VPN Client v5.0.01.0600 - Vista and code 412

Similar Messages

• Installing VPN Client 5.0.01.0600 on Vista

  Hi There,
  I'm having some problems with the VPN client 5.0.01.0600 for Windows Vista.
  I've installed the client but when trying to connect I receive the following error;
  "Reason 421: The remote peer is not responding"
  This to me would suggest an issue with our 2600 series router however ive tried connecting to it using two other laptops running Windows XP (from the same internet connection) and theyve connected fine with no issues.
  Ive attached my logs from when I try to connect.
  Any ideas would be much appreciated!

  Hi Magnus
  Uninstall VPN client. Restart the PC
  Donwload and run the following software, then restart the PC
  http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
  Reinstall VPN client
  Regards

• Vista, Cisco VPN Client 5.0.01.0600 "Failed to enable Virtual Adapter"

  Four times out of five when trying to connect with the VPN client on Vista Business I get a message that the Virtual adapter cannot be enabled.
  When checking the logs there are two entries that always is seen together with this failure:
  123 09:21:36.026 12/27/07 Sev=Warning/2 CVPND/0xA3400015
  Error with call to IpHlpApi.DLL: unable CreateUnicastIpAddressEntry, error 0
  129 09:21:55.709 12/27/07 Sev=Warning/3 CVPND/0xA340001A
  Failed to find VA MAC Address
  Anyone else who have seen this issue on Vista?

  Hi Magnus
  Uninstall VPN client. Restart the PC
  Donwload and run the following software, then restart the PC
  http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
  Reinstall VPN client
  Regards

• VPN client 5.02.0090 for VISTA

  Installed and now receive following via "Interactive Services" - "Eror 28000: Before Installing 5.02.0090 you must remove previous version 5.02.090 use Add/Remove..". Can someone tell me how to stop this?

  hi,
  This means you must uninstall any vpn client on your PC using "add remove programs" and restart the computer before you install the new client.
  thanks
  John

• VPN client for Vista

  I am using Vista with Cisco vpn Client 5.0.1.0600 and i receive.
  Secure VPN Connection terminated locally by the client
  Reason 418: Unable to configure the Firewall software.
  The Windows Firewall is already disable and the proble only arrive on Vista computer, not XP. I am using a ASA5510 release ASA 8.0
  The problem is for internal support user(in Vista) trying to connect to the different customer outside the network

  Rose,
  Most likely the group that you are trying to connect to on the ASA has the integrated firewall feature. This feature is not supported for windows Vista Clients.
  You can disable this on the ASA by getting into the group polices:
  ASA(config)# group-policy "VPN group name" attributes
  ASA(config-group-policy)#client-firewall none
  If you have other clients connecting fine and you don�t want to do this change, you can configure a new group for the Vista Clients without the integrated firewall feature.
  Regards,
  ~JG
  Please rate helpful posts

• Cisco VPN Client after Windows Vista Update (KB941229)

  I had the Cisco VPN client 5 installed on my laptop and configured by the IT department at work. It was working fine all day until I restarted and KB941229 was automatically installed. When it turned back on the Cisco VPN service (CVPND) would attempt to run then stop. If I started it manually it would run for about a minute then stop again. Without the service running the VPN client won't open, let alone let me connect.
  I know this vista update is fairly recent so I'm not sure there will be a fix but maybe somebody can think of a workaround or some way to fix this situation.
  Things I've tried:
  1) Uninstalling the windows update
  2) restarting
  3) restarting (in denial that this was happening)
  4) configuring a vista VPN connection to attempt to connect to the company VPN (this failed too)
  Uninstalling the update caused me to be unable to ping for some reason. This meant the VPN client would run but be unable to connect to the server and yet I was entirely able to access the internet locally. I reinstalled the update assuming maybe the installation went badly but that caused the same problem with the VPN service stopping itself (or being stopped) after a minute.

  Hello
  my issue has been resolved.
  there is a service called Base Filtering Services running in background for Vista and has to disabled to make IP Sec VPN Client working.
  after doing so it works smoothly.
  - Dhaval Tandel

• Problems with VPN-Client 5.0 instoled on Windows Vista over ADSL Conecction

  Hi, I have severals clients that they use Windows Vista and connects throw there lan over a VPN-Client. The clients that has an ADSL connection in there hose has disconect problems. Do you know why?? Do you know same workarround to do?? Thanks.
  Regards.

  Make sure that you have the right cable pinout and that your ISP has turned on the DSL service. Troubleshoot the DSL connection by watching the modem state of the ADSL interface as the line retrains.
  To use the VPN Client, you need
  - Direct network connection (cable or DSL modem and network adapter/interface card), or
  - Internal or external modem
  For further more troubleshoot click this link,
  http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client500_501/release/notes/51client.html#wp1550392

