WiFi using VPN Client
I am a college student and our campus has free WiFi but you have to use a program called vpnclient.app in order to access the WiFi. I was wondering if anyone knows if I would be able to use this program on the Touch in order to use the internet around campus.
It is possible if you hack it.
Similar Messages
-
Cannot connect using VPN client
Hi, I have a problem configuring my CISCO ASA 5515-x for VPN client. I succesfully configure AnyConnect and SSL VPN but when client using VPN Client software, they cannot establish the VPN connection. This is my configuration and attached is the error occured when connecting to the firewall. Can anyone help me solve this problem?
: Saved
ASA Version 9.1(1)
hostname ciscoasa
domain-name g
ip local pool vpn_client 192.168.2.200-192.168.2.254 mask 255.255.255.0
ip local pool vpn_250 192.168.3.1-192.168.3.254 mask 255.255.255.0
interface GigabitEthernet0/0
nameif DIGI
security-level 0
ip address 210.48.*.* 255.255.255.0
interface GigabitEthernet0/1
nameif LAN
security-level 0
ip address 192.168.2.5 255.255.255.0
interface GigabitEthernet0/2
nameif Pone
security-level 0
ip address dhcp setroute
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
clock timezone MYT 8
dns domain-lookup DIGI
dns server-group DefaultDNS
name-server 8.8.8.8
domain-name g
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network NETWORK_OBJ_113.20.*.*_24
subnet 113.20.*.* 255.255.255.0
object network NETWORK_OBJ_210.48.*.*_24
subnet 210.48.*.* 255.255.255.0
object network CsHiew
host 192.168.2.9
object network ERPServer
host 192.168.2.2
object network Giap
host 192.168.2.126
object network Jennifer
host 192.168.2.31
object network KCTan
host 192.168.2.130
object network KCTan-NB
host 192.168.2.77
object network MailServer
host 192.168.2.6
object network YHKhoo
host 192.168.2.172
object network Aslina
host 192.168.2.59
object network Law
host 192.168.2.38
object network Nurul
host 192.168.2.127
object network Laylee
host 192.168.2.17
object network Ms_Pan
host 192.168.2.188
object network Peck_Ling
host 192.168.2.248
object network Pok_Leng
host 192.168.2.36
object network UBS
host 192.168.2.21
object network Ainie
host 192.168.2.11
object network Angie
host 192.168.2.116
object network Carol
host 192.168.2.106
object network ChunKit
host 192.168.2.72
object network KKPoong
host 192.168.2.121
object network Ben
host 192.168.2.147
object network Eva
host 192.168.2.37
object network Jacklyn
host 192.168.2.135
object network Siew_Peng
host 192.168.2.149
object network Suki
host 192.168.2.61
object network Yeow
host 192.168.2.50
object network Danny
host 192.168.2.40
object network Frankie
host 192.168.2.101
object network Jamal
host 192.168.2.114
object network OcLim
host 192.168.2.177
object network Charles
host 192.168.2.210
object network Ho
host 192.168.2.81
object network YLChow
host 192.168.2.68
object network Low
host 192.168.2.58
object network Sfgan
host 192.168.2.15
object network Joey
host 192.168.2.75
object network Rizal
host 192.168.2.79
object network 190
host 192.168.2.190
object network 191
host 192.168.2.191
object network 192
host 192.168.2.192
object network 193
host 192.168.2.193
object network 194
host 192.168.2.194
object network 199
host 192.168.2.199
object network 201
host 192.168.2.201
object network 203
host 192.168.2.203
object network 204
host 192.168.2.204
object network 205
host 192.168.2.205
object network CNC214
host 192.168.2.214
object network Liyana
host 192.168.2.16
object network Aipin
host 192.168.2.22
object network Annie
host 192.168.2.140
object network Ikah
host 192.168.2.54
object network Sue
host 192.168.2.113
object network Zaidah
host 192.168.2.32
object network CKWong
host 192.168.2.33
object network KhooSC
host 192.168.2.47
object network Neexon-PC
host 192.168.2.179
object network Neexon_NB
host 192.168.2.102
object network kc
host 192.168.2.130
object network P1
subnet 192.168.2.0 255.255.255.0
object network NETWORK_OBJ_192.168.2.0_24
subnet 192.168.2.0 255.255.255.0
object network NETWORK_OBJ_192.168.2.192_26
subnet 192.168.2.192 255.255.255.192
object network NETWORK_OBJ_192.168.10.192_26
subnet 192.168.10.192 255.255.255.192
object network VPN
subnet 192.68.3.0 255.255.255.0
object network NETWORK_OBJ_192.168.3.0_24
subnet 192.168.3.0 255.255.255.0
object-group network HPTM_DIGI
network-object object CsHiew
network-object object ERPServer
network-object object Giap
