Has any else encountered the SSLVPN not functioning on a Windows client AFTER installing KB2585542? If we install the update, we can't use SSL VPN with the AnyConnect client until the update is removed.
View 12 RepliesI want to install Microsoft Security Essential on my PC, but I am not sure which download I need. One says amd64 and the other is x86. I am using windows xp 32bit.
View 2 Replies View RelatedJust purchased an Asus K532-BBR9 laptop. Everything works fine, except on college campus the internet is very slow, and disconnects every few minutes.My fellow students laptops do not seem to have this problem.I figured it may be a driver issue, so I am trying to update everything.Under Network Adapters in Device Manager. The Microsoft Virtual WiFI Miniport Adapter is not up to date when I do a driver update scan.Then it says "Windows can't verify the publisher of this driver software.." with options to install anyways.
View 2 Replies View RelatedI have tried Cisco presales but got bounced - go Cisco !So, i have a small customer who requires a single device which will provide .....
1/ Leased Line connection @ 10mb
2/ ADSL failover onbox (so configurable from CLI, unlike the 860’s which I see only have one ‘active’ wan port)
3/ IOS based
4/ integrated 4 ports (min) switch
5/ site to site VPN
6/ up to 10 x SSLVPN remote users
I did pitch in with ASA5505 with external ADSL router but he is “space-constrained”.It worries me when Cisco doc's say only one WAN port is 'active' - since it doesn't say the second port automatically comes up if the first goes down so I can't take a gamble on that being the case.
everything in my home including my lap top has a signal. However, my desk top which I use my Belkin wireless USB adapter for, is not getting any wireless/ internet signal. This seems to have happened after a security update & restart of my computer.
View 1 Replies View RelatedCan we integrate cisco acs verison 5.x with active directory Microsoft windows server 2012 ?
View 1 Replies View RelatedI have windows xp home and the last few days a security installation has kept trying to install ie: "Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2538242) (update 1 of 1)..."
View 3 Replies View RelatedHaving issues with HTTPS sites being very slow after applying KB2585542? Once you remove this Microsoft patch everything returns to normal. It appears that the CSS does not handle the split-ssl requests properly. I have opened a TAC case but am not really getting anywhere as we seem to be the only company that is having this issue.
View 2 Replies View RelatedI have Cisco ASA 5510 with CSC-SSM-10. ASA anti-virus service can not update the Base and Plus lisense. No Activation Code required for renewal. I go to "Administration> Product License" in the CSC SSM console and click "Check Status Online" to get the latest expiration date.In the module on the Check Status Online has reported the following error when: Base License status could not be checked because of a license server failure. "Please try again later", "Plus License status could not be checked because of a license server failure. Please try again later". UPDATE manual virus database can be seen in the latest available version, can not be upgraded because the service expired.
View 2 Replies View RelatedI recently applied a new activation key to an ASA5512 to add the 250 anyconnect essentials user. However, after reboot, I lost the 3DES/AES license which now reads disabled.
how to re-install the 3DES key?
I cannot find the old "Get a FREE 3DES" activation link - it says http:403 error.
I am using an 831 router and am trying to get DDNS to work. Here is the debug output:
RESS_ASSIGN: Interface Ethernet1 assigned DHCP address 67.162.204.242, mask 255.255.254.0, hostname testlab831.xxxxxx.com
00:53:06: DYNDNSUPD: Adding DNS mapping for testlab831.xxxxxxxx.com <=> 67.162.204.242
00:53:06: DYNDNSUPD: Sleeping for 3 seconds waiting for interface Ethernet1 configuration to settle
00:53:09: HTTPDNS: Update add called for testlab831.xxxxxxxx.com <=> 67.162.204.242
00:53:09: HTTPDNS: Update called for testlab831.xxxxxxxx.com <=> 67.162.204.242
[code]....
what the problem is with the "Call returned Connection time out for update testlab831.xxxxxx.com <=>" line.
I have DIR-615 h/w: c1 f/w:3.01. I can't figure how to install security or f/w update through my imac.Do I need to use a cable connection?
View 1 Replies View RelatedI have to upgrade to an ASA 5510 CSC, and the new license is generated, the file you sent me licensing, only seen this:Activation Code not required for this renewal. Please go to "Administration> Product License" in the CSC SSM console and click "Check Status Online" to get the latest expiration date (BASE: 09/04/2014, PLUS: 09/04/2014).This means that what I have not make any upgrades or license charge in the ASA? Does the automatic update is made?
View 1 Replies View RelatedI have a WRT610N (v2) router and I recently updated the firmware to the most current version 2.00.01 build 15. I can no longer set WPA2 security for both bands (used to work just fine). Every time I try to save settings for WPA2 for the 5 GHz band, it tells me it was successful but then displays that the security mode is disabled (and it shows up on my computers list as not having any security enabled. If not, where can I get a copy of the old firmware that worked?
