Cisco Routers :: SA520W - Can't Access SSLVPN Corporate Connection
Feb 27, 2013
A new Windows 8 computer can't access the SSLVPN corporate connection.
When we try to access the SSLVPN website to download the launcher (you have to download the VPN launcher everytime for our configuration), you can log in and that's fine, and then you can click on the VPN Tunnel link, a popup shows up but it doesn't actually download the launcher. Solutions we've tried so far:
1) Reinstalling C++ Redistirbutable
2) Adding the site to trusted sites and allowing unsigned ActiveX controls
3) Removing all internet objects through internet options.
Is there anything else we can try?
View 3 Replies
ADVERTISEMENT
Oct 19, 2011
I have setup an SA520W and configured SSL-VPN for our small business. Everything seemed to go smoothly and I tested SSL VPN by logging in and playing around a bit which seemed to be fine. However, shortly after deployment I started getting complaints about it being much slower than our old VPN through the consumer grade router I just replaced. I investigated and tested with IE8 and Chrome on Windows XP 32-bit with several different machines, and in all instances it did seem very slow indeed. While looking around I noticed that the Task Manager under the Networking tab shows the SSL VPN connection as VirutalPassage at 64 Kbps. Going into Network Connections shows VirtualPassage under the Dial-up heading with device name Virtual Passage SSLDrv Adapter. Additional properties describe it as an ISDN channel. I have attached an image of the Task Manager pane.The router is running the latest firmware of 2.1.51. It is connected via a static IP that does not require a login, to our dedicated 5 Mbit / 5 Mbit ethernet over copper link to our ISP. We get great speeds and low latency through everything but SSL VPN connections. I haven't done anything fancy so the router certificate is the factory default. Currently we are using the existing 2 SSL VPN licenses that come with the router until we need more access, at which point I want to upgrade to the 25 user bundle. However, I don't feel comfortable upgrading until I get this resolved, because 64kbps simply cannot work for us for a VPN solution.how to configure the SSL VPN to not limit at 64kbps? My engineers are making fun of me for bringing us back to dialup, and I have to agree with them!
View 1 Replies
View Related
Sep 26, 2012
We have an ASA5510 with AnyConnect SSLVPN set up, which works great from remote locations. However, when I am inside the network, I cannot connect to this SSLVPN. I would like to be able to this for testing purposes; I have a VLAN10 that has ACLs so it cannot reach any private IP addresses, we use this VLAN for our guest Wifi network. I would like to be able to make AnyConnect SSLVPN connections from this VLAN, to test the VPN access without having to be at a remote site. However, since I don't want to change any settings compared to my remote site, I don't want to just bind the sslvpn to both outside and VLAN10 (by issuing the enable VLAN10 statement). [code]
View 3 Replies
View Related
Feb 9, 2012
We are using a SA520W as our primary router and have a fiber connection attached to the default WAN interface. We would like to improve our uptime using a secondary internet connection on the optional WAN interface.
We have bought a dovado tiny 4g router for this other connection. It acts as a dhcp server but the Cisco router does not get an IP from the dovado router. The router works as expected when connected to a normal computer. But somehow the cisco router doesnt get an IP.
I have also tried to set a static IP for the Cisco router but that didn't work either. The dovado router is setup do deliver ip in the range 192.168.0.2-254
View 4 Replies
View Related
Apr 3, 2012
I do not have a valid SSL Certificate on my firewall but I want to use SSLVPN.
If I connect to the IP adress and the SSLVPN Portal I can choose the sslclient launcher but after that I get a error that I need a internet explorer 64bit or that the active I was blocked because of a unsecure publisher.
View 1 Replies
View Related
Sep 25, 2012
I wanted to know if you can connect a Cable modem to a SA520W, then connect a RV082 to the SA520W?
