Up / Down VPN Client

Similar Messages

• Windows VPN clients can't use network servers after 10.5.1 upgrade

  We have two Xserves, both formerly running 10.4.11. One is the OD master, the other a replica. The replica is also the VPN server, and is a DHCP server for the small number of IP addresses reserved for VPN clients.
  The OD master upgrade went fine. I completely reinstalled the OD replica, set the replica up again, and set up the VPN server. It supports L2TP/IPsec connections only.
  After the upgrade, Mac users running Tiger or Leopard can connect to the VPN server and connect to network services without any problems. Windows users can connect, but cannot actually USE anything on my office network. For example, if you try to connect to a web server either by fully qualified domain name or by hostname, the connection from the browser simply times out.
  In the Windows command line I can verify that I have an active connection by pinging and using the tracert command (equivalent of traceroute on UNIX). Hostname resolution works, too. But nothing happens when you try to open a web browser, which is mostly what my users need to do.
  It doesn't matter whether you're logging in with an OD user account or a local account defined solely on the VPN server. Same behavior in Windows.
  I had to take an older XServe running 10.4.11 out of our data center, move it to the office, and set it up on the same external network connection. 10.4.11 server works, 10.5.1 doesn't, from the same Windows client, set up exactly the same way.
  I've been through the hoops with Apple Enterprise support, who now tell me that Engineering kicked it back to them and told them they'd charge me $695 to get it fixed, because it's ostensibly custom configuration work. If that's true, why is Windows XP listed under L2TP/IPSec support on page 127 of the Leopard Network Services Admin guide? I don't want a custom fix, I just want it to work the way it's supposed to work. Or I want Apple to retract the claim that OS X Server is the best workgroup server solution for Macs and Windows.
  Anyone else encounter this problem or know of a fix?

  Had the same problems, started after i tried out the firewall in Leopard server.
  Seems that not all settings are reset even after turning the firewall off.
  To reset the firewall to its default setting:
  1 Disconnect the server from the Internet.
  2 Restart the server in single-user mode by holding down the Command-s keys during
  startup.
  3 Remove or rename the address groups file found at /etc/ipfilter/
  ipaddressgroups.plist.
  4 Remove or rename the ipfw configuration file found at /etc/ipfilter/ipfw.conf.
  5 Force-flush the firewall rules by entering the following in Terminal:
  $ ipfw -f flush
  6 Edit the /etc/hostconfig file and set IPFILTER=-YES-.
  7 Complete the startup sequence in the login window by entering exit:
  The computer starts up with the default firewall rules and firewall enabled. Use Server
  Admin to refine the firewall configuration.
  8 Log in to your server’s local administrator account to confirm that the firewall is
  restored to its default configuration.
  9 Reconnect your host to the Internet.
  This solved the problem for me...

• WRV200 - Problems with VPN Client and Internal network access

  I have a WRV200 router and want to access the internal (Private Network) connected on the inside. I have successfully conected to the router with the Linksys VPN Client, but it does not appear to allow access to the internal network.
  How do I enable NAT Transversal or Passthru? I have already selected all of the PPTP, L2TP and IPSEC Pass Through.
  Has anyone gotten this to work?

  I have actually gotten this to work. Issues surround this include the ability to get to the VPN if the main DNS is down (it does not fail over to the next DNS in the list).
  If you unselect all of the boxes in the firewall General configuration, you can connect, but if you need to have all of this unchecked, what's the sense of having it?
  Anyway, you can use the DoS Prevention, this is not interfering.
  HTH.

• VPN Client and Dynamic isakmp keys not working

  Hi,
  I'm trying to enable DMVPN endpoints from dynamic IP addresses, e.g. adding in:
  crypto isakmp key XXXXXXX address 0.0.0.0 0.0.0.0 no-xauth
  The problem is when I add this line, it breaks our remote VPN Client.  Removing the line makes everything work fine again, except I can't add a DMVPN endpoint that has a dynamic IP.
  Presently all DMVPN spokes have static IP addresses configured and individual keys for each (I'm trying to simply/cut down our config and use a single key for all of them plus enable staff from home on dynamic IP's).
  I can't tell if this is an IOS bug, or if I need to configure something differently.
  Our VPN client is configured as a dynamic map, e.g.:
  crypto isakmp client configuration group vpnclient
  key RAH RAH RAH
  etc.
  crypto isakmp profile vpnclient
     match identity group vpnclient
     client authentication list vpnuser
     isakmp authorization list vpngroup
     client configuration address respond
  crypto ipsec transform-set VPNCLIENT esp-aes 256 esp-sha-hmac
  crypto dynamic-map vpnclient 10
  set transform-set VPNCLIENT
  set pfs group2
  set isakmp-profile vpnclient
  crypto map vpn 65535 ipsec-isakmp dynamic vpnclient
  And then attached to my WAN interface as crypto map.

