folder.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D    , Object: C:\Program Files\Common Files\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: D64_CFDetNet.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D    , Object: C:\Program Files\Common Files\Deterministic Networks\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: D64_DNCF.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D    , Object: C:\Program Files\Common Files\Deterministic Networks\Common Files\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: D64_DNE.BEE04CD6_610D_4F5B_AC11_6AD2E290CC1D    , Object: C:\Program Files\Common Files\Deterministic Networks\DNE\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonFiles64Folder.0525718E_E263_4E57_A46E_C584C25A7F93    , Object: C:\Program Files\Common Files\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: ProgramFilesFolder    , Object: C:\Program Files (x86)\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: CommonFilesFolder    , Object: C:\Program Files (x86)\Common Files\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: INSTALLDIR2    , Object: C:\Program Files (x86)\VPN Client\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: INSTALLDIR1    , Object: C:\Program Files (x86)\Cisco Systems\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: INSTALLDIR    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: updates    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\updates\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: TempInstall    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\TempInstall\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Resources    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Resources\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Profiles    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Logs    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Logs\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: include    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\include\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Certificates    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Certificates\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: accessible    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\accessible\
  MSI (c) (48:AC) [14:58:46:043]: Dir (target): Key: Setup    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Setup\
  MSI (c) (48:AC) [14:58:46:044]: Dir (target): Key: Languages    , Object: C:\Program Files (x86)\Cisco Systems\VPN Client\Languages\
  MSI (c) (48:AC) [14:58:46:045]: Note: 1: 2262 2: RemoveFile 3: -2147287038
  Action ended 14:58:46: CostFinalize. Return value 1.
  MSI (c) (48:AC) [14:58:46:045]: Doing action: MigrateFeatureStates
  Action start 14:58:46: MigrateFeatureStates.
  Action ended 14:58:46: MigrateFeatureStates. Return value 0.
  MSI (c) (48:AC) [14:58:46:047]: Doing action: SetWizardProperty1
  Action start 14:58:46: SetWizardProperty1.
  MSI (c) (48:AC) [14:58:46:048]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetWizardProperty1'
  MSI (c) (48:AC) [14:58:46:048]: PROPERTY CHANGE: Adding WiseCurrentWizard property. Its value is 'Welcome_Dialog'.
  Action ended 14:58:46: SetWizardProperty1. Return value 1.
  MSI (c) (48:AC) [14:58:46:048]: Doing action: Welcome_Dialog
  Action start 14:58:46: Welcome_Dialog.
  MSI (c) (48:AC) [14:58:46:049]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'Welcome_Dialog'
  MSI (c) (48:2C) [14:58:46:068]: Note: 1: 2262 2: DuplicateFile 3: -2147287038
  MSI (c) (48:2C) [14:58:46:068]: Note: 1: 2262 2: ReserveCost 3: -2147287038
  MSI (c) (48:2C) [14:58:46:068]: Note: 1: 2205 2:  3: _RemoveFilePath
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: TypeLib 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:075]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: BindImage 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: ProgId 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: PublishComponent 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: SelfReg 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Extension 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Font 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: Note: 1: 2262 2: Class 3: -2147287038
  MSI (c) (48:2C) [14:58:46:076]: PROPERTY CHANGE: Modifying PrimaryVolumeSpaceAvailable property. Its current value is '0'. Its new value: '60293640'.
  MSI (c) (48:2C) [14:58:46:077]: PROPERTY CHANGE: Modifying PrimaryVolumeSpaceRequired property. Its current value is '0'. Its new value: '50274'.
  MSI (c) (48:2C) [14:58:46:077]: PROPERTY CHANGE: Modifying PrimaryVolumeSpaceRemaining property. Its current value is '0'. Its new value: '60243366'.
  MSI (c) (48:2C) [14:58:46:077]: PROPERTY CHANGE: Adding PrimaryVolumePath property. Its value is 'C:'.
  MSI (c) (48:6C) [14:58:46:746]: Doing action: WiseNextDlg
  Action start 14:58:46: WiseNextDlg.
  MSI (c) (48:6C) [14:58:46:746]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'WiseNextDlg'
  Action ended 14:58:46: WiseNextDlg. Return value 3.
  DEBUG: Error 2896:  Executing action WiseNextDlg failed.
  Internal Error 2896. WiseNextDlg
  Action ended 14:58:46: Welcome_Dialog. Return value 3.
  MSI (c) (48:AC) [14:58:46:753]: Doing action: Fatal_Error
  Action start 14:58:46: Fatal_Error.
  MSI (c) (48:AC) [14:58:46:754]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'Fatal_Error'
  MSI (c) (48:6C) [14:58:47:418]: Doing action: WiseCleanup
  Action start 14:58:47: WiseCleanup.
  MSI (c) (48:6C) [14:58:47:418]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'WiseCleanup'
  MSI (c) (48:40) [14:58:47:445]: Invoking remote custom action. DLL: C:\Users\ANDREA\AppData\Local\Temp\MSI94AE.tmp, Entrypoint: Cleanup
  Action ended 14:58:47: WiseCleanup. Return value 1.
  Action ended 14:58:47: Fatal_Error. Return value 2.
  Action ended 14:58:47: INSTALL. Return value 3.
  MSI (c) (48:AC) [14:58:47:467]: Destroying RemoteAPI object.
  MSI (c) (48:B0) [14:58:47:487]: Custom Action Manager thread ending.
  === Logging stopped: 13.10.2010  14:58:47 ===
  MSI (c) (48:AC) [14:58:47:488]: Note: 1: 1708
  MSI (c) (48:AC) [14:58:47:488]: Product: Cisco Systems VPN Client 5.0.07.0290 -- Installation operation failed.
  MSI (c) (48:AC) [14:58:47:489]: Windows Installer installed the product. Product Name: Cisco Systems VPN Client 5.0.07.0290. Product Version: 5.0.7. Product Language: 1033. Manufacturer: Cisco Systems, Inc.. Installation success or error status: 1603.
  MSI (c) (48:AC) [14:58:47:491]: Grabbed execution mutex.
  MSI (c) (48:AC) [14:58:47:491]: Cleaning up uninstalled install packages, if any exist
  MSI (c) (48:AC) [14:58:47:493]: MainEngineThread is returning 1603
  === Verbose logging stopped: 13.10.2010  14:58:47 ===

• VPN Clients cannot access remote site

  Hey there,
  I am pretty new in configuring Cisco devices and now I need some help.
