VPN CLIENT PROBLEM

Similar Messages

• Mac Lion and Cisco VPN client problems

  I just installed Lion 10.7 on my iMac and can no longer use the downloaded Cisco VPN client to connect to Microsoft Remote Desktop and access the PC in my company's office. When I try to launch the VPN client I get Error 51. I used to be able to enter a command in the Terminal as a workaround to use the VPN client when that happened, but that no longer works. I have tried booting into 32-bit mode; doesn't work. I tried to use the Cisco client built into Lion using settings provided by my company. When I try to connect I get the following message: "The negotiation with the VPN server failed. Verify the server address and try reconnecting."
  I have searched the web looking for a solution. My company's tech department is stumped; the Apple Geniuses haven't been able to help. Does anyone have any ideas how I can use either the downloaded Cisco VPN client or the client built into Lion?
  Sent from Cisco Technical Support iPad App

  Here is the link which you can use to configure the inbuilt VPN client in MAC Lion.
  http://glazenbakje.wordpress.com/2011/07/28/how-to-create-a-cisco-vpn-connection-in-apple-mac-os-x-lion/
  Make sure you configure the attributes correctly.
  Secondly the inbuilt VPN client code of Lion is made in collaboration with Cisco so there will not be any issues of compatibility.
  Cheers,
  Rohan

