Strange issue with 3.6.3 VPN Client and IOS firewall

I'm able to establish a VPN connection from the VPN Client to the e0/0 interface of the IOS FW/VPN router and pass encrypted traffic.
Whenever I initiate a connection to something on the "Internet" from the LAN (e0/1) of the router, a temporary ACL entry is added to ACL 103 as it should be and I'm able to get out on the Internet from the internal LAN; however, I immediately lose my VPN connection from my PC Client when IOS FW adds those temporary "return entries".
Router is running 12.2(13)T.
Anyone else having issues like that? I've looked everywhere on cisco.com and elsewhere but I don't see anyone having a similar issue.
You Cisco gurus have any thoughts?
Thanks,
Jamey
Config below:
jamey#wr t
Building configuration...
Current configuration : 3947 bytes
! Last configuration change at 16:27:03 GMT Wed Jan 22 2003 by jdepp
! NVRAM config last updated at 00:14:38 GMT Wed Jan 22 2003 by jdepp
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname "jamey"
no logging buffered
no logging console
username XXXX password 7 XXXXX
clock timezone GMT 0
aaa new-model
aaa authentication login tac local
aaa session-id common
ip subnet-zero
no ip domain lookup
ip inspect name myfw ftp
ip inspect name myfw realaudio
ip inspect name myfw smtp
ip inspect name myfw streamworks
ip inspect name myfw vdolive
ip inspect name myfw tftp
ip inspect name myfw rcmd
ip inspect name myfw tcp
ip inspect name myfw udp
ip inspect name firewall http java-list 3
ip audit notify log
ip audit po max-events 100
crypto isakmp policy 3
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp nat keepalive 20
crypto isakmp client configuration group XXXX
key XXXXXXX
dns x.x.x.x
domain xxx.com
pool ipsec-pool
acl 191
crypto ipsec security-association lifetime kilobytes 536870911
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set foxset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set foxset
crypto map clientmap client authentication list tac
crypto map clientmap isakmp authorization list XXXXX
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
interface Loopback10
description just for test purposes
ip address 172.16.45.1 255.255.255.0
interface Ethernet0/0
description "Internet"
ip address x.x.x.x 255.255.255.224
ip access-group 103 in
ip inspect myfw out
no ip route-cache
no ip mroute-cache
half-duplex
crypto map clientmap
interface Ethernet0/1
description "LAN"
ip address 192.168.45.89 255.255.255.0
no ip route-cache
no ip mroute-cache
half-duplex
ip local pool ipsec-pool 192.168.100.1 192.168.100.254
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no logging trap
access-list 3 permit any
access-list 103 permit ip 192.168.100.0 0.0.0.255 any log
access-list 103 permit icmp any any log
access-list 103 permit udp any eq isakmp any log
access-list 103 permit esp any any log
access-list 103 permit ahp any any log
access-list 103 permit udp any any eq non500-isakmp log
access-list 103 permit tcp any any eq 1723 log
access-list 103 permit udp any any eq 1723 log
access-list 103 deny tcp any any log
access-list 103 deny udp any any log
access-list 191 permit ip 192.168.45.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 191 permit ip 172.16.45.0 0.0.0.255 192.168.100.0 0.0.0.255
radius-server authorization permit missing Service-Type
call rsvp-sync
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
password XXXXXX
line vty 5 15
end
Some debugging info:
