Cisco VPN :: ASA 5505 - Can't Connect Using AnyConnect

Jun 1, 2012

I just installed a new asa 5505 and I had to configure the asa myself until my smartnet is activated and the asa is up and running  on my network, however when iI try to connect using cisco anyconnect it  fails and I get this error. What is wrong with my  configuration?

ADVERTISEMENT

Cisco VPN :: Set Up AnyConnect On ASA 5505?

Mar 15, 2012

Set up AnyConnect on my ASA5505? I have my VPN access working properly through the Cisco client however I want to be able to use the clientless program as well  that is available.

View 6 Replies View Related

Cisco VPN :: To Setup Anyconnect On ASA 5505

Aug 31, 2010

To set up AnyConnect on my ASA5505? I have my VPN access working properly through the Cisco client however I want to be able to use the clientless program as well  that is available.

View 1 Replies View Related

Cisco VPN :: 5505 - AnyConnect Using NAT Instead Of Routing?

Sep 4, 2012

I have a CIsco ASA 5505 with the default license that only allows the use of 3 interfaces (inside, outside, DMZ).  I'm already utilizing all 3 but I'd like to configure the AnyConnect Client VPN stuff.  I know with solutions like OpenVPN you can configure it to use NAT instead of actually giving it an interface with a different network and configuring routing.

View 6 Replies View Related

Cisco VPN :: AnyConnect Connectivity With ASA 5505

Dec 20, 2011

I have an ASA 5505 and i recently for some reason cannot connect to the VPN using anyconnect.Usually users would connect using the Anyconnect URL with the configured port number:  https://publicipaddress:8443
 
Right now we are getting "page cannot be displayed" since it doesn't connect to the Anyconnect URL page.
 
I haven't done any recent configuration for this to have failed. I have checked the and both ports 443, and 8443 are allowed in the firewall. NAT is also allowing an exemption for the VPN Pool.

View 2 Replies View Related

Cisco Firewall :: Which AnyConnect Version On 5505

Sep 23, 2012

What anyconnect version do I need on a 5505 so i can have people connect via iOS devices? Right now I have "anyconnect-macosx-i386-2.5.1025-k9.pkg" on there, will that work for iOS devices?

View 7 Replies View Related

Cisco VPN :: ASA 5505 Anyconnect Client NATing

Feb 19, 2011

We have a RA Vpn split_tunnel setup in one of our locations which is working fine in all areas except for traffic destinged for one specific website using https.  This vendor only allows the HTTPS connections to them to come from certain outside IP addresses. ssentially it should work like this:RAVPN_client (10.4.4.0/27) --> https request to vendor_ip (208.x.x.x) ---> ASA55XX --> NAT_to_outside_ip --> https request to vendor_ip (208.x.x.x) need to understand how you would go about NATing ONLY this specific https traffic from the RA VPN while not having to alter the setup otherwise. Internal hosts (aka behind the ASA physically) do not have any issue getting to this site, as its nat'd to the outside ip address as we expect.Here is what we are using for the NAT Exemption list he 10.2.2.x, 192.168.100.x and 172.23.2.x are other remote sites that we have. RA VPN users are using the 10.4.4.0/27 do not have any issues connecting to them, no matter the protocol.

View 3 Replies View Related

Cisco VPN :: AnyConnect With ASA 5505 Stopped Working

Sep 26, 2012

I was installing a IIS server to our client and created access - rules for http server and port translations. After that i noticed i lost local lan access trough vpn.  Anyconnect and ipsec vpn. No other changes made to asa than those access-rules and nat changes. I'm trying to find out what is wrong, vpn connects okay, i can ping ASA but nothing else on inside network (for example dns server). Dns is not either working. When i ping local server, i can see in log.