network-object object Jennifer
network-object object KCTan
network-object object KCTan-NB
network-object object MailServer
network-object object YHKhoo
object-group network Inventory
network-object object Aslina
network-object object Law
network-object object Nurul
object-group network Account
network-object object Laylee
network-object object Ms_Pan
network-object object Peck_Ling
network-object object Pok_Leng
network-object object UBS
object-group network HR
network-object object Ainie
network-object object Angie
object-group network Heeroz
network-object object Carol
network-object object ChunKit
network-object object KKPoong
object-group network Sales
network-object object Ben
network-object object Eva
network-object object Jacklyn
network-object object Siew_Peng
network-object object Suki
network-object object Yeow
object-group network Production
network-object object Danny
network-object object Frankie
network-object object Jamal
network-object object OcLim
object-group network Engineering
network-object object Charles
network-object object Ho
network-object object YLChow
network-object object Joey
network-object object Rizal
object-group network Purchasing
network-object object Low
network-object object Sfgan
object-group network Wireless
network-object object 190
network-object object 191
network-object object 192
network-object object 193
network-object object 194
network-object object 199
network-object object 201
network-object object 203
network-object object 204
network-object object 205
object-group network IT
network-object object CNC214
network-object object Liyana
object-group network Skype
network-object object Aipin
network-object object Annie
network-object object Ikah
network-object object Sue
network-object object Zaidah
object-group network HPTM-P1
network-object object CKWong
network-object object KhooSC
network-object object Neexon-PC
network-object object Neexon_NB
object-group service DM_INLINE_SERVICE_1
service-object tcp-udp destination eq www
service-object tcp destination eq https
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_SERVICE_2
service-object tcp-udp destination eq www
service-object tcp destination eq https
access-list DIGI_access_in extended permit ip any any
access-list DIGI_access_in extended permit icmp any any echo
access-list LAN_access_in extended deny object-group DM_INLINE_SERVICE_2 object-group Skype any
access-list LAN_access_in extended deny object-group DM_INLINE_SERVICE_1 object 205 any
access-list LAN_access_in extended permit ip any any
access-list DIGI_cryptomap extended permit ip object VPN 113.20.*.* 255.255.255.0
access-list Pq_access_in extended permit ip any any
access-list splittun-vpngroup1 extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list nonat extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
logging recipient-address aaa@***.com level errors
mtu DIGI 1500
mtu LAN 1500
mtu Pone 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711(1).bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (DIGI,LAN) source static any interface
nat (Pone,LAN) source static any interface
nat (DIGI,DIGI) source static NETWORK_OBJ_210.48.*.*_24 NETWORK_OBJ_210.48.*.*_24 destination static NETWORK_OBJ_113.20.*.*_24 NETWORK_OBJ_113.20.*.*_24 no-proxy-arp route-lookup
nat (LAN,DIGI) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.2.192_26 NETWORK_OBJ_192.168.2.192_26 no-proxy-arp route-lookup
nat (LAN,DIGI) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.10.192_26 NETWORK_OBJ_192.168.10.192_26 no-proxy-arp route-lookup
nat (LAN,any) source static any any destination static VPN VPN
nat (LAN,DIGI) source static any any destination static NETWORK_OBJ_192.168.3.0_24 NETWORK_OBJ_192.168.3.0_24 no-proxy-arp route-lookup
nat (LAN,DIGI) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.3.0_24 NETWORK_OBJ_192.168.3.0_24 no-proxy-arp route-lookup
object network VPN
nat (any,DIGI) dynamic interface
nat (LAN,Pone) after-auto source dynamic any interface dns
nat (LAN,DIGI) after-auto source dynamic any interface dns
access-group DIGI_access_in in interface DIGI
access-group LAN_access_in in interface LAN
access-group Pq_access_in in interface Pone
route Pone 0.0.0.0 0.0.0.0 10.1.*.* 2
route DIGI 0.0.0.0 0.0.0.0 210.48..*.* 3
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.2.0 255.255.255.0 LAN
http 0.0.0.0 0.0.0.0 DIGI
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto dynamic-map DIGI_access_in 20 set ikev1 transform-set ESP-3DES-SHA
