Watchguard SSL VPN client on OSX 10.7 Lion TUN/TAP Kernel Problem

I upgraded to OSX 10.7 Lion and lost the use of the Watchguard VPN client.
I eventually found a solution at http://lesmond.net/2011/07/watchguard-ssl-vpn-client-on-osx-10-7-lion/
I had already uninstalled Watchguard VPN and tried to reinstall to see if that worked (poor advice from another forum)
I hadn't manually removed Watchguard icon from the dock.
When you try to reinstall the dialog tells you to run an postupgrade script on the TUN/TAP kernel and then quits with a fail.
If you install openVPN in this scenario you get an openVPN app and menu item, both of which do nothing.
Click on the Watchguard dock icon and connect.
I was then asked to upgrade and ended up with the run post upgrade script dialog and quit with a fail.
I then clicked on the Watchguard doc icon again and connected.
This time it connected with no problem.
Hope this helps!

WG has new firmware that will fix the problem, once flashed, download the new client vpn client (11.5.1) and you should be good to go.
I had to contact WG to get the patch as it was not in the portal Version 11.3.4 CSP6 for my device. Hope this helps someone.

Similar Messages

SSL VPN Client Error

I setup a Cisco ASA 5510 SSL VPN with the folowing;
IOS 7.2
SSL VPN CLient sslclient-win-1.1.1.164.pkg
Out of 400 users, there is one user having problem installing the SSL Client to his laptop. The user laptop information is;
IBM Thinkpad T40
Windows XP SP 2
Internet Explorer 7
All patches up-to-date
All drivers up-to-date
SSL VPN Client connection process;
- User login with valid account and password
- The SSL VPN Client package will automatically download and installed.
- User will then be connected to SSL VPN
The ERRORS;
1. GUI (Cisco SSL VPN Client installation process)
"The SSL VPN Client driver has Encountered an Error"
2. Event Viewer
The only error in this user event viewer that differs from other users who successfully connected are;
a)
Function: EnableVA
Return code: 0
File: e:\temp\build\workspace\SSLClient\Agent\VAMgr.cpp
Line: 310
Description: unknown
b)
Function: EnableVA
Return code: 0xFE080007
File: e:\temp\build\workspace\SSLClient\Agent\VpnMgr.cpp
Line: 1145
Description: VAMGR_ERROR_ENABLE_VA_FAILED
Anyone know what thus the error means?
BTW, anyone know the link to SSL VPN knowledgebase. i.e errors, root cause, solutions?
Thanks

The Cisco SVC provides end users running Microsoft Windows XP or Windows 2000 with the benefits of a Cisco IPSec VPN client without the administrative overhead required to install and configure an IPSec client. It supports applications and functions unavailable to a standard WebVPN connection.
http://www.cisco.com/univercd/cc/td/doc/product/vpn/svc/svcrn110.htm