View 8 Replies View Related

Cisco VPN :: ASA 5505 Anyconnect Language Translation

Apr 26, 2012

I'm having a problem with the language translation for anyconnect.here's my setup:
 
-asa 5505
-asa version: 8.4(3)
-asdm version 6.4(7)
-anyconnect essentials
-anyconnect webdeploy: anyconnect-win-3.0.5080-k9.pkg
 
The anyconnect client is deployed by the asa using the webdeploy.my client machine is a windows 7 with regionnal settings set to french (canada).I added the language localization transform files for web deploy (the mst for french) to my asa using the asdm:remote access VPN -> network (client) Access -> anyconnect customization/localization -> Localized Installer Transforms -> add the french mst.

View 1 Replies View Related

Cisco Firewall :: 5505 When Upgrading To Use Anyconnect

Jun 29, 2011

I have a ASA5505 with the Sec Plus license on it. This allows 25 VPN peers at any time according to the show version output:

Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 25
WebVPN Peers : 2
Dual ISPs : Enabled
VLAN Trunk Ports : 8
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2

This platform has an ASA 5505 Security Plus license.

1.)As far as I understand this means RA users and peer2peer combined?

2.)I need additional RA clients to be able to connect in at any time, as far as I know there is no way to allow more IPSEC clients then this due to hardware limitations?

3.)If I go for the Anyconnect option (10 users license), does this then mean that I can use the 25 IPSEC VPNs and at the same time have users using the 10 SSL Anyconnect VPNs at the same time?

4.)Which Anyconnect license am I supposed to buy if this is the route I go, the clients will all be connecting from their desktops most of the time?

5.)Is it difficult to set up?

View 4 Replies View Related

Cisco VPN :: 5505 - AnyConnect Access To Inside IPs

Sep 13, 2011

I'm having problems getting AnyConnect clients to reach a server (192.168.139.3) on the Inside interface of my ASA 5505.  Ideally, this would be accessible from the DfltAccessPolicy or another dedicated policy, but right now I'm happy with any access.  Everything else seems to be working as expected.  I've rebuilt this config a number of times without success.  I can ping the IP from the ASA itself.

View 2 Replies View Related

Cisco VPN :: 5505 AnyConnect Mobile License

Mar 22, 2013

I have ASA 5505 (8.4)I set up SSL AnyConnect VPN. I am able to connect from PC and MAC desktop computers using AnyConnect client but when I try use mobile device I am receiving error.Do I need buy the L-ASA-AC-M-5505=license?I see in description Platform: WindowsMy question is would it work with Apple mobile devices (iPhone, iPad)?

View 1 Replies View Related

Cisco VPN :: ASA 5505 - AnyConnect Traffic Is Being Dropped

Feb 1, 2011

So I have an asa 5505 running ipsec and anyconnect and it has been working great for months. I have not made any changes to the config, but suddenly all of my anyconnect traffic is being dropped. The vpn uses the same subnet as the LAN. I tried putting a rule in to allow all traffic from the LAN subnet on the outside interface. Now I just get the WEBVPN-SVC Action-Drop in packet tracer.

View 1 Replies View Related

Cisco VPN :: ASA 5505 / AnyConnect Access Over L2L IPSec VPN?

Aug 3, 2011

I'm trying to connect two ASA 5505s for a IPSec L2L VPN.  They can connect, but not pass traffic from the AnyConnect subnet. I've added the config from ASA-2, with the LAN subnet of 192.168.138.0 and a subnet of 192.168.238.0 for AnyConnect client.

I'm trying to get the AnyConnect Clients access to the 192.168.137.0 LAN behind ASA-1 at 1.1.1.1.  Having both 192.168.238.0 and 192.168.138.0 both access 192.168.137.0 is acceptable.

There's probably a lot of cruft in this config, as I've been reading all over forums and docs without much success.

:
ASA Version 8.2(1)
!
hostname asa-wal
names
name 192.168.238.0 anyconnect-vpn
!
interface Vlan1
nameif inside

[code]....

View 7 Replies View Related

Cisco Firewall :: 5505 Anyconnect With IPSEC

Sep 27, 2012

A customer has a 5505. According to the datasheet the limit of IPSEC sessions is 25 and the limit of anyconnect sessions is 25. Does that mean I can have 25 IPSEC tunnels and 25 Anyconnect tunnels at the same time? The customer needs at least 50 concurrent tunnels on his ASA. Am I understanding it correctly?
 