crypto map DIGI_map 65535 ipsec-isakmp dynamic DIGI_access_in
crypto map DIGI_map interface DIGI
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn sslvpn.cisco.com
subject-name CN=sslvpn.cisco.com
keypair hpmtkeypair
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint0
certificate ed15c051
308201ef 30820158 a0030201 020204ed 15c05130 0d06092a 864886f7 0d010105
0500303c 31193017 06035504 03131073 736c7670 6e2e6369 73636f2e 636f6d31
1f301d06 092a8648 86f70d01 09021610 73736c76 706e2e63 6973636f 2e636f6d
301e170d 31333036 32313038 30343438 5a170d32 33303631 39303830 3434385a
303c3119 30170603 55040313 1073736c 76706e2e 63697363 6f2e636f 6d311f30
1d06092a 864886f7 0d010902 16107373 6c76706e 2e636973 636f2e63 6f6d3081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100a9 7715ca9e
4d63204e 66e6517b 9a560be8 188603cc 90bb39a7 c61ef0d8 cd74bf19 8ec33146
5176547f f43615a2 b8917a03 3a5a9dd6 e087a78a 74bf3a8e 6d7cfad2 0678253d
b03a677a 52e9ebc0 8e044353 e9fe2055 3cafafa3 3ec74ef9 45eaf8d6 8e554879
db9bf2fb ebcdb5c3 011bf61f 8c139ed1 a00d300a 8fe4784f 173c7702 03010001
300d0609 2a864886 f70d0101 05050003 81810046 d32b20a6 a1efb0b5 29c7ed00
11c0ce87 c58228c9 aae96197 eb275f9a f9da57a1 fc895faf 09a24c0c af43772b
2818ec29 0a56eb33 c0e56696 dd1fa3bb 151ee0e4 18d27366 92177a31 b2f7842b
4f5145b9 942fbc49 c785f925 3a909c17 2593efcc 2e410b5c d3026fe1 f48d93c1
744333e2 c377e5d3 62eebb63 abca4109 d57bb0
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable DIGI client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable DIGI
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
track 1 rtr 123 reachability
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 DIGI
ssh timeout 5
console timeout 0
vpn-sessiondb max-other-vpn-limit 250
vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2
vpn load-balancing
interface lbpublic DIGI
interface lbprivate DIGI
dhcp-client client-id interface Pone
dhcpd address 192.168.2.10-192.168.2.150 LAN
dhcpd dns 210.48.*.* 210.48.*.* interface LAN
dhcpd enable LAN
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl trust-point ASDM_TrustPoint0 DIGI
webvpn
enable DIGI
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect profiles anyhpmt_client_profile disk0:/anyhpmt_client_profile.xml
anyconnect enable
tunnel-group-list enable
tunnel-group-preference group-url
group-policy sslpolicy internal
group-policy sslpolicy attributes
vpn-tunnel-protocol ssl-clientless
webvpn
url-list none
group-policy GroupPolicy_anyhpmt internal
group-policy GroupPolicy_anyhpmt attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ikev2 ssl-client ssl-clientless
default-domain value g
webvpn
anyconnect profiles value anyhpmt_client_profile type user
group-policy vpngroup1 internal
group-policy vpngroup1 attributes
dns-server value 8.8.8.8
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splittun-vpngroup1
default-domain value g
address-pools value vpn_250
group-policy newvpn internal
group-policy newvpn attributes
dns-server value 8.8.8.8
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain value g
username cshiew password KK1oQOhoxfwWvya4 encrypted
username cshiew attributes
webvpn
anyconnect keep-installer installed
anyconnect ask none default anyconnect
username newuser password GJrqM3H2KqQZv/MI encrypted privilege 1
tunnel-group vpngroup1 type remote-access
tunnel-group vpngroup1 general-attributes
address-pool vpn_250
default-group-policy vpngroup1
tunnel-group vpngroup1 webvpn-attributes
group-alias vpngroup1 enable
tunnel-group vpngroup1 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group sslhpmt type remote-access
tunnel-group sslhpmt general-attributes
default-group-policy sslpolicy
tunnel-group sslhpmt webvpn-attributes
group-alias sslhpmt enable
tunnel-group anyhpmt type remote-access
tunnel-group anyhpmt general-attributes
address-pool vpn_client
default-group-policy GroupPolicy_anyhpmt
tunnel-group anyhpmt webvpn-attributes
group-alias anyhpmt enable
tunnel-group-map default-group vpngroup1
class-map global-class
match any
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
class global-class
cxsc fail-open
class class-default
user-statistics accounting
policy-map global-policy
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:7a5ee8ff016e63420802423269da864b
: endHi,
Safwan Hashan napisano:i dont know which output you referring but this is output from the VPN client.