View 8 Replies View RelatedI enabled SBL on ASA 8.4, anyconnect client is Win-XP, everything worked as expected, but some users do not want to see SBL logon screen before windows logon because often times they will need to login before they can get network connection. So I modified profile.xml's following line from
UseStartBeforeLogon UserControllable="false">true</UseStartBeforeLogon
to
UseStartBeforeLogon UserControllable="true">true</UseStartBeforeLogon
the new profile is downloaded to client machine's anyconnect vpn profile fine, yet still users see VPN logon screen before Windows log on, "Connect on startup" is un-checked on Anyconnect VPN client, client machines rebooted multiple times, Anyconnect VPN client was removed and re-downloaded from scratch, no change ... What else do I have to do? I certainly can create a new group-policy/tunnel-group for those users without SBL, but that is far from an elegant solution.
I have configured SSLVPN on a asa5520 with aaa and certificate authentication.Both authentication works fine,but I find the client users can use any others' certificate to authentication,I want to binding the aaa account to user's certificate.everyone must use their own certificate.
View 1 Replies View RelatedI'm having some troubles with SSLVPN connectivity. I've setup SSLVPN at one site and it works great with web access, file share, RDP plugin etc. at the local LAN on that site. But I also would like to reach another site (connected with an IPSEC tunnel). Is this possible? if it is, how do I do it?Both firewalls are ASA5505, one 8.31 and one 8.22 Just a note, it works to connect with IPSEC client and reach the remote site just fine.
View 8 Replies View RelatedI have setup an SA520W and configured SSL-VPN for our small business. Everything seemed to go smoothly and I tested SSL VPN by logging in and playing around a bit which seemed to be fine. However, shortly after deployment I started getting complaints about it being much slower than our old VPN through the consumer grade router I just replaced. I investigated and tested with IE8 and Chrome on Windows XP 32-bit with several different machines, and in all instances it did seem very slow indeed. While looking around I noticed that the Task Manager under the Networking tab shows the SSL VPN connection as VirutalPassage at 64 Kbps. Going into Network Connections shows VirtualPassage under the Dial-up heading with device name Virtual Passage SSLDrv Adapter. Additional properties describe it as an ISDN channel. I have attached an image of the Task Manager pane.The router is running the latest firmware of 2.1.51. It is connected via a static IP that does not require a login, to our dedicated 5 Mbit / 5 Mbit ethernet over copper link to our ISP. We get great speeds and low latency through everything but SSL VPN connections. I haven't done anything fancy so the router certificate is the factory default. Currently we are using the existing 2 SSL VPN licenses that come with the router until we need more access, at which point I want to upgrade to the 25 user bundle. However, I don't feel comfortable upgrading until I get this resolved, because 64kbps simply cannot work for us for a VPN solution.how to configure the SSL VPN to not limit at 64kbps? My engineers are making fun of me for bringing us back to dialup, and I have to agree with them!
View 1 Replies View RelatedIs It possible to hairpin clientless SSLVPN connections (ASA5510)? I'd like to create a portal that allows a user to log into the central clientless webpage and access RDP/VNC resources at remote sites connected via site-to-site VPN. Initial testing shows the user can access resources at the hub site, but not the spokes. I have the standard:
same-security-traffic permit inter-interfacesame-security-traffic permit intra-interface
...entered on the ASA.
We have an ASA5510 with AnyConnect SSLVPN set up, which works great from remote locations. However, when I am inside the network, I cannot connect to this SSLVPN. I would like to be able to this for testing purposes; I have a VLAN10 that has ACLs so it cannot reach any private IP addresses, we use this VLAN for our guest Wifi network. I would like to be able to make AnyConnect SSLVPN connections from this VLAN, to test the VPN access without having to be at a remote site. However, since I don't want to change any settings compared to my remote site, I don't want to just bind the sslvpn to both outside and VLAN10 (by issuing the enable VLAN10 statement). [code]
View 3 Replies View RelatedI'm trying to setup a SSLVPN Portal for our customer which will authenticate against Active Directory using LDAP over SSL and with the portal have the ability to change password if it has expired. I have managed to setup everything now except for the password reset which is giving me a headache. This is the message that's presented by the portal when i try to change the password even though the same password works when i change it on a PC instead of using the portal.
"Cannot complete password change because the password does not meet the password policy requirements. Check the minimum password length, password complexity, and password history requirements."
And below is the output of ldap debug on the ASA5510 the Portal is running on.
[473] Session Start
[473] New request Session, context 0xadbe760c, reqType = Modify Password
[473] Fiber started
[473] Creating LDAP context with uri=ldaps://x.x.x.x:3269
[473] Connect to LDAP server: ldaps://x.x.x.x:3269, status = Successful
[473] supportedLDAPVersion: value = 3
[code]....
We already know that ASA 9.0 supports site-to-site VPN in multiple context mode. But remote access VPN isn't supported. Obviously, SSL-VPN is a very important feature for most multi-tenant deployment scenarios where each context acts as a border firewall towards the Internet for each tenant. The alternative to terminate all tenant remote-access VPNs in one context means that each tenant would have to be routable from the ASA, which of course isn't a reasonable requirement in most cases.
