Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
808
Views
0
Helpful
5
Replies

Vista and VPN Client Troubles

tony_scarola
Level 1
Level 1

‎08-07-2007 04:19 AM - edited ‎02-21-2020 03:12 PM

Hello. We are evaluating Windows Vista along with the VPN Client version 5.0.01.0600. Many of our VPN users are reporting that they are experiencing problems connecting VPN to the ASA 5520 firewall. We are experiencing the same problems with error such as "Reason 418: Unable to configure the firewall software." Also in the client's log we see:

3 08:11:49.845 08/07/07 Sev=Warning/2 IKE/0xE3000086

Invalid concentrator firewall configuration.

Is anyone else experiencing this problem and is there a workaround? Thanks in advance.

Labels:
0 Helpful
5 Replies 5

Jagdeep Gambhir
Level 10
Level 10

‎08-07-2007 05:00 AM

Tony,

Most likely the group that you are trying to connect to on the ASA has the integrated firewall feature. This feature is not supported for windows Vista Clients.

You can disable this on the ASA by getting into the group polices:

ASA(config)# group-policy "VPN group name" attributes

ASA(config-group-policy)#client-firewall none

If you have other clients connecting fine and you don�t want to do this change, you can configure a new group for the Vista Clients without the integrated firewall feature.

Please rate if helps

Regards,

~JG

0 Helpful

tony_scarola
Level 1
Level 1
In response to Jagdeep Gambhir

‎08-07-2007 05:20 AM

Yes, this seems to be working, however, we will need to enable a client-side firewall for our VPN connections. What are the supported options? Thanks in advance.

0 Helpful

tony_scarola
Level 1
Level 1
In response to tony_scarola

‎08-08-2007 07:54 AM

Fyi - I ended up opening up a TAC case for this (SR 606571713) and received the following information from the engineer:

"Either disable the firewall check on for that group on the VPN appliance or clear a custom DLL check looking for the Microsoft Firewall DLLS or use an alternative Firewall that is supported on Vista and by the VPN appliance.

CPP pushes will not work for any other Firewalls other then ZoneLabs, if or when ZoneLabs releases ZoneAlarm for Vista customers can install this to get CPP support.

For more reference on this BUG please go to the following link :

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsi26229&Submit=Search

Note:This feature is not enabled because we are still waiting for the patch from ZoneLab for Vista vpn client."

0 Helpful

nickle
Level 1
Level 1

‎08-13-2007 12:37 PM

I have not see that error before, but from the log it looks like it has to do with IKE security policy. We have a 5520 setup and working with XP and Vista clients. Seems that the version before 5.0.01 didnt work too well bet 5.0.01 works good. We are running ASA version 7.2.2.19 .

0 Helpful

tony_scarola
Level 1
Level 1
In response to nickle

‎08-13-2007 01:03 PM

We have learned that the reason for this issue is because we were using the integrated client firewall which this VPN client currently does not support.

0 Helpful
Customers Also Viewed These Support Documents