I was thinking the customer could pay for the anyconnect essentials license and connect his anyconnect clients to the ASA. Is that a good option to get the 50 concurrent clients connected?

View 1 Replies View Related

Cisco VPN :: 5505 Local Users Authenticate To AnyConnect

Jul 16, 2012

I am trying to configure a Cisco ASA 5505 so that users can authenticate via Radius or via a Local account using the Cisco AnyConnect client.  In the AnyConnect Connection profile, the basic tab, it has Authentication Method.  We have this going to an AAA server group with Use Local if Server Group fails option is checked.Each time, I see where the user has failed while attemtping to log in to the domain via the radius servers and thus bypasses the local user database all together.       

View 3 Replies View Related

Cisco VPN :: Anyconnect Client Attempts Failing To ASA 5505

Apr 15, 2013

I already have traditional IPsec VPN access working just fine through this device.  Users connect and authenticate using a windows AD server for RADIUS and everything works great.  However, the customer wants to use AnyConnect instead of the traditional VPN client.  So I added a SSL connection profile (the anyconnect essentials feature is enabled on the device) and told it to use the same IP pool and RADIUS server group as the IPsec clients.  I used the ASDM wizard to configure it and had no issues completing the wizard. when trying to make a connection to the webvpn portal I get a 404 error instead of the client portal.  Also when trying to connect with the Anyconnect client, I get the usual "Untrusted VPN certificate" warning, but the connection attempt fails when I click through it.The strange part is when I look at the issued certificate in the browser or the client, it's showing me the certificate from the RADIUS server. Why is it looking there for certificate and more importantly, why does it care at all about a certificate when I've specified in the connection profile to use AAA to authenticate?

View 1 Replies View Related

Cisco VPN :: 5505 Java Error During AnyConnect Install

Feb 24, 2012

Just installed an ASA 5505 with AnyConnect Essentials.  AnyConnect installation works fine on some windows boxes (All flavors) but have a couple machines with issues. This makes it clearly a computer side issue.  When I try to log into the ASA to download the client with IE 9 the ASA just keeps asking for my logon credentials.  If I I use Firefox my credentials work and I get as far as the "Using Sun java for installation" with instructions to click yes on the java security warning.  The Java Security warning never arrives like on machines that don't have this problem. Firefox just hangs and has to be killed by task maanger. Remove and reinstall of both Java and Firefox fail to correct the problem.  Any AnyConnect clientside recovery tips beyond Java and Browser reinstall? 
 
A Google search show a few folks using Ubuntu and old PPC Macs seeing the same java error I get on these couple of windows boxen. [code]

View 2 Replies View Related

Cisco VPN :: 5505 AnyConnect Secure Mobility Client

Nov 11, 2012

We currently have an ASA 5505 Firewall with VPN services configured.  The system is running ASA Version 9.0.0 and ADSDM 7.0.2.  I installed the "Cisco AnyConnect Sercure Mobility Client" Version 3.1.01065 on my Windows 7 Ultimate PC.  When I try to connect to my VPN service I ge the following message:
 
Security Warning: Untrusted VPN Server Certificate!  AnyConnect cannot verify the VPN server: XXX.XXX.XX.XX
 
-Certifiate does not match the server name
-Certificate is from an untrusted source.
-Certificate is not identified for this purpose.
 
Without purchasing a certificate from a 3rd Party vendor, is it possible to register a "Self" generated Certificate to get rid of this message?  If so are there any "Detailed" (e.g., simplified or not in Cisco-eeze language) instructions on how to setup the Firewall to "push" the certificate to the VPN client so the message doesn't come up for the user?

View 5 Replies View Related

Cisco VPN :: ASA 5505 AnyConnect Can RDP To Clients But Can't Ping / ICMP

Feb 26, 2012

I setup and SSL anyconnect VPN on my Cisco ASA 5505. It works well and connects with out a problem. However, I can't ping any internal clients, but I can RDP to them. Most of the time people end up posting their config so I will as well.
  