We need more information.
I expect debug output from the ASA.
To enable debugging and syslog messages, perform the following CLI steps:
1.
ASA#configure terminal
ASA(config)# debug crypto ikev1 127
ASA(config)# debug crypto ipsec 127
Enable debuging messages for IKEv1 and IPSec.
2.
ASA(config)# logging monitor debug
Sets syslog messages to be sent to Telnet or SSH sessions.
Note: You can alternately use the logging buffer debug command to send log messages to a buffer, and then view them later using the show logging command.
3.
ASA(config)# terminal monitor
Sends the syslog messages to a Telnet or SSH session.
4.
ASA(config)# logging on
Enables syslog message generation.
NOTE: This you have enabled.
Cleanup CLI
ASA(config)# no debug crypto ikev1
ASA(config)# no debug crypto ipsec
ASA(config)# no logging monitor debug
ASA(config)# no terminal monitor
More information: Sensible Debugging and Logging
I have one suggestion. Change and try.
group-policy vpngroup1 internal
group-policy vpngroup1 attributes
no vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
vpn-tunnel-protocol ikev1
Best regards,
MB
Please rate all helpful posts. Thx -
Slow downloads when using VPN clients
How can I word this?
We have had a shift in our work force and find a large number of uses now working from home. Lately (this weekend) they have been complaining about VPN client downloads being very slow. I have tested the IPSec client and the SSL client and compared them to an Internet download on the network using the exact same laptop and the exact same web site www.speednet.net. Here at the office I see 50M, over both VPN's I see (if I am lucky) 1M, all reading within a 15 minute period and all over the same 600M pipe to the Internet
We have never noticed this before this work force shift to home. Eliminating all other factors, which we think we have, would you expect VPN clients to behave this way?
MTU is set at default from day one. The only thing we have done to VPN configuration over the last week was to add a tunnel gateway to the ASA 5540 VPN configuration which is only a hop away from the firewall inside interface.
I will provide configuration data if you request but my question is just a general one at this point. Is this normal and can you make a suggestion as to how we can improve? We are research, running wireshark on the test laptop so as the day progresses we will have more information to provide if needed.Dear Charlie,
Thanks for your problem description.
Please install an FTP client on the client machine and perform an FTP transfer across the tunnel.
During this attempt, run Wireshark on the VPN adapter.
Check this capture, verify if there are any TCP retransmissions, loss-packets, drop-packets, fragmentation issues. Verify the TCP MSS and adjust it on the Router (in case fragmentation is seen).
Let me know.
Thanks. -
No contact with DHCP server when using VPN Client
Pretty weird problem I discovered recently.
We use the VPN Client to connect to a 1841 router. Everything works fine except for one small thing.
The client do not send out _any_ traffic if the destination is the ip-address of the DHCP-server the client got its original ip-address from.
This is verified by Wireshark. A ping on the client do not produce any ESP packets towards the VPN concentrator. No matter what traffic you try actually.
Discovered this when wanting to use Remote Desktop towards the Windows Server that is the local DHCP server and was not able to connect. Then tested ping and still no response. That made me look closer and found out that I could not communicate at all with the DHCP server.
As I said, pretty weird.
Anyone else have seen this? Anyone have a solution? Right now I use OpenVPN instead when I need to control that server.
- RogerHi and thanks for responding.