SA540 SSL VPN Client will not install on Windows 7

I had the SSL VPN Client working on my Windows 7 laptop. I tried to use the SSL VPN through Firefox and now my client does not work on IE anymore.
The install process beings and the progress bar makes it halfway before I get an error saying the install failed.
I tried everything I could to remove the SSL VPN client manually. I even followed the instructions posted at the end of this forum posting: https://cisco-support.hosted.jivesoftware.com/thread/2018716?decorator=print&displayFullThread=true
Nothing has worked.
The best I can find is the VPN Client is crashing during install. I saw this in the Event Log.
Fault bucket 177244756, type 5
Event Name: PnPDriverInstallError
Response: Not available
Cab Id: 0
Problem signature:
P1: x64
P2: E0000234
P3: ssldrv.inf
P4: 93775c2b0faa616bc11a47d4ff617aa8d00cd56f
P5: SSLDrv.Ndi
P6:
P7:
P8:
P9:
P10:
Attached files:
C:\Users\shudson\AppData\Local\Temp\DMIE984.tmp.log.xml
C:\Windows\inf\oem54.inf
These files may be available here:
C:\Users\shudson\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_d317f66069d2e3b17f6bc1e7306afd9085494a_1020fe2c
Analysis symbol:
Rechecking for solution: 0
Report Id: 75c67e96-1882-11e0-8e4d-5c260a0235ed
Report Status: 0
I then used AppCrashView to see the crash report and I get this:
Version=1
EventType=APPCRASH
EventTime=129386443518175301
ReportType=2
Consent=1
UploadTime=129386443518799293
ReportIdentifier=2a4c4f0a-183c-11e0-aac2-5c260a0235ed
IntegratorReportIdentifier=2a4c4f09-183c-11e0-aac2-5c260a0235ed
WOW64=1
Response.BucketId=2007535968
Response.BucketTable=1
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=VirtualPassageExe.exe
Sig[1].Name=Application Version
Sig[1].Value=1.7.3.1
Sig[2].Name=Application Timestamp
Sig[2].Value=4b20cf25
Sig[3].Name=Fault Module Name
Sig[3].Value=OLEAUT32.dll
Sig[4].Name=Fault Module Version
Sig[4].Value=6.1.7600.16567
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=4bbc2f3d
Sig[6].Name=Exception Code
Sig[6].Value=c0000005
Sig[7].Name=Exception Offset
Sig[7].Value=00004660
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7600.2.0.0.256.48
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=0a9e
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=0a9e372d3b4ad19135b953a78882e789
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=0a9e
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=0a9e372d3b4ad19135b953a78882e789
UI[2]=C:\Users\shudson\CiscoCisco-SSLVPN-Tunnel\VirtualPassageExe.exe
UI[3]=VirtualPassageExe MFC Application has stopped working
UI[4]=Windows can check online for a solution to the problem.
UI[5]=Check online for a solution and close the program
UI[6]=Check online for a solution later and close the program
UI[7]=Close the program
LoadedModule[0]=C:\Users\shudson\CiscoCisco-SSLVPN-Tunnel\VirtualPassageExe.exe
LoadedModule[1]=C:\Windows\SysWOW64\ntdll.dll
LoadedModule[2]=C:\Windows\syswow64\kernel32.dll
LoadedModule[3]=C:\Windows\syswow64\KERNELBASE.dll
LoadedModule[4]=C:\Windows\system32\MFC42.DLL
LoadedModule[5]=C:\Windows\syswow64\msvcrt.dll
LoadedModule[6]=C:\Windows\syswow64\USER32.dll
LoadedModule[7]=C:\Windows\syswow64\GDI32.dll
LoadedModule[8]=C:\Windows\syswow64\LPK.dll
LoadedModule[9]=C:\Windows\syswow64\USP10.dll
LoadedModule[10]=C:\Windows\syswow64\ADVAPI32.dll
LoadedModule[11]=C:\Windows\SysWOW64\sechost.dll
LoadedModule[12]=C:\Windows\syswow64\RPCRT4.dll
LoadedModule[13]=C:\Windows\syswow64\SspiCli.dll
LoadedModule[14]=C:\Windows\syswow64\CRYPTBASE.dll
LoadedModule[15]=C:\Windows\syswow64\ole32.dll
LoadedModule[16]=C:\Windows\syswow64\OLEAUT32.dll
LoadedModule[17]=C:\Windows\system32\ODBC32.dll
LoadedModule[18]=C:\Windows\syswow64\SHELL32.dll
LoadedModule[19]=C:\Windows\syswow64\SHLWAPI.dll
LoadedModule[20]=C:\Windows\system32\apphelp.dll
LoadedModule[21]=C:\Windows\AppPatch\AcLayers.DLL
LoadedModule[22]=C:\Windows\system32\USERENV.dll
LoadedModule[23]=C:\Windows\system32\profapi.dll
LoadedModule[24]=C:\Windows\system32\WINSPOOL.DRV
LoadedModule[25]=C:\Windows\system32\MPR.dll
LoadedModule[26]=C:\Windows\system32\IMM32.DLL
LoadedModule[27]=C:\Windows\syswow64\MSCTF.dll
LoadedModule[28]=C:\Windows\system32\odbcint.dll
LoadedModule[29]=C:\Windows\system32\uxtheme.dll
LoadedModule[30]=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.DLL
LoadedModule[31]=C:\Windows\system32\dwmapi.dll
State[0].Key=Transport.DoneStage1
State[0].Value=1
FriendlyEventName=Stopped working
ConsentKey=APPCRASH
AppName=VirtualPassageExe MFC Application
AppPath=C:\Users\shudson\CiscoCisco-SSLVPN-Tunnel\VirtualPassageExe.exe
None of this makes any sense to me, but may someone can tell me why the install is failing?
Thanks,
Scott