• Server 2003 VPN clients can't verify username and password

  Hi,
  Hoping someone can help or point me in the right direction. I have a Windows Server 2003 R2 standard SP2 running RRAS. It has Dual NIC's and is configured for PPTP VPN. I am using a BT Business Hub 5 for internet access and using the BT Static IP service.
  The BT Hub assigns the static IP address chosen to the Server using DHCP. The firewall is configured to port forward PPTP traffic to the 2003 server. This all works correctly.
  The 2003 server is on a domain where the DC is a 2008 R2 server. The DC also acts as the DNS and DHCP for the network.
  The default gateway for the domain is pointed towards our WinGate proxy server which also acts as a DNS server.
  The 2003 server LAN NIC is configured manually, usually I would not configure a deafult gateway on the LAN NIC as the WAN NIC needs the default gateway for the BT Hub.
  The problem I am having is if a default gateway is configured on the LAN NIC, I can connect to the VPN and it will logon to the network. Once connected everything works ok. If the connection drops, when trying to reconnect the client can no longer verify
  the user name and password against the domain and the connection is refused.
  If I do not have a default gateway configured in the LAN NIC the VPN clients can not verify the username and password for the domain at all and I get RPC failure errors in the event viewer with the source dnsapi.
  Once this error occurs the only way I can get the clients to reconnect is to disable the WAN NIC, restart the RRAS service and enable the WAN NIC again.
  Any insight will be much appreciated.

  Hello,
  for Networking configuration questions better ask in
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home#forum=winserverNIS&filter=alltypes&sort=lastpostdesc&content=Search
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Installing VPN Client 5.0.07.0240 on Win 7 Pro 64 bit error 1720

  I purchased a new laptop last week. It is Win 7 Pro SP1 64 Bit. Old laptop Win XP Pro. Used Laplink's PCMover to move apps rather than to have to re-install. One of the apps was VPN Client 4.8.02.0010 This app did not work properly on new pc after migration. Had customer send me VPN Client 5.0.07.0240 for 64 Bit. They did so. I installed. I believe it uninstalled the old (migrated) VPN Client but did not do the install of the new VPN Client. Every time I attempt to install, I get error 1720. There is a problem with this Windows Installer Package.A script required for this install to complete could not be run. I called Cisco support and they led me here. I am pretty desperate, been trying to get this done for 18 hours. The reason I called support was I thought I could purchase my own VPN Client, whichever one would be best for me to access several sites that use Cisco VPN's (I have sites that use openvpn, etc), perhaps AnyConnect that I have seen herein, and then Cisco could help me install the client. If that is a good path to take, please let me know, otherwise how do I get this vpn client installed, please. John

  Hello John, and everyone.
  I am aslo face this issue. I tried to install software cisco VPN client "vpnclient-winx64-msi-5.0.07.0290-k9.exe" in my customer's labtop that installed window 7 64bit and it shows message  "cisco vpn client not support 64bits". but why in descript say that  "vpnclient-winx64-msi-5.0.07.0290-k9.exe"
  "VPN Client Software for x86 64-bit version of Vista/Windows 7 - Microsoft Installer"and when I tried to install it why it shows message can not support with 64 bits? what wrong ? Do anyone have experiences with this issue?
  Could anyone help me on this issue or do anyone have other version of Cisco vpn client that can support with window 7 64 bits?
  I am happy to see your ideas and answers!!
  Thanks
  sarem

• VPN Client incompatibility

  Hi Guys!
  We have an issue installing VPN Client (5.0.01.0600) on HP 4320s (WinXP). Installer was completed as usual but since the VPN Client installation a "Blue Screen of death" with cscentr.sys error shows up when pc is startng. Pc restarts over and over again.. Finally, in order to keep the PC operative we have to uninstall it and remove VPN client keys from the registry, after that pc will work perfectly.
  Do you know any workaroun for this issues..?
  Thx in advance for all of you
  Ps. Sorry for the photo quality, was really complicated take it, restart is really fast.
  Rgds
  Miguel Angel Garcia

  Federico,  Many thx for your input.
  I'm working on it but unfortunately same issue shows up everytime that i tried to install. This installer/SW is working ok on another machines.
  I uninstall only the cisco security agent in order to use the vpn client and it's working. I know that use vpn client without csa is a huge hole of seccurity but will be the fastest solution for my user until i find out the root cause and a definitive solution. I will check with a contingency machine (same model) just with OS installed. I have the lastest version for VPN Cleint and CSA.
  I will let you know how it goes...
  Rgds

• Windows 8 Cisco VPN Client Issue

  I connect to several of my customers with the Cisco VPN Client Version 5.0.07.0290 and all has been working fine. In the last week, virtually every Windows 8 machine has stopped working. The client connects fine, shows it's connected, but if I go to Status -> Statistics it just shows 0 in the Bytes Received and Sent. The Bypassed and Discarded increases, but I am unable to reach any system. Does anyone know what causes this or how to resolve it? This is a HUGE problem for me as all of the work we do for our customers is via their VPNs. Every non-Windows 8 PC still works fine. And these Windows 8 PCs have been working fine until just the last week. Browsing through, I've seen posts with this same issue, but none related to Windows 8 recently. They are all Windows 7, and my Windows 7 machines are working flawlessly.
  Someone help!
  Thanks,
  Brian