• Problem with VPN client on Cisco 1801

  Hi,
  I have configured a new router for a customer.
  All works fine but i have a strange issue with the VPN client.
  When i start the VPN the client don't close the connection, ask for password, start to negotiate security policy the show the not connected status.
  This is the log form the VPN client:
  Cisco Systems VPN Client Version 5.0.07.0290
  Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
  Client Type(s): Windows, WinNT
  Running on: 6.1.7601 Service Pack 1
  Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
  1      14:37:59.133  04/08/13  Sev=Info/6          GUI/0x63B00011
  Reloaded the Certificates in all Certificate Stores successfully.
  2      14:38:01.321  04/08/13  Sev=Info/4          CM/0x63100002
  Begin connection process
  3      14:38:01.335  04/08/13  Sev=Info/4          CM/0x63100004
  Establish secure connection
  4      14:38:01.335  04/08/13  Sev=Info/4          CM/0x63100024
  Attempt connection with server "asgardvpn.dyndns.info"
  5      14:38:02.380  04/08/13  Sev=Info/6          IKE/0x6300003B
  Attempting to establish a connection with 79.52.36.120.
  6      14:38:02.384  04/08/13  Sev=Info/4          IKE/0x63000001
  Starting IKE Phase 1 Negotiation
  7      14:38:02.388  04/08/13  Sev=Info/4          IKE/0x63000013
  SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 79.52.36.120
  8      14:38:02.396  04/08/13  Sev=Info/4          IPSEC/0x63700008
  IPSec driver successfully started
  9      14:38:02.396  04/08/13  Sev=Info/4          IPSEC/0x63700014
  Deleted all keys
  10     14:38:02.460  04/08/13  Sev=Info/5          IKE/0x6300002F
  Received ISAKMP packet: peer = 79.52.36.120
  11     14:38:02.460  04/08/13  Sev=Info/4          IKE/0x63000014
  RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from 79.52.36.120
  12     14:38:02.506  04/08/13  Sev=Info/6          GUI/0x63B00012
  Authentication request attributes is 6h.
  13     14:38:02.460  04/08/13  Sev=Info/5          IKE/0x63000001
  Peer is a Cisco-Unity compliant peer
  14     14:38:02.460  04/08/13  Sev=Info/5          IKE/0x63000001
  Peer supports DPD
  15     14:38:02.460  04/08/13  Sev=Info/5          IKE/0x63000001
  Peer supports DWR Code and DWR Text
  16     14:38:02.460  04/08/13  Sev=Info/5          IKE/0x63000001
  Peer supports XAUTH
  17     14:38:02.460  04/08/13  Sev=Info/5          IKE/0x63000001
  Peer supports NAT-T
  18     14:38:02.465  04/08/13  Sev=Info/6          IKE/0x63000001
  IOS Vendor ID Contruction successful
  19     14:38:02.465  04/08/13  Sev=Info/4          IKE/0x63000013
  SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 79.52.36.120
  20     14:38:02.465  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  21     14:38:02.465  04/08/13  Sev=Info/4          IKE/0x63000083
  IKE Port in use - Local Port =  0xCEFD, Remote Port = 0x1194
  22     14:38:02.465  04/08/13  Sev=Info/5          IKE/0x63000072
  Automatic NAT Detection Status:
     Remote end is NOT behind a NAT device
     This   end IS behind a NAT device
  23     14:38:02.465  04/08/13  Sev=Info/4          CM/0x6310000E
  Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
  24     14:38:02.502  04/08/13  Sev=Info/5          IKE/0x6300002F
  Received ISAKMP packet: peer = 79.52.36.120
  25     14:38:02.502  04/08/13  Sev=Info/4          IKE/0x63000014
  RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 79.52.36.120
  26     14:38:02.502  04/08/13  Sev=Info/4          CM/0x63100015
  Launch xAuth application
  27     14:38:07.623  04/08/13  Sev=Info/4          CM/0x63100017
  xAuth application returned
  28     14:38:07.623  04/08/13  Sev=Info/4          IKE/0x63000013
  SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 79.52.36.120
  29     14:38:12.656  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  30     14:38:22.808  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  31     14:38:32.949  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  32     14:38:43.089  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  33     14:38:53.230  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  34     14:39:03.371  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  35     14:39:13.514  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  36     14:39:23.652  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  37     14:39:33.807  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  38     14:39:43.948  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  39     14:39:54.088  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  40     14:40:04.233  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  41     14:40:14.384  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  42     14:40:24.510  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  43     14:40:34.666  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  44     14:40:44.807  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  45     14:40:54.947  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  46     14:41:05.090  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  47     14:41:15.230  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  48     14:41:25.370  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  49     14:41:35.524  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  50     14:41:45.665  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  51     14:41:55.805  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  52     14:42:05.951  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  53     14:42:16.089  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  54     14:42:26.228  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  55     14:42:36.383  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  56     14:42:46.523  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  57     14:42:56.664  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  58     14:43:02.748  04/08/13  Sev=Info/4          IKE/0x63000017