  Hi Scott,
  What IOS Version are you using ? I don't see any reason that this command would break Remote VPN Connectivity.
  Maybe you can try
  crypto isakmp key XXXXXXX address 0.0.0.0 0.0.0.0 (remove the no-xauth, as it's not needed).
  Otherwise, you may share output of debug crypto isakmp to see exactly what is failing when the remote users are connecting.
  Regards,
  Bastien

• VPN Client and Windows Folder Synchronisation

  We are currently having problems with Windows XP Laptops which have folders Synchronised to Servers.
  When they are working remotely, they use the VPN client to connect to the network. Unfortunately, the VPN Client Adapter does not appear in the "Network Connection" drop down menu within the Synchronisation Setup screens. This means that the synchronisation takes place once the Physical Adapter (LAN or Wireless) comes active and an error message appears everytime.
  Has anyone come across this and found a fix for it ? There must be a away of getting the VPN LAN Adapter into the Synchronisation Network Connection list.

  The only supported IPSec client for Windows 7 is 5.0.6. I would recommend uninstalling the client version that you have, upgrade the DNE package from Citrix, and then install the latest IPSec client.
  Release Note:
  http://www.cisco.com/en/US/partner/docs/security/vpn_client/cisco_vpn_client/vpn_client5006/release/notes/vpnclient5006.html#wp62415
  DNE Update:
  http://www.citrix.com/lang/English/lp/lp_1680845.asp
  Client Download:
  http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=5.0.06.0110&mdfid=281940730&sftType=VPN+Client+Software&optPlat=Windows&nodecount=2&edesignator=null&modelName=Cisco+VPN+Client+v5.x&treeMdfId=268438162&treeName=Security&modifmdfid=&imname=&hybrid=&imst=&lr=Y

• VPN Client and DNS settings

  Hello,
  here are few posts (quite some time ago) telling the same trouble:
  The VPN Client does *NOT* restore the original DNS settings.
  Upon BM3.8.2 Massimo told, that this is a bug in that version of the VPN
  client. I face this issue with 3.8.16 and nwclient 4.91.4 with or without
  the three currently available hotfixes [1]
  Anybody else facing this trouble with the current VPN client release?
  May be an older one works better, any experiences?
  This trouble is fact even after clean disconnects. But it happens only now and then,
  I might need to try it 50 times to see it once.
  a followup in CMD boxes with ipconfig /all does show, that the times
  to restore the original DNS settings vary from 2 to 30 seconds. Mostly about 5 seconds.
  Massimo also told, that a "VPN-down" due to a Win-Shutdown can cause this: So is
  there a possibility to trigger a "clean-VPN down" in the Win-shutdown sequence?
  As a workaround I packed this line into all users "run" key:
  netsh int ip set dns name="LAN-Verbindung" source=dhcp
  so at least after a reboot it's corrected.
  Any suggestions appreciated,
  [1]
  Novell Client 4.91 Post-SP2/3/4 NWSPOOL.DLL
  Novell Client post-4.91 SP4 LGNCXW32.DLL
  Novell Client 4.91 Post-SP4 NWGINA.DLL 1
  IT-Beratung Rudolf Thilo
  Schweinfurter Str. 131
  97464 Niederwerrn
  t: +49 (0)9721/6464840
  f: +49 (0)9721/6464841
  m: +49(0)171/685 9 685