  Hi Brian,
  IPSEC client on Windows 8 machine is not supported.
  Cisco VPN Client 5.0.07 supports the following Microsoft OSs:
  •Windows 7 on x64 (64-bit)
  •Windows 7 on x86 (32-bit) only
  •Windows Vista on both x86 (32-bit) and x64
  •Windows XP on x86
  VPN Client does not support the Tablet PC 2004/2005; and Windows 2000, NT, 98, and ME.
  VPN Client supports smart card authentication on Windows 7, Vista, and  XP. However, VPN Client does not support the ST Microelectronics smart  card Model ST23YL80, and smart cards from the same family.
  VPN Client supports up to one Ethernet adapter and one PPP adapter. It  does not support the establishment of a VPN connection over a tethered  link.
  VPN Client 5.0.x is incompatible with the combination of Cisco Unified  Video Advantage 2.1.2 and McAfee HIPS Patch 4 Build 688. To avoid system  failures, uninstall either of these two applications, upgrade McAfee to  the latest version, or use VPN Client 4.6.x.
  To install the VPN Client, you need
  •Pentium®-class processor or greater
  •Microsoft TCP/IP installed. (Confirm via Start > Settings > Control Panel > Network > Protocols or Configuration.)
  •50 MB hard disk space.
  •128 MB RAM
  (256 MB recommended)
  •Administrator privileges
  The VPN Client supports the following Cisco VPN devices:
  •Cisco Series 5500 Adaptive Security Appliance, Version 7.0 or later.
  •Cisco VPN 3000 Series Concentrator, Version 3.0 or later.
  •Cisco PIX Firewall, Version 6.2.2(122) or Version 6.3(1).
  •Cisco IOS Routers, Version 12.2(8)T or later.
  you can get more information from following link:-
  http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537
  Regards,
  Naresh

• ASA Remote Access VPN: internal LAN cannot connect to connected VPN clients

  Hi community,
  I configured IPSec remote Access VPN in ASA, and remote client use Cisco VPN client to connect to the HQ. The VPN is working now, VPN clients can connect to Servers inside and IT's subnet, but from my PC or Servers inside LAN cannot ping or initial a RDP to connected VPN clients. Below is my configuration:
  object-group network RemoteVPN_LocalNet
   network-object 172.29.168.0 255.255.255.0
   network-object 172.29.169.0 255.255.255.0
   network-object 172.29.173.0 255.255.255.128
   network-object 172.29.172.0 255.255.255.0
  access-list Split_Tunnel remark The Corporation network behind ASA
  access-list Split_Tunnel extended permit ip object-group RemoteVPN_LocalNet 10.88.61.0 255.255.255.0
  ip local pool remotevpnpool 10.88.61.10-10.88.61.15 mask 255.255.255.0
  nat (inside,outside) source static Allow_Go_Internet Allow_Go_Internet destination static remotevpnpool remotevpnpool
  crypto ipsec ikev1 transform-set myset esp-aes esp-sha-hmac
  crypto dynamic-map dyn1 1 set ikev1 transform-set myset
  crypto map mymap 65000 ipsec-isakmp dynamic dyn1
  crypto map mymap interface outside
  tunnel-group remotevpngroup type remote-access
  tunnel-group remotevpngroup general-attributes
   address-pool remotevpnpool
   authentication-server-group MS_LDAP LOCAL
   default-group-policy Split_Tunnel_Policy
  I don't know what I miss in order to have internal LANs initial connection to connected vpn clients. Please guide me.
  Thanks in advanced.

  Hi tranminhc,
  Step 1: Create an object.
  object network vpn_clients
   subnet 10.88.61.0 mask 255.255.255.0
  Step 2: Create a standard ACL.
  access-list my-split standard permit ip object RemoteVPN_LocalNet
  Step 3: Remove this line, because I am not sure what "Allow_Go_Internet" included for nat-exemption.
  no nat (inside,outside) source static Allow_Go_Internet Allow_Go_Internet destination static remotevpnpool remotevpnpool
  Step 4: Create new nat exemption.
  nat (inside,outside) source static RemoteVPN_LocalNet RemoteVPN_LocalNet destination static vpn_clients vpn_clients
  Step 5: Apply ACL on the tunnel.
  group-policy Split_Tunnel_Policy attributes
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value my-split
  Step 6:
  I assume you have a default route on your inside L3 switch point back to ASA's inside address.  If you don't have one.
  Please add a default or add static route as shown below.
  route 10.88.61.0 mask 255.255.255.0 xxx.xxx.xxx.xxx 
  xxx.xxx.xxx.xxx = equal to ASA's inside interface address.
  Hope this helps.
  Thanks
  Rizwan Rafeek

• Win 7 VPN Client 5.0.07 no longer works properly with Citrix DNE Update

  Since Cisco Systems VPN Client does not work properly with mobile broadband on Windows 7, we've been successfully using Citrix's DNE Update to fix this for about 6 months. All of a sudden, machines with the DNE Update stopped working properly over VPN (whether using mobile broadband or not). The only fix is to unbind the DNE Lightweight driver from your network adapters, uninstall the DNE Update and reinstall the VPN Client. However, then you cannot use an aircard with VPN as the DNE Update was the fix.
  Symptoms of the VPN issues with DNE Update:
  -web pages displaying garbled
  -internal web pages not rendering at all
  -remote connectivity not working (VNC)
  -RDP connects then crashes with data encryption errors
  The only change that I can identify on our machines and in our environment would be Windows updates, but I've been unable to identify which one might have caused the problem.
  Has anyone encountered this issue and found a fix? Does anyone know of another reliable fix for VPN Client to work with Windows 7 and aircards?
  We're looking at moving to another VPN solution but that will take time and we need a more immediate solution.
  Thanks in advance for your help.
  Tony

  Hi Prapanch
  No offence . . . .  but you need to read the complete thread before posting re:IP address & gateway
  I'm not posting head end config because the config works with XP
  There are no W7 specific parameters with ASA 8.3(2)
  Multiple W7 machines have been used to test this.
  We are looking at extracting level 15 logs from the client end - I will post if they don''t give an obvious answer.
  TAC still not able to resolve this.
  Rgds
  Barry

• VPN client unable to access Internert via split tunneling.