  Marking IKE SA for deletion  (I_Cookie=2B1FFC3754E3B290 R_Cookie=73D546631A33B5D6) reason = DEL_REASON_CANNOT_AUTH
  59     14:43:02.748  04/08/13  Sev=Info/4          IKE/0x63000013
  SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to 79.52.36.120
  60     14:43:03.248  04/08/13  Sev=Info/4          IKE/0x6300004B
  Discarding IKE SA negotiation (I_Cookie=2B1FFC3754E3B290 R_Cookie=73D546631A33B5D6) reason = DEL_REASON_CANNOT_AUTH
  61     14:43:03.248  04/08/13  Sev=Info/4          CM/0x63100014
  Unable to establish Phase 1 SA with server "asgardvpn.dyndns.info" because of "DEL_REASON_CANNOT_AUTH"
  62     14:43:03.248  04/08/13  Sev=Info/5          CM/0x63100025
  Initializing CVPNDrv
  63     14:43:03.262  04/08/13  Sev=Info/6          CM/0x63100046
  Set tunnel established flag in registry to 0.
  64     14:43:03.262  04/08/13  Sev=Info/4          IKE/0x63000001
  IKE received signal to terminate VPN connection
  65     14:43:03.265  04/08/13  Sev=Info/4          IPSEC/0x63700014
  Deleted all keys
  66     14:43:03.265  04/08/13  Sev=Info/4          IPSEC/0x63700014
  Deleted all keys
  67     14:43:03.265  04/08/13  Sev=Info/4          IPSEC/0x63700014
  Deleted all keys
  68     14:43:03.265  04/08/13  Sev=Info/4          IPSEC/0x6370000A
  IPSec driver successfully stopped
  And this is the conf from the 1801:
  hostname xxx
  boot-start-marker
  boot-end-marker
  enable secret 5 xxx
  aaa new-model
  aaa authentication login xauthlist local
  aaa authorization network groupauthor local
  aaa session-id common
  dot11 syslog
  no ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.0.1.1 10.0.1.10
  ip dhcp excluded-address 10.0.1.60 10.0.1.200
  ip dhcp excluded-address 10.0.1.225
  ip dhcp excluded-address 10.0.1.250
  ip dhcp pool LAN
     network 10.0.1.0 255.255.255.0
     default-router 10.0.1.10
     dns-server 10.0.1.200 8.8.8.8
     domain-name xxx
     lease infinite
  ip name-server 10.0.1.200
  ip name-server 8.8.8.8
  ip name-server 8.8.4.4
  ip inspect log drop-pkt
  ip inspect name Firewall cuseeme
  ip inspect name Firewall dns
  ip inspect name Firewall ftp
  ip inspect name Firewall h323
  ip inspect name Firewall icmp
  ip inspect name Firewall imap
  ip inspect name Firewall pop3
  ip inspect name Firewall rcmd
  ip inspect name Firewall realaudio
  ip inspect name Firewall rtsp
  ip inspect name Firewall esmtp
  ip inspect name Firewall sqlnet
  ip inspect name Firewall streamworks
  ip inspect name Firewall tftp
  ip inspect name Firewall vdolive
  ip inspect name Firewall udp
  ip inspect name Firewall tcp
  ip inspect name Firewall https
  ip inspect name Firewall http
  multilink bundle-name authenticated
  username xxx password 0 xxxx
  crypto isakmp policy 3
  encr 3des
  authentication pre-share
  group 2 
  crypto isakmp client configuration group xxx
  key xxx
  dns 10.0.1.200
  wins 10.0.1.200
  domain xxx
  pool ippool
  acl 101 
  crypto ipsec transform-set myset esp-3des esp-sha-hmac
  crypto ipsec transform-set xauthtransform esp-des esp-md5-hmac
  crypto dynamic-map dynmap 10
  set transform-set myset
  crypto map clientmap client authentication list userauthen
  crypto map clientmap isakmp authorization list groupauthor
  crypto map clientmap client configuration address respond
  crypto map clientmap 10 ipsec-isakmp dynamic dynmap
  archive  
  log config
    hidekeys
  interface ATM0
  no ip address
  no atm ilmi-keepalive
  pvc 8/35
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
  dsl operating-mode adsl2+
  hold-queue 224 in
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface Vlan1
  ip address 10.0.1.10 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  interface Dialer0
  ip address negotiated
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  dialer pool 1
  ppp authentication chap callin
  ppp pap sent-username aliceadsl password 0 aliceadsl
  crypto map clientmap
  ip local pool ippool 10.16.20.1 10.16.20.200
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 Dialer0
  ip route 0.0.0.0 0.0.0.0 10.0.1.2
  ip http server
  no ip http secure-server
  ip nat inside source list 1 interface Dialer0 overload
  ip nat inside source static udp 10.0.1.60 1056 interface Dialer0 1056
  ip nat inside source static tcp 10.0.1.60 1056 interface Dialer0 1056
  ip nat inside source static tcp 10.0.1.60 3111 interface Dialer0 3111
  ip nat inside source static udp 10.0.1.60 3111 interface Dialer0 3111
  ip nat inside source list 101 interface Dialer0 overload
  access-list 101 remark *** ACL nonat ***
  access-list 101 deny   ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
  access-list 101 permit ip 10.0.1.0 0.0.0.255 any
  access-list 150 remark *** ACL split tunnel ***
  access-list 150 permit ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
  control-plane
  line con 0
  no modem enable
  line aux 0
  line vty 0 4
  password xxx
  scheduler max-task-time 5000
  end 
  Anyone can help me ?
  Sometimes the vpn can be vreated using the iPhone or iPad vpn client...