At this point, my VPN PC is successfully connected to the e0/0 VPN router and assigned IP of 192.168.100.2. It is running constant pings to 192.168.45.67 and 172.16.45.1 (172.16.45.1 is a loopback on the router for testing), 192.168.45.67 is a host on the internal network.
.Jan 22 01:27:38.284: ICMP type=8, code=0
.Jan 22 01:27:38.288: IP: s=192.168.45.67 (Ethernet0/1), d=192.168.100.2 (Ethern
et0/0), g=192.168.100.2, len 60, forward
.Jan 22 01:27:38.288: ICMP type=0, code=0
.Jan 22 01:27:38.637: IP: s=192.168.45.145 (Ethernet0/0), d=255.255.255.255, len
40, access denied
.Jan 22 01:27:38.637: UDP src=2301, dst=2301
.Jan 22 01:27:38.641: IP: s=192.168.45.145 (Ethernet0/1), d=255.255.255.255, len
40, rcvd 2
.Jan 22 01:27:38.641: UDP src=2301, dst=2301
.Jan 22 01:27:38.761: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:38.765: IP: s=192.168.100.2 (Ethernet0/0), d=172.16.45.1, len 60,
rcvd 4
.Jan 22 01:27:38.765: ICMP type=8, code=0
.Jan 22 01:27:38.765: IP: s=172.16.45.1 (local), d=192.168.100.2 (Ethernet0/0),
len 60, sending
.Jan 22 01:27:38.765: ICMP type=0, code=0
.Jan 22 01:27:39.282: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:39.286: IP: s=192.168.100.2 (Ethernet0/0), d=192.168.45.67 (Ethern
et0/1), g=192.168.45.67, len 60, forward
.Jan 22 01:27:39.286: ICMP type=8, code=0
.Jan 22 01:27:39.286: IP: s=192.168.45.67 (Ethernet0/1), d=192.168.100.2 (Ethern
et0/0), g=192.168.100.2, len 60, forward
.Jan 22 01:27:39.290: ICMP type=0, code=0
.Jan 22 01:27:39.763: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:39.767: IP: s=192.168.100.2 (Ethernet0/0), d=172.16.45.1, len 60,
rcvd 4
.Jan 22 01:27:39.767: ICMP type=8, code=0
.Jan 22 01:27:39.767: IP: s=172.16.45.1 (local), d=192.168.100.2 (Ethernet0/0),
len 60, sending
.Jan 22 01:27:39.767: ICMP type=0, code=0
.Jan 22 01:27:40.283: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:40.287: IP: s=192.168.100.2 (Ethernet0/0), d=192.168.45.67 (Ethern
et0/1), g=192.168.45.67, len 60, forward
.Jan 22 01:27:40.287: ICMP type=8, code=0
.Jan 22 01:27:40.287: IP: s=192.168.45.67 (Ethernet0/1), d=192.168.100.2 (Ethern
et0/0), g=192.168.100.2, len 60, forward
.Jan 22 01:27:40.291: ICMP type=0, code=0
.Jan 22 01:27:40.596 GMT: %SEC-6-IPACCESSLOGNP: list 103 permitted 50 216.16.193
.52 -> <VPN ROUTER E0/0 INTERFACE>, 222 packets
.Jan 22 01:27:40.596 GMT: %SEC-6-IPACCESSLOGP: list 103 permitted udp 216.16.193
.52(500) -> <VPN ROUTER E0/0 INTERFACE>(500), 16 packets
here is where I initiate a telnet connection to a host 2.2.2.2 (a dummy host on the "Internet")
from a host on the internal side (LAN) (192.168.45.1)
.Jan 22 01:27:40.600: IP: s=192.168.45.1 (Ethernet0/1), d=2.2.2.2 (Ethernet0/0),
g=2.2.2.2, len 44, forward
.Jan 22 01:27:40.600: TCP src=38471, dst=23, seq=953962328, ack=0, win=4128
SYN
.Jan 22 01:27:40.764: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
here is where by VPN connection breaks
.Jan 22 01:27:40.768: IPSEC(epa_des_crypt): decrypted packet failed SA identity
check
.Jan 22 01:27:41.285: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:41.285: IPSEC(epa_des_crypt): decrypted packet failed SA identity
check
.Jan 22 01:27:45.773: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:45.777: IPSEC(epa_des_crypt): decrypted packet failed SA identity
check
.Jan 22 01:27:46.774: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:46.774: IPSEC(epa_des_crypt): decrypted packet failed SA identity
check