  I have split tunneling configured on a PIX 515. The remote VPN client connects to the PIX fine and can ping hosts on the internal LAN, but cannot access the Internet. Am I missing something? My config as per below.
  Also, I don't see any secured routes on the VPN client via Statistics (screen shot below)
  Any advice is much appreciated.
  Rob
  PIX Version 8.0(3)
  hostname PIX-A-250
  enable password xxxxx encrypted
  names
  interface Ethernet0
  nameif outside
  security-level 0
  ip address x.x.x.250 255.255.255.240
  interface Ethernet1
  nameif inside
  security-level 100
  ip address 192.168.9.1 255.255.255.0
  passwd xxxxx encrypted
  ftp mode passive
  dns domain-lookup outside
  dns server-group Ext_DNS
  name-server 194.72.6.57
  name-server 194.73.82.242
  object-group network LOCAL_LAN
  network-object 192.168.9.0 255.255.255.0
  network-object 192.168.88.0 255.255.255.0
  object-group service Internet_Services tcp
  port-object eq www
  port-object eq domain
  port-object eq https
  port-object eq ftp
  port-object eq 8080
  port-object eq telnet
  object-group network WAN_Network
  network-object 192.168.200.0 255.255.255.0
  access-list ACLOUT extended permit udp object-group LOCAL_LAN any eq domain log
  access-list ACLOUT extended permit icmp object-group LOCAL_LAN any log
  access-list ACLOUT extended permit tcp object-group LOCAL_LAN any object-group Internet_Services log
  access-list ACLIN extended permit icmp any any echo-reply log
  access-list ACLIN extended permit icmp any any unreachable log
  access-list ACLIN extended permit icmp any any time-exceeded log
  access-list split_tunnel_list remark Local LAN
  access-list split_tunnel_list standard permit 192.168.9.0 255.255.255.0
  access-list NONAT extended permit ip object-group LOCAL_LAN 192.168.100.0 255.255.255.0
  pager lines 24
  logging enable
  mtu outside 1500
  mtu inside 1500
  ip local pool testvpn 192.168.100.1-192.168.100.99
  no failover  
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list NONAT
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group ACLIN in interface outside
  access-group ACLOUT in interface inside
  route outside 0.0.0.0 0.0.0.0 195.171.252.45 1
  route inside 192.168.88.0 255.255.255.0 192.168.88.254 1
  route inside 192.168.199.0 255.255.255.0 192.168.199.254 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set Set_1 esp-3des esp-sha-hmac
  crypto dynamic-map outside_dyn_map 10 set transform-set Set_1
  crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 280000
  crypto dynamic-map outside_dyn_map 10 set reverse-route
  crypto map outside_map 10 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 1
  authentication pre-share
  encryption 3des
  hash sha    
  group 2     
  lifetime 43200
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha    
  group 2     
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  group-policy testvpn internal
  group-policy testvpn attributes
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  username testuser password xxxxxx encrypted
  tunnel-group testvpn type remote-access
  tunnel-group testvpn general-attributes
  address-pool testvpn
  default-group-policy testvpn
  tunnel-group testvpn ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:5dcb5dcdff277e1765a9a0c366b88b9e
  : end
  PIX-A-250#