  I have 2 site here:
  site A
  Cisco 891
  external IP: 195.xxx.yyy.zzz
  VPN Gateway for Remote users
  local IP: VLAN10 10.133.10.0 /23
  site B
  Cisco 891
  external IP: 62.xxx.yyy.zzz
  local IP VLAN10 10.133.34.0 /23
  Those two sites are linked together with a Site-to-Site VPN. Accessing files or ressources from one site to the other is working fine while connected to the local LAN.
  I configured VPN connection with Radius auth. VPN clients can connect to Site A, get an IP adress from VPN Pool (172.16.100.2-100) and can access files and servers on site A. But for some reason they cannot access ressources on site B. I already added the site B network to the ACL and when connecting with VPN it shows secured routes to 10.133.10.0 and 10.133.34.0 in the statistics. Same thing for other VPN Tunnels to ERP system.
  What is missing here to make it possible to reach remote sites when connected through VPN? I had a look at the logs but could not find anything important.
  Here is the config of site A
  Building configuration...
  Current configuration : 24257 bytes
  version 15.2
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname Englerstrasse
  boot-start-marker
  boot config usbflash0:CVO-BOOT.CFG
  boot-end-marker
  aaa new-model
  aaa group server radius Radius-AD
  server 10.133.10.5 auth-port 1812 acct-port 1813
  aaa authentication login default local
  aaa authentication login ciscocp_vpn_xauth_ml_2 group Radius-AD local
  aaa authorization exec default local
  aaa authorization network ciscocp_vpn_group_ml_2 local
  aaa session-id common
  clock timezone Berlin 1 0
  clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
  crypto pki trustpoint TP-self-signed-27361994
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-27361994
  revocation-check none
  rsakeypair TP-self-signed-27361994
  crypto pki trustpoint test_trustpoint_config_created_for_sdm
  subject-name [email protected]
  revocation-check crl
  crypto pki certificate chain TP-self-signed-27361994
  certificate self-signed 01
    30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32373336 31393934 301E170D 31323038 32373038 30343238
    5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
    2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D323733 36313939
    3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B709
    64CE1874 BF812A9F 0B761522 892373B9 10F0BB52 6263DCDB F9877AA3 7BD34E53
    BCFDA45C 2A991777 4DDC7E6B 1FCEE36C B6E35679 C4A18771 9C0F871F 38310234
    2D89A4FF 37B616D8 362B3103 A8A319F2 10A72DC7 490A04AC 7955DF68 32EF9615
    9E1A3B31 2A1AB243 B3ED3E35 F4AAD029 CDB1F941 5E794300 5C5EF8AE 5C890203
    010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
    18301680 14D0F5E7 D3A9311D 1675AA8F 38F064FC 4D04465E F5301D06 03551D0E
    04160414 D0F5E7D3 A9311D16 75AA8F38 F064FC4D 04465EF5 300D0609 2A864886
    F70D0101 05050003 818100AB 2CD4363A E5ADBFB0 943A38CB AC820801 117B52CC
    20216093 79D1F777 2B3C0062 4301CF73 094B9CA5 805F585E 04CF3301 9B839DEB
    14A334A2 F5A5316F C65EEF21 0B0DF3B5 F4322440 F28B984B E769876D 6EF94895
    C3D5048A A4E2A180 12DF6652 176942F8 58187D7B D37B1F1A 4DDD7AE9 5189F9AF
    AF3EF676 26AD3F31 D368F5
        quit
  crypto pki certificate chain test_trustpoint_config_created_for_sdm
  no ip source-route
  ip auth-proxy max-login-attempts 5
  ip admission max-login-attempts 5
  no ip bootp server
  no ip domain lookup
  ip domain name yourdomain.com
  ip inspect log drop-pkt
  ip inspect name CCP_MEDIUM appfw CCP_MEDIUM
  ip inspect name CCP_MEDIUM ftp
  ip inspect name CCP_MEDIUM h323
  ip inspect name CCP_MEDIUM sip
  ip inspect name CCP_MEDIUM https
  ip inspect name CCP_MEDIUM icmp
  ip inspect name CCP_MEDIUM netshow
  ip inspect name CCP_MEDIUM rcmd
  ip inspect name CCP_MEDIUM realaudio
  ip inspect name CCP_MEDIUM rtsp
  ip inspect name CCP_MEDIUM sqlnet
  ip inspect name CCP_MEDIUM streamworks
  ip inspect name CCP_MEDIUM tftp
  ip inspect name CCP_MEDIUM udp
  ip inspect name CCP_MEDIUM vdolive
  ip inspect name CCP_MEDIUM imap reset
  ip inspect name CCP_MEDIUM smtp
  ip cef
  no ipv6 cef
  appfw policy-name CCP_MEDIUM
    application im aol
      service default action allow alarm
      service text-chat action allow alarm
      server permit name login.oscar.aol.com
      server permit name toc.oscar.aol.com
      server permit name oam-d09a.blue.aol.com
      audit-trail on
    application im msn
      service default action allow alarm
      service text-chat action allow alarm
      server permit name messenger.hotmail.com
      server permit name gateway.messenger.hotmail.com
      server permit name webmessenger.msn.com
      audit-trail on
    application http
      strict-http action allow alarm
      port-misuse im action reset alarm
      port-misuse p2p action reset alarm
      port-misuse tunneling action allow alarm
    application im yahoo
      service default action allow alarm
      service text-chat action allow alarm
      server permit name scs.msg.yahoo.com
      server permit name scsa.msg.yahoo.com
      server permit name scsb.msg.yahoo.com
      server permit name scsc.msg.yahoo.com
      server permit name scsd.msg.yahoo.com
      server permit name cs16.msg.dcn.yahoo.com
      server permit name cs19.msg.dcn.yahoo.com
      server permit name cs42.msg.dcn.yahoo.com
      server permit name cs53.msg.dcn.yahoo.com
      server permit name cs54.msg.dcn.yahoo.com
      server permit name ads1.vip.scd.yahoo.com
      server permit name radio1.launch.vip.dal.yahoo.com
      server permit name in1.msg.vip.re2.yahoo.com
      server permit name data1.my.vip.sc5.yahoo.com
      server permit name address1.pim.vip.mud.yahoo.com
      server permit name edit.messenger.yahoo.com
      server permit name messenger.yahoo.com
      server permit name http.pager.yahoo.com
      server permit name privacy.yahoo.com
      server permit name csa.yahoo.com
      server permit name csb.yahoo.com
      server permit name csc.yahoo.com
      audit-trail on
  parameter-map type inspect global
  log dropped-packets enable
  multilink bundle-name authenticated
  redundancy
  ip tcp synwait-time 10
  class-map match-any CCP-Transactional-1
  match dscp af21
  match dscp af22
  match dscp af23
  class-map match-any CCP-Voice-1
  match dscp ef
  class-map match-any sdm_p2p_kazaa