Mario,
I tried everything you mentioned. I cleared cookies and temporary files. I enabled SSL 3.0. I restarted IE.
I get the same thing. The install process starts and then ends at suddenly saying the install failed.
Scott

FortiClient SSL VPN Client Not Functioning Correctly

Hello,
I use the FortiClient SSL application to connect to work. In Windows 7 x64 it works without issue. In Windows 8 Build 9200 it exhibits and odd behaviour.
I can connect using FortiClient version 4.4.3.445. Once connected my sent bytes continues to increase which is correct. However received bytes stays at 0.
If I try to Remote Desktop it fails. This is obviously due to no inbound packets coming back from the Fortigate appliance being allowed back to Windows 8.
Disabling the Firewall doesn't have any affect on the condition. Received bytes stays at 0.
This is a clean install with no 3rd party applications, other than the Forticlient software. This is only the SSL VPN portion of the the FortiClient software and does not included AV or Firewall options.
Doing some Googling, I've seen some other people with the same problem but no resolution. Another FortiClient user and Sophos & Juniper SSL VPN clients having the same problem.
Does anybody have any idea what would be causing the SSL VPN to only send bytes but not receive.
Thanks!
UPDATE 2:
In the built in MSTSC.exe "Remote Desktop" I went into Options/Advanced/Server Authentication. I switched the setting to "Connect and don't warn me" and that fixed the problem. The default was "Warn Me' However the warning screen was not coming up.
Just for the heck of it I switched it back to the default settings and saved. Strangely I now get the "Warning" screen that you would normally see. So now both the built-in and App Store Remote Desktop applications are working. FortiClient still shows Bytes
received as 0.....which is odd.
UPDATE: Solved Workaround
I was using the built-in Remote Desktop Application without success. I went into the APP Store and saw their was an APP called "Remote Desktop" I installed that and connected my FortiClient SSL to work. Still no received bytes like I would get in
Win7. I then launched the "APP" Remote Desktop, punched in my PC name at work and creds and boom I can login to my work PC. FortiClient SSL still showing no received bytes, but the "Remote Desktop" from the APP store does work. Not sure why MSTSC.exe will
not work, and why FortiClient shows no received bytes is still unsolved. At least the APP Store Remote Desktop works with the SSL Client.

Hello Everyone,
I finally able to track down the issue .
After spending 3 days i found that VPN Client may bind some setting with user. I tried to install the same on my personal laptop and another machine where the user bind with same account
(hotmail).
Then I realize may be this is user issue so I follow below steps and it work fine.
1. Uninstall Client from Machine
2. Remove same from IE ( Options =>> Connections)
3. Restart System
4. Create Local user and provide administrator rights.
5. Login with new user and logoff all other.
6. Install Client.

Disconnecting WEB SSL VPN client windows 7 to remote windows 7 virtual machine

Good morning,
          my problem, common to other colleagues who use Windows machines 7 Professional is this:
I connect to WEB SSL VPN Cisco from Client Windows 7 Home Premium Explorer-9 to a virtual machine Windows 7 Professional using a specific professional audience and vpn user. I access the Terminal Services window (attached JPG) with a list of links to virtual machines.I connect to the virtual machine in Remote Desktop Full Screen mode and log in with the same user and password. For the connection is installed an add-type control ActiveX CISCO Portforwarder Control version 3.1.0.1, file name -> cscopf.ocx.
Problem: The session window once inside the virtual machine disappears and disconnect from the virtual machine back in the window of choice of Terminal services available. This always happens and there is no way to maintain a stable connection.With modality not FULL SCREEN, the session window would seem to remain stable but however is impossible to work in a small window.
This problem is raised after the update windows 7 to SP1 both Home premium and Professional. In fact before the update the connection is stable. The update to SP1 update the RDP client microsoft to version 6.1.7601.17154 from version 6.1.7600 but i do not know if this the cause of the problem.
Have you an update of CISCO active-x to fix the problem? I cancelled the file and download the last version but the problem remains.
Workaround: Use local virtual machine with xp or windos 2003 and access form this operating system but I consider absurd to use a local
                    virtual machine to access a service which should be directed
Note: This problem does not occur if the VPN session to the virtual machine Windows 7 is launched from a host machine running Vista Home Premium with RDP Client 6.0. My previous PC had this OS and I was working in an absolutely stable by performing the same type of connection.
Host Operating System: OS Name Microsoft Windows 7 Home Premium Version 6.1.7601 Service Pack 1 Build 7601
OS virtual machine accessed via ssl web vpn: OS Name Microsoft Windows 7 Professional Version 6.1.7601 Service Pack 1 Build 7601
Can you help?Thank you.
Carmelo Orlando
No