View 5 Replies
View Related
Dec 14, 2009
I have a problem to configure a IPSEC VPN on the SA520W ( 1.0.39) with Cisco VPN Client (5.0.05.290). In the logs are following error:
ERROR: Could not find configuration for x.x.x.xERROR: Could not find configuration for x.x.x.xERROR: Could not find configuration for x.x.x.xERROR: Could not find configuration for x.x.x.x
View 9 Replies
View Related
Mar 21, 2011
I have a Belkin Wireless G Plus MIMO Router and had no problems connecting to corporate in the past until several months ago. I can connect just fine if I bypass the router and connect to the modem. I also have no problem if I go to places like Subway. There is no problem with the wireless internet connection, only a problem when I try to connect to corporate through the VPN.
View 3 Replies
View Related
Jun 28, 2012
connecting to separate private lans:
A) 192.168.1.x
B) 192.168.0.x
A is behind a Watchguard XTM25 11.5.3
B is behind a CISCO SA520W
Both have static public facing IP's.
B only has a IP based PBX system attached to it over a SIP ALG. (originally it was hooked up to the watchguard but they didn't play nice, but works great with the Cisco. Problem is the Cisco don't have all the features of the Watchguard)
A has all my users workstations attached. The issue is that computers on A need to talk to server on B for a desktop application to work. Since they are on separate subnets, it isn't working. The app itself still doesn't work by port forward/sNats, etc.
A & B are right next to each other, so cabling between them is not an issue.
Currently, I have a cable between the watchguard and the Cisco. The watchguard end is configured with a static private ip on the subnet A (the cisco side), and plugged into the lan on the cisco side. I have a policies to let all traffic flow freeley, and from the logs on the Watchguard, all A subnet traffic is correctly going to the Cisco via said cable.
But, nothing is coming back from the Cisco. So my question is, how can I get the Cisco to play nice with the other subnet and send traffic back to the B subnet?
View 1 Replies
View Related
Mar 19, 2011
Is is possible to set the port number for syslog eg 192.168.75.50:20514 ? i presume the protocol would stay udp
View 3 Replies
View Related
May 21, 2012
Looking for routing with an SA540 router connecting to corporate VPN.We have an odd configuration that is beyond the scope of what I have configured previously with these devices..I am trying to configure the routing to the additional IP addresses listed for the HQ. The VPN tunnel between the .26.120.x and the .17.0.0 networks is built however it does not appear to be routing. The Cisco administrator at the HQ site says that they have "fully configured the routing" from all the listed IP addresses back through the VPN tunnel. The options I am unsure of for configuration of the SA540 router are: GW - I believe that I use the internal IP address of the 17.26.120.x router.Is this logical since the VPN tunnel. We are using NAT for the firewall internally.The existing 3 172.26.x.x VPN tunnels are live and working and fully routing between themselves.
View 2 Replies
View Related
Sep 14, 2012
I have created an IPSEC VPN tunnel using a Cisco ASA5520 (corporate) to a Cisco SRP541W (remote). The corporate subnet is 10.1.0.0/16, and the remote subnet is 192.168.1.0/24. From the remote subnet, I can ping anything on the 10.1.0.0 corporate network, but I cannot ping from the corporate network to the remote subnet. At first I thought this was something obvious, perhaps an incorrect acl or something easy on the corporate firewall. However, we have several other vpn tunnels established, all set up the same, and they work just fine. After looking at it a bit more closely, if I ping the remote subnet I see the hit counter increment by one each time, which leads me to believe that traffic is in fact being routed properly.Now I'm thinking that something in the remote SRP541W that is not allowing icmp traffic, but I can't find it anywhere. To be honest I have never used this type of firewall before, they have all been Cisco PIX501/506e and ASA5500 models.
View 2 Replies
View Related
Apr 17, 2013
Our company just recently bought a CISCO SA520W Security Appliance from a distributor here in the Philippines. Unfortunately, after a month of use, the LAN ports on the appliance started losing power. We reported this to the distributor and they sent a CISCO engineers to check on the unit. The engineers found the unit to be defective and need to be replaced.
