AnyConnect Client login - without enabling BFE on a host?

GrahamBeard · ‎10-30-2012

We have a client who wants to login to our network. Our current solution is using Cisco AnyConnect, however I believe this relies on the BFE service in windows (the client is on windows7). The client has stated that the enabling of this service causes problems with the application he plans on running on the data we are providing.

Are there any ways to allow VPN connectivity to this client using Cisco Anyconnect which doesn't enable the BFE service on the host?

Many thanks!

Javier Portuguez · ‎10-30-2012

Graham,

Have you tested the application and the AnyConnect client on the same machine?

If you disble the BFE service, most likely AnyConnect will not function on the computer.

HTH.

Portu.

Please rate any helpful posts

GrahamBeard · ‎10-31-2012

That's correct, Anyconnect, as far as I'm aware, needs BFE to be running (this is what I wanted to confirm). The application he uses has issues with the BFE service, and therefore I was wondering if there is a way to get AnyConnect working without it's reliance on BFE?

Thanks

Javier Portuguez · ‎10-31-2012

Graham,

No, this service must be enabled in order for the AC to connect, otherwise you may see an error like:

'unable to setup IP filtering'

AnyConnect makes a best-effort attempt to enable and start this service upon the vpnagent service startup, so this service should be disabled.

HTH.

Portu.

In case you do not have any futher questions please mark this question as answered.

GrahamBeard · ‎11-05-2012

After looking into this quite substantially we have decided to go down the route of using IPsec for RAS for this application. Even though there is potentially more onus on the client when joining, we couldn't see a way of getting this working with AnyConnect.

However, once up and running the IPsec solution works very well, so I would advise others that are having the same problems to do the same.

Graham