The same problem here as well.
I am using a Win7 PC to connect to an Win Vista PC via SSLVPN. Once i logged into the remote PC, the session is disconnected.
Do we have any corrections from Cisco for the moment?

Cisco VPN client funktioniert nicht mehr mit Lion! Error 51!! wie kann ich das beheben?

Hello
I just installed Lion on my Mac and until installation I cannot connect to my Cisco VPN client!!
It allways pop up the massages Error 51!
Help needed urgently!

Hallo,
hatte das gleiche Problem mit Cisco VPNClient 4.9. Die Lösung: Einsatz des internen Lion-VPN-Client, zu finden in den Systemeinstellungen > Netzwerk > linke Spalte > +
Funktioniert tadellos.

Ssl VPN client for Vista doesn't work

I'm trying to find a way for my client swho are upgrading the PC to Vista to connect using web VPN to a ASA 5510.
any help would be great

I don't have experience with the ssl client and vista, but I do use the new Anyconnect SSL client with vista. All you need to do is upgrade the ASA to version 8. Hope that helps.

OpenConnect VPN client suddenly failing -- Failed to open tun device

This started recently on my laptop, when trying to connect to my company's Cisco VPN it simply fails and doesn't provide much information:
Jun 28 08:01:25 winter openconnect[17279]: POST https://vpn.company.net/
Jun 28 08:01:25 winter openconnect[17279]: Attempting to connect to server X.X.X.X
Jun 28 08:01:26 winter openconnect[17279]: SSL negotiation with vpn.company.net
Jun 28 08:01:26 winter openconnect[17279]: Connected to HTTPS on vpn.company.net
Jun 28 08:01:26 winter openconnect[17279]: XML POST enabled
Jun 28 08:01:36 winter openconnect[17279]: POST https://vpn.company.net/
Jun 28 08:01:43 winter openconnect[17279]: Got CONNECT response: HTTP/1.1 200 OK
Jun 28 08:01:44 winter openconnect[17279]: CSTP connected. DPD 30, Keepalive 20
Jun 28 08:01:54 winter openconnect[17279]: Failed to open tun device: No such device
I've made sure that the kernel is configured to load the tun device:
[root@localhost log]# zgrep CONFIG_TUN /proc/config.gz
CONFIG_TUN=m
[root@localhost log]#
And beyond this, I cannot seem to find any more information on what's going on. I know that the client is actually connecting, because we use a 2-step auth service that pushes requests to my phone, and I receive the request to authorize the login. It simply cannot start the tunnel. I've checked if the tun module is actually loaded, and it is not:
[root@localhost log]# lsmod | grep -i tun
[root@localhost log]#
But as I understand it, this shouldn't matter, correct? The module should get loaded as needed by userspace applcations? I *believe* this started after I had setup an OpenVPN connection to connect to a client's VPN, but I made sure to uninstall OpenVPN (as it's not required by openconnect) and the issue still continues. OpenConnect works totally fine and connects to my company's VPN without a problem, on my desktop running Arch.
If anyone can shine some light on this I would greatly appreciate it! Thanks!
EDIT: I found a solution, though maybe someone can shine some light on why this works (and what broke in the first place). I basically insmoded the actual .ko file of the tun module:
[root@localhost net]# find /lib/modules/ -iname 'tun.ko.gz'
/lib/modules/3.15.1-1-ARCH/kernel/drivers/net/tun.ko.gz
[root@localhost net]# insmod /lib/modules/3.15.1-1-ARCH/kernel/drivers/net/tun.ko.gz
[root@localhost net]# lsmod | grep tun
tun 20931 0
[root@localhost net]#
After doing this I can connect to the VPN without issue.
Last edited by snowblind (2014-06-28 13:15:47)