Ok..I found the bug ID for this:
CSCdz46552
the workaround says to configure an ACL on the dynamic ACL.
I don't understand what that means.
I found this link:
http://www.cisco.com/en/US/products/sw/secursw/ps2138/products_maintenance_guide_chapter09186a008007da4d.html#96393
and they talk about it, but I'm having a hard time decoding what this means:
"To specify an extended access list for a crypto map entry, enter the match address crypto map configuration command. This access list determines which traffic should be protected by IPSec and which traffic should not be protected by IPSec. If this is configured, the data flow identity proposed by the IPSec peer must fall within a permit statement for this crypto access list. If this is not configured, the router will accept any data flow identity proposed by the IPSec peer. However, if this is configured but the specified access list does not exist or is empty, the router will drop all packets."

Similar Messages

Reliable working combination of VPN client and Sidewinder firewall?

My work's I.T. Dept has deployed a "Sidewinder" VPN firewall with certs at our workplace. All works well with our many remote Windoze clients. The Windoze clients are using a "Greenbow" VPN client.
They (the I.T. Dept.) were never able to get the built-in OS X VPN client to work with the Sidewinder VPN firewall at all. I don't really have any details of what they tried or why it didn't work and they aren't exactly the friendliest types to us Mac users in the organization so I probably won't be getting any further details in that regard.
They (the I.T. Dept.) did get VPN Tracker Player v6.2 client to work on the remote Mac clients -- sort of -- but it consistently fails after roughly ten minutes of connection time at IKE renegotiation. They purportedly had a trouble ticket open with, and were working with, Equinux to try to resolve the issue, but after spending a certain amount of time on it, they basically told us Mac users in the organization that they had already spent way too much time on trying to make the Mac VPN client work, so they weren't going to be doing anything further with it, so too bad, so sad for us. And they've got 100% Director support backing up their decision.
So, the question du jour is, is anyone out there using a VPN client on a Mac and reliably connecting through a "Sidewinder" VPN firewall/server with certs (i.e., no dropped connections after about ten minutes or thereabouts), and if so, what VPN client are using and how did you/do you have it configured?
Thanks

(first and last) bump

NME-NAM with Cisco Prime 5.1.2 and IOS Firewall

Hello,
I have installed and configured the Cisco NME-NAM with Prime 5.1.2 and have access to the NAM via a web browser. It is not picking up any data even though I havew configured the following:
internal data source
network site 10.10.16.0/20
All reports show "No data for selected time interval"
I am running IOS 15.1 on a 2811 with IOS firewall enabled.
Do I need to create a FW rule to allow traffic to be monitored by the NME-NAM?
Thank you,
Matthew

Hi rajeeshp,
Currently I am not allowed to upgrade it because of internal procedures involved in upgrading a specific piece of software (obtaining permissions from various departments). Is it free to upgrade from 1.2 to 1.3 or there is a specific charge for that.
Predrag Petrovic

Strange issue with Lync 2013 Front end pool and UC Endpoints.

I have two servers in a Lync Pool.
S1 and S2. I also have an ACD server that has Trusted endpoints within Lync.
With both servers running, if a call is answered by S2 there are a bunch of weird delays in transfers. IF I shut down S2, everything works right. If I just run S2, the endpoints just ring forever and never pick up.
Additionally, with just the S1 server running, in and out calls are fine. With just the S2 server, outbound is delays and no inbound work.
It seems like there is something wrong with the S2 server, but what could it be?
Alex.

Hi,
Agree with Edwin.
Did you receive any error message from FE S2 when the issue happen?
Please double check the network status between FE S2 and ACD Server, on Lync Server Control Panel, check if FE S2 replication status normally.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support

URL issue with Windows 7 Internet Explorer 11 and SAP NW PI 7.

Hello SAP community,
I am facing a strange issue with Windows 7 - Internet Explorer 11 and SAP NW java services (I hope I am in the correct discussion) ...
When I try to open URL http://sapserver.hosters-name:port it is working so far with Windows 7 and Internet Explorer 11.
But when I click than on NWA (example), I am getting "http 500 server error".
I don't have the issue, when I start-up a VMware Workstation with Windows XP and Internet Explorer 8.
But now the strange part: In our network DNS (Domain Name Service), we can also open the URL by http://sapserver.our-dns:port.
Than it is working without problems with Windows 7 and Internet Explorer.
I would agree to state the comment - it is just a Windows 7/Internet Explorer 11 issue, if it wouldn't work for both URLs (http://sapserver.hosters-name:port = problem URL; http://sapserver.our-dsn:port = working).
We are using a SAP NW PI 7.x system. Some URLs for PI are using http://sapserver.hosters-name:port/java service.
Do you have any hints what is cause the issue - I suspect some with Internet Explorer and Firefox (because with Google Chrome at least the URL for NWA is opened, beside the issue, Google Chrome can't display NWA content)?
Thanks for your help.
Best regards
Carlos