  I am having a simuliar issue with my ASA 5505 that I have set up. I am trying to VPN into the Office. I have no problem accessing the Office network when I am on the internet without the ASA 5505. After I installed the 5505, and there is internet access, I try to connect to the Office network without success. The VPN connects with the following error.
  3 Dec 31 2007 05:30:00 305006 xxx.xx.114.97
  regular translation creation failed for protocol 50 src inside:192.168.1.9 dst outside:xxx.xx.114.97
  HELP?

• Problem with Cisco VPN client and HP elitebook 2530p windows 7 64-bit

  Hi there
  I have a HP Elitebook 2530p which i upgraded to windows 7 64-bit. I installed the Cisco VPN client application (ver. 5.0.07.0290 and also 64-bit) and the HP connection manager to connect to the internet through a modem Qualcomm gobi 1000 (that is inside the laptop). When I connect to the VPN, it connects (I write the username and password) but there is no traffic inside de virtual adapter for my servers. When I connect to the internet through wire or wireless internet, I connect de VPN client and there is no problem to establish communication to my servers.
  I tried everything, also change the driver and an earlier version of the HP connection manager application. I also talked to HP and they told me that there was a report with this kind of problem and it was delivered to Cisco. I don’t know where is the problem.
  Could anyone help me?
  Thanks to all.

  You can try to update Deterministic Network Enhancer to the below listed release which supports
  WWAN Drivers.
  http://www.citrix.com/lang/English/lp/lp_1680845.asp.
  DNE now supports WWAN devices in Win7.  Before downloading the latest version of DNEUpdate from the links below,  be sure you have the latest
  drivers for your network adapters by downloading them from the vendors’ websites.
  For 64-bit: ftp://files.citrix.com/dneupdate64.msi
  Hope that helps.

• Problem with VPN Client and PIX 7.0(5)

  Hi, i have a problem configuring my pix 525 7.0(5) as a remote vpn server. I already configure the pix
  sollowing this instructions (http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml)
  and i can establish a vpn using CISCO VPN Client; but i can't reach any resource from my inside network or any network define in the PIX.
  I think that could be a missing nat or an acl; but i have do a lot of research but i can figure out the solution.
  This is the configuration i apply
  access-list cryptomap-scada extended permit ip any 172.10.0.0 255.255.255.0
  access-list acl-vpn-sap-remoto extended permit ip any 172.16.42.64 255.255.255.224
  access-list acl-vpn-sap-remoto extended permit icmp any 172.16.42.64 255.255.255.224
  access-list acl-vpn-sap-remoto extended permit ip any any
  access-list acl-vpn-sap-remoto extended permit icmp any any
  ip local pool pool_vpn_sap 172.*.*.1-172.10.0.254 mask 255.255.255.0
  nat (inside) 0 access-list cryptomap-scada
  group-policy VPN_SAP_PED internal
  group-policy VPN_SAP_PED attributes
  vpn-filter value acl-vpn-sap-remoto
  vpn-tunnel-protocol IPSec
  username vpnuser password **** encrypted
  username vpnuser attributes
  vpn-group-policy VPN_SAP_PED
  crypto ipsec transform-set vpn-cliente-remoto esp-3des esp-md5-hmac
  crypto dynamic-map vpn-remoto-dymap 7 set transform-set vpn-cliente-remoto
  crypto dynamic-map vpn-remoto-dymap 7 set reverse-route
  crypto map siemens-scada-map 7 ipsec-isakmp dynamic vpn-remoto-dymap
  isakmp policy 7 authentication pre-share
  isakmp policy 7 encryption 3des
  isakmp policy 7 hash sha
  isakmp policy 7 group 2
  isakmp policy 7 lifetime 43200
  tunnel-group VPN_SAP_PED type ipsec-ra
  tunnel-group VPN_SAP_PED general-attributes
  address-pool pool_vpn_sap
  default-group-policy VPN_SAP_PED
  tunnel-group VPN_SAP_PED ipsec-attributes
  pre-shared-key clavevpnsap
  Thanks in Advanced