Three weeks after the distributor pulled-out the unit, I have followed-up the status with them. They told me that they got no definite ETA from CISCO for the replacement unit. I followed-up with them again after a week. This time, they told me that the device is already in transit and it is coming from CISCO USA but they still don't have an expected time of arrival to give me.Does it really take more than a month for CISCO to replace a brand new defective unit? The serial number of our appliance is DNI1610G0G7.
View 1 Replies
View Related
Jun 11, 2012
I am trying to connect to my office wifi which uses a proxy server. Scenario 1: I am using Samsung Bada (wave 1), connected to the internet successfully and also any applications that require an internet connection including Samsung's app store. While, connecting via open networks like home wifi and other friends' wifi also worked without any issue. Scenario 2: Now I also have an android based Galaxy pocket: even after entering all the required proxy setting as mentioned above, I can access websites via browser but cannot access samsung's app store, google's play store, skype, sipdroid etc. I know it is nothing to do with the network administration as I am still accessing via my samsung wave but not via android. Is there anything like a network profile I need to assign for these applications?
View 1 Replies
View Related
Sep 30, 2012
Looking for input on creating a guest VLAN for a client. The goal is to create a guest VLAN that doesn't have access to the corporate network using one DSL modem. They currently have a managed switch (3COM Baseline Switch 2928-SFP Plus). There are no existing VLANs or guest access. Additionally, they are looking for a WAP that supports captive portal.
View 10 Replies
View Related
Mar 14, 2011
I am having trouble with routing in PIX501.I have one Pix 501 and one Cisco router.Cisco Router is configured for IPSEC VPN ( LAN interface 172.19.194.1) and PIX is configured for access the internet.Default gateway of Pcs in LAN are PIX inside interface ( 172.19.194.2) but people are unable to access to corporate network but can access the internet.If i set default gateway to Cisco router LAN interface ( 172.19.194.1)then i can access to corporate network.Purpose is to pass the internet traffic using PIX 501 and corporate network traffic using Cisco router.
View 6 Replies
View Related
Aug 7, 2011
Trying to access my corporate VPN. My laptop can successfully VPN in anytime I'm on the road, but not through my WRT54gx at home. I've enabled the VPN pass through but my expertise ends there.
View 1 Replies
View Related
May 9, 2012
I have a cisco 877 configured foir lan to lan between sites A and B. I have used vlan 1 but looks like i have to bvi1 if i need to use the wireless,what is the difference between bvi and vlan. if i wanted users on the same vlan and wireless what would be the base config ? at the moment all corporate traffic goes to site A and other traffic goes to internet. now would i be able to create two ssid, one for corporate to access corporate subnets and the other for guest access alone where the traffic goes out to the internet.
View 1 Replies
View Related
Nov 24, 2011
I want a simple remote client-initiated VPN for employees to access corporate resources from home simultaneously with being able to access the internet. I am using CCP and seem to have several options including Easy VPN server, SSL VPN. I also can choose "Full Tunnel" or not.I have a 2911 router. I have a static range of internet IP addresses. The router is already functioning with inside to outside and outside to inside NAT, etc.
View 1 Replies
View Related
Jun 19, 2012
I have a Linksys EA4500 setup on my corporate network for wireless access. I have enabled the guest network and from all I can tell it's on a seperate subnet from my internal network like it should be. 192.168.x.x My internal is on a 10.x.x.x network. I conenct to the guest network using a laptop and I'm prompted for a password to get to the internet, which I like. The one issue I'm seeing is when I'm connected to the guest network I can still do an RDP session to internal resources. How is this possible if the guest network is on a seperate subnet?I take a laptop which has not been joined to my domain, connect to the guest ssid, and then open an RPD session and enter an IP address for an internal server and it connects. Is there a setting to keep this from happening
View 6 Replies
View Related
Apr 25, 2011
I enabled SBL on ASA 8.4, anyconnect client is Win-XP, everything worked as expected, but some users do not want to see SBL logon screen before windows logon because often times they will need to login before they can get network connection. So I modified profile.xml's following line from
UseStartBeforeLogon UserControllable="false">true</UseStartBeforeLogon
to
UseStartBeforeLogon UserControllable="true">true</UseStartBeforeLogon
the new profile is downloaded to client machine's anyconnect vpn profile fine, yet still users see VPN logon screen before Windows log on, "Connect on startup" is un-checked on Anyconnect VPN client, client machines rebooted multiple times, Anyconnect VPN client was removed and re-downloaded from scratch, no change ... What else do I have to do? I certainly can create a new group-policy/tunnel-group for those users without SBL, but that is far from an elegant solution.