Hi all,
I think I found the solution.
The reason seems to be, the domain name for http://sapserver.our-dns:port, "our-dns" was already added to the compatibility view settings of Microsoft Internet Explorer.
That seemed to be the reason, why it was working with http://sapserver.our-dns:port.
When I now added for http://sapserver.hosters-name:port the domain "hosters-name" to the compatibility view settings it is now working.
Internet Explorer Options => Settings for compatibility view => Add domain
Best regards
Carlos

Strange issue with VPN

Hello, I have a strange issue with a VPN we have on our ASA 5520. We have 2 subnets my side of the VPN that can get to 27 subnets on the other side of the VPN. However the last remote subnet which I will call 28 I find only 1 of my 2 subnets can get too. When I reset the tunnel I find that my subnet cannot bring the IPSec tunnel up but the othe side of the tunnel can. When I view my VPN tunnel Rx always has a value but Tx is always zero, which suggests the traffic isnt even getting there, but this subnet is all the same rules as the other subnets that work. Any debug commands or tracing you can suggest? I've had others look at the issue and the cant see an issue. Thanks

Looks like you have a OD server setup for user authentication so you need to run this
vpnaddkeyagentuser /LDAPv3/127.0.0.1
that will add the correct record to OD and it will authenticate.
Peter

Issue with Mac OS 10.8.3 and Anyconnect VPN Client 3.1.02026

Hi all,
I am running Anyconnect VPN Client 3.1.02026 on Mac OS X 10.8.3. I am unable to connect to my corporate network as the connection fails with following error :
The VPN client was unable to successfully verify the IP forwarding table modifications. A VPN connection will not be established.
Can anyone suggest remedies. I am completely stuck. I had an older AnyConnect client and it was working until a few days back when it stopped working. I then upgraded to 3.1.02026.
As suggested in some of the pots on the web, i have disabled the following AirPort, Bonjour, Bluetooth, Adium, restarted after these changes and yet i am seeing this.
My company has corporate license for Cisco AnyConnect VPN.
TIA
kumar

MartyP wrote:
Or is there a problem with both OS's writing stuff to the
~/Home/Library folder that may be incompatible?
Yes, big time. Mail, for sure, has a different file/folder structure, and would not be happy.
Plus, a number of apps (Apple and 3rd-party) are "Sandboxed." That's a security feature, to prevent malware or bad coding from affecting things it shouldn't. Some of their files, including the preferences files, aren't even stored in the same places!
Or to other places I'm not aware of?
Probably. If you have two versions of the same app, they may or may not expect the same data setup.
To have one User folder for both OS's would save a lot of drive space
Not if you use some or all of woodmeister50's suggestions.
But I'm also not sure how I'd use Time machine with such a set up.
Just as you do now. By default, Time Machine backs-up everything (except things like system work files, most caches and logs, trash) for all users and all internal drives & partitions. By default, it excludes external drives.
You can change those defaults, of course, via TM Preferences > Options.
See Time Machine - Frequently Asked Question #32 for details and considerations of multiple drives.
Presently I backup with . . . clones to other HD's
Good. Yes, clones are different. You need multiple "tasks" to back up multiple drives/partitions. But once set up, that shouldn't be a big deal.

Mavericks VPN dropouts with native VPN client and Cisco IPSec

Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions?

Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions?

Windows 8 64 bit issues with Cisco AnyConnect Secure Mobility Client version 3.1.04072