  Hi, thanks for you response, if i remove the acl form de vpn filter, i get the same problem (i can't reach any host). This is the output from the command that you ask for.
  PIX-Principal(config)# show running-config nat
  nat (inside) 0 access-list cryptomap-scada
  nat (inside) 9 JOsorioPC 255.255.255.255
  nat (inside) 9 GColinaPC 255.255.255.255
  nat (inside) 9 AlfonsoPC 255.255.255.255
  nat (inside) 9 AngelPC 255.255.255.255
  nat (inside) 9 JerryPC 255.255.255.255
  nat (inside) 9 EstebanPC 255.255.255.255
  nat (inside) 9 GiancarloPC 255.255.255.255
  nat (inside) 9 WilliamsPC 255.255.255.255
  nat (inside) 9 PerniaPC 255.255.255.255
  nat (inside) 9 ElvisDomPC 255.255.255.255
  nat (inside) 8 LBermudezPC 255.255.255.255
  nat (inside) 9 HelpDeskPC 255.255.255.255
  nat (inside) 9 OscarOPC 255.255.255.255
  nat (inside) 9 AnaPC 255.255.255.255
  nat (inside) 9 RobertoPC 255.255.255.255
  nat (inside) 9 MarthaPC 255.255.255.255
  nat (inside) 9 NOCPc5-I 255.255.255.255
  nat (inside) 9 NOCPc6-I 255.255.255.255
  nat (inside) 9 CiraPC 255.255.255.255
  nat (inside) 9 JaimePC 255.255.255.255
  nat (inside) 9 EugemarPC 255.255.255.255
  nat (inside) 9 JosePC 255.255.255.255
  nat (inside) 9 RixioPC 255.255.255.255
  nat (inside) 9 DaniellePC 255.255.255.255
  nat (inside) 9 NorimarPC 255.255.255.255
  nat (inside) 9 NNavaPC 255.255.255.255
  nat (inside) 8 ManriquePC 255.255.255.255
  nat (inside) 8 MarcialPC 255.255.255.255
  nat (inside) 8 JAlbornozPC 255.255.255.255
  nat (inside) 9 GUrdanetaPC 255.255.255.255
  nat (inside) 9 RVegaPC 255.255.255.255
  nat (inside) 9 LLabarcaPC 255.255.255.255
  nat (inside) 9 Torondoy-I 255.255.255.255
  nat (inside) 9 Escuque-I 255.255.255.255
  nat (inside) 9 Turbio-I 255.255.255.255
  nat (inside) 9 JoseMora 255.255.255.255
  nat (inside) 8 San-Juan-I 255.255.255.255
  nat (inside) 8 Router7507 255.255.255.255
  nat (inside) 8 NOCPc4-I 255.255.255.255
  nat (InterfaceSAN) 8 MonitorHITACHI-I 255.255.255.255

• Problem with IKE ASA 5510 VPN client

  We are experiencing a problem getting the vpn clients to connect to the ASA. The Log shows this error:
  "12 12:14:08.413 05/15/08 Sev=Info/4 IKE/0x63000013
  SENDING >>> ISAKMP OAK AG (Retransmission) to 10.10.101.2
  Our Config is attached. Any thoughts?
  Thanks
  john

  Try removing under:-
  tunnel-group * general-attributes
  remove
  "authorization-server-group TEST2"
  Test again?
  HTH.

• Problem with VPN Client passthrough on ASA 5505

  I am having a problem with passing through a VPN client connection on an ASA 5505. The ASA is running version 8 and terminates an anyconnect VPN. The ASA is using PAT. When the inside user connects with the VPN client, it connects but no traffic passes through the tunnel. I see the error
  305006 regular translation creation failed for protocol 50 src INSIDE:y.y.y.y dst OUTSIDE:x.x.x.x
  UDP 500,4500 and ESP are allowed into the ASA. Ipsec inspection has also been setup on a global policy, but the user still cannot pass traffice to the remote VPN he is connected through.
  At the Main Office we have an ASA 5510 that terminates a site to site VPN, allows remote connections with PAT and allows passthrough no problems. Any ideas?

  I am having a simuliar issue with my ASA 5505 that I have set up. I am trying to VPN into the Office. I have no problem accessing the Office network when I am on the internet without the ASA 5505. After I installed the 5505, and there is internet access, I try to connect to the Office network without success. The VPN connects with the following error.
  3 Dec 31 2007 05:30:00 305006 xxx.xx.114.97
  regular translation creation failed for protocol 50 src inside:192.168.1.9 dst outside:xxx.xx.114.97
  HELP?