  Hello Jennifer,
  I can ping the 192.168.88.0/24 (host 88.3) from my PIX fine. The 88 subnet hangs off a 2950 switch. This is my diagram.
  My configs are as follows. Please note I have left out the suggested lines of config from above as they had no effect.
  Very much appreciate your time and effort with my issue.
  Many thanks,
  Rob
  PIX A
  PIX Version 8.0(3)
  hostname PIX-A-250
  enable password NBhgOL6eDYkO4RHk encrypted
  names
  interface Ethernet0
  nameif outside
  security-level 0
  ip address x.x.x.250 255.255.255.240
  interface Ethernet1
  nameif inside
  security-level 100
  ip address 192.168.9.1 255.255.255.0
  passwd k85be8tPM1XyMs encrypted
  ftp mode passive
  dns domain-lookup outside
  dns server-group Ext_DNS
  name-server 194.72.6.57
  name-server 194.73.82.242
  object-group network LOCAL_LAN
  network-object 192.168.9.0 255.255.255.0
  network-object 192.168.88.0 255.255.255.0
  object-group service Internet_Services tcp
  port-object eq www
  port-object eq domain
  port-object eq https
  port-object eq ftp
  port-object eq 8080
  port-object eq telnet
  object-group network WAN_Network
  network-object 192.168.200.0 255.255.255.0
  access-list ACLOUT extended permit udp object-group LOCAL_LAN any eq domain log
  access-list ACLOUT extended permit icmp object-group LOCAL_LAN any log
  access-list ACLOUT extended permit tcp object-group LOCAL_LAN any object-group Internet_Services log
  access-list ACLIN extended permit icmp any any echo-reply log
  access-list ACLIN extended permit icmp any any unreachable log
  access-list ACLIN extended permit icmp any any time-exceeded log
  access-list split_tunnel_list remark Local LAN
  access-list split_tunnel_list standard permit 192.168.9.0 255.255.255.0
  access-list split_tunnel_list standard permit 192.168.88.0 255.255.255.0
  access-list split_tunnel_list standard permit 192.168.200.0 255.255.255.0
  access-list NONAT extended permit ip object-group LOCAL_LAN 192.168.100.0 255.255.255.0
  pager lines 24
  logging enable
  mtu outside 1500
  mtu inside 1500
  ip local pool testvpn 192.168.100.1-192.168.100.99
  no failover  
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list NONAT
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group ACLIN in interface outside
  access-group ACLOUT in interface inside
  route outside 0.0.0.0 0.0.0.0 x.x.252.45 1
  route inside 192.168.88.0 255.255.255.0 192.168.88.254 1
  route inside 192.168.199.0 255.255.255.0 192.168.199.254 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set Set_1 esp-3des esp-sha-hmac
  crypto dynamic-map outside_dyn_map 10 set transform-set Set_1
  crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 280000
  crypto dynamic-map outside_dyn_map 10 set reverse-route
  crypto map outside_map 10 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 1
  authentication pre-share
  encryption 3des
  hash sha    
  group 2     
  lifetime 43200
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha    
  group 2     
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  group-policy testvpn internal
  group-policy testvpn attributes
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value split_tunnel_list
  username robbie password mbztSskhuas90P encrypted
  tunnel-group testvpn type remote-access
  tunnel-group testvpn general-attributes
  address-pool testvpn
  default-group-policy testvpn
  tunnel-group testvpn ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:5dcb5dcdff277e1765a9a0c366b88b9e
  : end
  3560_GW Gateway
  test_gw01#sh run
  Building configuration...
  Current configuration : 2221 bytes
  version 12.2
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname test_gw01
  enable secret 5 $1$cOB4$UDjkhs&$FjQBe8/rc30
  no aaa new-model
  system mtu routing 1500
  ip subnet-zero
  ip routing
  no file verify auto
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  interface GigabitEthernet0/1
  interface GigabitEthernet0/2
  description uplink to Cisco_PIX
  switchport access vlan 9
  interface GigabitEthernet0/3
  interface GigabitEthernet0/4
  interface GigabitEthernet0/5
  interface GigabitEthernet0/6
  interface GigabitEthernet0/7
  interface GigabitEthernet0/8
  interface GigabitEthernet0/9
  interface GigabitEthernet0/10
  interface GigabitEthernet0/11
  interface GigabitEthernet0/12
  interface GigabitEthernet0/13
  interface GigabitEthernet0/14
  interface GigabitEthernet0/15
  interface GigabitEthernet0/16
  interface GigabitEthernet0/17
  interface GigabitEthernet0/18
  interface GigabitEthernet0/19
  interface GigabitEthernet0/20
  interface GigabitEthernet0/21
  interface GigabitEthernet0/22
  interface GigabitEthernet0/23
  switchport access vlan 88
  switchport mode access
  spanning-tree portfast
  interface GigabitEthernet0/24
  switchport access vlan 9
  switchport mode access
  spanning-tree portfast
  interface GigabitEthernet0/25
  description trunk to 2950_SW_A port 1
  switchport trunk encapsulation dot1q
  interface GigabitEthernet0/26
  interface GigabitEthernet0/27
  description trunk to A_2950_112 port 1
  switchport trunk encapsulation dot1q
  shutdown
  interface GigabitEthernet0/28
  interface Vlan1
  no ip address
  shutdown
  interface Vlan9
    ip address 192.168.9.2 255.255.255.0
  interface Vlan88
  ip address 192.168.88.254 255.255.255.0
  interface Vlan199
  ip address 192.168.199.254 255.255.255.0
  ip classless
  ip route 0.0.0.0 0.0.0.0 192.168.9.1
  ip route 192.168.88.0 255.255.255.0 192.168.9.1
  ip route 192.168.100.0 255.255.255.0 192.168.9.1
  ip route 192.168.200.0 255.255.255.0 192.168.9.1
  ip http server
  control-plane
  banner motd ^C This is a private network.^C
  line con 0
  line vty 0 4
  login
  line vty 5 15
  login   
  end      