  Hello Craig,
  thanks for your answer.
  [VPN Client sometimes doesn't restore DNS settings after disconnecting]
  e.g. TID 10096552 is telling such a trouble, that should be fixed with
  BM VPN Client 3.8.10
  > > Any suggestions appreciated,
  > >
  > This one seems to be so related to the design of the VPN client that
  > you may need to open an incident to get it fixed, if that even would
  > help.
  >
  > There used to be a utility designed to clean up after the VPN client,
  > but I can't remember now what it was. I never tried it that I can
  > remember.
  Anybody else who knows about that tool?
  After doing some "teachment" to these VPN users the incidents of this
  trouble didn't show up as frequent as before. So I assume, that one
  reason might be this:
  Scenario
  VPN connect
  PCA connect to host in corporate LAN
  PCA full screen *SHOULD* be activated (ALT+ENTER)
  working, working, working
  shutdown PC in corporate LAN
  close VPN tunnel
  shutdown local home office PC.
  When it was missed to activate PCA fullscreen without noticing this,
  then the "remote" start button is not visible.
  So instead of shutting down the remote PC, the local PC is shut down.
  By that, the local shutdown is killing (not cleanly disconnecting)
  the VPN client. When this happened (and I 100% can reproduce this)
  after the next boot of the home office PC the VPN connect will *ALWAYS*
  fail. After another reboot the VPN connect will succeed again without
  any problems.
  Is this a known issue? (I cannot find that TID I found before telling
  missbehaviour when VPN connects are not disconnected clean. IIRC this
  was something fixed in a VPN client version /several/ subversions ago)
  Home Office PC = XPSP2+Hotfixes, VPN Client BM 3.8.16, nici from that
  one first, now taken from NWClient 4.91.4, no difference.
  Regards, Rudi.
  IT-Beratung Rudolf Thilo
  Schweinfurter Str. 131
  97464 Niederwerrn
  t: +49 (0)9721/6464840
  f: +49 (0)9721/6464841
  m: +49(0)171/685 9 685

• VPN clients cannot access inside network

  I have a ASA 5505 that I am using as a VPN appliance. The outside interface is connected to the DMZ (172.16.2.10) and the inside to our internal network (10.27.1.12). VPN clients are assigned an address in the range 10.27.2.2-10.27.2.20. A 1841 is the router and firewall for the network. Recently the ASA lost power when a UPS went down and now VPN clients can no longer access anything on the inside network. Config is attached. Help.

  I realized after I posted that I should have a connection active when running this command. Here is the results:
  Result of the command: "show crypto ipsec sa"
  interface: outside
  Crypto map tag: outside_dyn_map, seq num: 20, local addr: 172.16.2.10
  local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
  remote ident (addr/mask/prot/port): (10.27.2.2/255.255.255.255/0/0)
  current_peer: 169.130.14.253, username: kenz
  dynamic allocated peer ip: 10.27.2.2
  #pkts encaps: 5, #pkts encrypt: 5, #pkts digest: 5
  #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
  #pkts compressed: 0, #pkts decompressed: 0
  #pkts not compressed: 5, #pkts comp failed: 0, #pkts decomp failed: 0
  #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
  #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
  #send errors: 0, #recv errors: 0
  local crypto endpt.: 172.16.2.10, remote crypto endpt.: 169.130.14.253
  path mtu 1500, ipsec overhead 58, media mtu 1500
  current outbound spi: 208F45F5
  inbound esp sas:
  spi: 0x2026D973 (539416947)
  transform: esp-3des esp-sha-hmac none
  in use settings ={RA, Tunnel, }
  slot: 0, conn_id: 4096, crypto-map: outside_dyn_map
  sa timing: remaining key lifetime (sec): 28406
  IV size: 8 bytes
  replay detection support: Y
  outbound esp sas:
  spi: 0x208F45F5 (546260469)
  transform: esp-3des esp-sha-hmac none
  in use settings ={RA, Tunnel, }
  slot: 0, conn_id: 4096, crypto-map: outside_dyn_map
  sa timing: remaining key lifetime (sec): 28406
  IV size: 8 bytes
  replay detection support: Y
  So it looks like there are encrypts but no decrypts. What should I do now?

• FortiClient SSL VPN Client Not Functioning Correctly

  Hello,
  I use the FortiClient SSL application to connect to work. In Windows 7 x64 it works without issue. In Windows 8 Build 9200 it exhibits and odd behaviour.
  I can connect using FortiClient version 4.4.3.445. Once connected my sent bytes continues to increase which is correct. However received bytes stays at 0.
  If I try to Remote Desktop it fails.  This is obviously due to no inbound packets coming back from the Fortigate appliance being allowed back to Windows 8.
  Disabling the Firewall doesn't have any affect on the condition. Received bytes stays at 0. 
  This is a clean install with no 3rd party applications, other than the Forticlient software. This is only the SSL VPN portion of  the the FortiClient software and does not included AV or Firewall options.
  Doing some Googling, I've seen some other people with the same problem but no resolution. Another FortiClient user and Sophos & Juniper SSL VPN clients having the same problem.
  Does anybody have any idea what would be causing the SSL VPN to only send bytes but not receive.
  Thanks!
  UPDATE 2:
  In the built in MSTSC.exe "Remote Desktop" I went into Options/Advanced/Server Authentication. I switched the setting to "Connect and don't warn me" and that fixed the problem. The default was "Warn Me' However the warning screen was not coming up.
  Just for the heck of it I switched it back to the default settings and saved. Strangely I now get the "Warning" screen that you would normally see. So now both the built-in and App Store Remote Desktop applications are working. FortiClient still shows Bytes
  received as 0.....which is odd.
  UPDATE: Solved Workaround
  I was using the built-in Remote Desktop Application without success. I went into the APP Store and saw their was an APP called "Remote Desktop" I installed that and connected my FortiClient SSL to work. Still no received bytes like I would get in
  Win7. I then launched the "APP" Remote Desktop, punched in my PC name at work and creds and boom I can login to my work PC. FortiClient SSL still showing no received bytes, but the "Remote Desktop" from the APP store does work. Not sure why MSTSC.exe will
  not work, and why FortiClient shows no received bytes is still unsolved. At least the APP Store Remote Desktop works with the SSL Client.

