Entries tagged as vpn

HowTo: VPN-Verbindung unter Windows 7 anlegen

Unter Windows lassen sich neben der klassischen Verbindungsart über RAS auch VPN-Verbindungen herstellen, ohne dass man dafür extra Software benötigt.

Hierzu wechselt man durch einen Rechtsklick in die "Eigenschaften" von "Netzwerk" oder wählt den Weg über "START/Systemsteuerung/Netzwerk- und Freigabecenter".
Dort öffnet man den Link: "Neue Verbindung oder neues Netzwerk einrichten" und wählt: "Verbindung mit dem Arbeitsplatz herstellen", gefolgt von: "Die Internetverbindung (VPN) verwenden".
Im nächsten Schritt gibt man die IP des Ziels ein und gibt dem Kind einen Namen. Abschließend wird man zur Eingabe von Benutzer, Kennwort und Domäne aufgefordert und kann die neue Verbindung danach für VPN nutzen.

VPN zu kompliziert ! Alternative ?

Einem Teil unserer User ist die Nutzung von VPN offenbar zu kompliziert. Ebenso schwierig scheint es zu sein, unsere Anleitungen zu lesen oder zu verstehen. Einfach hingegen scheint es zu sein, jedesmal erneut mit der gleichen Frage zu kommen.

Die User haben das Problem, dass sie Vorgehensweise nicht verstehen und sich auch nicht merken wollen wie sie vorgehen müssen.
Das Resultat ist dann immer jenes, dass sie versuchen sich über VPN anzumelden, ohne zuvor ein DSL-Kabel eingesteckt oder eine UMTS-Verbindung aufgebaut zu haben. Wenn sie diese erste Hürde erfolgreich gemeistert haben und verbunden sind, denken sie nicht daran, ihre Kiste zu synchronisieren oder online zu bringen. Das kleine Icon im Infobereich der Taskleiste, das symbolisiert, dass die Maschine (trotz bestehender VPN-Verbindung) offline ist, vergessen oder ignorieren sie immer wieder. Hier müssten sie lediglich "Status/Online arbeiten" auswählen, aber ok.
Auch wundern sie sich immer wieder über fehlende Desktop-Icons und Laufwerkmappings. Klar, denn das kleine Info-Icon wird ignoriert. "Synchronisieren" könnten sie darüber auswählen und alles wäre fein, aber nun gut.

Wir helfen ihnen schon mit OWA weiter, sodass sie ihre E-Mails standort- und maschinenunabhängig abrufen können. Damit produzieren sie weitere Fehler, denn sie versuchen den Aufruf von OWA über ihre Notebooks ohne bestehende VPN-Verbindung. Was normalerweise kein Problem ist (DSL-Anbindung oder UMTS-Verbindung reichen ja völlig), ist bei uns eines, weil im IE unser Proxyserver hinterlegt ist. Und besteht keine Verbindung zu diesem - via VPN - ist auch der Aufruf von Websites nicht möglich. Eine Policy verhindert zudem die Deaktivierung des Proxyeintrags im IE.

Jetzt ist die Frage: wie kann man das alles vereinfachen ? 'Ne Cloud wäre ggfs. eine Möglichkeit, aber dazu haben wir hier nichts eingerichtet und werden es wohl auch in absehbarer Zeit nicht tun, da andere Projekte Vorrang haben.
Also was tun ? Ein Script schreiben, das alles erledigt ? Vom Aufbau der VPN-Verbindung über's Synchronisieren bishin zum Kaffee kochen ? Oder eine noch leichtere Anleitung schreiben und sie ihnen an den Schädel nageln ? Gibt es eine bessere Lösung als VPN oder bringt vielleicht ein anderer VPN-Client mehr (derzeit Cisco) ? Gibt es ein Zwischending zwischen VPN und Cloud ?

Also heißt's recherchieren. Für Tips, Hinweise, Lösungen, ... wäre ich jedoch dankbar. :-)

Cisco VPN-Client unter Windows 64-Bit

Ich erhielt wiederholt eine Anfrage bezüglich der Nutzung des Cisco VPN Clients unter 64-Bit Versionen von Windows.
Die Problematik besteht schon länger und kann auch überall im Internet gefunden werden.
Dennoch auch an dieser Stelle nochmal: von Cisco gibt es leider keinen 64-Bit Client der VPN Software für Windows, für andere Systeme hingegen schon.