• Cannot connect using VPN client

  Hi, I have a problem configuring my CISCO ASA 5515-x for VPN client. I succesfully configure AnyConnect and SSL VPN but when client using VPN Client software, they cannot establish the VPN connection. This is my configuration and attached is the error occured when connecting to the firewall. Can anyone help me solve this problem?
  : Saved
  ASA Version 9.1(1)
  hostname ciscoasa
  domain-name g
  ip local pool vpn_client 192.168.2.200-192.168.2.254 mask 255.255.255.0
  ip local pool vpn_250 192.168.3.1-192.168.3.254 mask 255.255.255.0
  interface GigabitEthernet0/0
  nameif DIGI
  security-level 0
  ip address 210.48.*.* 255.255.255.0
  interface GigabitEthernet0/1
  nameif LAN
  security-level 0
  ip address 192.168.2.5 255.255.255.0
  interface GigabitEthernet0/2
  nameif Pone
  security-level 0
  ip address dhcp setroute
  interface GigabitEthernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/4
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/5
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  management-only
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  ftp mode passive
  clock timezone MYT 8
  dns domain-lookup DIGI
  dns server-group DefaultDNS
  name-server 8.8.8.8
  domain-name g
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network NETWORK_OBJ_113.20.*.*_24
  subnet 113.20.*.* 255.255.255.0
  object network NETWORK_OBJ_210.48.*.*_24
  subnet 210.48.*.* 255.255.255.0
  object network CsHiew
  host 192.168.2.9
  object network ERPServer
  host 192.168.2.2
  object network Giap
  host 192.168.2.126
  object network Jennifer
  host 192.168.2.31
  object network KCTan
  host 192.168.2.130
  object network KCTan-NB
  host 192.168.2.77
  object network MailServer
  host 192.168.2.6
  object network YHKhoo
  host 192.168.2.172
  object network Aslina
  host 192.168.2.59
  object network Law
  host 192.168.2.38
  object network Nurul
  host 192.168.2.127
  object network Laylee
  host 192.168.2.17
  object network Ms_Pan
  host 192.168.2.188
  object network Peck_Ling
  host 192.168.2.248
  object network Pok_Leng
  host 192.168.2.36
  object network UBS
  host 192.168.2.21
  object network Ainie
  host 192.168.2.11
  object network Angie
  host 192.168.2.116
  object network Carol
  host 192.168.2.106
  object network ChunKit
  host 192.168.2.72
  object network KKPoong
  host 192.168.2.121
  object network Ben
  host 192.168.2.147
  object network Eva
  host 192.168.2.37
  object network Jacklyn
  host 192.168.2.135
  object network Siew_Peng
  host 192.168.2.149
  object network Suki
  host 192.168.2.61
  object network Yeow
  host 192.168.2.50
  object network Danny
  host 192.168.2.40
  object network Frankie
  host 192.168.2.101
  object network Jamal
  host 192.168.2.114
  object network OcLim
  host 192.168.2.177
  object network Charles
  host 192.168.2.210
  object network Ho
  host 192.168.2.81
  object network YLChow
  host 192.168.2.68
  object network Low
  host 192.168.2.58
  object network Sfgan
  host 192.168.2.15
  object network Joey
  host 192.168.2.75
  object network Rizal
  host 192.168.2.79
  object network 190
  host 192.168.2.190
  object network 191
  host 192.168.2.191
  object network 192
  host 192.168.2.192
  object network 193
  host 192.168.2.193
  object network 194
  host 192.168.2.194
  object network 199
  host 192.168.2.199
  object network 201
  host 192.168.2.201
  object network 203
  host 192.168.2.203
  object network 204
  host 192.168.2.204
  object network 205
  host 192.168.2.205
  object network CNC214
  host 192.168.2.214
  object network Liyana
  host 192.168.2.16
  object network Aipin
  host 192.168.2.22
  object network Annie
  host 192.168.2.140
  object network Ikah
  host 192.168.2.54
  object network Sue
  host 192.168.2.113
  object network Zaidah
  host 192.168.2.32
  object network CKWong
  host 192.168.2.33
  object network KhooSC
  host 192.168.2.47
  object network Neexon-PC
  host 192.168.2.179
  object network Neexon_NB
  host 192.168.2.102
  object network kc
  host 192.168.2.130
  object network P1
  subnet 192.168.2.0 255.255.255.0
  object network NETWORK_OBJ_192.168.2.0_24
  subnet 192.168.2.0 255.255.255.0
  object network NETWORK_OBJ_192.168.2.192_26
  subnet 192.168.2.192 255.255.255.192
  object network NETWORK_OBJ_192.168.10.192_26
  subnet 192.168.10.192 255.255.255.192
  object network VPN
  subnet 192.68.3.0 255.255.255.0
  object network NETWORK_OBJ_192.168.3.0_24
  subnet 192.168.3.0 255.255.255.0
  object-group network HPTM_DIGI
  network-object object CsHiew
  network-object object ERPServer
  network-object object Giap
  network-object object Jennifer
  network-object object KCTan
  network-object object KCTan-NB
  network-object object MailServer
  network-object object YHKhoo
  object-group network Inventory
  network-object object Aslina
  network-object object Law
  network-object object Nurul
  object-group network Account
  network-object object Laylee
  network-object object Ms_Pan
  network-object object Peck_Ling
  network-object object Pok_Leng
  network-object object UBS
  object-group network HR
  network-object object Ainie
  network-object object Angie
  object-group network Heeroz
  network-object object Carol
  network-object object ChunKit
  network-object object KKPoong
  object-group network Sales
  network-object object Ben
  network-object object Eva
  network-object object Jacklyn
  network-object object Siew_Peng
  network-object object Suki
  network-object object Yeow
  object-group network Production
  network-object object Danny
  network-object object Frankie
  network-object object Jamal
  network-object object OcLim
  object-group network Engineering
  network-object object Charles
  network-object object Ho
  network-object object YLChow
  network-object object Joey
  network-object object Rizal
  object-group network Purchasing
  network-object object Low
  network-object object Sfgan
  object-group network Wireless
  network-object object 190
  network-object object 191
  network-object object 192
  network-object object 193
  network-object object 194
  network-object object 199
  network-object object 201
  network-object object 203
  network-object object 204
  network-object object 205
  object-group network IT
  network-object object CNC214
  network-object object Liyana
  object-group network Skype
  network-object object Aipin
  network-object object Annie
  network-object object Ikah
  network-object object Sue
  network-object object Zaidah
  object-group network HPTM-P1
  network-object object CKWong
  network-object object KhooSC
  network-object object Neexon-PC
  network-object object Neexon_NB
  object-group service DM_INLINE_SERVICE_1
  service-object tcp-udp destination eq www
  service-object tcp destination eq https
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group service DM_INLINE_SERVICE_2
  service-object tcp-udp destination eq www
  service-object tcp destination eq https
  access-list DIGI_access_in extended permit ip any any
  access-list DIGI_access_in extended permit icmp any any echo
  access-list LAN_access_in extended deny object-group DM_INLINE_SERVICE_2 object-group Skype any
  access-list LAN_access_in extended deny object-group DM_INLINE_SERVICE_1 object 205 any
  access-list LAN_access_in extended permit ip any any
  access-list DIGI_cryptomap extended permit ip object VPN 113.20.*.* 255.255.255.0
  access-list Pq_access_in extended permit ip any any
  access-list splittun-vpngroup1 extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
  access-list nonat extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