MafSecASA# show run
: Saved
:
ASA Version 8.2(1)

[Code].....

View 3 Replies View Related

Cisco VPN :: 5505 Certificate Only Authentication Method With AnyConnect

Jul 7, 2011

Any instructions to configure an ASA to allow authentication by certificate only on an AnyConnect vpn?I'm running an ASA 5505 with 8.4(1) and AnyConnect 2.4.7030 on an Android phone.I currently have the AnyConnect client connecting ok using username / password for authentication.
 
I have loaded the company root certificate (internally generated) into the ASA "CA Certificates" and generated an Identity Certificate for the ASA.

View 1 Replies View Related

Cisco VPN :: ASA 5505 - AnyConnect Upgrade / Web Deploy And ActiveX

Jan 13, 2013

Attempting to upgrade from ASA 8.3.2, ASDM 6.3.4, Any Connect 2.5.1 to ASA 8.4(4)1, ASDM 6.4(9) and Any Connect 3.1.00495 using ASA 5505. 

Client is Windows XP SP3 w/ IE7.  Can log into the ASA web portal and starts to install via ActiveX.  I get past the IE7 message bar to authorize installing the ActiveX control.  I briefly see a message that says "ActiveX could not be launched" (I think. It is very fast) and then the install hangs w/ the message in the web connect dialog about the IE7 message bar.  If I let the timer expire, the java install also fails.  If I download the installer via the web portal, and install Any Connect via the downloaded installer, everything works fine. 

Same problem w/ ASA  9.1.1, ASDM 7.1(1) and Any Connect 3.1.02026.  I have added the web page address to the trusted zone, and checked all the zones for permissions to install ActiveX controls, etc.  Worked w/ the older/original software when I remove the kill bit for Microsoft KB2736233.  Have not installed any custom Any Connect profile to use transforms.  I did see in the release notes some information on NO INSTALL ACTIVEX=0, but I think this applies to the per-install package only.   

View 2 Replies View Related

Cisco VPN :: ASA 5505 - AnyConnect Successful But Can't Remote Desktop

May 9, 2013

unable to remote desktop into any of the LAN PCs when I'm connected through the VPN.  I can ping all nodes inside the network and I can open an inside addressed web page from my local PC, as well.  So, it seems like it's only RDP (3389) that is affected.  Remote access to those PCs are enabled, as I'm able to get to them via a different method (SBS Remote Web Access). 
 
ASA 5505
 
ASA Version 8.2(5)!hostname asaenable password IqUJj3NwPkd23LO9 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednamesname 10.0.1.0 Net-10!interface Ethernet0/0 switchport access vlan 2!interface

[Code].....

View 6 Replies View Related

Cisco VPN :: ASA 5505 - AnyConnect Client / No Internet Access

Jun 10, 2013

Any connect vpn client no internet access.
 
Below is configuration.
 
ASA Version 8.2(1)
hostname ciscoasa5505
Interface Vlan1
nameif inside
security-level 100
ip address 172.16.0.1 255.255.0.0
[code]...

View 1 Replies View Related

Cisco VPN :: ASA 5505 - Configure AnyConnect And IPSec VPN Connection?

Mar 3, 2012

This is for an ASA 5505. I  am trying to configure an AnyConnect and IPSec VPN connection and I think it's almost there  but not quite yet. When I login from an outside network it gives me the  following error for the SSL AnyConnect "The VPN client was unable to setup IP filtering" and "Secure VPN connection terminated by peer" for the IPSec. I previously had this working since Oct, but I was trying to modify it a  little to accept LT2P for native Android VPN clients and that messed up  everything that I had working perfectly. I checked everything as best as I could to try and match the previous settings but still can't get the darn thing to work. I am trying to also do Hairpinning, I want all VPN  traffic to pass through this router... remote LAN and Internet traffic  for times when I am at unfamiliar wifi hotspots and need to check email securely.  I have included my running config. I also need to configure the ASA to accept native Android VPN connections. I read the most popular thread that worked for a few users but while doing those modifications that is where everything went downhill. T

: Saved
 :
 ASA Version 8.4(2)
 ! 
hostname ciscoasa
 enable password 8Ry2YjIyt7RRXU24 encrypted
 passwd 2KFQnbNIdI.2KYOU encrypted

[code]....