  match protocol fasttrack
  match protocol kazaa2
  class-map match-any CCP-Routing-1
  match dscp cs6
  class-map match-any sdm_p2p_edonkey
  match protocol edonkey
  class-map match-any CCP-Signaling-1
  match dscp cs3
  match dscp af31
  class-map match-any sdm_p2p_gnutella
  match protocol gnutella
  class-map match-any CCP-Management-1
  match dscp cs2
  class-map match-any sdm_p2p_bittorrent
  match protocol bittorrent
  policy-map sdm-qos-test-123
  class class-default
  policy-map sdmappfwp2p_CCP_MEDIUM
  class sdm_p2p_edonkey
  class sdm_p2p_gnutella
  class sdm_p2p_kazaa
  class sdm_p2p_bittorrent
  policy-map CCP-QoS-Policy-1
  class sdm_p2p_edonkey
  class sdm_p2p_gnutella
  class sdm_p2p_kazaa
  class sdm_p2p_bittorrent
  class CCP-Voice-1
    priority percent 33
  class CCP-Signaling-1
    bandwidth percent 5
  class CCP-Routing-1
    bandwidth percent 5
  class CCP-Management-1
    bandwidth percent 5
  class CCP-Transactional-1
    bandwidth percent 5
  class class-default
    fair-queue
    random-detect
  crypto ctcp port 10000
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key REMOVED address 62.20.xxx.yyy 
  crypto isakmp key REMOVED address 195.243.xxx.yyy
  crypto isakmp key REMOVED address 195.243.xxx.yyy
  crypto isakmp key REMOVED address 83.140.xxx.yyy  
  crypto isakmp client configuration group VPN_local
  key REMOVED
  dns 10.133.10.5 10.133.10.7
  wins 10.133.10.7
  domain domain.de
  pool SDM_POOL_2
  acl 115
  crypto isakmp profile ciscocp-ike-profile-1
     match identity group VPN_local
     client authentication list ciscocp_vpn_xauth_ml_2
     isakmp authorization list ciscocp_vpn_group_ml_2
     client configuration address respond
     virtual-template 1
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA11 esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-SHA1 esp-des esp-sha-hmac
  crypto ipsec profile CiscoCP_Profile1
  set transform-set ESP-3DES-SHA11
  set isakmp-profile ciscocp-ike-profile-1
  crypto map SDM_CMAP_1 1 ipsec-isakmp
  description Tunnel to62.20.xxx.xxx
  set peer 62.20.xxx.xxx
  set transform-set ESP-3DES-SHA
  match address 105
  crypto map SDM_CMAP_1 2 ipsec-isakmp
  description Tunnel to195.243.xxx.xxx
  set peer 195.243.xxx.xxx
  set transform-set ESP-3DES-SHA4
  match address 107
  crypto map SDM_CMAP_1 3 ipsec-isakmp
  description Tunnel to83.140.xxx.xxx
  set peer 83.140.xxx.xxx
  set transform-set ESP-DES-SHA1
  match address 118
  interface Loopback2
  ip address 192.168.10.1 255.255.254.0
  interface Null0
  no ip unreachables
  interface FastEthernet0
  switchport mode trunk
  no ip address
  spanning-tree portfast
  interface FastEthernet1
  no ip address
  spanning-tree portfast
  interface FastEthernet2
  no ip address
  spanning-tree portfast
  interface FastEthernet3
  no ip address
  spanning-tree portfast
  interface FastEthernet4
  description Internal LAN
  switchport access vlan 10
  switchport trunk native vlan 10
  no ip address
  spanning-tree portfast
  interface FastEthernet5
  no ip address
  spanning-tree portfast
  interface FastEthernet6
  no ip address
  spanning-tree portfast
  interface FastEthernet7
  no ip address
  spanning-tree portfast
  interface FastEthernet8
  description $FW_OUTSIDE$$ETH-WAN$
  ip address 62.153.xxx.xxx 255.255.255.248
  ip access-group 113 in
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  ip inspect CCP_MEDIUM out
  no ip virtual-reassembly in
  ip verify unicast reverse-path
  duplex auto
  speed auto
  crypto map SDM_CMAP_1
  service-policy input sdmappfwp2p_CCP_MEDIUM
  service-policy output CCP-QoS-Policy-1
  interface Virtual-Template1 type tunnel
  ip unnumbered FastEthernet8
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile CiscoCP_Profile1
  interface GigabitEthernet0
  no ip address
  shutdown
  duplex auto
  speed auto
  interface Vlan1
  no ip address
  interface Vlan10
  description $FW_INSIDE$
  ip address 10.133.10.1 255.255.254.0
  ip access-group 112 in
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat inside
  ip virtual-reassembly in
  interface Async1
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  encapsulation slip
  ip local pool SDM_POOL_1 192.168.10.101 192.168.10.200
  ip local pool VPN_Pool 192.168.20.2 192.168.20.100
  ip local pool SDM_POOL_2 172.16.100.2 172.16.100.100
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip forward-protocol nd
  ip nat inside source route-map SDM_RMAP_1 interface FastEthernet8 overload
  ip route 0.0.0.0 0.0.0.0 62.153.xxx.xxx
  ip access-list extended VPN1
  remark VPN_Haberstrasse
  remark CCP_ACL Category=4
  permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
  ip radius source-interface Vlan10
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 10.10.10.0 0.0.0.7
  access-list 23 remark CCP_ACL Category=17
  access-list 23 permit 195.243.xxx.xxx
  access-list 23 permit 10.133.10.0 0.0.1.255
  access-list 23 permit 10.10.10.0 0.0.0.7
  access-list 100 remark CCP_ACL Category=4
  access-list 100 permit ip 10.133.10.0 0.0.1.255 any
  access-list 101 remark CCP_ACL Category=16
  access-list 101 permit udp any eq bootps any eq bootpc
  access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
  access-list 101 permit icmp any any echo-reply
  access-list 101 permit icmp any any time-exceeded
  access-list 101 permit icmp any any unreachable
  access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
  access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
  access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
  access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 101 deny   ip host 255.255.255.255 any
  access-list 101 deny   ip any any
  access-list 102 remark auto generated by CCP firewall configuration
  access-list 102 remark CCP_ACL Category=1
  access-list 102 deny   ip 10.10.10.0 0.0.0.7 any
  access-list 102 permit icmp any host 62.153.xxx.xxx echo-reply
  access-list 102 permit icmp any host 62.153.xxx.xxx time-exceeded
  access-list 102 permit icmp any host 62.153.xxx.xxx unreachable
  access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
  access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
  access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
  access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 102 deny   ip host 255.255.255.255 any