Nothing here apart from being unable to send any packets to the dhcp-server. No problem sending to any other system on the same subnet. The same happens when I connect my pc to another subnet that is served by another dhcp-server. Then I can not connect to _that_ dhcp-server. I can then of course connect to the previous dhcp-server.
I mean _no_ packets are generated out the client at all if the destination are your dhcp-server. No problem with the packet being blocked by a firewall or anything like that. Ping another system on the same subnet as the dhcp-server and the client happily generates ESP packets and sends them to the vpn-concentrator.
I do not know if it was clear enough in the first post so I am saying it here: the vpn-concentrator gives out the ip for the vpn connection. The dhcp-server I can not connect to is the server that gives the client its ip-address _before_ starting up the vpn client.
We use this vpn system so the IT personell will be able to connect to restricted resources from their laptops anywhere in the network, also when using wireless.
This was discovered when one admin wanted to connect from his laptop to a server that also happened to be the dhcp-server that had given his laptop his ip address before he used vpn.
Should be easy enough for anyone else to test. Just ping your dhcp-server after starting the vpn connection. No RFC 1918 addresses of course, there must be a route from your vpn-concentrator to your dhcp-server and at least icmp echo must be open through any firewall/acl.
The vpn version is 4.8.00.0440 on Windows XP configured to not allow local LAN access. I might test this with other versions/OS'es when I have the time.
Regards,
- Roger -
Satellite P10-835, Instructions to connect to wifi using Atheros client utility?
i have a P10-835 and need to configure the Atheros client utlitiy to connect to a Netgear 834G wireless router. Are there any instructions on how to configure the Atheros client?
Hello
1. START button > All Programs > Atheros > ACU > Atheros Client Utility
2. 2. Select "Profile Management" tab an click on "New"
3. Put the right Profile name and Network name
4. Check Security tab and put the password if your network is encrypted
5. Check also if the windows wireless configuration disabled it
(IT MUST BE DISABLED if you use some client for wireless connection)
You can find this option in Wireless Network Connection properties under Wireless networks.
Bye -
How to configure router to use ip pool on the aaa server for vpn clients
how to configure router to use ip pool on the aaa server for vpn clients . i want to use vpn clients to connect to the router. authenticate using the aaa server username databse and also use the ip pool cretaed on the aaa server. i am not able to find the command on the router pointing to use the pool created on the aaa server. can u some one help me with this command.
sebastanHello Sebastan,
what do you use as AAA server (e.g. ACS with TACACS+ or RADIUS) ?
Regards,
GNT -
Cisco ASA 5505, Cisco VPN Client and Novell Netware
Hi,
Our ISP have installed Cisco ASA 5505 firewall. We are trying to connect to our Novell 5.1 server using VPN client.
I installed VPN client on a laptop that is using wireless connection. I connect using wireless signal from near by hotel and I am able to connect to my firewall usinging vpn client and also able to login in using Novell client for XP.
When I use same vpn client and Novell client at home that is not using wireless connection, but DSL connection amd not able to login or find the tree.
The only difference in two machine is laptop using wireless connection and my home machine is using wired connection using DSL.If your remote end of the services in question support IPsec IKEv1 as the VPN type then, yes - the 5505 can be a client for that service. At that point it looks like a regular LAN-LAN VPN which is documented in many Cisco and 3rd party how-to documents.
-
VPN Client and Windows 7 Issue
Using VPN Client, V5.0.07.0440 a Dell Vostro W7 Professional system, 64 bit. The client installs and runs the same way it has on at least 20 other systems without issue. When I try to remote into the network, I get a "can not connect" error attempting to connect to any system or server. I placed a known good laptop using XP on the same internet line, it connects without issue. The remote access (mstsc.exe) verson is 6.1.7601.17514 there is no Admin switch in the shortcut. This is the first time anything like this has happened, numerous W7 32 and 64 bit and XP systems. Any help greatly appreciated.
Thanks
It's like the VPN connects to the network, but the remote access is not using the same connection. I get the same results whether the VPN Client is loaded or not.
Sure could use some help on this.The system that I am trying to connect with is a Dell Vostro desktop, W7 64bit Pro. I am attempting to connect to a Windows 2003 domain thru a PIX 501 firewall. The desktop system uses an onboard Ethernet adaptor connected to the Internet thru Charter. I do not have ready access to the computer as it's my employers home system. The frustrating thing is, I have installed and set this up on at least 30 other systems and all of them worked flawlessly. Of course, this one would be the problem as it belongs to my boss.