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Anyconnect Clients Cannot Access Slingbox

Mar 27, 2012

I'm trying to configure an ASA 5505 to view my Slingbox from my iPhone/iPad from an outside or 3G network.  I can't ping my internal networks while connected via AnyConnect.  I know that I need to free up port 5001, but I can't seem to get it to work. 

View 0 Replies View Related

Cisco VPN :: ASA 5505 - AnyConnect Clients Can't Access External Sites?

Jun 9, 2010

I'm looking to setup AnyConnect VPN with no split tunneling. ASA 5505 v8.2. It seems this should be really easy. I must be missing something.
 
I can get the AnyConnect users to connect fine and they can access sites internal and at other IPSec-tunneled sites. But no access to the internet.
 
Internal is 10.1.1.x, VPN pool is 10.1.1.251-253 (Temp list for testing). I issued the following tracer: packet-tracer input outside tcp 10.1.1.253 12345 69.147.125.65 80 detailed
 
The last reported point (where it fails) is:
  
Phase: 7
Type: WEBVPN-SVC
Subtype: in

[Code].....

View 10 Replies View Related

Cisco Firewall :: ASA 5505 Supporting Concurrent Multiple ISP For Anyconnect VPN

Aug 13, 2012

Our current cable ISP is having issues providing us with consistant connectivity. I would like to bring in a second ISP to allow my users to choose where they will connect to. There will be two dns names and i just want to to be able to choose between them.

Is this possible on the ASA5505? supporting two ISPs at one time for VPN on both?

View 3 Replies View Related

Cisco VPN :: AnyConnect Error User Not Authorized For Client In 5505

Jan 9, 2013

it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message "User not authorized for AnyConnect Client access, contact your administrator". I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem.

The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.

ASA Version 9.1(1)
!
hostname ASA
domain-name ingo.local
enable password ... encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
[Code] .....

View 9 Replies View Related

Cisco Security :: ASA 5505 Failed To Unzip AnyConnect Package

Nov 28, 2011

There is ASA 5505:
- 8.4(2) IOS
- FLASH: 128 Mb
- DRAM: 256 Mb
 
Requirements for 8.4(2) are acomplished: For the ASA 5505, only the Unlimited Hosts license and the Security Plus license with failover enabled require 512 MB; other licenses can use 256 MB.Are installed latest AnyConnect packeges for linux, some smatphones (each 4-5 MB). But for Windoes it's 21 MB and we got error "Failed to unzip the Anyconenct Package". In prior IOS version there was command cache-fs limit, by default it was 20 Mb. As i understand ASA now dinamically determines amount of cache memory and it's not enough. Because of the increased size of the AnyConnect package from 4MB in AnyConnect 2.5 to 21 MB in AnyConnect 3.0, you may need to upgrade the ASA flash and memory card first.If your ASA has only the default internal flash memory size or the default DRAM size (for cache memory) you could have problems storing and loading multiple AnyConnect client packages on the ASA. Even if you have enough space on the flash to hold the package files, the ASA could run out of cache memory when it unzips and loads the client images.So there is a question, after DRAM upgrade to 512 MB will be there enough cache memory for Anyconnect packeges with total size 35-40 Mb?

View 3 Replies View Related

Cisco VPN :: ASA 5505 - Minimum Privilege To Local Account For AnyConnect

Oct 17, 2012

what is the minimun privilege level to assign at username account on ASA 5505 to grant the access with AnyConnect?
 
username ...  privilege ?

View 4 Replies View Related

Cisco VPN :: ASA 5505 / Anyconnect - Adding Filters Based On Login?

Sep 30, 2012

I have two sets of local users who access internal networks vai the Anyconnect application on a Cisco ASA 5505.One user needs to access 1 ip address while about 7 users access abotu 4 addresses.
 