  access-list 102 deny   ip host 0.0.0.0 any
  access-list 102 deny   ip any any log
  access-list 103 remark auto generated by CCP firewall configuration
  access-list 103 remark CCP_ACL Category=1
  access-list 103 remark IPSec Rule
  access-list 103 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
  access-list 103 remark IPSec Rule
  access-list 103 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
  access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
  access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
  access-list 103 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
  access-list 103 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
  access-list 103 remark IPSec Rule
  access-list 103 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
  access-list 103 remark IPSec Rule
  access-list 103 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
  access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
  access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
  access-list 103 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
  access-list 103 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
  access-list 103 permit udp any host 62.153.xxx.xxx eq non500-isakmp
  access-list 103 permit udp any host 62.153.xxx.xxx eq isakmp
  access-list 103 permit esp any host 62.153.xxx.xxx
  access-list 103 permit ahp any host 62.153.xxx.xxx
  access-list 103 permit udp host 194.25.0.60 eq domain any
  access-list 103 permit udp host 194.25.0.68 eq domain any
  access-list 103 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
  access-list 103 deny   ip 10.10.10.0 0.0.0.7 any
  access-list 103 permit icmp any host 62.153.xxx.xxx echo-reply
  access-list 103 permit icmp any host 62.153.xxx.xxx time-exceeded
  access-list 103 permit icmp any host 62.153.xxx.xxx unreachable
  access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
  access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
  access-list 103 deny   ip 192.168.0.0 0.0.255.255 any
  access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 103 deny   ip host 255.255.255.255 any
  access-list 103 deny   ip host 0.0.0.0 any
  access-list 103 deny   ip any any log
  access-list 104 remark CCP_ACL Category=4
  access-list 104 permit ip 10.133.10.0 0.0.1.255 any
  access-list 105 remark CCP_ACL Category=4
  access-list 105 remark IPSec Rule
  access-list 105 permit ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
  access-list 106 remark CCP_ACL Category=2
  access-list 106 remark IPSec Rule
  access-list 106 deny   ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
  access-list 106 remark IPSec Rule
  access-list 106 deny   ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
  access-list 106 remark IPSec Rule
  access-list 106 deny   ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
  access-list 106 remark IPSec Rule
  access-list 106 deny   ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
  access-list 106 remark IPSec Rule
  access-list 106 deny   ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
  access-list 106 permit ip 10.10.10.0 0.0.0.7 any
  access-list 106 permit ip 10.133.10.0 0.0.1.255 any
  access-list 107 remark CCP_ACL Category=4
  access-list 107 remark IPSec Rule
  access-list 107 permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
  access-list 107 remark IPSec Rule
  access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
  access-list 108 remark Auto generated by SDM Management Access feature
  access-list 108 remark CCP_ACL Category=1
  access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq telnet
  access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 22
  access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq www
  access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 443
  access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq cmd
  access-list 108 deny   tcp any host 10.133.10.1 eq telnet
  access-list 108 deny   tcp any host 10.133.10.1 eq 22
  access-list 108 deny   tcp any host 10.133.10.1 eq www
  access-list 108 deny   tcp any host 10.133.10.1 eq 443
  access-list 108 deny   tcp any host 10.133.10.1 eq cmd
  access-list 108 deny   udp any host 10.133.10.1 eq snmp
  access-list 108 permit ip any any
  access-list 109 remark CCP_ACL Category=1
  access-list 109 permit ip 10.133.10.0 0.0.1.255 any
  access-list 109 permit ip 10.10.10.0 0.0.0.7 any
  access-list 109 permit ip 192.168.10.0 0.0.1.255 any
  access-list 110 remark CCP_ACL Category=1
  access-list 110 permit ip host 195.243.xxx.xxx any
  access-list 110 permit ip host 84.44.xxx.xxx any
  access-list 110 permit ip 10.133.10.0 0.0.1.255 any
  access-list 110 permit ip 10.10.10.0 0.0.0.7 any
  access-list 110 permit ip 192.168.10.0 0.0.1.255 any
  access-list 111 remark CCP_ACL Category=4
  access-list 111 permit ip 10.133.10.0 0.0.1.255 any
  access-list 112 remark CCP_ACL Category=1
  access-list 112 permit udp host 10.133.10.5 eq 1812 any
  access-list 112 permit udp host 10.133.10.5 eq 1813 any
  access-list 112 permit udp any host 10.133.10.1 eq non500-isakmp
  access-list 112 permit udp any host 10.133.10.1 eq isakmp
  access-list 112 permit esp any host 10.133.10.1
  access-list 112 permit ahp any host 10.133.10.1
  access-list 112 permit udp host 10.133.10.5 eq 1645 host 10.133.10.1
  access-list 112 permit udp host 10.133.10.5 eq 1646 host 10.133.10.1
  access-list 112 remark auto generated by CCP firewall configuration
  access-list 112 permit udp host 10.133.10.5 eq 1812 host 10.133.10.1
  access-list 112 permit udp host 10.133.10.5 eq 1813 host 10.133.10.1
  access-list 112 permit udp host 10.133.10.7 eq domain any
  access-list 112 permit udp host 10.133.10.5 eq domain any
  access-list 112 deny   ip 62.153.xxx.xxx 0.0.0.7 any
  access-list 112 deny   ip 10.10.10.0 0.0.0.7 any
  access-list 112 deny   ip host 255.255.255.255 any
  access-list 112 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 112 permit ip any any
  access-list 113 remark CCP_ACL Category=1
  access-list 113 remark IPSec Rule
  access-list 113 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
  access-list 113 remark IPSec Rule
  access-list 113 permit ip 10.60.16.0 0.0.0.255 192.168.10.0 0.0.1.255
  access-list 113 remark IPSec Rule