View 7 Replies
View Related
Sep 25, 2012
I have configured SSLVPN on a asa5520 with aaa and certificate authentication.Both authentication works fine,but I find the client users can use any others' certificate to authentication,I want to binding the aaa account to user's certificate.everyone must use their own certificate.
View 1 Replies
View Related
Feb 10, 2011
I'm having some troubles with SSLVPN connectivity. I've setup SSLVPN at one site and it works great with web access, file share, RDP plugin etc. at the local LAN on that site. But I also would like to reach another site (connected with an IPSEC tunnel). Is this possible? if it is, how do I do it?Both firewalls are ASA5505, one 8.31 and one 8.22 Just a note, it works to connect with IPSEC client and reach the remote site just fine.
View 8 Replies
View Related
Feb 7, 2011
Is It possible to hairpin clientless SSLVPN connections (ASA5510)? I'd like to create a portal that allows a user to log into the central clientless webpage and access RDP/VNC resources at remote sites connected via site-to-site VPN. Initial testing shows the user can access resources at the hub site, but not the spokes. I have the standard:
same-security-traffic permit inter-interfacesame-security-traffic permit intra-interface
...entered on the ASA.
View 2 Replies
View Related
May 19, 2013
I'm trying to setup a SSLVPN Portal for our customer which will authenticate against Active Directory using LDAP over SSL and with the portal have the ability to change password if it has expired. I have managed to setup everything now except for the password reset which is giving me a headache. This is the message that's presented by the portal when i try to change the password even though the same password works when i change it on a PC instead of using the portal.
"Cannot complete password change because the password does not meet the password policy requirements. Check the minimum password length, password complexity, and password history requirements."
And below is the output of ldap debug on the ASA5510 the Portal is running on.
[473] Session Start
[473] New request Session, context 0xadbe760c, reqType = Modify Password
[473] Fiber started
[473] Creating LDAP context with uri=ldaps://x.x.x.x:3269
[473] Connect to LDAP server: ldaps://x.x.x.x:3269, status = Successful
[473] supportedLDAPVersion: value = 3
[code]....
View 5 Replies
View Related
Mar 11, 2013
We already know that ASA 9.0 supports site-to-site VPN in multiple context mode. But remote access VPN isn't supported. Obviously, SSL-VPN is a very important feature for most multi-tenant deployment scenarios where each context acts as a border firewall towards the Internet for each tenant. The alternative to terminate all tenant remote-access VPNs in one context means that each tenant would have to be routable from the ASA, which of course isn't a reasonable requirement in most cases.
So, what I'd like to do is to deploy an ASA cluster, and provide remote access VPNs for each tenant, where the connectivity for each remote access group can be addressed with whatever IP address space, and that goes into it's own VRF in the back-end.
As far as I can tell, this isn't doable with the ASA, since multiple context mode prohibits the use of remote access VPN, and I can't think of any other work-around than either having individual firewalls running in single context mode for each tenant, or demand that all tenants are interoperable routing-wise and configure a separate ip address pool in a single context mode for each tenant.
Essentially, there's no good way to implement this with multiple virtual firewalls, using cisco firewalls?
View 1 Replies
View Related
Jan 16, 2012
Has any else encountered the SSLVPN not functioning on a Windows client AFTER installing KB2585542? If we install the update, we can't use SSL VPN with the AnyConnect client until the update is removed.