Thanks for responding, I plan on picking up the unit so I can devote some real time to fixing it.
Thanks again -
Windows 8.1 pro and VPN client 5.0.07.0290-k9
We are using windows 8.1 pro in our dell brand desktop. Our users access the client machine through vpn. We are using VPN client version 5.0.07.0290-k9.
That is working fine.
Issue:
I have a Cisco router RV325. I am Configured Easy vpn in my router.Then i am using the same cisco vpn client and the same OS.
Result is not getting ping. but vpn is connected good.I'm no expert, but do you have ICMP allowed in your tunnel?
-
VPN Client 5.0.00.0340 on Vista says connected when not
Hi all,
I'm using VPN Client 5.0.00.0340 on Windows Vista to connect to one of our customers.
When I go to connect and type in my password, it always seems to authenticate correctly and connect to the VPN successfully.
However, about 75% of the time, even though it says it is connected, I do not actually have a connection to the customer network. I can't even ping the servers.
If I disconnect and reconnect repeatedly, on about the third or fourth attempt, I will actually get a connection that works, allowing me to access the remote network.
Does anyone know why this might be? Could it be an issue with my network settings, a setting in the VPN Client software, or even something at the customer end that is set up incorrectly?
Any help would be greatly appreciated.
ChrisHi,
There's quite a few bugs related to version 5 and Vista. You might want to check the bug toolkit to see if there's anything relevant (including CSCsq34291 which may or may not be related).
Does it work on XP and have you tried rolling back the VPN client version to 4.x to see if it improves things (I've had to do this before).
Please rate useful posts.. -
64bit vpn client issue /error :reason -442:failed to enable virtual adapter.
Hi All of you ,
I m using vpn client for windows64bit - file name - vpnclient-winx64-msi-5.0.07.0290-k9.exe and installing it on windows 2003 server .
But while connecting via vpn client to f/w , Virtual Adapter is taking the ip address but not connecting .getting error message on screen -
reason -442:failed to enable virtual adapter.
Is it possible some configuration or image issue from ASA as its first time we are trying to use 64bit OS , vpn client for 32bit OS working fine .
Below are the logs from vpn clinet when i tried to connect to ASA5520 . Version 7.0(8) -
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.2.3790 Service Pack 2
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 15:38:03.921 01/27/11 Sev=Info/4 CM/0x63100002
Begin connection process
2 15:38:03.937 01/27/11 Sev=Info/4 CM/0x63100004
Establish secure connection
3 15:38:03.937 01/27/11 Sev=Info/4 CM/0x63100024
Attempt connection with server "203.199.30.190"
4 15:38:04.125 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
5 15:38:04.140 01/27/11 Sev=Info/4 CM/0x63100015
Launch xAuth application
6 15:38:09.515 01/27/11 Sev=Info/4 CM/0x63100017
xAuth application returned
7 15:38:09.515 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
8 15:38:10.562 01/27/11 Sev=Info/4 CM/0x63100019
Mode Config data received
9 15:38:10.781 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to enable the 64-bit VA after timeout
10 15:38:10.781 01/27/11 Sev=Warning/3 CVPND/0xE3400029
The Client failed to enable the Virtual Adapter on 64-bit Windows
11 15:38:10.781 01/27/11 Sev=Warning/2 CM/0xE310000A
The virtual adapter failed to enable
12 15:38:10.781 01/27/11 Sev=Info/6 CM/0x6310003A
Unable to restore route changes from file.