  access-list 113 permit ip 10.60.16.0 0.0.0.255 10.133.10.0 0.0.1.255
  access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq non500-isakmp
  access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq isakmp
  access-list 113 permit esp host 83.140.100.4 host 62.153.xxx.xxx
  access-list 113 permit ahp host 83.140.100.4 host 62.153.xxx.xxx
  access-list 113 permit ip host 195.243.xxx.xxx host 62.153.xxx.xxx
  access-list 113 permit ip host 84.44.xxx.xxx host 62.153.xxx.xxx
  access-list 113 remark auto generated by CCP firewall configuration
  access-list 113 permit udp host 194.25.0.60 eq domain any
  access-list 113 permit udp host 194.25.0.68 eq domain any
  access-list 113 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
  access-list 113 permit udp host 194.25.0.60 eq domain host 62.153.xxx.xxx
  access-list 113 permit udp any host 62.153.xxx.xxx eq non500-isakmp
  access-list 113 permit udp any host 62.153.xxx.xxx eq isakmp
  access-list 113 permit esp any host 62.153.xxx.xxx
  access-list 113 permit ahp any host 62.153.xxx.xxx
  access-list 113 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
  access-list 113 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
  access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
  access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
  access-list 113 remark IPSec Rule
  access-list 113 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
  access-list 113 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
  access-list 113 remark IPSec Rule
  access-list 113 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
  access-list 113 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
  access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
  access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
  access-list 113 remark IPSec Rule
  access-list 113 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
  access-list 113 remark Pop3
  access-list 113 permit tcp host 82.127.xxx.xxx eq 8080 host 62.153.xxx.xxx
  access-list 113 remark Pop3
  access-list 113 permit tcp any eq pop3 host 62.153.xxx.xxx
  access-list 113 remark SMTP
  access-list 113 permit tcp any eq 465 host 62.153.xxx.xxx
  access-list 113 remark IMAP
  access-list 113 permit tcp any eq 587 host 62.153.xxx.xxx
  access-list 113 deny   ip 10.133.10.0 0.0.1.255 any
  access-list 113 deny   ip 10.10.10.0 0.0.0.7 any
  access-list 113 permit icmp any host 62.153.xxx.xxx echo-reply
  access-list 113 permit icmp any host 62.153.xxx.xxx time-exceeded
  access-list 113 permit icmp any host 62.153.xxx.xxx unreachable
  access-list 113 deny   ip 10.0.0.0 0.255.255.255 any
  access-list 113 deny   ip 172.16.0.0 0.15.255.255 any
  access-list 113 deny   ip 192.168.0.0 0.0.255.255 any
  access-list 113 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 113 deny   ip host 255.255.255.255 any
  access-list 113 deny   ip host 0.0.0.0 any
  access-list 113 deny   ip any any log
  access-list 114 remark auto generated by CCP firewall configuration
  access-list 114 remark CCP_ACL Category=1
  access-list 114 deny   ip 10.133.10.0 0.0.1.255 any
  access-list 114 deny   ip 10.10.10.0 0.0.0.7 any
  access-list 114 permit icmp any any echo-reply
  access-list 114 permit icmp any any time-exceeded
  access-list 114 permit icmp any any unreachable
  access-list 114 deny   ip 10.0.0.0 0.255.255.255 any
  access-list 114 deny   ip 172.16.0.0 0.15.255.255 any
  access-list 114 deny   ip 192.168.0.0 0.0.255.255 any
  access-list 114 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 114 deny   ip host 255.255.255.255 any
  access-list 114 deny   ip host 0.0.0.0 any
  access-list 114 deny   ip any any log
  access-list 115 remark VPN_Sub
  access-list 115 remark CCP_ACL Category=5
  access-list 115 permit ip 10.133.10.0 0.0.1.255 172.16.0.0 0.0.255.255
  access-list 115 permit ip 10.133.34.0 0.0.1.255 172.16.0.0 0.0.255.255
  access-list 115 permit ip 10.133.20.0 0.0.0.255 any
  access-list 116 remark CCP_ACL Category=4
  access-list 116 remark IPSec Rule
  access-list 116 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
  access-list 117 remark CCP_ACL Category=4
  access-list 117 remark IPSec Rule
  access-list 117 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
  access-list 118 remark CCP_ACL Category=4
  access-list 118 remark IPSec Rule
  access-list 118 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
  access-list 118 remark IPSec Rule
  access-list 118 permit ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
  no cdp run
  route-map SDM_RMAP_1 permit 1
  match ip address 106
  control-plane
  mgcp profile default
  line con 0
  transport output telnet
  line 1
  modem InOut
  speed 115200
  flowcontrol hardware
  line aux 0
  transport output telnet
  line vty 0 4
  session-timeout 45
  access-class 110 in
  transport input telnet ssh
  line vty 5 15
  access-class 109 in
  transport input telnet ssh
  scheduler interval 500
  end

  The crypto ACL for the site to site vpn should also include the vpn client pool, otherwise, traffic from the vpn client does not match the interesting traffic for the site to site vpn.
  On Site A:
  should include "access-list 107 permit ip 172.16.100.0 0.0.0.255 10.133.34.0 0.0.1.255"
  You should also remove the following line as the pool is incorrect:
  access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
  On Site B:
  should include: permit ip 10.133.34.0 0.0.1.255 172.16.100.0 0.0.0.255"
  NAT exemption on site B should also be configured with deny on the above ACL.

• Linux 3.9 VPN Client

  Anybody have any success connecting to a BM 3.8.5 VPN server (C2S) using this client?
  I've setup a SLED 10 box patched to the hilt and installed the latest Novell Client for Linux as well as the VPN client (installed and configured as per the documentation...http://www.novell.com/documentation/.../bookinfo.html) that comes with the BM 3.9 Trial and I'm unable to get connected. I'm still able to connect with my Windows and MAC boxes so I don't think my VPN server is the issue.
  On the SLED box I get one the following errors after it tries to connect to our VPN:
  Error #1:
  VPN Connect Failure
  Could not start the VPN connection "XXXX" due to a connection error.
  The VPN login failed because the VPN program could not connect to the VPN server.