• Problem with VPN Client and network access

  We are running VPN client 4.0.1 on our laptops, and there are a number of users who are getting documents they are using on the internal network (off VPN) corrupted. The initial cause seemed to be the stateful firewall, but I have that turned off, and we are still getting it.
  It only seems to be on the machines with VPN client installed, and it is only happening when the user is working on a file direct from the network drive. They are not connecting via the VPN client when the problem occurs.
  any suggestions?
  William.

  Did you get any joy with this ? We seem to be having the same issue.
  Thanks

• Problems with VPN-Client 5.0 instoled on Windows Vista over ADSL Conecction

  Hi, I have severals clients that they use Windows Vista and connects throw there lan over a VPN-Client. The clients that has an ADSL connection in there hose has disconect problems. Do you know why?? Do you know same workarround to do?? Thanks.
  Regards.

  Make sure that you have the right cable pinout and that your ISP has turned on the DSL service. Troubleshoot the DSL connection by watching the modem state of the ADSL interface as the line retrains.
  To use the VPN Client, you need
  - Direct network connection (cable or DSL modem and network adapter/interface card), or
  - Internal or external modem
  For further more troubleshoot click this link,
  http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client500_501/release/notes/51client.html#wp1550392

• Problem accessing company resources remotely using Cisco VPN Client

  I connect to my company's network remotely using Cisco VPN client both from a PC (v 4.0.1) and from a MacBook Pro (v 4.9.00)(same configs), and use Remote Desktop to connect to my work computer, and now i'm able to use Citrix to run applications on the company server.
  The problem occurs on the Mac when I'm connecting from a location that uses the same private domain IP as our company's private domain. Our company's private domain is 192.168.1.x, so when I'm using the Mac on a WiFi router that happens to be set to 192.168.1.1, the Mac can connect using VPN but the remote desktop cannot connect to my work computer. Presumably, the Mac doesn't "know" that I'm trying to go through the VPN for the connection and not connect to something locally.
  This problem seems to be unique to the Mac. Every Windows machine with the same client installed has no problems no matter what WiFi I've tried. The Mac works fine on any WiFi that is not 192.168.1.x.
  However, since 192.168.1.x is very common (hotels, airports, etc., its a major problem with the Mac.
  Suggestions are greatly appreciated!
  Also, now that we're moving to Citrix, our administrator has created a webpage on the intranet that we launch applications from, but the Mac cannot find that page when connected to VPN from 192.168.1.x. Same problem.
  Thanks in advance.

  Hi,
  I presume you have split-tunneling activated.
  1. Make sure the 192.168.1.x is on the protected networks and on the MacBook client, disable "Allow local LAN access"
  2. Create a separate group for the Mac users and assgn them a different pool (192.168.100.x )and advertise it in your company to point to the VPN Concentrator.
  3. Use the NAT feature on your VPN concentrator.
  If this helped, please rate.
  Regards,
  Daniel

• Problems Installing VPN Client on Intel iMac Core Duo

  We tried installing the VPN Client software (v.4.9.00.0050) on an Intel Core Duo iMac by dragging the application into the applications folder on the hard drive. When trying to start VPN Client, it gave a message referring to "architecture not supported) and wouldn't start up. We have installed this successfully on other macs outside our office without problems. Does anyone have any suggestions?

  For such appkcation to work in a platfrom you need to install the application using the stansard installer supplied with the application.
  For more information refer the url given below,
  http://www.cisco.com/en/US/products/sw/secursw/ps2308/prod_release_note09186a00806ecf3b.html

• Watchguard SSL VPN client on OSX 10.7 Lion TUN/TAP Kernel Problem

  I upgraded to OSX 10.7 Lion and lost the use of the Watchguard VPN client.
  I eventually found a solution at http://lesmond.net/2011/07/watchguard-ssl-vpn-client-on-osx-10-7-lion/
  I had already uninstalled Watchguard VPN and tried to reinstall to see if that worked (poor advice from another forum)
  I hadn't manually removed Watchguard icon from the dock.
  When you try to reinstall the dialog tells you to run an postupgrade script on the TUN/TAP kernel and then quits with a fail.
  If you install openVPN in this scenario you get an openVPN app and menu item, both of which do nothing.
  Click on the Watchguard dock icon and connect.
  I was then asked to upgrade and ended up with the run post upgrade script dialog and quit with a fail.
  I then clicked on the Watchguard doc icon again and connected.
  This time it connected with no problem.
  Hope this helps!