Did you upgrade to a newer kernel recently without a reboot afterwards? See https://bbs.archlinux.org/viewtopic.php?id=163377 for a (perhaps) related problem and solution.

Lion and watchguard mobile vpn with ssl

ho aggiornato il mio air a lion. ma ora quando lancio watchguard mobile vpn mi da il messaggio
cannot allocate TUN/TAP dev dynamically
credo dipenda dal fatto che lion lavori a 64bit ma ora che fare????

Sorry; Can't speak Italian!
You must start the Mac using a 32bit kernal. I think you hold down the "3" and the "2" key together with the power button.
You can also make it always start with 32 bit kernal in Terminal, with:
sudo systemsetup -setkernelbootarchitecture i386
See here:
http://support.apple.com/kb/HT3773
http://support.apple.com/kb/HT3770
In bocca al lupo!

IOS SSL VPN problem

I am implementing a SSL VPN with IOS version 12.4(13r)T5 on a 2801 but when I try to connect to the tunnel mode with the latest svc (anyconnect-win-2.2.0133-web-deploy-k9.exe) with https://1.2.3.4/tunnel the ssl vpn client can't connect.
The error on the router is:
Jun 5 16:07:55.755: WV: Appl. processing Failed : 2
Jun 5 16:07:55.755: WV: server side not ready to send.
The following is the configuration:
ip local pool WEBVPN 10.0.0.140 10.0.0.150 group vpn2
webvpn gateway ISR2801-RM
hostname ISR2801-RM
ip address 1.2.3.4 port 443
ssl trustpoint TP-self-signed-50153718
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context vpn1
ssl authenticate verify all
url-list "eng"
url-text "wwwin-eng" url-value "http://wwwin-eng.cisco.com"
policy group vpn1
url-list "eng"
default-group-policy vpn1
gateway ISR2801-RM domain clientless
inservice
webvpn context vpn2
ssl authenticate verify all
policy group vpn2tunnel
functions svc-enabled
svc address-pool "WEBVPN"
svc split include 10.0.0.2 255.255.255.255
default-group-policy vpn2tunnel
gateway ISR2801-RM domain tunnel
inservice