  Error #2:
  VPN Connect Error
  Could not start the VPN connection "XXXX" due to a connection error.
  VPNCLIENT-UI-4611:Failed to connect to the Gateway.
  Here is a snippet from the IKE.LOG file:
  6-27-2007 2:04:26 pm ***Receive Main Mode message from <LINUX_CLIENT_IP>
  6-27-2007 2:04:26 pm I-COOKIE=80441C99D658EC20,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=-1640542708
  6-27-2007 2:04:26 pm The client 200.13.38.18 removed from vpninf
  6-27-2007 2:04:26 pm Freeing IKE SA
  6-27-2007 2:04:26 pm Start IKE-SA ABD1CDC0 - Responder,src=<BM_VPN_EXT_IP>,dst=<LINUX_CLIENT_IP >,TotSA=5
  6-27-2007 2:04:26 pm AUTH ALG IS 1
  6-27-2007 2:04:26 pm Negotiating for an NMAS user <LINUX_CLIENT_IP>
  6-27-2007 2:04:26 pm IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=28800
  6-27-2007 2:04:26 pm Warn :Proposal mismatch PHASE 1 Encryption Algorithm mismatch mine : 3DES his : DES dst : <LINUX_CLIENT_IP> src : <BM_VPN_EXT_IP> cookies[mine :his] CBFDEE874EB850F9 : 80441C9900000002
  6-27-2007 2:04:26 pm IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=28800
  6-27-2007 2:04:26 pm Warn :Proposal mismatch PHASE 1 Encryption Algorithm mismatch mine : 3DES his : DES dst : <LINUX_CLIENT_IP> src : <BM_VPN_EXT_IP> cookies[mine :his] CBFDEE874EB850F9 : 80441C9900000002
  6-27-2007 2:04:26 pm IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=28800
  6-27-2007 2:04:26 pm Warn :Proposal mismatch PHASE 1 Encryption Algorithm mismatch mine : 3DES his : DES dst : <LINUX_CLIENT_IP> src : <BM_VPN_EXT_IP> cookies[mine :his] CBFDEE874EB850F9 : 80441C9900000002
  6-27-2007 2:04:26 pm IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=28800
  6-27-2007 2:04:26 pm Warn :Proposal mismatch PHASE 1 Encryption Algorithm mismatch mine : 3DES his : DES dst : <LINUX_CLIENT_IP> src : <BM_VPN_EXT_IP> cookies[mine :his] CBFDEE874EB850F9 : 80441C9900000002
  6-27-2007 2:04:26 pm IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=28800
  6-27-2007 2:04:26 pm Warn :Proposal mismatch PHASE 1 HASH Algorithm mismatch mine : SHA his : MD5 dst : <LINUX_CLIENT_IP> src : <BM_VPN_EXT_IP> cookies[mine :his] CBFDEE874EB850F9 : 80441C9900000004
  6-27-2007 2:04:26 pm IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=28800
  6-27-2007 2:04:26 pm Warn :Proposal mismatch PHASE 1 HASH Algorithm mismatch mine : SHA his : MD5 dst : <LINUX_CLIENT_IP> src : <BM_VPN_EXT_IP> cookies[mine :his] CBFDEE874EB850F9 : 80441C9900000004
  6-27-2007 2:04:26 pm IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=28800
  6-27-2007 2:04:26 pm ****DH private exponent size is 1016****
  6-27-2007 2:04:26 pm Local server's interfaces : <BM_VPN_EXT_IP>
  6-27-2007 2:04:26 pm Local server's interfaces : <BM_VPN_INT_IP>
  6-27-2007 2:04:26 pm Recieved Supported Vendor id Novell Linux Client from <LINUX_CLIENT_IP>
  6-27-2007 2:04:26 pm Recieved Supported Vendor id draft-ietf-ipsec-nat-t-ike-03 from <LINUX_CLIENT_IP>
  6-27-2007 2:04:26 pm Recieved Supported Vendor id draft-ietf-ipsec-nat-t-ike-02 from <LINUX_CLIENT_IP>
  6-27-2007 2:04:26 pm ***Send Main Mode message to <LINUX_CLIENT_IP>
  6-27-2007 2:04:26 pm I-COOKIE=80441C99D658EC20,R-COOKIE=CBFDEE874EB850F9,MsgID=0,1stPL=SA-PAYLOAD,state=-1640542708
  6-27-2007 2:04:26 pm ***Receive Main Mode message from <LINUX_CLIENT_IP>
  6-27-2007 2:04:26 pm I-COOKIE=80441C99D658EC20,R-COOKIE=CBFDEE874EB850F9,MsgID=0,1stPL=KEY-PAYLOAD,state=-1640542656
  6-27-2007 2:04:26 pm No NAT detected
  6-27-2007 2:04:26 pm ***Send Main Mode message to <LINUX_CLIENT_IP>
  6-27-2007 2:04:26 pm I-COOKIE=80441C99D658EC20,R-COOKIE=CBFDEE874EB850F9,MsgID=0,1stPL=KEY-PAYLOAD,state=-1640542656
  6-27-2007 2:04:27 pm ***Receive Main Mode message from <LINUX_CLIENT_IP>
  6-27-2007 2:04:27 pm I-COOKIE=80441C99D658EC20,R-COOKIE=CBFDEE874EB850F9,MsgID=0,1stPL=ID-PAYLOAD,state=-1640542644
  6-27-2007 2:04:27 pm Recieved MM ID payload type 1 protocol 17 portnum 500 length 8
  6-27-2007 2:04:27 pm *Received MM ID ID_IPV4_ADDR <LINUX_CLIENT_IP>
  6-27-2007 2:04:27 pm IKE : Nmas user check authentication and traffic rule
  6-27-2007 2:04:27 pm Adding user :original address is <LINUX_CLIENT_IP>
  6-27-2007 2:04:27 pm
  Client 200.13.38.18 is added successfully
  6-27-2007 2:04:27 pm *Sending MM id payload IPSEC_ID_IPV4_ADDR <BM_VPN_EXT_IP>
  6-27-2007 2:04:27 pm *protocol 0 portnum 0 length 8
  6-27-2007 2:04:27 pm ***Send Main Mode message to <LINUX_CLIENT_IP>
  6-27-2007 2:04:27 pm I-COOKIE=80441C99D658EC20,R-COOKIE=CBFDEE874EB850F9,MsgID=0,1stPL=ID-PAYLOAD,state=-1640542644
  6-27-2007 2:04:27 pm ***Receive Unacknowledge Informational message from <LINUX_CLIENT_IP>