  pager lines 24
  logging enable
  logging asdm informational
  logging recipient-address aaa@***.com level errors
  mtu DIGI 1500
  mtu LAN 1500
  mtu Pone 1500
  mtu management 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-711(1).bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (DIGI,LAN) source static any interface
  nat (Pone,LAN) source static any interface
  nat (DIGI,DIGI) source static NETWORK_OBJ_210.48.*.*_24 NETWORK_OBJ_210.48.*.*_24 destination static NETWORK_OBJ_113.20.*.*_24 NETWORK_OBJ_113.20.*.*_24 no-proxy-arp route-lookup
  nat (LAN,DIGI) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.2.192_26 NETWORK_OBJ_192.168.2.192_26 no-proxy-arp route-lookup
  nat (LAN,DIGI) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.10.192_26 NETWORK_OBJ_192.168.10.192_26 no-proxy-arp route-lookup
  nat (LAN,any) source static any any destination static VPN VPN
  nat (LAN,DIGI) source static any any destination static NETWORK_OBJ_192.168.3.0_24 NETWORK_OBJ_192.168.3.0_24 no-proxy-arp route-lookup
  nat (LAN,DIGI) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.3.0_24 NETWORK_OBJ_192.168.3.0_24 no-proxy-arp route-lookup
  object network VPN
  nat (any,DIGI) dynamic interface
  nat (LAN,Pone) after-auto source dynamic any interface dns
  nat (LAN,DIGI) after-auto source dynamic any interface dns
  access-group DIGI_access_in in interface DIGI
  access-group LAN_access_in in interface LAN
  access-group Pq_access_in in interface Pone
  route Pone 0.0.0.0 0.0.0.0 10.1.*.* 2
  route DIGI 0.0.0.0 0.0.0.0 210.48..*.* 3
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 192.168.2.0 255.255.255.0 LAN
  http 0.0.0.0 0.0.0.0 DIGI
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev2 ipsec-proposal DES
  protocol esp encryption des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal 3DES
  protocol esp encryption 3des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES
  protocol esp encryption aes
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES192
  protocol esp encryption aes-192
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES256
  protocol esp encryption aes-256
  protocol esp integrity sha-1 md5
  crypto ipsec security-association pmtu-aging infinite
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
  crypto dynamic-map DIGI_access_in 20 set ikev1 transform-set ESP-3DES-SHA
  crypto map DIGI_map 65535 ipsec-isakmp dynamic DIGI_access_in
  crypto map DIGI_map interface DIGI
  crypto ca trustpoint ASDM_TrustPoint0
  enrollment self
  fqdn sslvpn.cisco.com
  subject-name CN=sslvpn.cisco.com
  keypair hpmtkeypair
  crl configure
  crypto ca trustpool policy
  crypto ca certificate chain ASDM_TrustPoint0
  certificate ed15c051
      308201ef 30820158 a0030201 020204ed 15c05130 0d06092a 864886f7 0d010105
      0500303c 31193017 06035504 03131073 736c7670 6e2e6369 73636f2e 636f6d31
      1f301d06 092a8648 86f70d01 09021610 73736c76 706e2e63 6973636f 2e636f6d
      301e170d 31333036 32313038 30343438 5a170d32 33303631 39303830 3434385a
      303c3119 30170603 55040313 1073736c 76706e2e 63697363 6f2e636f 6d311f30
      1d06092a 864886f7 0d010902 16107373 6c76706e 2e636973 636f2e63 6f6d3081
      9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100a9 7715ca9e
      4d63204e 66e6517b 9a560be8 188603cc 90bb39a7 c61ef0d8 cd74bf19 8ec33146
      5176547f f43615a2 b8917a03 3a5a9dd6 e087a78a 74bf3a8e 6d7cfad2 0678253d
      b03a677a 52e9ebc0 8e044353 e9fe2055 3cafafa3 3ec74ef9 45eaf8d6 8e554879
      db9bf2fb ebcdb5c3 011bf61f 8c139ed1 a00d300a 8fe4784f 173c7702 03010001
      300d0609 2a864886 f70d0101 05050003 81810046 d32b20a6 a1efb0b5 29c7ed00
      11c0ce87 c58228c9 aae96197 eb275f9a f9da57a1 fc895faf 09a24c0c af43772b
      2818ec29 0a56eb33 c0e56696 dd1fa3bb 151ee0e4 18d27366 92177a31 b2f7842b
      4f5145b9 942fbc49 c785f925 3a909c17 2593efcc 2e410b5c d3026fe1 f48d93c1
      744333e2 c377e5d3 62eebb63 abca4109 d57bb0
    quit
  crypto ikev2 policy 1
  encryption aes-256
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 10
  encryption aes-192
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 20
  encryption aes
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 30
  encryption 3des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 40
  encryption des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 enable DIGI client-services port 443
  crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
  crypto ikev1 enable DIGI
  crypto ikev1 policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  track 1 rtr 123 reachability
  telnet 192.168.1.0 255.255.255.0 management
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 DIGI
  ssh timeout 5
  console timeout 0
  vpn-sessiondb max-other-vpn-limit 250
  vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2
  vpn load-balancing
  interface lbpublic DIGI
  interface lbprivate DIGI
  dhcp-client client-id interface Pone
  dhcpd address 192.168.2.10-192.168.2.150 LAN
  dhcpd dns 210.48.*.* 210.48.*.* interface LAN
  dhcpd enable LAN
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcpd enable management
  threat-detection basic-threat
  threat-detection statistics
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  ssl trust-point ASDM_TrustPoint0 DIGI
  webvpn
  enable DIGI
  anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
  anyconnect profiles anyhpmt_client_profile disk0:/anyhpmt_client_profile.xml
  anyconnect enable
  tunnel-group-list enable
  tunnel-group-preference group-url
  group-policy sslpolicy internal
  group-policy sslpolicy attributes
  vpn-tunnel-protocol ssl-clientless
  webvpn
    url-list none
  group-policy GroupPolicy_anyhpmt internal
  group-policy GroupPolicy_anyhpmt attributes
  wins-server none
  dns-server value 8.8.8.8
  vpn-tunnel-protocol ikev2 ssl-client ssl-clientless
  default-domain value g
  webvpn
    anyconnect profiles value anyhpmt_client_profile type user
  group-policy vpngroup1 internal
  group-policy vpngroup1 attributes
  dns-server value 8.8.8.8
  vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value splittun-vpngroup1
  default-domain value g
  address-pools value vpn_250
  group-policy newvpn internal
  group-policy newvpn attributes
  dns-server value 8.8.8.8
  vpn-tunnel-protocol ikev1 l2tp-ipsec
  default-domain value g
  username cshiew password KK1oQOhoxfwWvya4 encrypted
  username cshiew attributes
  webvpn
    anyconnect keep-installer installed
    anyconnect ask none default anyconnect
  username newuser password GJrqM3H2KqQZv/MI encrypted privilege 1
  tunnel-group vpngroup1 type remote-access
  tunnel-group vpngroup1 general-attributes
  address-pool vpn_250
  default-group-policy vpngroup1
  tunnel-group vpngroup1 webvpn-attributes
  group-alias vpngroup1 enable
  tunnel-group vpngroup1 ipsec-attributes
  ikev1 pre-shared-key *****
  tunnel-group sslhpmt type remote-access
  tunnel-group sslhpmt general-attributes
  default-group-policy sslpolicy
  tunnel-group sslhpmt webvpn-attributes
  group-alias sslhpmt enable
  tunnel-group anyhpmt type remote-access
  tunnel-group anyhpmt general-attributes
  address-pool vpn_client
  default-group-policy GroupPolicy_anyhpmt
  tunnel-group anyhpmt webvpn-attributes
  group-alias anyhpmt enable
  tunnel-group-map default-group vpngroup1
  class-map global-class
  match any
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
  class global-class
    cxsc fail-open
  class class-default
    user-statistics accounting
  policy-map global-policy
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  hpm topN enable
  Cryptochecksum:7a5ee8ff016e63420802423269da864b
  : end