  Hello Everyone,
  I finally able to track down the issue .
  After spending 3 days i found that VPN Client may bind some setting with user. I tried to install the same on my personal laptop and another machine where the user bind with same account
  (hotmail).
  Then I realize may be this is user issue so I follow below steps and it work fine.
  1. Uninstall Client from Machine
  2. Remove same from IE ( Options =>> Connections)
  3. Restart System
  4. Create Local user and provide administrator rights.
  5. Login with new user and logoff all other.
  6. Install Client.

• Bordermanager VPN-client 3.8.x + netware6.0 + Vista

  I'm currently using bordermanager 3.8.16 installed on my Windows Vista and connecting to my office by the Bordermanager VPN-client to a netware6-server (they refuse to upgrade to 6.5) and it's working! (but!).
  .. but every hour when my ISP renews it's lease for the IP-adress it won't succeed and the VPN-client and my internet-connection stops working.
  Then I have to disconnect/logout the VPN and then reconnect to my ISP and then reconnect/login to the VPN
  I also found out that the VPN doesn't work when I'm behind a NAT (but that works on my other computer (with Windows XP).
  I know Vista isn't supported on 3.8.x, but I'm wondering if it will get supported in some patch? Or can I perhaps install Bordermanager 3.9SP1 and use it on Netware6 allthough it says in the requirements that it has to be netware6.5?

  But when I'm on this page Novell: Downloads
  ... it says PLATFORMS: Netware 6.5 when doing a mouseover on the link "BorderManager 3.9 Support Pack1".
  and when following the link "BorderManager 3.9 Support Pack1" it once again says Platforms: Netware 6.5. And when reading a bit further down on that page under System Requirements:
  "1.0 System Requirements
  Make sure that NetWare 6.5 SP6 or SP7 with Novell
  BorderManager 3.9 is installed in your system, before
  you install Novell BorderManager 3.9 SP1."
  but if you tell me it works with netware6 I trust you Gonzalo (you've helped me once before). Thanks again, I'll try it.
  //reenhilm aka gummi
  Originally Posted by mysterious
  bm39sp1 contains a specific vpn client for vista. You do not have to
  upgrade the server to use it
  Gonzalo

