Solved: Re: Trying to set up a VPN - Page 3

jsandau · ‎09-02-2010

I thought an SSL VPN would be good but everytime I go to connect to it I have click through security warnings and install a securty certificate. Other than that the VPN works, however there will be less tech savy (and paitent) users using this vpn, and they will not want to have to click through a bunch of security warnings to get to the VPN. So is there a way I can have the user connect to a web portal once and that will download the VPN any connect software on thier computer then after that all they have to do is open the any connect software and type in a username and password and preferably have the vpn software remember the ip address for them? Also if this could be done via CCP that would be great, I'm new to Cisco routers and don't know the command line yet. If it can't be done via ccp then I guess I'll have to bite the bullet and do it via command line. Thanks.

jsandau · ‎09-13-2010

Finally I got it! I deleted all the certificate and the gateway and started from scratch. The only problem now is the user still have to go through the web portal to connect, the VPN client stays on thier computer, but they can't use it to connect. But I think that is a problem for another day. It's now set up so that it will only ask them to install the certificate once, which is fine. Thank you so much for all your help and patience.

Yudong Wu · ‎09-13-2010

Great!!!!

I am glad that you finally made it work.

After the first connection with web, did you try to lauch the client from start->all program->Cisco->Cisco AnyConnect VPN client directly without using web?

jsandau · ‎09-14-2010

I've tried that and it dosen't work. I type in the ip address and the anyconnect client gives the error unable to process response from *external IP address*

Yudong Wu · ‎09-14-2010

What's your IOS version on the router?

show version

jsandau · ‎09-14-2010

Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(15)T1
0, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 14-Sep-09 20:59 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YH13, RELEASE SOFTWARE (fc1)

*host name* uptime is 19 hours, 46 minutes
System returned to ROM by power-on
System image file is "flash:c181x-advipservicesk9-mz.124-15.T10.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 1811 (MPC8500) processor (revision 0x400) with 236544K/25600K bytes of mem
ory.
Processor board ID FHK134975HW, with hardware revision 0000

10 FastEthernet interfaces
1 Serial interface
1 terminal line
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Yudong Wu · ‎09-14-2010

I tested on "anyconnect-win-2.5.1025-k9.pkg" and "12.4(22)T3" and did not see the issue.

You can try upgrade the code to see if it can be fixed.

jsandau · ‎09-14-2010

That was the problem. Everything seems to be working now. Thanks again.

Antonio Knox · ‎09-10-2010

If I understand you correctly, this seems to be your main question:

"So is there a way I can have the user connect to a web portal once and that will download the VPN any connect software on thier computer then after that all they have to do is open the any connect software and type in a username and password and preferably have the vpn software remember the ip address for them?"

The answer is yes. There are two ways to go about this......

Command Line:

group-policy AnyConnect attributes

webvpn

svc keep-installer installed

ASDM (I'm running Version 6.3):

Go to Configuration --> Remote Access VPN --> Group Policies --> Highlight Your-Group-Policy-Name --> Edit --> Expand 'Advanced' on the left --> Click SSL VPN Client --> In the 'Keep Installer on Client System' uncheck 'Inherit' and click the 'Yes' radio button --> Click OK --> Click apply

from that point on, when a user connects to AnyConnect, the vpn client will remain on the users machine. It will also remember the VPN gateway address when its run. All they should have to do is locate the installer on their machine, run it, click connect, and enter their creds. Hope that helps.

Please rate my post if its helpful.