Cisco :: 5.1 Secure Services Client (SSC) For Windows 7
Dec 8, 2010
The organization that I worked for purchased large number of Cisco Secure Services Client Licenses for Windows XP. Now they have plans to move to Windows 7. Reading different discussions, I know that SSC ver 5.1 does not work with Windows 7. My questions are:
1) Will there be a new SSC for Windows 7? Will we be able to configure the pre-package for installation with the new SSC?
2) Can we use the existing SSC ver 5 licenses with the new SSC for Win 7?
I am having a problem configuring SCEP for my secure mobility client. I have created a connection profile to allow certificate requests but when I fill in the step-forwarding-url field I get an error. The CA we are using is an internal MS CA with SCEP already enabled. This has been configured for a long time with our current Cisco VPN client using certificate authentication. The ASA is running 8.4.1.Here is the error I get when I try to enter the command into the group policy associated with my certificate enrollment connection profile: group-policy SSLGP attributes. url...
I had an odd occurrence today on my network. One particular desktop running Vista could not access secure websites (httpsremoved the DHCP lease on my server (Windows 2008), let the desktop pick up a new address and all is good nowThis is a production network (domain) environment
We currently have an ASA 5505 Firewall with VPN services configured. The system is running ASA Version 9.0.0 and ADSDM 7.0.2. I installed the "Cisco AnyConnect Sercure Mobility Client" Version 3.1.01065 on my Windows 7 Ultimate PC. When I try to connect to my VPN service I ge the following message:
Security Warning: Untrusted VPN Server Certificate! AnyConnect cannot verify the VPN server: XXX.XXX.XX.XX
-Certifiate does not match the server name -Certificate is from an untrusted source. -Certificate is not identified for this purpose.
Without purchasing a certificate from a 3rd Party vendor, is it possible to register a "Self" generated Certificate to get rid of this message? If so are there any "Detailed" (e.g., simplified or not in Cisco-eeze language) instructions on how to setup the Firewall to "push" the certificate to the VPN client so the message doesn't come up for the user?
VPN client 5.0.07.0410 on Windows Vista sp2 when I try to connect to my cisco 851.Secure VPN connection terminated locally by the client Reason 412 The remote peer is no longer responding.I turned on debug crypto isakmp and debug crypto ipsec no information displayed on the console.I was a lot futher before but now do not know where to turn.
I need to activate AnyConnect SecureMobility client on an IPAD. I have an ASA with the below feature licenses:
[code]...
This platform has an ASA 5520 VPN Plus license
As I've understood that I need the ASA-AC-M-5520 license for each IPAD used but they mentioned that we need also the Essential or premium license to be activated on the ASA as well. As shown above, I have the "VPN Plus license" activated on the firewall.
Will the RV042 work with theAnyConnect Secure Mobility Client app? If so, is there and app note available? If not, which routers wil work with this app?
The problem is.....When I log in, the client does its start-up bit, and then displays a "This certificate is intended for the following purpose(s):" message. If I decline the certificate, it gives me the error message shown in the image, but I can otherwise continue and establish my VPNs with no problem.
Unfortunately, the certificate it selects has nothing to do with my organization ( in fact, the certificate is for "*.whitepages.com" - see images). To make matters worse, I can not find this referenced certificate anywhere under my user context in Windows.
I have tried removing, rebooting, and re-installing - it does no good.How do I force the client to stop using this incorrect certificate, and to at least use one that belongs to my organization?
Windows clients work fine. When loaced from safari in Mac OS, it also works fine. -- If I browse to the url, like vpn.xxx.com/profilename, I can login and anyconnect will start and connect automatically. Only when run from applications > Cisco > Cisco Anyconnect Secure Mobility Client, I will get this failure. Is this a configuration issue?
We are using an ASA 5520, running 8.4(3). We have users running the AnyConnect Secure Mobility Client 3.1.02026. I have the AnyConnect connection profile configured to authenticate users using LDAP over SSL. I enabled the password management and am able to get password change prompts to appear in the AnyConnect client. However, new passwords are rejected and changing passwords through that prompt does not work. I'm not sure what the cause of the problem is, since LDAP over SSL is enabled and working, which is required for the password management feature
I have a Pix 515E with a VPN setup. I recently tried to connect Cisco VPN Client and get the following error: "Secure VPN Connection terminated locally by the client. Reason 412: The remote peer is no longer responding" I have previously been able to connect to this VPN using Cisco VPN Client without issue. Below is a copy of my config and VPN Client log & debug logs from Pix. We have Newwave Communications Cable internet, which i just found out the the ISP has recently implemented DOCSIS 3.0. (i'm not sure if that matters).
******************************************************************************************************************************************* pix1(config)# sh run : Saved : PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0
I'm running Cicso AnyConnect Secure Mobility Client v3.0.07059 for work. Attached is a sceenshot of my network connections. I'm currently hardwired on my network connection and the Cisco VPN is a virtual adapter but is shows "network cable unplugged."