• WLC 5508 7.0.98.0 has vpn client connection issues

  Hi
  my guest ssid is set to L2 security none and L3 Web policy and authentication local. clients that need to connect to some vpn server (internet) are reporting disconnection issues with the vpn session but not the wireless network. as soon as they get connected via another wireless internet connection the vpn connection gets stable. that makes me thing is in deed the my wireless network the one causing issues.  is there a know issues with the web authentication WLAN and vpn clients?  no firewall in the middle.
  Exclusionlist.................................... Disabled
  Session Timeout.................................. Infinity
  CHD per WLAN..................................... Enabled
  Webauth DHCP exclusion........................... Disabled
  Interface........................................ xxxxxxxxxxxxxxxx
  WLAN ACL......................................... unconfigured
  DHCP Server...................................... Default
  DHCP Address Assignment Required................. Disabled
  --More or (q)uit current module or <ctrl-z> to abort
  Quality of Service............................... Bronze (background)
  Scan Defer Priority.............................. 4,5,6
  Scan Defer Time.................................. 100 milliseconds
  WMM.............................................. Allowed
  Media Stream Multicast-direct.................... Disabled
  CCX - AironetIe Support.......................... Enabled
  CCX - Gratuitous ProbeResponse (GPR)............. Disabled
  CCX - Diagnostics Channel Capability............. Disabled
  Dot11-Phone Mode (7920).......................... Disabled
  Wired Protocol................................... None
  IPv6 Support..................................... Disabled
  Passive Client Feature........................... Disabled
  Peer-to-Peer Blocking Action..................... Disabled
  Radio Policy..................................... All
  DTIM period for 802.11a radio.................... 1
  DTIM period for 802.11b radio.................... 1
  Radius Servers
     Authentication................................ Disabled
     Accounting.................................... Disabled
     Dynamic Interface............................. Disabled
  Local EAP Authentication......................... Disabled
  Security
     802.11 Authentication:........................ Open System
     Static WEP Keys............................... Disabled
     802.1X........................................ Disabled
     Wi-Fi Protected Access (WPA/WPA2)............. Disabled
     CKIP ......................................... Disabled
     Web Based Authentication...................... Enabled
          ACL............................................. Unconfigured
          Web Authentication server precedence:
          1............................................... local
     Web-Passthrough............................... Disabled
     Conditional Web Redirect...................... Disabled
     Splash-Page Web Redirect...................... Disabled
     Auto Anchor................................... Disabled
     H-REAP Local Switching........................ Disabled
     H-REAP Learn IP Address....................... Enabled
     Client MFP.................................... Optional but inactive (WPA2 not configured)
     Tkip MIC Countermeasure Hold-down Timer....... 60
  Call Snooping.................................... Disabled
  Roamed Call Re-Anchor Policy..................... Disabled
  Band Select...................................... Disabled
  Load Balancing................................... Disabled

  Thanks Scott,
  We have two controllers and all the APs (50) are associated with the primary Controller,what is the best path to follow for the upgrade.
  we don't have Field recoversy image installed on our controller, do we have to do the FSU upgrade?
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.0.98.0
  Bootloader Version............................... 1.0.1
  Field Recovery Image Version..................... N/A
  Firmware Version................................. FPGA 1.3, Env 1.6, USB console                                                        1.27
  Build Type....................................... DATA + WPS
  System Name...................................... Airespace_01
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  IP Address....................................... 10.0.0.201
  Last Reset....................................... Power on reset
  System Up Time................................... 9 days 2 hrs 57 mins 21 secs
  System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
  Current Boot License Level....................... base
  Current Boot License Type........................ Permanent
  Next Boot License Level.......................... base
  Next Boot License Type........................... Permanent
  Configured Country............................... Multiple Countries:US,CN,DE,TW,HK
  Is the below Upgrade Path make sense ?
  1. Upgrade the Primary controller and reboot- wait till all APs associate with primary controller and download the new image
  2. Upgrade the secondary controller and reboot
  3. Failover the APs to secondary controller and test
  Siddhartha

• Contivity VPN Client, Windows Media Center and Linksys

  Has anyone had any issues connecting through VPN on Windows Media? I am using Contivity Client V6.01 (I've also tried some previous versions) and going through a Linksys router with a wireless connection. My laptop, which runs XP Home, runs flawlessly with the same client and the same connection parameters through the same Linksys router.
  When I first connect to the VPN site, it appears successful. Just a few seconds later, my wireless connection disappears. It's not just the media center, either -- it brings down my whole internet connection. Once the VPN client detects the loss of the connections, just a few seconds later, the internet connection reconnects. It's as though the VPN connection and my home network's internet connection are mutally exclusive.
  Anyone else find a solution?

  you might need to upgrade the firmware of your router and make sure that the configuration is right. because losing internet access at the same time will also be the cause of the configuration of the router.

• Starting vpn client on vista

  Hi,
  When I start the vpn client on Vista I everytime we get a screen with the
  message : an unidentified program wants access to your computer. This
  message is in an orange bar and the window itself is from user account
  control.
  How do I get rid of this message without turning off UAC?
  regards,
  John

  I was wrong - my Vista sp1 also gives me UAC warnings when I start the
  VPN client.
  I wish I could find a way to elevate priveleges on an
  application-by-application basis to eliminate the prompt, but the best
  I could do is described in the following web site:
  http://www.informationweek.com/blog/.../dont_shut_off
  _v.html
  I'll paste in the paragraph of instructions that made the prompt go
  away for me:
  "Click Start and Control Panel. Switch to Classic View (if you haven't
  already) and click on the Administration Tools icon. In the list that
  opens click on Local Security Policy, and in the next window, Local
  Policies (a tiny bit redundant, but all UIs can't be perfect -- If UAC
  is running you'll get a UAC pop-up somewhere in here). In the Local
  Policies list click Security Options, and scroll down to "User Account
  Control: Behavior" (the full title of the policy is "User Account
  Control: Behavior of the elevation prompt for administrators in Admin
  Approval Mode" but the window barely opens that far). Double-click the
  title and in the dialog box change its setting from "Prompt for
  Consent" to "Elevate without prompting." Click OK and the urge to tear
  your hair and scream at your PC will be greatly diminished in the
  future."
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to http://www.craigjconsulting.com ***