Die Alternative ist Ciscos "AnyConnect", der "Shrew Soft VPN Client" oder der kostenpflichtige "NCP Secure Entry Client".

Für Linux gibt es daneben noch "OpenConnect".

Cisco VPN Client: verwendete Ports

Wer sich fragt, welche Ports der Cisco VPN Client verwendet, um die Kommunikation durch eine Firewall zu ermöglichen, der findet nachfolgend die Antwort:

IP Protocol 50 (ESP) (Encapsulated Security Payload)
UDP-Port 500 (für die Aushandlung der Verbindung)

UDP-Port 4500, wenn "Transport Tunneling" über UDP beim Client aktiviert/eingestellt ist.

Der Handshake läuft immer über UDP-Port 500, der Traffic je nach Einstellung über UDP Port 4500 oder IP Protocol 50.

Fehlerliste: Cisco VPN-Client (Keine Verbindung)

Weil das Thema Fehlermeldungen des Cisco VPN-Clients wohl bei vielen auftritt, poste ich an dieser Stelle einen zweiten Eintrag, der eine wesentlich umfangreichere Liste mit Fehlermeldungen und den möglichen Lösungen beinhaltet, als der, den ich vor einiger Zeit hier schonal veröffentlichte.
Ich hoffe, dass dieser Eintrag für alle Fehlergeplagten User des Cisco-Clients hilfreich ist.



Error 1 The command line parameter %1 cannot be used in conjunction with the command line parameter %2. The two command line parameters stated within quotation marks conflict with one another and cannot be used together in any given command line.

Error 2 Invalid Connection Entry name. The Connection Entry name cannot contain any of the following characters... An invalid character was entered in the connection entry name field of the dialog for creating new, or modifying existing connection entries.

Error 3 Invalid TCP port specified. Valid range is %1 to %2. An invalid TCP port number was entered on the Transport tab of the dialog for creating new, or modifying existing connection entries.

Error 4 Invalid Peer Response Timeout specified. Valid range is %1 to %2. An invalid peer response timeout was entered on the Transport tab of the dialog for creating new, or modifying existing connection entries.

Error 5 No hostname exists for this connection entry. Unable to make VPN connection. A connection attempt was made using a connection entry that does not contain a host name/address entry. A host name or address must be specified in the connection entry in order to attempt a VPN connection.

Error 6 The connection entry %1 does not exist. The command line specified a connection entry that does not exist.

Error 7 Group passwords do not match. Enter the same password in both text boxes. The group authentication password fields on the Authentication tab of the dialog for creating new, or modifying existing connection entries, have different values. The Password and Confirm Password fields must contain the same values

Error 8 Unable to update Start Before Logon setting. The VPN Client was unable to save the start before logon setting of the Windows Logon Properties dialog to the file vpnclient.ini. The file attributes may have been changed to read only or there may be a problem with the file system.

Error 9 Unable to update Disconnect VPN connection when logging off setting. The VPN Client was unable to save the Disconnect VPN connection when logging off setting of the Windows Logon Properties dialog to the file vpnclient.ini. The file attributes may have been changed to read only or there may be a problem with the file system.

Error 10 Unable to update Allow launching of third party applications before logon setting. The VPN Client was unable to save the Allow launching of third party applications before logon setting of the Windows Logon Properties dialog to the Windows registry. The user must have administrator privileges to save this setting, though the setting should be grayed out if this is not the case. There is likely a system problem with the registry.

Error 11 Registration of CSGINA.DLL failed. The VPN Client was unable to register its CSGINA.DLL with the Windows operating system. The DLL may have been altered or corrupted.

Error 12 Unable to retrieve auto-initiation status. The VPN Client was unable to retrieve the current status for determining if automatic VPN initiation must be initiated. The VPN Client service or daemon may be stopped, hung, or not running; or inter-process communication between the service/daemon and the GUI application may have failed.

Error 13 Unable to update Automatic VPN Initiation Enable setting. The VPN Client was unable to save the Automatic VPN Initiation Enable setting of the Automatic VPN Initiation dialog to the file vpnclient.ini. The file attributes may have been changed to read only or there may be a problem with the file system.