  6-27-2007 2:04:27 pm I-COOKIE=80441C99D658EC20,R-COOKIE=CBFDEE874EB850F9,MsgID=E212BBAB,1stPL=HASH-PAYLOAD,state=-1640542596
  6-27-2007 2:04:27 pm Recieved notify message type 24578 from <LINUX_CLIENT_IP>
  6-27-2007 2:04:27 pm Recieved INITIAL_CONTACT notify deleting all old SA's with <LINUX_CLIENT_IP> address
  6-27-2007 2:04:27 pm ***Receive Quick Mode message from <LINUX_CLIENT_IP>
  6-27-2007 2:04:27 pm I-COOKIE=80441C99D658EC20,R-COOKIE=CBFDEE874EB850F9,MsgID=F99A0483,1stPL=HASH-PAYLOAD,state=-1640542596
  6-27-2007 2:04:27 pm Start IPSEC SA 9191F5A0 - Responder****totSA=1
  6-27-2007 2:04:27 pm ****DH private exponent size is 1016****
  6-27-2007 2:04:27 pm Final IKE (phase 1) SA lifetime is 28800 secs
  6-27-2007 2:04:27 pm IKE-SA is created. rekey time = 21600 encr=1,hash=1,auth=1,lifesec=28800
  6-27-2007 2:04:27 pm dst=<LINUX_CLIENT_IP>,time=144349413
  6-27-2007 2:04:27 pm Received (QM) proxy ID 0.0.0.0 0.0.0.0 - <LINUX_CLIENT_IP>
  6-27-2007 2:04:27 pm IPSE SA NEGOTIATION: Peer lifetime = 1800 My lifetime=1000
  6-27-2007 2:04:27 pm Warn :Proposal mismatch Quick Mode : ESP - esp desHASH Algorithm mismatch mine : SHA his : MD5 dst : <LINUX_CLIENT_IP> src : <BM_VPN_EXT_IP> cookies[mine :his] CBFDEE874EB850F9 : 80441C9900000020
  6-27-2007 2:04:27 pm IPSE SA NEGOTIATION: Peer lifetime = 1800 My lifetime=1000
  6-27-2007 2:04:27 pm IKE peer requesting PFS - Accepted
  6-27-2007 2:04:27 pm ****DH private exponent size is 760****
  6-27-2007 2:04:27 pm Received (QM) proxy ID 0.0.0.0 0.0.0.0 - <LINUX_CLIENT_IP>
  6-27-2007 2:04:27 pm Sending DH params in QM - PFS Configured or Requested by Peer
  6-27-2007 2:04:27 pm *Sending proxy ID type 4 0.0.0.0/0.0.0.0
  6-27-2007 2:04:27 pm *Sending proxy ID type 1 <LINUX_CLIENT_IP>
  6-27-2007 2:04:27 pm ***Send Quick Mode message to <LINUX_CLIENT_IP>
  6-27-2007 2:04:27 pm I-COOKIE=80441C99D658EC20,R-COOKIE=CBFDEE874EB850F9,MsgID=F99A0483,1stPL=HASH-PAYLOAD,state=-1640542596
  6-27-2007 2:04:27 pm ***Receive Quick Mode message from <LINUX_CLIENT_IP>
  6-27-2007 2:04:27 pm I-COOKIE=80441C99D658EC20,R-COOKIE=CBFDEE874EB850F9,MsgID=F99A0483,1stPL=HASH-PAYLOAD,state=-1640542596
  6-27-2007 2:04:27 pm ESP-SA is created:algorID=esp des,mySPI=42A06A25,peerSPI=640F580D,time=8019411 ,dst=<LINUX_CLIENT_IP>
  Any ideas?
  Thanks,
  John Hunter

  >>> Craig Johnson<[email protected]> 27/06/2007 10:29 pm >>>
  >>>Do you have anything to go on in the VPN audit logs? (Check using NRM).
  You bet...here is what's in the VPN Audit logs from NRM (from last entry to first) at the same time as my snippet from the IKE.log:
  06/27/2007 02:04:30 PM IKE ESP SA was created successfully with <LINUX_CLIENT_IP>
  06/27/2007 02:04:30 PM IKE Sending proxy id: Type 1 <LINUX_CLIENT_IP>
  06/27/2007 02:04:30 PM IKE Sending proxy id :Type 4 0.0.0.0/0.0.0.0
  06/27/2007 02:04:30 PM IKE Received proxy id ID_IPV4_ADDR <LINUX_CLIENT_IP>
  06/27/2007 02:04:30 PM IKE Received proxy Id : IPV4 SUBNET 0.0.0.0/0.0.0.0
  06/27/2007 02:04:30 PM IKE IPSEC SA NEGOTIATION - Peer lifetime is: 1800 My lifetime is: 1000
  06/27/2007 02:04:30 PM IKE Proposal Mismatch - Quick Mode : ESP - esp desHASH Algorithm mismatch mine : SHA his : MD5 dst: <LINUX_CLIENT_IP> src: <BM_VPN_EXT_IP> cookies my-his :CBFDEE874EB850F9 - 80441C99D658EC20
  06/27/2007 02:04:30 PM IKE IPSEC SA NEGOTIATION - Peer lifetime is: 1800 My lifetime is: 1000
  06/27/2007 02:04:30 PM IKE Received proxy id ID_IPV4_ADDR <LINUX_CLIENT_IP>
  06/27/2007 02:04:28 PM IKE Received proxy Id : IPV4 SUBNET 0.0.0.0/0.0.0.0
  06/27/2007 02:04:28 PM IKE IKE SA was created successfully with <LINUX_CLIENT_IP>, encr = DES, SA lifetime = 28800 sec
  06/27/2007 02:04:28 PM IKE Final IKE SA (phase 1) lifetime is 28800 secs
  06/27/2007 02:04:28 PM IKE Recieved INITIAL_CONTACT notify from <LINUX_CLIENT_IP> deleting all old sa's to <LINUX_CLIENT_IP>
  06/27/2007 02:04:28 PM IKE Received notify message of type IPSEC_CONTACT : 24578 from <LINUX_CLIENT_IP>
  06/27/2007 02:04:28 PM IKE Nmas user check authentication and traffic rule
  06/27/2007 02:04:28 PM IKE Received MM ID type: 1 protocol : 17 portnum: 500 length 8
  06/27/2007 02:04:28 PM IKE IKE SA NEGOTIATION - Peer lifetime is: 28800 My lifetime is: 28800
  06/27/2007 02:04:28 PM IKE Proposal Mismatch - PHASE 1 HASH Algorithm mismatch mine : SHA his : MD5 dst: <LINUX_CLIENT_IP> src: <BM_VPN_EXT_IP> cookies my-his :CBFDEE874EB850F9 - 80441C99D658EC20
  06/27/2007 02:04:28 PM IKE IKE SA NEGOTIATION - Peer lifetime is: 28800 My lifetime is: 28800