Thanks for the reply !!!!
the configation is the following:
interface Ethernet 0
ip address 10.0.0.128 255.255.255.0
ip http secure-server
ip local pool WEBVPN 10.0.0.140 10.0.0.150 group policy-sslvpn2
webvpn gateway ISR2801-RM
hostname ISR2801-RM
ip address 1.2.3.4 port 443
ssl trustpoint TP-self-signed-50153718
ssl encryption aes-sha1
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context context-sslvpn1
ssl authenticate verify all
user-profile location flash:webvpn/sslvpn/context-sslvpn1/
url-list "eng"
url-text "wwwin-eng" url-value "http://wwwin-eng.cisco.com"
nbns-list cifs-servers
nbns-server 172.16.1.1 master
nbns-server 172.16.2.2 timeout 10 retries 5
nbns-server 172.16.3.3 timeout 10 retries 5
login-message "UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED. You must have explicit permission to access this device. All activities performed on
this device are logged and violations of this policy may result in disciplinary action."
port-forward "portlist"
local-port 30019 remote-server ssh-server remote-port 22 description SSH
local-port 30020 remote-server mailserver remote-port 143 description IMAP
local-port 30021 remote-server mailserver remote-port 110 description POP3
local-port 30022 remote-server mailserver remote-port 25 description SMTP
policy group policy-sslvpn1
url-list "eng"
port-forward "portlist"
nbns-list "cifs-servers"
functions file-access
functions file-browse
functions file-entry
citrix enabled
default-group-policy policy-sslvpn1
gateway ISR2801-RM domain clientless
inservice
webvpn context context-sslvpn2
ssl authenticate verify all
user-profile location flash:webvpn/sslvpn/context-sslvpn2/
policy group policy-sslvpn2
functions svc-enabled
svc address-pool "WEBVPN"
svc keep-client-installed
svc dpd-interval gateway 30
svc dpd-interval client 300
svc rekey method new-tunnel
svc rekey time 3600
svc split include 10.0.0.0 255.255.255.0
svc default-domain cisco.com
svc dns-server primary 192.168.3.1
svc dns-server secondary 192.168.4.1
default-group-policy policy-sslvpn2
gateway ISR2801-RM domain tunnel
inservice
ISR2801-RM#show webvpn install status svc
SSLVPN Package SSL-VPN-Client version installed:
CISCO STC win2k+
2,2,0133
Mon 05/19/2008 12:58:52.34 v
ISR2801-RM#
WHEN I TRY TO CONNECT TO THE SSL CONTEXT 2 with a client
https://1.2.3.4/tunnel
* the ssl client installed on the pc tell me can't connect.
* on the router the log:
Jun 6 10:28:08.283:
Jun 6 10:28:08.283:
Jun 6 10:28:08.283: WV: Entering APPL with Context: 0x6AA85130,
Data buffer(buffer: 0x6C4B4280, data: 0xF5C043D8, len: 560,
offset: 0, domain: 0)
Jun 6 10:28:08.283: CONNECT /CSCOSSLC/tunnel HTTP/1.1
Jun 6 10:28:08.283: Host: host4-234-static.105-80-b.business.telecomitalia.it
Jun 6 10:28:08.283: User-Agent: Cisco AnyConnect VPN Agent for Windows 2.2.0133
Jun 6 10:28:08.283: Cookie: webvpn=00@1566900393@00025@3421729574@3982902438@context-sslvpn2
Jun 6 10:28:08.287: X-CSTP-Version: 1
Jun 6 10:28:08.287: X-CSTP-Hostname: telefonicadata
Jun 6 10:28:08.287: X-CSTP-Accept-Encoding: deflate;q=1.0
Jun 6 10:28:08.287: X-CSTP-MTU: 1406
Jun 6 10:28:08.287: X-CSTP-Address-Type: IPv6,IPv4
Jun 6 10:28:08.287: X-DTLS-Master-Secret: 27EA2210E377A9E039E458FA604F523C69BEB2BF8D9B40334F72C9F424B83EE26C6D5D57D0F84419DC7A1139D3F08EE9
Jun 6 10:28:08.287: X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA
Jun 6 10:28:08.287:
Jun 6 10:28:08.291:
Jun 6 10:28:08.291:
Jun 6 10:28:08.291: WV: Appl. processing Failed : 2
Jun 6 10:28:08.291: WV: server side not ready to send.
SSLVPN sock pid 182 sid 161: closing