Error 14 Unable to update Automatic VPN Initiation Retry Interval setting. The VPN Client was unable to save the Automatic VPN Initiation Retry Interval setting of the Automatic VPN Initiation dialog to the file vpnclient.ini. The file attributes may have been changed to read only or there may be a problem with the file system.

Error 15 Invalid Retry Interval specified. Valid range is %1 to %2. An invalid retry interval was entered in the Automatic VPN Initiation Retry Interval field of the Automatic VPN Initiation dialog. The value must be within the range specified in the error message.

Error 16 The connection entry %1 already exists. Choose a different name. The user is attempting to create a new connection entry with the same name as an existing connection entry.

Error 17 Unable to create connection entry. The VPN Client was unable to save the new connection entry to a file on the hard drive. There may be a problem with the file system.

Error 18 Unable to rename connection entry. The VPN Client was unable to rename the connection entry. The new connection entry name may already exist, or there may be a problem with the file system.

Error 19 Unable to save the modified connection entry. The VPN Client was unable to save the modified connection entry to its file on the hard drive. The file attributes may have been changed to read only or there may be a problem with the file system.

Error 20 Unable to duplicate connection entry. The VPN Client was unable to duplicate the connection entry. The duplicate connection entry name may already exist or be too long, or there may be a problem with the file system.

Error 21 Unable to delete connection entry %1. The VPN Client was unable to delete the connection entry. The file containing the connection entry may no longer exist or may be protected, or there may be a problem with the file system.

Error 22 Unable to import connection entry %1. The VPN Client was unable to import the connection entry. The connection entry attempting to import may not exist. A connection entry with the same name as the entry being imported may already exist. There may be a problem with the file system.

Error 23 Unable to erase encrypted password for connection entry %1. The VPN Client was unable to erase the encrypted user password in the connection entry. The connection entry file attributes may have been changed to read only or there may be a problem with the file system.

Error 24 Unable to update connection entry %1. The VPN Client was unable to write the connection entry modifications to the connection entry's file on the hard drive. The file attributes may have been changed to read only or there may be a problem with the file system.

Error 25 %1() for the short cut file %2 failed with %3h. The function specified in the error message failed while attempting to create a short cut file to the VPN Client GUI for a particular connection entry. The hexadecimal number in the error message is the error returned by the function specified.

Error 26 Unable to build a fully qualified file path while creating the short cut file %1. The VPN Client was unable to build a fully qualified file path for the shortcut file. There may be a problem with the file system.

Error 27 Unable to create the shortcut file %1. The VPN Client was unable to get a pointer to the IShellLink interface from the system in order to create the shortcut file.

Error 28 Reached end of log, no match found. The VPN Client could not find a match for the search string in the log.

Error 29 The third-party dial-up program could not be started. The VPN Client was unable to launch the third-party dial-up program specified in the connection entry in order to establish a VPN connection.

Error 30 The selected connection entry uses the Microsoft CryptoAPI certificate store. This connection entry can not be used until you have logged in to your workstation. The user is attempting to establish a VPN connection before logon using a connection entry that is configured to use a Microsoft CryptoAPI certificate for authentication. Such a certificate cannot be used until after the user has logged into the workstation.

Error 32 Unable to verify certificate %1. The selected certificate could not be verified. Possible misconfiguration issue with the certificate authentication (CA) server.

Error 33 Unable to delete certificate %1 from certificate store. The VPN Client was unable to successfully delete the selected certificate from the certificate store.

Error 34 Unable to show details for certificate %1. The VPN Client was unable to successfully open and access the selected certificate in order to display the certificate's details.

Error 35 Unable to export certificate. Invalid path %1. The export path provided for the certificate is invalid.

Error 36 Unable to export certificate %1. The export source or destination for the certificate was invalid and the certificate could not be exported.

Error 37 An export path must be specified. The user did not provide a file path for exporting the selected certificate

Error 38 Certificate passwords do not match. Enter the same password in both text boxes. The Password and Confirm Password fields of the Export Certificate dialog must both contain the same values.

Error 39 Unable to import certificate. The VPN Client was unable to import the certificate. The file path for the certificate may be incorrect or there may be a problem with the file system.

Error 40 An import path must be specified. The user did not provide a file path for import a certificate.

Error 41 Certificate passwords do not match. Enter the same password in both text boxes. The New Password and Confirm Password fields of the Import Certificate dialog must both contain the same values.