I am having an issue with the Cisco AnyConnect Secure Mobility Client version 3.1.04072 on a Windows 8 64 bit laptop.
I am able to create the VPN connection but the connection will not allow data to be transferred.
Stats from a manual connection:
Cisco AnyConnect Secure Mobility Client Version 3.1.04072
VPN Stats
    Bytes Received: 14375
    Bytes Sent: 0
    Compressed Bytes Received: 0
    Compressed Bytes Sent: 0
    Compressed Packets Received: 0
    Compressed Packets Sent: 0
    Control Bytes Received: 0
    Control Bytes Sent: 0
    Control Packets Received: 0
    Control Packets Sent: 0
    Encrypted Bytes Received: 7820
    Encrypted Bytes Sent: 1207
    Encrypted Packets Received: 9
    Encrypted Packets Sent: 3
    Inbound Bypassed Packets: 0
    Inbound Discarded Packets: 0
    Outbound Bypassed Packets: 0
    Outbound Discarded Packets: 0
    Packets Received: 4
    Packets Sent: 0
    Time Connected: 00:03:01
Protocol Info
    Inactive Protocol
        Protocol Cipher: RSA_3DES_168_SHA1
        Protocol Compression: None
        Protocol State: Disconnected
        Protocol: DTLS
    Active Protocol
        Protocol Cipher: RSA_3DES_168_SHA1
        Protocol Compression: Deflate
        Protocol State: Connected
        Protocol: TLS
OS Version
    Windows 8 : WinNT 6.2.9200
Log from the data transmission software:
24/12/2013 12:51:13 - Application version = 1.11.28.0
24/12/2013 12:51:13 - Lodgement Library Version = 1.11.28.0
24/12/2013 12:51:13 - Connection Method = INTERNET
24/12/2013 12:51:13 - DIS Connection Type = Automatic
24/12/2013 12:51:13 - VPN Client = ACTIVE
24/12/2013 12:51:13 - Check Available Connections = NOT ACTIVE
24/12/2013 12:51:13 - Windows 8 (6.2.9200 SP )
24/12/2013 12:51:13 - Language: English (Australia)
24/12/2013 12:51:13 -
24/12/2013 12:51:13 - Connected to ISP via LAN
24/12/2013 12:51:13 - Checking for presence of VPN client.
24/12/2013 12:51:13 - VPN client found. (C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe)
24/12/2013 12:51:13 - The Cisco AnyConnect Secure Mobility Client application is in use.
24/12/2013 12:51:18 - Terminating Cisco AnyConnect Secure Mobility Client in progress ...
24/12/2013 12:51:18 -
24/12/2013 12:51:18 - Checking Cisco AnyConnect version.
24/12/2013 12:51:19 - Cisco AnyConnect Secure Mobility Client (version 3.1.04072) .
24/12/2013 12:51:19 - Copyright (c) 2004 - 2013 Cisco Systems, Inc. All Rights Reserved.
24/12/2013 12:51:19 - Config file directory:C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\
24/12/2013 12:51:19 -
24/12/2013 12:51:19 - Loading profile:C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\ELS-IMelAde-TCP.xml
24/12/2013 12:51:19 -
24/12/2013 12:51:19 - Initializing the VPN connection.
24/12/2013 12:51:19 - Ready to connect.
24/12/2013 12:51:19 - Ready to connect.
24/12/2013 12:51:19 - Contacting ELS-IMelAde-TCP.
24/12/2013 12:51:23 - Authenticating user.
24/12/2013 12:51:23 - Connected to VPN concentrator.
24/12/2013 12:51:23 - Establishing VPN session...
24/12/2013 12:51:23 - Checking for profile updates...
24/12/2013 12:51:23 - Checking for product updates...
24/12/2013 12:51:23 - Checking for customization updates...
24/12/2013 12:51:23 - Performing any required updates...
24/12/2013 12:51:23 - Establishing VPN session...
24/12/2013 12:51:23 - Establishing VPN - Initiating connection...
24/12/2013 12:51:24 - Establishing VPN - Examining system...
24/12/2013 12:51:24 - Establishing VPN - Activating VPN adapter...
24/12/2013 12:51:24 - Establishing VPN - Configuring system...
24/12/2013 12:51:24 - Establishing VPN...
24/12/2013 12:51:24 - Connected to VPN concentrator.
24/12/2013 12:51:24 - Connected to ELS-IMelAde-TCP.
24/12/2013 12:51:24 - Connected to VPN concentrator.
24/12/2013 12:51:24 - Connection to VPN client return code = 0.
24/12/2013 12:51:24 - Connected to VPN concentrator.
24/12/2013 12:51:24 - Connecting : Connecting to 203.202.43.2.
24/12/2013 12:51:45 - Error in ConnectToDIS - Socket Error # 10060
Connection timed out.
24/12/2013 12:51:46 -
24/12/2013 12:51:46 - Disconnecting from the VPN concentrator.
24/12/2013 12:51:46 - Disconnect in progress, please wait...
24/12/2013 12:51:46 - Detaching AnyConnect, please wait...
24/12/2013 12:51:47 - Detached.
24/12/2013 12:51:47 - Disconnected from VPN concentrator.
24/12/2013 12:51:47 - *****************************************************
24/12/2013 12:51:47 -               END OF LODGEMENT PROCESS
24/12/2013 12:51:47 - *****************************************************
Issue history:
- Previously running Cisco VPN client on Windows 8 64 bit laptop (VPN working and able to transmit data over VPN)
- Upgrade to Windows 8.1 stopped the VPN client working
- Refreshed system back to Windows 8 and reinstalled all software
- Cisco VPN client would not install on system
- Cisco AnyConnect Secure Mobility Client installs and is able to connect to VPN host
- Cisco AnyConnect Secure Mobility Client downloads and installs software from VPN host
- Data transmission software returns error code #10060
Any assistance would be greatly appreciated.

anyone found the fix for this?