13 15:38:10.781 01/27/11 Sev=Info/6 CM/0x63100037
The routing table was returned to original state prior to Virtual Adapter
14 15:38:10.859 01/27/11 Sev=Info/4 CM/0x63100035
The Virtual Adapter was disabled
15 15:38:10.859 01/27/11 Sev=Warning/2 IKE/0xE300009B
Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
16 15:38:10.859 01/27/11 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263)
17 15:38:11.546 01/27/11 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
18 15:38:11.546 01/27/11 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
19 15:38:11.578 01/27/11 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
20 15:38:40.953 01/27/11 Sev=Info/4 CM/0x63100002
Begin connection process
21 15:38:40.953 01/27/11 Sev=Warning/2 CVPND/0xA3400019
Error binding socket: -21. (DRVIFACE:1234)
22 15:38:40.968 01/27/11 Sev=Info/4 CM/0x63100004
Establish secure connection
23 15:38:40.968 01/27/11 Sev=Info/4 CM/0x63100024
Attempt connection with server "203.199.30.190"
24 15:38:41.156 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
25 15:38:41.171 01/27/11 Sev=Info/4 CM/0x63100015
Launch xAuth application
26 15:39:08.031 01/27/11 Sev=Info/4 CM/0x63100017
xAuth application returned
27 15:39:08.046 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
28 15:39:09.093 01/27/11 Sev=Info/4 CM/0x63100019
Mode Config data received
29 15:39:09.312 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
30 15:39:09.312 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
31 15:39:19.937 01/27/11 Sev=Warning/3 CVPND/0xA340000D
The virtual adapter was not recognized by the operating system.
32 15:39:19.937 01/27/11 Sev=Warning/2 CM/0xE310000A
The virtual adapter failed to enable
33 15:39:19.937 01/27/11 Sev=Info/6 CM/0x6310003A
Unable to restore route changes from file.
34 15:39:19.937 01/27/11 Sev=Info/6 CM/0x63100037
The routing table was returned to original state prior to Virtual Adapter
35 15:39:20.109 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
36 15:39:20.109 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
37 15:39:20.281 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
38 15:39:20.281 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
39 15:39:20.578 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
40 15:39:20.578 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
41 15:39:20.953 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
42 15:39:20.953 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
43 15:39:21.437 01/27/11 Sev=Info/4 CM/0x63100035
The Virtual Adapter was disabled
44 15:39:21.437 01/27/11 Sev=Warning/2 IKE/0xE300009B
Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
45 15:39:21.437 01/27/11 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263)
46 15:39:22.046 01/27/11 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
47 15:39:22.046 01/27/11 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
48 15:39:22.062 01/27/11 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
release notes for vpn client 64bit -
http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537Hi Anisha ,
Exact version of OS is "Microsoft Windows Server 2003 x64" .
I need supported cisco vpn client for this OS .
=========
Thanx 4 reply .
Raj -
Help blocking smart devices from using VPN
Hello,
I am looking for a solution to block smart devices from connecting to our network via VPN. Our current VPN solution is ASA5520 and we are using Cisco ACS for user authentication. We use Cisco VPN client only, no anyconnect or SSL VPN.
Managment is looking for a way we can stop smart devices from using VPN clients to connect and only allow laptops/desktops to connect.
Does anyone have a way we can do this via ACS or another method?Ok I will try it again but according to this documentation the type must match what is displayed in the show vpn-sessiondb remote, when I do that command all I see is type ipsec....nothing about iOS or client version numbers.:
version
version Identifies the device version via free-form strings, for example 7.0. A string
must match exactly its appearance in the show vpn-sessiondb remotedisplay, except that you can use the * character as a wildcard. -
Hi Guys!
We have an issue installing VPN Client (5.0.01.0600) on HP 4320s (WinXP). Installer was completed as usual but since the VPN Client installation a "Blue Screen of death" with cscentr.sys error shows up when pc is startng. Pc restarts over and over again.. Finally, in order to keep the PC operative we have to uninstall it and remove VPN client keys from the registry, after that pc will work perfectly.
Do you know any workaroun for this issues..?
Thx in advance for all of you
Ps. Sorry for the photo quality, was really complicated take it, restart is really fast.
Rgds
Miguel Angel GarciaFederico, Many thx for your input.
I'm working on it but unfortunately same issue shows up everytime that i tried to install. This installer/SW is working ok on another machines.
I uninstall only the cisco security agent in order to use the vpn client and it's working. I know that use vpn client without csa is a huge hole of seccurity but will be the fastest solution for my user until i find out the root cause and a definitive solution. I will check with a contingency machine (same model) just with OS installed. I have the lastest version for VPN Cleint and CSA.
I will let you know how it goes...