Error 42 Unable to create certificate enrollment request. The VPN Client was unable to create an enrollment request to enroll the certificate with a certificate authority.

Error 43 Certificate enrollment failed, or was not approved. The certificate enrollment request failed or was not approved by the certificate authority.

Error 44 Certificate is not valid, or not an online enrollment request. The user attempted to resume enrollment of a certificate that is not valid or does not have a pending enrollment request.

Error 45 Passwords do not match. Try again. The value entered in the Confirm new password dialog did not match the value entered in the Enter new password dialog when attempting to change a certificate password.

Error 46 Change password for certificate %1 failed. The VPN Client was unable to change the password for the certificate.

Error 47 Failed to load ipseclog.exe. The VPN Client was unable to launch the ipseclog.exe application. Log messages will not be saved to the log file.

Error 48 Unable to stop service/daemon. The VPN Client was unable to stop the service/daemon. The service/daemon may be hung or there is a problem with the system's service/daemon management.

Error 49 GI_VPNStop failed. Unable to disconnect. The VPN Client failed to send a stop request for terminating the VPN connection to the service/daemon. The service/daemon may be stopped, hung, or not running. Communication with the service/daemon may have failed.

Error 50 Service/daemon is not running. The VPN Client service/daemon is not running. VPN connections cannot be established/terminated via the GUI.

Error 51 IPC socket allocation failed with error %1h. The VPN Client failed to create an inter-process communication socket in order to communicate with the service/daemon. VPN connections cannot be established/terminated via the GUI. Refer to Related Information for link to search on Cisco bug ID CSCed05004.

Error 52 IPC socket deallocation failed with error %1h. The VPN Client failed to close an inter-process communication socket that is used to communicate with the service/daemon while terminating. Subsequent use of the GUI may be unable to communicate with the service/daemon.

Error 53 Secure connection to %1 was unexpectedly dropped. The VPN connection was lost due to something other than termination by the VPN Client GUI. The connection could have been terminated by the user via the CLI, or internet connectivity may have been lost.

Error 54 The authentication passwords do not match. Enter the same password in both text boxes. The user was asked to enter a new authentication password in the extend authentication dialog and did not enter the same values into the New Password and Confirm Password fields. Both fields must contain the same values.

Error 55 The authentication PINs do not match. Enter the same PIN in both text boxes. The user was asked to enter a new authentication PIN in the extend authentication dialog and did not enter the same values into the New PIN and Confirm PIN fields. Both fields must contain the same values.

Error 56 Unable to start the VPN connection. The VPN Client failed to send a start request for establishing the VPN connection to the service/daemon. The service/daemon may be stopped, hung, or not running. Communication with the service/daemon may have failed.

Reason 401 An unrecognized error occurred while establishing the VPN connection. VPN connection was not established because of an unrecognized reason. Please check client logs for details.

Reason 402 The Connection Manager was unable to read the connection entry, or the connection entry has missing or incorrect information. Either the connection profile is missing or does not have all the information. To fix this problem, you can either select another connection profile, or fix the current connection entry. Connection profiles are located in profiles. On most machines, this is C Program FilesCisco SystemsVPN Clientprofiles. To fix this problem, replace the connection profile file from the profiles directory. This file can be copied from a machine that has the correct entry of this file.

Reason 403 Unable to contact the security gateway. This can happen because of multiple reasons. One of the reasons that users can get this message is because IKE negotiations failed. Check the client logs for details.

Reason 404 The remote peer terminated the connection during negotiation of security policies. Check the remote peer (head-end) logs to determine the cause for this failure.

Reason 405 The remote peer terminated connection during user authentication. This reason is not currently used.

Reason 406 Unable to establish a secure communication channel. This reason is not currently used.

Reason 407 User authentication was cancelled by the user. A user hit the cancel button (instead of OK) in the VPN Client user authentication dialog.

Reason 408 A VPN connection is already in the process of being established. A connection is already in process.

Reason 409 A VPN connection already exists. A VPN connection already exists.

Reason 410 The Connection Manager was unable to forward the user authentication request. This is not currently used.

Reason 411 The remote peer does not support the required VPN Client protocol. The remote peer is either not a Cisco device or it does not support the VPN Client protocol specification.

Reason 412 The remote peer is no longer responding. The remote peer is not responding to the client's request to establish the connection. Make sure you can ping the remote peer, or check remote peer logs for why it is not responding to the client.