Strange issue with Exchange system

Hello,
I'm experiencing a strange issue with one of the Exchange 2013 mailbox servers running on Windows 2012. When trying to upgrade it to the new CU5, I'm getting the following errors:
Error:
The local domain needs to be prepared using Setup /PrepareDomain before server roles can be installed.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DomainPrepRequired.aspx
Error:
The Mailbox server role isn't installed on this computer.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.UnifiedMessagingRoleNotInstalled.aspx
Error:
The Mailbox server role isn't installed on this computer.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.BridgeheadRoleNotInstalled.aspx
Error:
An unsupported operating system was detected. Exchange Server 2013 Client Access, Mailbox, and Edge Transport server roles support Windows Server 2008 R2 SP1 or later and Windows Server 2012.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ValidOSVersion.aspx
In the Exchange organization there are 2 CAS servers, 2 MBX servers.
Memento Mori

Hi Vick,
Based on my research, I suggest you should upgrade the AD first.
1. Exchange 2013 CU5 contains schema changes. To upgrade the Schema to CU5 you can execute the following command:
Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
2. And you also should upgrade the
Configuration Partition and the Domain Partition with the following command:
Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
Setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms
3. After finished above two steps, now you can start to upgrade an Exchange 2013 server to CU5. Open a command prompt and enter the following command:
Setup.exe /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

Boot camp with Cisco VPN client and smart card

Looking at a Macbook or Macbook Air and the only reason I need to run windows is to be able to access my work network through the Cisco VPN client and my Smartcard then use remote desktop. From my understanding if I run Bootcamp it should work am I correct? Im going to an Apple store tomorrow hopefully they can help too.
Thanks

mrbacklash wrote:
Ok with that being said will the MBA 11.6 1.4ghz have the guts to make it run mostly internet based programs over the VPN connection?
I think if you are running apps over the Internet the bottleneck will be the Internet and your VPN bandwidth. Your computer can certainly execute faster than Internet communications.
Besides, Internet or remote applications run on the remote server. All your local computer does is local processing of the data if necessary.
Message was edited by: BobTheFisherman

Problem with Cisco VPN client and HP elitebook 2530p windows 7 64-bit

Hi there
I have a HP Elitebook 2530p which i upgraded to windows 7 64-bit. I installed the Cisco VPN client application (ver. 5.0.07.0290 and also 64-bit) and the HP connection manager to connect to the internet through a modem Qualcomm gobi 1000 (that is inside the laptop). When I connect to the VPN, it connects (I write the username and password) but there is no traffic inside de virtual adapter for my servers. When I connect to the internet through wire or wireless internet, I connect de VPN client and there is no problem to establish communication to my servers.
I tried everything, also change the driver and an earlier version of the HP connection manager application. I also talked to HP and they told me that there was a report with this kind of problem and it was delivered to Cisco. I don’t know where is the problem.
Could anyone help me?
Thanks to all.

You can try to update Deterministic Network Enhancer to the below listed release which supports
WWAN Drivers.
http://www.citrix.com/lang/English/lp/lp_1680845.asp.
DNE now supports WWAN devices in Win7. Before downloading the latest version of DNEUpdate from the links below, be sure you have the latest
drivers for your network adapters by downloading them from the vendors websites.
For 64-bit: ftp://files.citrix.com/dneupdate64.msi
Hope that helps.

Strange issue with WEBI schedule Report

Hi All,
I have a strange issue with schedule WEBI reports, a schedule report runs for Hours , i reschedule it again by deleting the instance and the schedule report never got succeed even after running for hours.
Any idea???
regards

Hi Manoj,
1. Try to put some filters in the report and then run the report. if it takes less time, then probably your query is fetching very large data.
2. MDX query error may be the reason , this error come when a query runs endless, please try running the query 2-3 times, or when load on server is less.
Hope this will help,
Anamika.