  Hi,
  Safwan Hashan napisano:i dont know which output you referring but this is output from the VPN client.
  We need more information.
  I expect debug output from the ASA.
  To enable debugging and syslog messages, perform the following CLI steps:
  1.
  ASA#configure terminal
  ASA(config)# debug crypto ikev1 127
  ASA(config)# debug crypto ipsec 127
  Enable debuging messages for IKEv1 and IPSec.
  2.
  ASA(config)# logging monitor debug
  Sets syslog messages to be sent to Telnet or SSH sessions.
  Note: You can alternately use the logging buffer debug command to send log messages to a buffer, and then view them later using the show logging command.
  3.
  ASA(config)# terminal monitor
  Sends the syslog messages to a Telnet or SSH session.
  4.
  ASA(config)# logging on
  Enables syslog message generation.
  NOTE: This you have enabled.
  Cleanup CLI
  ASA(config)# no debug crypto ikev1
  ASA(config)# no debug crypto ipsec
  ASA(config)# no logging monitor debug
  ASA(config)# no terminal monitor
  More information: Sensible Debugging and Logging
  I have one suggestion. Change and try.
  group-policy vpngroup1 internal
  group-policy vpngroup1 attributes
  no vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
  vpn-tunnel-protocol ikev1
  Best regards,
  MB
  Please rate all helpful posts. Thx