I installed LMS 4.0.1 and every module works from the local server. Http login from a remote system, topology services does not start, complains about java version. I followed the link to install the java version, it then complains about some Ansiserver stuff.
the client os is win7 64 bits, eplorer version is 7.
a workstation on our domain running windows 7 64 bit downloaded updates from microsoft. There was about a hundred of them. Since they installed the machine won't connect to the network shares. It can access the internet easily enough. The Workstation Service won't start. It comes up with an error 1068: The dependancy service or group failed to start. I used System restore to go back before the updates and everything worked again. Installed the updates and the problem re-appears. I have 2 wireless network adaptors so I disabled one.
I need to access a shared folder over a VPN connection. Very simple host network: no Microsoft server, no AD. Just a WRVS4400N router and a peer-to-peer network.
Purchased a second WRVS4400N router to create VPN from SOHO and configured via VPN Setup Wizard.
When at the office, I can map a drive letter to a share on the other computer, as follows
net use f: \192.168.1.111MyShare /User:MYSELF mypass
However, when try same command over VPN, I receive the response:
System error 53 has occurred. The network path was not found.
I also cannot net view the other computer -- same error. However, I can successfully ping 192.168.1.111.
More info:
Routers have latest firmware.
Over VPN I cannot browse network via Windows Explorer (Win7 Network Neighborhood shows only my own PC. In the office I can see the other computer and the NAS appliance "NAS01").
I also cannot connect by entering \192.168.1.111MyShare into Windows Explorer's address bar (although I can do that successfully when at the office), or by choosing Map Network Drive from "Computer".
However, over VPN, I can get into NAS administration via https://192.168.1.3 and I can print to the office TCPIP printer (192.168.1.222)
WDS allows you to capture and deploy images on a network to client pcs. I Was wondering how many images wds allows you to capture and deploy and if there were any work a-rounds that would allow you to deploy more.
I am trying to configure interface vlan1 to get an ip address from dhcp by entering the commnad ip address dhcp ios rejects the dhcp portion of my command as not recognised although it is referred to in Cisco manuals.my IOS version is c2950-i6k2l2q4-mz.121-22.EA14.bin.I get the same problem when I try to configure ip http secure-server on the switch. Is this a known bug or whether I have the correct IOS version for these commands?
I recently got a new laptop with Windows 7 running 64bit OS. Setup the laptop with no firewall and no Antivirus programs. After installing the Any connect 2.5 VPN application I was able to successful connect to our ASA. I noticed if my laptop went into standby mode or if I rebooted the laptop the "Cisco Anyconnect Agent" is not running under service even though it is set to Automatic.
I have uninstalled and reinstall with no success and have even tried the new version 3.x with the same result. If I go into services and start the anyconnect agent I can launch the application and connect to my company with no problems. I was able to replicate this issue on a co-workers new laptop running Win7 64 that has no applications on it.
i'm using some catalysts 3560 with 10 VLANs and inter vlan routing. we use a windows deployment services server to install our workstations. the pxe boot works fine. the image is loading, and when the windows 7 PE is booting, the dhcp request failes. when i use a small not manageable switch between the computers and the catalysts, it works fine.all other things work fine.
My laptop suddenly stopped being able to conect to my home wifi router. It stays at "waiting for network to be ready" while at the back the wifi list stays at "acquiring network adress" for a couple of minutes and then resets to regular disconnected status.All my other wireless gadgets at home can connect with no problem whatsoever.Wifi strength is great and, when disabling security, the laptop connects without a hitch and very quickly. I tried all possible security combinations the router can give me, always using a second wifi device to check if connection and browsing was possible.i tried everything I googled: drivers, firmwares, ipconfig reset renew, started and stopped services, to no avail.
We have recently implemented Windows Deployment Services on our local network, but everytime we do a multicast image deployment the network get flooded to point of total saturation.
We have Netgear switches and a Cisco 2800 series router. IGMP Snooping has been enabled on all Switches, however, we are unsure on how to implement multicasting on the router.
The whole network is flat - no VLANs over than the default VLAN1. We only want multicasting to work within our local network and does not need to go out the other side of the router as that is the connection to the internet.
How to get the Cisco router configured properly to enable multicasting to not flood the network. It seems that even if we were to image 4 PCs using multicast this is enough to completely get the network flooded.
Also, am I right in thinking that IGMP needs to be enabled on all of the Switches?
My laptop suddenly stopped being able to conect to my home wifi router. It stays at "waiting for network to be ready" while at the back the wifi list stays at "acquiring network adress" for a couple of minutes and then resets to regular disconnected status. All my other wireless gadgets at home can connect with no problem whatsoever.Wifi strength is great and, when disabling security, the laptop connects without a hitch and very quickly. I tried all possible security combinations the router can give me, always using a second wifi device to check if connection and browsing was possible.I tried everything I googled: drivers, firmwares, ipconfig reset renew, started and stopped services, to no avail.
How can I change my ip address on windows 7. Someone hacked my computer before and now im afraid that he will do it again. I want to secure it by changing my ip address..