Reason 413 User authentication failed. Either the user entered wrong user authentication information, or the client was not able to launch the XAuth (user authentication) process.

Reason 414 Failed to establish a TCP connection. The VPN Client was not able to establish the TCP connection for IPSec over TCP connection mode. Please try IPSec over UDP or straight IPSec. Please look at client logs for details.

Reason 415 A required component PPPTool.exe is not present among the installed client software. Please make sure that ppptool.exe is present in the client installation directory (this is generally C Program FilesCisco SystemsVPN Client. If this file is not present, uninstall and reinstall the client.

Reason 416 Remote peer is load balancing. The peer has advised you to use a different gateway.

Reason 417 The required firewall software is no longer running. The required firewall is not running.

Reason 418 Unable to configure the firewall software. The peer sent an unrecognized firewall message.

Reason 419 No connection exists. This is an unexpected error. Please check client logs for details.

Reason 420 The application was unable to allocate some system resources and cannot proceed. The system ran out of memory. If you think the system has enough memory, reboot the machine and try again.

Reason 421 Failed to establish a connection to your ISP. Failed to establish a dialup connection. View the client logs for details.

Reason 422 Lost contact with the security gateway. Check your network connection. The machine's IP address changed or the machine is no longer connected to the Internet. Note The VPN Client is required to disconnect the VPN tunnel for security reasons, if the machines IP Address has changed.

Reason 423 Your VPN connection has been terminated. Either the user disconnected the VPN tunnel, or there was an unexpected error.

Reason 424 Connectivity to Client Lost by Peer. Connection disconnected by the peer. Check the peer logs for details.

Reason 425 Manually Disconnected by Administrator. Administrator manually disconnected the VPN tunnel.

Reason 426 Maximum Configured Lifetime Exceeded. The VPN Client exceeded the maximum configured lifetime for a session. This value is configured on the peer (head-end) device.

Reason 427 Unknown Error Occurred at Peer. Peer disconnected tunnel. Check the peer logs for details.

Reason 428 Peer has been Shut Down. Peer was shut down.

Reason 429 Unknown Severe Error Occurred at Peer. Check the peer logs for details.

Reason 430 Configured Maximum Connection Time Exceeded. VPN Client has been connected for longer than allowed by the peer.

Reason 431 Configured Maximum Idle Time for Session Exceeded. The VPN connection was idle for longer than the time allowed by the administrator.

Reason 432 Peer has been Rebooted. The peer has been rebooted.

Reason 433 Reason Not Specified by Peer. The peer gave no reason for disconnecting the tunnel. Check the peer logs for details.

Reason 434 Policy Negotiation Failed. Client and peer policies do not match. Try changing peer policies (try using 3DES, AES, and so forth) and then try again.

Reason 435 Firewall Policy Mismatch. Firewall policies do not match with what was configured by the peer.

Reason 436 Certificates used have Expired. The certificate used in the connection profile has expired. Update the certificate configured in the client profile, and then try again.

Warning 201 The necessary VPN sub-system is not available. You can not connect to the remote VPN server. The VPN Client GUI has detected that it cannot communicate with the client service/daemon. The service/daemon may be stopped, hung, or not running. Communication with the service/daemon may have failed. Uninstall the VPN Client(see Related Information for link) and the anitvirus on the computer, then reinstall the VPN Client.

Warning 202 If you disable this feature, the %1 will not automatically disconnect your VPN connection when you logoff. As a result, your computer may remain connected after logoff. The user has disabled the Disconnect VPN connection when logging off setting of the Windows Logon Properties dialog.

Warning 203 You do not have write privileges for this connection entry. It will be opened read-only. The user is attempting to modify a connection entry whose file attributes have been set to read only.

Warning 204 The certificate %1 associated with this Connection Entry could not be found. Please select a different certificate or click Cancel. The user is attempting to modify a connection entry that has a certificate associated with it. But the certificate associated with the profile was not found. It could be that the certificate lives on a smart card which is not connected to the system right now. Therefore, hitting cancel is a valid option.

Warning 205 You must use a Smart Card with this connection. Please insert the Smart Card before attempting a connection. This warning means that the current profile requires the use of smart card, and no smart card is present on the system. The user should insert the correct smart card and should re-connect, or the user should select a different profile to connect.

Page 1 of 2, totaling 7 entries