SSL VPN - Bypass DefaultWEBVPNGroup

Hi All,
I'm using the default tunnel-group and group-policy for my general user community. I want to apply a filter for that group, and have a special use case for another group that bypasses the filter. My goal: for people hitting the "RAS_Engineering" group policy, I want to bypass the filter applied to "DfltGrpPolicy"
Is there a way for me to configure the group-policy so that it doesn't pick up the default settings? Here's what I have (some output omitted to reduce lines):
# sh vpn-session detail svc filter name amy.eryilmaz
Session Type: SVC Detailed
Username     : amy.eryilmaz           Index        : 13568
Assigned IP : my.vpn.assigned.ip          Public IP    : my.pub.lic.ip
Group Policy : RAS_Engineering        Tunnel Group : DefaultWEBVPNGroup
Clientless Tunnels: 1
SSL-Tunnel Tunnels: 1
Clientless:
Tunnel ID    : 13568.1
Public IP    : my.pub.lic.ip
Auth Mode    : userPassword
Idle Time Out: 30 Minutes             Idle TO Left : 29 Minutes
Client Type : Web Browser
Client Ver   : AnyConnect Windows 2.5.3046
Bytes Tx     : 11456                  Bytes Rx     : 3986
SSL-Tunnel:
Tunnel ID    : 13568.2
Assigned IP : my.vpn.assigned.ip          Public IP    : my.pub.lic.ip
Client Type : SSL VPN Client
Client Ver   : Cisco AnyConnect VPN Agent for Windows 2.5.3046
Filter Name : default-vpn-filter
group-policy DfltGrpPolicy attributes
wins-server value xx.xx.xx.xx
dns-server value xx.xx.xx.xx
dhcp-network-scope xx.xx.xx.xx
vpn-filter value default-vpn-filter
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
default-domain value mydomain.com
webvpn
svc ask none default svc
group-policy RAS_Engineering internal
group-policy RAS_Engineering attributes
wins-server value xx.xx.xx.xx
dns-server value xx.xx.xx.xx
dhcp-network-scope xx.xx.xx.xx
vpn-tunnel-protocol l2tp-ipsec svc
webvpn
svc ask none default svc
# sh run all tunnel-group DefaultWEBVPNGroup
tunnel-group DefaultWEBVPNGroup type remote-access
tunnel-group DefaultWEBVPNGroup general-attributes
no address-pool
no ipv6-address-pool
authentication-server-group my_radius
secondary-authentication-server-group none
no accounting-server-group
default-group-policy DfltGrpPolicy
dhcp-server xx.xx.xx.xx
no strip-realm
no password-management
no override-account-disable
no strip-group
no authorization-required
username-from-certificate CN OU
secondary-username-from-certificate CN OU
authentication-attr-from-server primary
authenticated-session-username primary
tunnel-group DefaultWEBVPNGroup webvpn-attributes
customization myCustom
authentication aaa
no override-svc-download
no radius-reject-message
no proxy-auth sdi
no pre-fill-username ssl-client
no pre-fill-username clientless
no secondary-pre-fill-username ssl-client
no secondary-pre-fill-username clientless
dns-group DefaultDNS
no without-csd
tunnel-group DefaultWEBVPNGroup ipsec-attributes
no pre-shared-key
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 300 retry 2
no radius-sdi-xauth
isakmp ikev1-user-authentication xauth

Hi,
By default you will inherit any implicit values from the default group policy.
To stop inheriting the "vpn-filter" please do:
group-policy RAS_Engineering attributes
     vpn-filter none
The same applies for any other feature within the group-policy, make sure you explicitly define every parameter according to the specific requirements.
Thanks.
Portu.
Please rate any helpful posts.

Can ASA5505 forward remote-access-VPN clients to LAN

I currently have ASA-5505 and 2911-Router and I'm trying to configure VPN topology.
Can ASA5505 forward remote-access-VPN clients to LAN operated by a different router?
Are these two cases possible?:
(1) ASA-5505 and 2911-Router are on separate WAN interfaces, each directly connected to ISP. But then can I connect one of other LAN interfaces of ASA-5505 into a switch managed by 2911-Router to inject remote-SSL-VPN clients into the LAN managed by the router?
(2) ASA-5505 is behind 2911-Router. Can 2911 Router assign a public ip address or have public ip address VPN-access attempts directly be forwarded to ASA-5505 when there is only one public ip address available?
Long put short, can ASA-5505 inject its remote-access-VPN clients as one of hosts on the LAN managed by 2911-router?
Thanks.

I could help you more if you can explain the purpose of this setup and the connectivity between the ASA and router.
You can enable reverse-route on the Dynamic map on the ASA. The ASA will install a static route for the client on the routing table. You can use a Routing protocol to redistribute the static routes to your switch on the LAN side of the ASA.

Cisco ASA 5505 SSL VPN

Hi Everyone,
In my study home lab, I wanted to configure a cisco ASA 5505 ( Base license) to allow SSL VPN. I follow carefully the configuration procedure as instructed on a short videos I downloaded on youtube.
I configured my outside e0/0 with a valid static IP address, unfortunately the vpn connection is timeout on a remote ( different) internet connection. But if I connect to my own internet line using a WIFI the VPN ( AnyConnect SSL VPN client ) connection is established.
I need help to solve this mystery. Please find attached the ASA config: #show run
I hope my explaination does make sense, if not accept my apology I am just new in cisco technology.
Best regards,
BEN

If you can connect with your own internet line, then most probably it's not an issue with the ASA configuration.
I would check how you are routing the ASA to the internet, and if there is any ACL that might be blocking inbound access to the ASA on the device in front of the ASA.

