anyconnect vpn errors

rahul4449 · ‎12-15-2010

Hi,

My LENOVO G450 laptop is having WINDOWS VISTA HOME PREMIUM edition.

Normal VPN client is not working for VISTA, so I tried Cisco AnyConnect VPN Client.

It's giving following error

The server certificate received or its chain does not comply with FIPS. A VPN connection will not be established.

Can anyone please give me the solution about how to setup a VPN connection on VISTA HOME PREMIUM edition.

Thanks & regards,

rahgovin · ‎12-15-2010

Please refer this doc:

https://supportforums.cisco.com/docs/DOC-14180

And dont forget to reboot after making the change.

rahul4449 · ‎12-16-2010

Thanks for your help Rahul Govindan,

But I am not able to take remote desktop of my office compter from my laptop

its giving following errors (attached in the jpg file)

Note: I already allowed this pool i.e. 192.168.25.0/24 pool (which is for outside VPN users) in my asa firewall to my office computer.

grzegorzniecka · ‎12-16-2010

Rahul,

can You ping from Your PC this remote IP (RDP) ?

Reagrds

GN

rahul4449 · ‎12-16-2010

once only it was successful, but at that time not able to take remote desktop.

and after that no ping & no remote desktop, but vpn stats is showing connected and also showing time from when it is connected

on firewall I am able to see in monitoring section = > vpn tab = > filter by - ssl vpn client

my username & ip (ip from outside users vpn pool), group policy connection profle, profile encryptio, login time duration, bytes tx & rx

grzegorzniecka · ‎12-16-2010

I believe that You're connected to VPN server (that shows in ASA VPN tab) but there is no communication inside VPN tunnel.

I believe this is caused by faulty NAT or acl NAT configuration on vpn server (ASA).

Paste Your ASA config here...

rahul4449 · ‎12-16-2010

Hi grzegorz.niecka,

I am also thinking the same.

Please find the following configuration on my ASA

****************************************************************************************************************************

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool PuneWebVPN

default-group-policy WEB_VPN

ip local pool PuneWebVPN 192.168.25.1-192.168.25.250 mask 255.255.255.0 (ip pool for outside vpn users)

group-policy WEB_VPN internal

group-policy WEB_VPN attributes

dns-server value 172.20.1.199 4.2.2.2

vpn-tunnel-protocol svc

split-tunnel-policy tunnelspecified

split-tunnel-network-list value 30

default-domain value ****************.com (sorry, hidden because of security)

webvpn

svc keep-installer installed

svc compression deflate

svc ask none default svc

access-list NONAT extended permit ip 172.20.0.0 255.255.240.0 192.168.25.0 255.255.255.0

access-list rahula extended permit tcp 192.168.25.0 255.255.255.0 host 172.20.5.6 eq 3389

(my office pc allowed from outside vpn user pool matching to my username "rahula")

nat (inside) 0 access-list NONAT

nat (inside1) 0 access-list NONAT

**********************************************************************************************************************

Thanks & regards,

rahul4449 · ‎12-16-2010

Thanks for your help Rahul Govindan,

But I am not able to take remote desktop of my office compter from my laptop

its giving following errors (attached in the jpg file)

Note: I already allowed this pool i.e. 192.168.25.0/24 pool (which is for

outside VPN users) in my asa firewall to my office computer.

On Wed, Dec 15, 2010 at 11:53 PM, rahgovin <

rahgovin · ‎12-16-2010

Does the statistics page on the Anyconnect Gui show packets encrypted and decrypted?

Run captures on the inside interface of your ASA to see if packets are making it back to the firewall. Also a packet tracer on the return traffic will show what rules and nat it is taking. Also you can see for any logs specific to the traffic in the ASA.