So, what I'd like to do is to deploy an ASA cluster, and provide remote access VPNs for each tenant, where the connectivity for each remote access group can be addressed with whatever IP address space, and that goes into it's own VRF in the back-end.
As far as I can tell, this isn't doable with the ASA, since multiple context mode prohibits the use of remote access VPN, and I can't think of any other work-around than either having individual firewalls running in single context mode for each tenant, or demand that all tenants are interoperable routing-wise and configure a separate ip address pool in a single context mode for each tenant.
Essentially, there's no good way to implement this with multiple virtual firewalls, using cisco firewalls?
We are starting to deploy SSL VPN in our company and we recently purchased two ASA 5510 firewalls. I have already completed the initial configuration but I do have some inquiry on how to have it configured properly.
1. Employees and clients will access the URL
2. They will select the appropriate group on where they should login.
3. Enter credentials, etc.
4. Username/Password authentication is via RADIUS. The usernames were all created in Cisco ACS 5.3.
My challenge is, we have several clients and all their usernames were created in ACS5.3. Meaning if the configuration is just being differentiated by group settings, clientA can select the profile of clientB and still get authenticated. If that happens, they will be able to access the resources of each other. Also in the future, we will be deploying 2-Factor authentication for some of our clients.
A new Windows 8 computer can't access the SSLVPN corporate connection.
When we try to access the SSLVPN website to download the launcher (you have to download the VPN launcher everytime for our configuration), you can log in and that's fine, and then you can click on the VPN Tunnel link, a popup shows up but it doesn't actually download the launcher. Solutions we've tried so far:
1) Reinstalling C++ Redistirbutable
2) Adding the site to trusted sites and allowing unsigned ActiveX controls
3) Removing all internet objects through internet options.
Is there anything else we can try?
I do not have a valid SSL Certificate on my firewall but I want to use SSLVPN.
If I connect to the IP adress and the SSLVPN Portal I can choose the sslclient launcher but after that I get a error that I need a internet explorer 64bit or that the active I was blocked because of a unsecure publisher.
when a user login into the Cisco ASA Firewall (v8.3.2) via WebVPN, and accesses the applications. This works fine. In fact, the user can also create bookmarks etc.The problem here is when this user signs off and another user signs in via WebVPN, on the same PC or even on a different PC, this new user can view the screen viewed by the previous user. Basically, even though certain users can view only certain applications, but in my case, not all the time, but most of the time, users logging into via WebVPN can view someone else's profile application.
I suspect this is due to cookies or cache but I'm not sure myself. What can I do to resolve the problem.Currently, this issue is being resolved via a lousy manner i.e. we go to the SMB location and we clear the .CSP file manually, which is not the correct way to address this issue.
We have two separate external connections, one behind a pix one behind an asa, clients behind either of these firewalls cannot get to skydrive.live.com - the page title loads but then thats it!im debugging behind the pix becuase there is less traffic and ive pulled this from syslog so far-have been googling but not sure if this syslog data is normal or not really
View 9 Replies View RelatedI'm running WCS 7.0.220.0.I would like to authenticate users that are able to logon the WCS, through MS Network Policy Service (RADIUS).I would like all my domain users to be member of the local group on the WCS "Lobby Ambassador", so all domain users has access to generate guest access accounts, for the web auth... I can see under the WCS Administration under AAA that it should be able to use RADIUS - but i'm not sure how to setup the NPS policy?
View 1 Replies View RelatedMy emails are not being sent POP3 failed, is there a troubleshoot, autofix website i can go to
View 4 Replies View RelatedI want to setup a lap environment for my studies using Microsoft Virtual pc. I have installed 3 virtual pc of which 2 are windows server 2008 named srv1 and srv2, the third virtual pc is running windows XP professional services pack 2 with the host operating system being windows 7.I have installed Microsoft loop-back adapter and i am trying to network the 3 virtual pc and the host.
srv1 ip address is 192.168.2.200
srv2 ip address is 192.168.2.201
wk1 ip address is 192.168.2.10
host pc's ip addresss for the loopback adaptor is 192.168.2.5 when i check the workgroup i see only srv1 and srv2 i am only able to ping srv1 and svr2, the rest are unreachable.
have a problem with downloading microsoft silver light with both browsers ie mozilla firefox and internet explorer as i click the download button firefox say silverlight server not loading or busy and explorer says page cannot be displayed and i need it really badly as i need to send photos to all my friends.
View 3 Replies View RelatedI cant access microsoft webpage. I have fresh copy of win XP pro SP3, IE 8, and connected through an updated Vodafone ADSL modem through ethernet. Strange thing is, I can access bank, tv over internet, etc. except MICROSOFT webpages.
View 2 Replies View RelatedI have a problem with my 802.1x Solution in ACS Version : 5.2.0.26. The hours between my ACS and the AD lost synchronize, for that reason the user in my network can't authenticate in the Solution. when i see the hours was different for the AD in 5 minutes, i have to force again the common ntp server 172.25.0.34 (which is ip ntp server). I don´t know why is the reason for lost synchronize, maybe could be a bug.. or samething that i have to configurate in the ACS or AD.
View 3 Replies View Related