Works windows mobile with SSL VPN and anyconnect

Hello,
do anyone know if the following OS works with ASA 8.x SSL VPN client ,SSL clientless VPN and anyconnect client and Secure Desktop :
windows mobile 5.0 Premium phone edition
windows mobile 6.0
windows embedded CE,Net
windows mobile 2003
Thank you for your help
Michael

[url=http://fztodds.24fast.info/washington225.html] washington [/url]
[url=http://fztodds.24fast.info/washington16e.html] washington [/url]
[url=http://fztodds.24fast.info/washingtond66.html] washington [/url]
[url=http://fztodds.24fast.info/washington4e0.html] washington [/url]
[url=http://fztodds.24fast.info/washington00b.html] washington [/url]
[url=http://fztodds.24fast.info/washington1e7.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington0a8.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington9de.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washingtone4a.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington4ec.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington184.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washingtonb73.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington853.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washington1a5.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washingtonde7.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washington2b8.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washington902.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washingtonc99.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washingtoncc7.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washington598.html] washington [/url]
[url=http://yfldvbz.webheri.net/washingtonbe2.html] washington [/url]
[url=http://yfldvbz.webheri.net/washingtone9b.html] washington [/url]
[url=http://yfldvbz.webheri.net/washington4e0.html] washington [/url]
[url=http://yfldvbz.webheri.net/washington327.html] washington [/url]
[url=http://yfldvbz.webheri.net/washingtonada.html] washington [/url]
[url=http://yfldvbz.webheri.net/washingtond2b.html] washington [/url]
[url=http://yfldvbz.webheri.net/washington317.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington7cb.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washingtoneaf.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington259.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington8e0.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washingtonc03.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington092.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington79c.html] washington [/url]
[url=http://aeaukol.rack111.com/washington766.html] washington [/url]
[url=http://aeaukol.rack111.com/washingtona2e.html] washington [/url]
[url=http://aeaukol.rack111.com/washington4c4.html] washington [/url]
[url=http://aeaukol.rack111.com/washingtonb9f.html] washington [/url]
[url=http://aeaukol.rack111.com/washingtond3a.html] washington [/url]
[url=http://aeaukol.rack111.com/washington54a.html] washington [/url]
[url=http://aeaukol.rack111.com/washington777.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington300.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington239.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington7b4.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washingtonad5.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washingtone03.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington399.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington9e9.html] washington [/url]
[url=http://ggaubio.hostevo.com/washington878.html] washington [/url]
[url=http://ggaubio.hostevo.com/washington525.html] washington [/url]

AnyConnect SSL VPN Vista split-tunneling

I recently setup an ASA5510 with 8.0fw with the AnyConnect SSL VPN Client.
Connecting to the SSL VPN works perfectly from all the XP computers that I have tested from. No problems there. However when on Vista, split-tunneling does not seem to function properly. Everything connects and works fine, and I can get to the defined secured remote nets, however I can't access anything out my default gateway(un-secured traffic). It seems like it might be a problem with Vista security features. When I try to ping out to any outside host, I get:
PING: transmit failed, error code 1231.
I can actually ping my default gateway, but nothing gets routed past it without the above error. I've also confirmed this several Vista installations, with Administrator + UAC disabled. Anyone else?

I have done the same testing, and on both Vista 32bit and 64Bit the split tunneling does not seem to work. Also I found that this is a "known" bug
From the Release Notes::
AnyConnect Split-tunneling Does Not Work on Windows Vista - AnyConnect split-tunneling works correctly with Windows XP and Windows 2000 (CSCsi82315)
I am happy that 64Bit works but will hold off on roll out until split-tunneling is fixed.
Cassidy

Watchguard SSL VPN client on OSX 10.7 Lion TUN/TAP Kernel Problem

Similar Messages

Maybe you are looking for