Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17998
Views
0
Helpful
2
Replies

VPN Client Problem on Windows 7 (Cisco Integrated Client Firewall)

maxxpower
Level 1
Level 1

‎12-29-2011 01:47 AM

Hi there,

I try to connect from my Windows 7 32bit PC with CISCO VPN Client (5.0.07.0410) to a CISCO Concentrator 3005.

Initializing the connection using certificate "xxx"

Contacting the security gateway at x.x.x.x...

Negotiating security policies...

Securing communications channel...

Secure VPN Connection terminated by Peer.

Reason 435: Firewall Policy Mismatch.

Connection terminated on: Dez 28, 2011 18:06:56        Duration: 0 day(s), 00:00.00

Not connected.

The client did not match the firewall policy configured on the central site VPN device.  Cisco Systems Integrated Client Firewall should be enabled or installed on your computer.

Log on CISCO Concentrator:

32284 12/28/2011 18:06:56.620 SEV=5 IKE/141 RPT=40 x.x.x.x

Client-reported firewall does not match configured firewall: terminating tunnel.

Received -- Vendor: (0), Product (0), Caps: 0000.  Expected -- Vendor: Cisco Sy

stems(1), Product: Cisco Integrated Client(0x00000001), Caps: 0002

32287 12/28/2011 18:06:56.740 SEV=5 IKE/194 RPT=8064 80.153.72.120

Group [xxx]

Sending IKE Delete With Reason message: Firewall Parameter Mismatch.

The strange thing is, that I don't have any problems with the same CISCO VPN Client on a Windows Vista PC:

32755 12/28/2011 19:04:24.540 SEV=6 IKE/143 RPT=6612 x.x.x.x

Processing firewall record. Vendor: Cisco Systems(1), Product: Cisco Integrated

Client(1), Caps: 0002, Version Number: 0.0.0.0, Version String:

Has anybody an idea, why Cisco Integrated Client Firewall (CIC) isn't installed, enabled or identified on Windows 7 PC?

And how I can overcome this problem?

Best regards!

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-29-2011 02:12 PM

The integrated firewall is NOT supported with VPN Client 5.0.07. This is called out in the Release Notes.

I'm surprised it's working from a Vista client. I was pretty sure the integrated firewall has never been supported with any of the VPN Client 5.x releases.

Your alternatives are to either modify the concentrator policy to not require client firewall or upgrade across the board to current hardware / software (e.g., ASA and AnyConnect). The VPN Concentrator 3000 series is way past end of sales and nothing more is being developed on it. Likewise, the VPN Client is about to die off as well.

0 Helpful

maxxpower
Level 1
Level 1
In response to Marvin Rhoads

‎01-04-2012 09:12 AM

Hi Marvin,

many thanks für response, this helped a lot!

By the way, if this is the case, I'm surprised as well, that it's working on a Vista client.

Best regards!

0 Helpful
Customers Also Viewed These Support Documents