  WG has new firmware that will fix the problem, once flashed, download the new client vpn client (11.5.1) and you should be good to go.
  I had to contact WG to get the patch as it was not in the portal  Version 11.3.4 CSP6 for my device.  Hope this helps someone.

• ASA 5505 VPN client LAN access problem

  Hello,
  I'm not expert in ASA and routing so I ask some support the following case.
  There is a Cisco VPN client (running on Windows 7) and an ASA5505.
  The goals are client could use remote gateway on ASA for Skype and able to access the devices in ASA inside interface.
  The Skype works well but I cannot access devices in the interface inside via VPN connection.
  Can you please check my following config and give me advice to correct NAT or VPN settings?
  ASA Version 7.2(4)
  hostname ciscoasa
  domain-name default.domain.invalid
  enable password wDnglsHo3Tm87.tM encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address dhcp setroute
  interface Vlan3
  no forward interface Vlan1
  nameif dmz
  security-level 50
  no ip address
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0 any
  access-list inside_access_in extended permit udp 192.168.1.0 255.255.255.0 any
  access-list outside_access_in extended permit ip any 192.168.1.0 255.255.255.0
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu dmz 1500
  ip local pool VPNPOOL 10.0.0.200-10.0.0.220 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-524.bin
  no asdm history enable
  arp timeout 14400
  nat-control
  global (outside) 1 interface
  nat (inside) 1 10.0.0.0 255.255.255.0
  nat (inside) 1 192.168.1.0 255.255.255.0
  nat (outside) 1 10.0.0.0 255.255.255.0
  access-group inside_access_in in interface inside
  access-group outside_access_in in interface outside
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map outside_dyn_map 20 set pfs group1
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 192.168.1.0 255.255.255.0 inside
  ssh timeout 5
  ssh version 2
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 192.168.1.2-192.168.1.33 inside
  dhcpd dns xx.xx.xx.xx interface inside
  dhcpd enable inside
  group-policy DfltGrpPolicy attributes
  banner none
  wins-server none
  dns-server value 84.2.44.1
  dhcp-network-scope none
  vpn-access-hours none
  vpn-simultaneous-logins 3
  vpn-idle-timeout 30
  vpn-session-timeout none
  vpn-filter none
  vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
  password-storage disable
  ip-comp disable
  re-xauth disable
  group-lock none
  pfs disable
  ipsec-udp disable
  ipsec-udp-port 10000
  split-tunnel-policy tunnelall
  split-tunnel-network-list none
  default-domain none
  split-dns none
  intercept-dhcp 255.255.255.255 disable
  secure-unit-authentication disable
  user-authentication disable
  user-authentication-idle-timeout 30
  ip-phone-bypass disable
  leap-bypass disable
  nem enable
  backup-servers keep-client-config
  msie-proxy server none
  msie-proxy method no-modify
  msie-proxy except-list none
  msie-proxy local-bypass disable
  nac disable
  nac-sq-period 300
  nac-reval-period 36000
  nac-default-acl none
  address-pools none
  smartcard-removal-disconnect enable
  client-firewall none
  client-access-rule none
  webvpn
    functions url-entry
    html-content-filter none
    homepage none
    keep-alive-ignore 4
    http-comp gzip
    filter none
    url-list none
    customization value DfltCustomization
    port-forward none
    port-forward-name value Application Access
    sso-server none
    deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
    svc none
    svc keep-installer installed
    svc keepalive none
    svc rekey time none
    svc rekey method none
    svc dpd-interval client none
    svc dpd-interval gateway none
    svc compression deflate
  group-policy XXXXXX internal
  group-policy XXXXXX attributes
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelall
  split-tunnel-network-list none
  username XXXXXX password G910DDfbV7mNprdR encrypted privilege 15
  username XXXXXX password 5p9CbIe7WdF8GZF8 encrypted privilege 0
  username XXXXXX attributes
  vpn-group-policy XXXXXX
  username XXXXX password cRQbJhC92XjdFQvb encrypted privilege 15
  tunnel-group XXXXXX type ipsec-ra
  tunnel-group XXXXXX general-attributes
  address-pool VPNPOOL
  default-group-policy XXXXXX
  tunnel-group XXXXXX ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:a8fbb51b0a830a4ae823826b28767f23
  : end
  ciscoasa#
  Thanks in advance!
  fbela