Strange issue with RAM upgrade: It works but it doesn't! Please help.

Hello Everyone,
I have a very strange issue with my iMac since upgrading my RAM from 4 to 12 gig. When I first installed the new RAM it booted up and ran great. The next time I went to boot the iMac up it swtiched on but didn't get as far as the first white boot up screen. I tried turning it off and on a few times using the power on/off button but still no success. I decided to remove the RAM and reseat it. The computer then booted up again fine. Here's the problem though: when I went to switch my iMac on the next day it wouldn't boot up. Again, I took the RAM out and put it back in and the iMac booted up fine. I've checked the status of the RAM in the system profiler and it reports that everything is OK. So, I'm at a loss. Obviously, I don't want to go through this process every time I want to start up my Mac. Any ideas/solutions would be very gratefully received.
Many thanks in advance.

I completely agree with you. It will be one of the 3 issues you outline. The machine was bought brand new and has never given me a problem. It is just the introduction of the new RAM that has started a problem. However, I did just risk a restart and it booted up fine. I don't know if a restart is any different to shutting down and then pressing the on/off button to start the computer. Maybe my last reseating has done the trick or maybe my thinking is flawed because restarting involves a different process to booting up by pressing the on/off button. I don't know.
In the part of the world I'm sitting in it's night time now so I will leave the diagnostics running and check the results in the morning. I hope the issue is now resolved anyway. This sort of thing takes me back to my dark PC days although in this case I know it's probably not the Mac's fault.
Thanks again. Very much appreciated.

Strange issue with rights of account, used by SSIS (Foreach Loop Container does not return file names without Admin rights on server)

Hello everyone.
Faced very strange issue with account, which is used to run SSIS package.
The specific package uses Foreach Loop Container to retrieve file names within the specified folder, and put them into Import file task.
The package is set up to run under specific service account. This service account is given all permissions (Full control) to the folder where source files reside.
So the issue is: SSIS package fails to execute this task (Foreach Loop Container and then Import), and shows that no files are found in the directory (although files ARE there).
Once we're adding the service account into local Administrators group on the SQL Server, it works! Removing - does not work again. We cannot leave the service account as SQL server's admin as it's prohibited by our IT policies, and is just a bad practice.
Any ideas, please?
MCP

Here's the real log output:
Date 16.04.2014 12:47:09
Log Job History (RU-BW: Update)
Step ID 1
Server Server
Job Name RU-BW: Update
Step Name bw_import_cust_master_data
Duration 00:00:02
Sql Severity 0
Sql Message ID 0
Operator Emailed
Operator Net sent
Operator Paged
Retries Attempted 0
Message
Executed as user: service_account Microsoft (R) SQL Server Execute Package Utility Version 10.50.4286.0 for 64-bit Copyright (C) Microsoft Corporation 2010. All rights reserved. Started: 12:47:09 Error: 2014-04-16 12:47:11.45
Code: 0xC0202070 Source: bw_import_cust_master_data Connection manager "Input" Description: The file name property is not valid. The file name is a device or contains invalid characters. End Error Error:
2014-04-16 12:47:11.47 Code: 0xC0202070 Source: bw_import_cust_master_data Connection manager "Input" Description: The file name property is not valid. The file name is a device or contains invalid characters. End
Error Error: 2014-04-16 12:47:11.48 Code: 0xC0202070 Source: bw_import_cust_master_data Connection manager "Input" Description: The file name property is not valid. The file name is a device or contains invalid
characters. End Error Error: 2014-04-16 12:47:11.48 Code: 0xC020207E Source: Import file Flat File Source [1] Description: The file name is not valid. The file name is a device or contains invalid characters.
End Error Error: 2014-04-16 12:47:11.48 Code: 0xC004701A Source: Import file SSIS.Pipeline Description: component "Flat File Source" (1) failed the pre-execute phase and returned error code 0xC020207E.
End Error DTExec: The package execution returned DTSER_FAILURE (1). Started: 12:47:09 Finished: 12:47:11 Elapsed: 2.324 seconds. The package execution failed. The step failed.
MCP

Strange issue with 3.6.3 VPN Client and IOS firewall

Similar Messages

Maybe you are looking for