Rgds -
Windows 8 Cisco VPN Client Issue
I connect to several of my customers with the Cisco VPN Client Version 5.0.07.0290 and all has been working fine. In the last week, virtually every Windows 8 machine has stopped working. The client connects fine, shows it's connected, but if I go to Status -> Statistics it just shows 0 in the Bytes Received and Sent. The Bypassed and Discarded increases, but I am unable to reach any system. Does anyone know what causes this or how to resolve it? This is a HUGE problem for me as all of the work we do for our customers is via their VPNs. Every non-Windows 8 PC still works fine. And these Windows 8 PCs have been working fine until just the last week. Browsing through, I've seen posts with this same issue, but none related to Windows 8 recently. They are all Windows 7, and my Windows 7 machines are working flawlessly.
Someone help!
Thanks,
BrianHi Brian,
IPSEC client on Windows 8 machine is not supported.
Cisco VPN Client 5.0.07 supports the following Microsoft OSs:
•Windows 7 on x64 (64-bit)
•Windows 7 on x86 (32-bit) only
•Windows Vista on both x86 (32-bit) and x64
•Windows XP on x86
VPN Client does not support the Tablet PC 2004/2005; and Windows 2000, NT, 98, and ME.
VPN Client supports smart card authentication on Windows 7, Vista, and XP. However, VPN Client does not support the ST Microelectronics smart card Model ST23YL80, and smart cards from the same family.
VPN Client supports up to one Ethernet adapter and one PPP adapter. It does not support the establishment of a VPN connection over a tethered link.
VPN Client 5.0.x is incompatible with the combination of Cisco Unified Video Advantage 2.1.2 and McAfee HIPS Patch 4 Build 688. To avoid system failures, uninstall either of these two applications, upgrade McAfee to the latest version, or use VPN Client 4.6.x.
To install the VPN Client, you need
•Pentium®-class processor or greater
•Microsoft TCP/IP installed. (Confirm via Start > Settings > Control Panel > Network > Protocols or Configuration.)
•50 MB hard disk space.
•128 MB RAM
(256 MB recommended)
•Administrator privileges
The VPN Client supports the following Cisco VPN devices:
•Cisco Series 5500 Adaptive Security Appliance, Version 7.0 or later.
•Cisco VPN 3000 Series Concentrator, Version 3.0 or later.
•Cisco PIX Firewall, Version 6.2.2(122) or Version 6.3(1).
•Cisco IOS Routers, Version 12.2(8)T or later.
you can get more information from following link:-
http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537
Regards,
Naresh -
Cisco VPN client is not working with 64bit OS, please let me know if there is any solution to use VPN client with 64bit OS
You need SSL VPN solution for 64BitOS , WebVPN - Anyconnect client - Any ASA5500
See this link for all your Q&A section
SSL/IPsec VPN Services for the Cisco ASA Series
http://www.cisco.com/en/US/prod/vpndevc/ps6032/ps6094/ps6120/asa_ssl.html
Details in SSL licensing
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e39_ns347_Networking_Solutions_Brochure.html
Clientless SSL VPN (WebVPN)
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml
See SSL VPN/Web VPN mid page down to learn different types of WebVPN/Annyconnect deployment scenarios
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
Regards
PLS rate helpful posts
Maybe you are looking for
-
How do I hide selection in Photoshop CC , while the ⌘+H is not working anymore?
Hi! I´m using now the finnish version of Photoshop CC. However, the good old ⌘+H shortcut for hiding the selection seems not to work anymore in Photoshop CC. And I cannot find the new shortcut for the command - neither I do not find the way to modify
-
Using javax.imageio in JSP
Hi I have a simple code snippet that I use to read in JPG/GIF image from a file and create a new image that is upside down . Here is my snippet. //create upside down image try { String imgPath = "\\images\\AINCC.gif"; File fImg = new File(imgPath);
-
Use of flat files in distributed architecture probs.
Hi Guiess, I am working in a module in distributed environment. Its client is swing application.I have a one doubt and the doubt is - I am making some flow chart sort of thing at client side and saving this work in a flat file (java property file/xml
-
ITunes not posting my reviews.
Greeeting to all! My first post and it's long so please bear with me. I have downloaded over 200 applications as well as hundreds of songs from iTunes. I recently noticed that alot of my reviews for applications are not being posted. They all abide b
-
Hi All, Right Now, we are transporting all KM documents to another new server. But we have some own CM (FSDB) repositories in current server that has many documents. If I want to move custom CM repository to new server, Is that possible o