View 12 Replies
View Related
Sep 11, 2012
We are starting to deploy SSL VPN in our company and we recently purchased two ASA 5510 firewalls. I have already completed the initial configuration but I do have some inquiry on how to have it configured properly.
1. Employees and clients will access the URL
2. They will select the appropriate group on where they should login.
3. Enter credentials, etc.
4. Username/Password authentication is via RADIUS. The usernames were all created in Cisco ACS 5.3.
My challenge is, we have several clients and all their usernames were created in ACS5.3. Meaning if the configuration is just being differentiated by group settings, clientA can select the profile of clientB and still get authenticated. If that happens, they will be able to access the resources of each other. Also in the future, we will be deploying 2-Factor authentication for some of our clients.
View 4 Replies
View Related
Jan 7, 2013
is it possible to make a VPN Connection with my Ipad and a WRV200 Vpn Router ?? The WRV200 is in my Company and i can start a VPN Connection with my Laptop. So this works. But is it also possible with my Ipad, so that i can get access to my NAS (Which is in my Company also)??
View 1 Replies
View Related
Jun 12, 2011
when a user login into the Cisco ASA Firewall (v8.3.2) via WebVPN, and accesses the applications. This works fine. In fact, the user can also create bookmarks etc.The problem here is when this user signs off and another user signs in via WebVPN, on the same PC or even on a different PC, this new user can view the screen viewed by the previous user. Basically, even though certain users can view only certain applications, but in my case, not all the time, but most of the time, users logging into via WebVPN can view someone else's profile application.
I suspect this is due to cookies or cache but I'm not sure myself. What can I do to resolve the problem.Currently, this issue is being resolved via a lousy manner i.e. we go to the SMB location and we clear the .CSP file manually, which is not the correct way to address this issue.
View 1 Replies
View Related
Jan 21, 2011
I have 2 WAP54G AP. I have office with internet connection near my home. How to connect these access points so i can get access to internet from home, but don't won't to anyone else can access that.
View 1 Replies
View Related
Nov 15, 2010
So here is my issue. I have two sites, each with a Linksys RV042 on thier site.
Site 1:
External: 142.142.142.142
Internal: 192.168.25.0/24
Site 2:
External: 143.143.143.143
Internal: 192.168.26.0/24
We have setup a site-to-site VPN between these sites, and all traffic is running back and forth without isse.
At Site 1 we have configured the Client VPN for use with the QuickVPN software. Again, for site 1, this is not an issue. We are able to access all internal resources at Site 1 without issue (expect for some DNS related problems).
The problem that we have is attempting to access Site 2 resources via the QuickVPN connection at Site 1. Even though they are not suppose to exist, we are able to ping 192.168.26.1-6 (which are ghost addresses likely created by the RV042's) but no actual systems on at Site 2.
I have added the Client VPN connection at Site 2, but it has the same problem accessing resources at Site 1.
View 6 Replies
View Related
Jun 27, 2012
We have an RV016 (hardware version 2, firmware version 3.0.2.01) behind a cable modem. Attached to this RV016 is a switch to which our other devices are connected. Among those is another switch, a wireless access point and our VOIP phone system.
The issue with this setup seems to be as follows:
The Mac machines at our office seem to be unable to get internet access reliably. What we have observed is that a connection to the wireless access point is made. Google will load fine, then when performing a search it comes back with either a dns lookup error or just says that the site can't be found. Sometimes sites will load just fine, sometimes they don't. Our Windows or Ubuntu machines in our office hardly ever have that issue, but they do on occasion. Essentially internet is usable on Windows and Ubuntu, but not on a newer Mac. Mainly three Macs are affected that run a newer OS. Two other Macs (older OS) seem to be fine. My coworkers (who have that issue at work) report that at home they do not.
The DNS servers on the router were set to our ISPs addresses. I have since changed them to opendns servers. The issue persists.
When connecting a MacBook directly to the cable modem, everything works fine. Since we are using NAT, I do need to use the router. There are devices attached to it that these users need to be able to get to.
View 10 Replies
View Related