I have a group called xyz1 which currently has the one user in the connection profile.  I guess to reaffirm my thought, If I create another connection entry called xyz2, can I assign the other 7 or 8 users to it?
 
If I can do this, how can I ensure that each connection entry only has access to specific IP addresses on the internal network?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Base License - How To Get AnyConnect Working

Mar 29, 2012

I have a base 5505 and would like to get AnyConnect working.  To do that, would I have to first purchase either an essentials or premium license and then purchase the AnyConnect Mobile license?

View 1 Replies View Related

Cisco VPN :: 5505 - AnyConnect Access / Cannot Ping Devices On Private Network

Jun 11, 2012

We have configured a Cisco ASA 5505 with AnyConnect access.  This works great.  However, these users cannot seem to ping devices on the private network.  We have configured all devices on the network with a 10.10.10.0/24 address space.  The inside interface of the ASA i 10.10.10.1/24 and the VPN return addresses are 10.10.10.50 - 10.10.10.65/24.They users can utilize SSH and Oracle or MySQL calls but cannot seem to ping.   Obviously, I am over looking something.

View 2 Replies View Related

Cisco VPN :: AnyConnect To ASA5505 Can't Connect

Oct 1, 2012

Anyconnect to asa5505 can't connect.

View 1 Replies View Related

Cisco VPN :: M6600 Not Allow To Connect To VPN Anyconnect

Aug 24, 2011

I have a Dell Precision M6600 laptop that will not allow me to connect to VPN Anyconnect.  I am getting the following error "The VPN client driver encountered an error.  AnyConnect was not able to establish a connection to the specified secure gateway.  Please try connecting again".  I have version 2.5.0217.  I am watching the connection in Device Manager as it is going and I see it create the network port, then it disables it then I get the yellow conflict !.  We have not been able to get it to connect on several M6600. 

View 3 Replies View Related

Cisco VPN :: Mac OS X 10.6 Computers Cannot Connect To ASA AnyConnect 2.5

Jun 29, 2011

Due to the recent security issue with AnyConnect 2.5.2019, the ASA pushed AnyConnect 2.5.3041 to the all of the Windows and Mac computers. After the upgrade, some of the Mac OS X computers can't establish a VPN session when using the new client. Downgrading the client to 2.5.2019 resolves the issue.

View 1 Replies View Related

Cisco VPN :: Cannot Connect To Remote AnyConnect 800 Router

Apr 1, 2012

I cannot connect to to remote AnyConnect VPN 800 router have already used the wizard does not work and this is runnig config

View 0 Replies View Related

Cisco VPN :: 2019 - Unable To Connect AnyConnect With Window 8

Jan 16, 2013

one of my client just installed window 8 and he is not able to connect with anyconnect anymore. if he connect with ASA for anyconnect version 2019 it work fine. but i have tried all different version on router. but when user try to connect with router for anyconnect then there is gateway error. it ask for connect anyway then it stop. connection failed. i tried 00605.. anyconnect on router but still no luck. i think, i have to make some changes. but dont know what changes on router. window 7 has no issue.

View 1 Replies View Related

Cisco VPN :: ASA5510 Unable To Connect VPN With Anyconnect Client

Mar 31, 2011

we have ASA5510 with version 7.x and asdm 5.X, i upgraded it to 8.3 and asdm 6.2, and i got vpn peers 250 and 2 ssl.when i try to connect through client software , i can see in the logs UDP 500 port is created as shown below. [code]
 
and currently in right panel of Active Algorithms i have only RC4-SHA1,

View 7 Replies View Related

Cisco VPN :: Pre-Fill Connect Field In Anyconnect Client Version 3.0

Dec 4, 2012

I would like to know if there is a way I can use an XML file to pre-fill the connect field of the Anyconnect client version 3.0.  In the past, I have been able to use an XML file to pre-fill information in the NAC agent so I could push it out to clients who didn't have administrator rights to their box.  I was wondering if there is a similar method to do this with the Anyconnect client.

View 1 Replies View Related

ADVERTISEMENT