  config#no nat (inside) 1 10.0.0.0 255.255.255.0 < This is not required.
  Need to add - config#same-security-traffic permit intra-interface
                                   #access-list extended nonat permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
                                   #nat (inside) 0 access-list nonat
  Please add and test it.
  Thanks
  Ajay

• Vpn configuration problems 2621xm and vpn client

  hello,
  I'm trying to configure my home cisco 2621xm to accept vpn connections. I've used many cisco pdf documents and they all same almost the same so I've done my configuration using these documents.
  now I just can't get past this error message I'm getting and I have no idea why this is happening.
  any ideas to help me get past this step, I'm really stuck here.
  also, I've tried vpn client version 5 and 4.8
  cisco ios version is:
  Cisco IOS Software, C2600 Software (C2600-ADVIPSERVICESK9-M), Version 12.4(16), RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2007 by Cisco Systems, Inc.
  Compiled Wed 20-Jun-07 05:48 by prod_rel_team
  ROM: System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)
  vision-router-01 uptime is 2 hours, 53 minutes
  System returned to ROM by power-on
  System image file is "flash:c2600-advipservicesk9-mz.124-16.bin"
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  Cisco 2621XM (MPC860P) processor (revision 1.0) with 127308K/3764K bytes of memory.
  Processor board ID JAD06350FM7
  M860 processor: part number 5, mask 2
  2 FastEthernet interfaces
  32K bytes of NVRAM.
  49152K bytes of processor board System flash (Read/Write)
  Configuration register is 0x2102
  here is my the config that's vpn related
  aaa authentication login MYTAC group tacacs+ local enable
  aaa authorization network GROUPAUTHOR local
  username someuser password 0 somepassword
  crypto isakmp policy 5
  encr aes 256
  authentication pre-share
  group 2
  crypto isakmp keepalive 10 periodic
  crypto isakmp client configuration group VTELVPN
  key cisco123
  dns 192.168.10.5
  domain xyz.com
  pool VTELVPNPOOL
  crypto ipsec transform-set VTELSET1 esp-aes esp-sha-hmac
  crypto dynamic-map VTELDYNAMAP 10
  set transform-set VTELSET1
  set identity thisrouter-01
  reverse-route
  crypto map VTELCLIENTMAP client authentication list MYTAC
  crypto map VTELCLIENTMAP isakmp authorization list GROUPAUTOHOR
  crypto map VTELCLIENTMAP client configuration address respond
  crypto map VTELCLIENTMAP 10 ipsec-isakmp dynamic VTELDYNAMAP
  interface Dialer1
  ip address negotiated
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  dialer pool 1
  no cdp enable
  ppp chap hostname xxxxxx
  ppp chap password 7 hahahahohoho
  ppp pap sent-username xxxxxx password 7 hahahahohoho
  crypto map VTELCLIENTMAP
  ip local pool VTELVPNPOOL 192.168.6.3 192.168.6.254

  Hi
  Can you try assigning a static ip to the dialer interface and try checking out the vpn connectivity ?
  regds

• WRV200 - Problems with VPN Client and Internal network access

  I have a WRV200 router and want to access the internal (Private Network) connected on the inside. I have successfully conected to the router with the Linksys VPN Client, but it does not appear to allow access to the internal network.
  How do I enable NAT Transversal or Passthru? I have already selected all of the PPTP, L2TP and IPSEC Pass Through.
  Has anyone gotten this to work?

  I have actually gotten this to work. Issues surround this include the ability to get to the VPN if the main DNS is down (it does not fail over to the next DNS in the list).
  If you unselect all of the boxes in the firewall General configuration, you can connect, but if you need to have all of this unchecked, what's the sense of having it?
  Anyway, you can use the DoS Prevention, this is not interfering.
  HTH.