  06/27/2007 02:04:28 PM IKE Proposal Mismatch - PHASE 1 HASH Algorithm mismatch mine : SHA his : MD5 dst: <LINUX_CLIENT_IP> src: <BM_VPN_EXT_IP> cookies my-his :CBFDEE874EB850F9 - 80441C99D658EC20
  06/27/2007 02:04:28 PM IKE IKE SA NEGOTIATION - Peer lifetime is: 28800 My lifetime is: 28800
  06/27/2007 02:04:28 PM IKE Proposal Mismatch - PHASE 1 Encryption Algorithm mismatch mine : 3DES his : DES dst: <LINUX_CLIENT_IP> src: <BM_VPN_EXT_IP> cookies my-his :CBFDEE874EB850F9 - 80441C99D658EC20
  06/27/2007 02:04:28 PM IKE IKE SA NEGOTIATION - Peer lifetime is: 28800 My lifetime is: 28800
  06/27/2007 02:04:28 PM IKE Proposal Mismatch - PHASE 1 Encryption Algorithm mismatch mine : 3DES his : DES dst: <LINUX_CLIENT_IP> src: <BM_VPN_EXT_IP> cookies my-his :CBFDEE874EB850F9 - 80441C99D658EC20
  06/27/2007 02:04:28 PM IKE IKE SA NEGOTIATION - Peer lifetime is: 28800 My lifetime is: 28800
  06/27/2007 02:04:28 PM IKE Proposal Mismatch - PHASE 1 Encryption Algorithm mismatch mine : 3DES his : DES dst: <LINUX_CLIENT_IP> src: <BM_VPN_EXT_IP> cookies my-his :CBFDEE874EB850F9 - 80441C99D658EC20
  06/27/2007 02:04:28 PM IKE IKE SA NEGOTIATION - Peer lifetime is: 28800 My lifetime is: 28800
  06/27/2007 02:04:28 PM IKE Proposal Mismatch - PHASE 1 Encryption Algorithm mismatch mine : 3DES his : DES dst: <LINUX_CLIENT_IP> src: <BM_VPN_EXT_IP> cookies my-his :CBFDEE874EB850F9 - 80441C99D658EC20
  06/27/2007 02:04:28 PM IKE IKE SA NEGOTIATION - Peer lifetime is: 28800 My lifetime is: 28800
  06/27/2007 02:04:28 PM VPN Control Client JohnHu.SPCSS added to IPSEC.
  06/27/2007 02:04:26 PM IKE Negotiating for an NMAS user <LINUX_CLIENT_IP>
  06/27/2007 02:04:26 PM AUTH Gateway Connection closed for the VPN client at address <LINUX_CLIENT_IP>.
  06/27/2007 02:04:26 PM AUTH Gateway VPN client NMAS user <USER.CONTEXT> at address <LINUX_CLIENT_IP> has been authenticated.
  06/27/2007 02:04:26 PM AUTH Gateway Process NMAS request: NMAS authentication successful.
  06/27/2007 02:04:24 PM AUTH Gateway A connection was opened for a VPN client at address <LINUX_CLIENT_IP>.
  >>>By any chance do you have an IP address on the linux client that is in the same subnet as the VPN tunnel address?
  Nope. The Linux box is using a public IP address...we've got a separate connection that seems to come in handy for issues like this. =)
  Thanks for your response, Craig.
  JH

• Cisco VPN Client 5.0.07.0440 Fails Installation on Win7 64

  Dears,
  I went to istall the Cisco VPN Client SW. I used  "vpnclient-winx64-msi-5.0.07.0440-k9" installator. But the installation  on my laptoop finished with the Error 1722.
  Here is fagment from the log  file:
  MSI (s) (74:B0) [12:07:23:006]: Product: Cisco Systems VPN Client  5.0.07.0440 -- Error 1722. There is a problem with this Windows  Installer package. A program run as part of the setup did not finish as  expected. Contact your support personnel or package vendor.  Action  CsCaExe_VAInstall, location: C:\Program Files (x86)\Cisco Systems\VPN  Client\VAInst64.exe, command: nopopup i "C:\Program Files (x86)\Cisco  Systems\VPN Client\Setup\CVirtA64.inf CS_VirtA
  I use the Windows 7 Home Premium 64bit on my laptop, the UAC is switched OFF  and the antivir SW is uninstalled and my account has administrators rights.
  I looked for it on the net but I did  not found satisfactory solution.
  Please do knows somebody how can I solve this issue??
  Thanks  Milan

  Hello Paul,
  This seems to be a known issue:
  Client cvpnd.exe errors on bootup if certain vendor's firewall installed.
  However, just to try further options, what if you try this?
  Restart VPN Client Service if You Install VPN Client before Zone Alarm
  Also check: Check Point Integrity Firewall Incompatibility, found in the link above.
  From the Zone Alarm FW, make sure you have the following advanced firewall options enabled:
  Allow VPN protocols
  Allow uncommon protocols at high security
  Enable IPv6 networking
  HTH
  Portu.

• VPN Client Accounts: "Username and passwords must consist of numbers or letters"

  I am configuring a username in the VPN Client Accounts withing a Cisco WRVS4400N.
  The username I must enter is in the form: [email protected]
  Unfortunately, when I input that username, the system informs me that I cannot have anything other than numbers an letters.
  The instructions from my University require us to use that FULL email format.
  http://net-services.ufl.edu/provided_services/vpn/anyconnect/legacy-install.html
  Is there a way to fix this?

  Any solution for this?  How can I pass in a blank domain parameter so I am automatically logged in instead of receiving the log-in dialog asking for the domain?