I've got an office network that I would like to add a NAS drive to in a Windows 7 environment.
However, I want to make sure the NAS is both encrypted and password protected on the network to make sure someone doesn't just walk off with our company data (by taking the whole NAS with un-encryped info) or logging on through our network.
What would be your recommendation for a NAS setup that would offer total data encryption, great security from non-authorized people on the network, and 100% Windows 7 compatibility?
We have a pair of ACS 4.1 servers (Windows Server 2003 R2). Let's call them ACS1 and ACS2. We don't want either one of them to proxy to any AAA server, including each other. We're using mostly TACACS authentication.
While troubleshooting a general problem, I'm guessing that one of us did this on ACS1:
pressed the Network Configuration button,saw the Proxy Distribution Tableclicked (Default)moved ACS1 from the AAA Servers column to the Forward To column. So, essentially, we're telling ACS1 to proxy all requests to itself, which doesn't seem to make sense. I don't know for sure whether it should work when configured to "self proxy," but in that state, it does not authenticate anyone and gives merely "Internal error" as the reason.
If I change the configuration so that "ACS2" appears in the Forward To column, and I move "ACS1" back to AAA Servers and restart, ACS1 starts responding correctly to TACACS requests. Of course, ACS1 is just proxying all requests to ACS2, so having two servers isn't doing much good.
I cannot simply remove ACS1 from the Forward To column and leave it empty. The interface complains that it can't forward to zero servers. Of course, on ACS2, there are no servers in the Forward To column, since we never touched the Proxy Distribution Table there.
Is there any way to return the Proxy Distribution Table to its default setup, that is, no servers appear in the "Forward To" column?
We're planning to upgrade to version 4.2 very soon, so this question is mostly academic, unless the same problem exists in 4.2.
For full disclosure, I should mention that the problem we were troubleshooting was loss of connectivity to our Windows Domain Controllers from our ACS servers. We had missed adding some exceptions in our firewalls to allow for four new DCs. As far as we can tell from testing, connectivity to the DCs is now fine. The firewall rules group ACS1 and ACS2 together, so connectivity should be the same, and ACS2 authenticates users correctly.
I am about to re-install Windows ME on an old Dell Dimension 4300. The computer is connected to the internet via a 2Wire 3600HGV DSL modem/router.
Do I need a software firewall? Or is the router sufficient? Is antivirus software necessary if I don't download anything? It will be part of a local LAN, so I don't want to jeopardize any of the other PCs on the home network.
NOTE: I'm looking to run some older (non-DOS) computer games that don't run well (or at all) on XP and newer systems.
NOTE 2: When I say 'secure', I'm not looking to actively browse the web on the machine. I was curious as to what risks I be facing if I simply had this PC connected to my local network (and thus the internet).
i've been using a VPN to connect to my home network from elsewhere for a few months. It's set up as follows:
PPTP Maximum Strength Encryption EAP-MSCHAP-v2 Authentication
Now I find out that MSCHAPv2 authentication has been broken and is no longer considered secure (even by Microsoft), so I want to change the protocol I'm using to make it secure.
However, I've spent 3 hours now researching this and I cannot for the life of me figure out how to use a better protocol on my Windows Server 2012 home server. I've tried setting up PEAP authentication (still PPTP) a la Microsoft's recommendation document, but it requires a certificate. I've created a self-signed certificate but it seems I can't issue certificates (via this method) without being a member of a domain, so I'm stuck. I can't even get started with L2TP since I can't find the option for it.
My question is this: Is there a way to setup a secure VPN server using Windows Server 2012 without a domain? If so, how do I do this?
I installed on 2 different PCs (Win7 64-bit) the Cisco VPN Client 5.0.07 with the same VPN profile for 2 different users. We use an ASA5505 (8.0(5) sec plus license) as the VPN end point for the clients. The VPN Clients can connect simultaneously to the ASA, they receive the split tunnel infos but only ONE client can ping the internal network ip range. The other one has no access to the internal resources! When they separately try to connect, there is no problem. Each of them can reach the internal net.On other 2 PCs (Win 7 32-bit) the clients have no problem reaching the internal net (simultaneously connect).
I have a client that has a 5505 installed. They want to VPN in with their Win7 laptop, but they don't want to shell out $1000 for the 10-pack Cisco VPN client.I have successfully setup the clientless VPN, and they can, through a browser, get to their files, but they'd like to map network drives so it's just like they're in the office.I tried setting the IP Sec up on the 5505, and then using the built-in Win7 VPN network connection, but no go.I also do everything through the ASDM, but I realize some things cannot be done. I'd prefer to use the ASDM!Anyone else get this configured? 99% of what I see out here is how to connect the 5505 for site-to-site VPN.
Client connects to PIX 501 but cannot see the LAN in Windows Explorer.Devices can be pinged by IP and hostname (netbios name)I can navagate to a server by typing in \servername.Why can I not get a resolution from Cisco techs? [code]