• ASA is tearing down vpn connections aleatorily

  Cisco ASA5510 running 8.0.4 is tering down vpn connections aleatorily. The user close a vpn conection with ASA by Cisco or another client, browse a server and start a file tranfer. Aleatorily the file transfer stops, the vpn still up, the user still can browse the server, but the transfer stops with a network connection error. Some times is on beginning of file, sometimes is on midle or on final of file, sometimes it works. We tried many users and many servers, with the same behavior. Without vpn the transfer works fine. The log messages are like that
  Oct 25 2012 20:23:50 ciscoasa : %ASA-6-302014: Teardown TCP connection 6360702 for dmz_sp:10.120.7.56/58119 to inside:172.18.1.3/8800 duration 0:00:00 bytes 9389 TCP Reset-O (vpnbmb)
  Any idea about what is the problem? Could be ipsec packets out of sequence? How do I check the ipsec sequence number?                 

  Cisco ASA5510 running 8.0.4 is tering down vpn connections aleatorily. The user close a vpn conection with ASA by Cisco or another client, browse a server and start a file tranfer. Aleatorily the file transfer stops, the vpn still up, the user still can browse the server, but the transfer stops with a network connection error. Some times is on beginning of file, sometimes is on midle or on final of file, sometimes it works. We tried many users and many servers, with the same behavior. Without vpn the transfer works fine. The log messages are like that
  Oct 25 2012 20:23:50 ciscoasa : %ASA-6-302014: Teardown TCP connection 6360702 for dmz_sp:10.120.7.56/58119 to inside:172.18.1.3/8800 duration 0:00:00 bytes 9389 TCP Reset-O (vpnbmb)
  Any idea about what is the problem? Could be ipsec packets out of sequence? How do I check the ipsec sequence number?                 

• VPN Client for 64 BIt OS

  Cisco VPN client is not working with 64bit OS, please let me know if there is any solution to use VPN client with 64bit OS

  You need SSL VPN solution for 64BitOS , WebVPN - Anyconnect client - Any ASA5500
  See this link for all your Q&A section
  SSL/IPsec VPN Services for the Cisco ASA Series
  http://www.cisco.com/en/US/prod/vpndevc/ps6032/ps6094/ps6120/asa_ssl.html
  Details in SSL licensing
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e39_ns347_Networking_Solutions_Brochure.html
  Clientless SSL VPN (WebVPN)
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml
  See SSL VPN/Web VPN mid page down to learn different types of WebVPN/Annyconnect deployment scenarios
  http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
  Regards
  PLS rate helpful posts

• Assign Static IP to VPN clients authenticated on AAA server

  Hi NetPros
  My objective is to assign static IP address for VPN clients.
  The tunnel group authentication is on a AAA LDAP server.
  AAA LDAP queries has been configured and tested to work.
  I followed the guide below, but could not get static IP assignment to work.
  http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/selected_topics/enforce_AD.html#wp41996
  The tunnel group is configured to use the DHCP pool and the Group policy on ASA.
  - If i do not specify dhcp pool, the error message is: "no assigned address"
  - If i configure dhcp pool, the assigned address will be from the pool
  Here are my queries on assigning a static IP for aaa-users:
  1. Do you need to configure a external policy server for static IP assignment to work?
  -I prefer to use the group policy on ASA
  2. Under the tunnel profile, do you need to specify what DHCP pool to use? If yes, what do i specify?
  3. Does DHCP service needs to be running on ldap server?
  4. As per printscreen below, is Remote Access Policy required?
  5. What am I missing out to make static IP assignment work?
  Big thanks

  Hi all
  Thanks to friends working in Cisco, they have helped to identify the root cause.
  The root cause was due to a misprint on the Cisco document.
  The correct LDAP attribute is: msRASSavedFramedIPAddress. Note on the additional 'd' after the word, 'Frame'
  In fact this LDAP attribute was also lacking of a 'd' on the ASDM scroll down selection. Would appreciate if someone relay the mistake to cisco personnel. Thanks all.