If you guys are using the newest AnyConnect version (v2.4.0202), there is an issue with DNS resolution that has yet to be fixed. You'll definitely see issues with Exchange 2007... the solution is to downgrade one step until the bug is fixed.
Just FYI... Thanks! Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 arohy...@dpsciences.com<mailto:arohy...@dpsciences.com> http://www.dpsciences.com/ "I want an Anti-Virus system that sends Arnold back in time to kill the hacker as a small child before he invents the virus..." "There are 10 kinds of people in this world... those who can read binary, and those who can't" From: Ray [mailto:rz...@qwest.net] Sent: Thursday, February 18, 2010 11:21 AM To: NT System Admin Issues Subject: RE: CISCO VPN Client The error I got was "The VPN client driver has encountered an error". This just happened last night, didn't put any effort into looking at it. This morning I overhead one of our programmers saying he was having issues connecting, so he was getting the client, but then he couldn't seem to RDP to his work PC. Unfortunately he didn't bother to get the exact error messages. -----Original Message----- From: Terry Dickson [mailto:te...@treasurer.state.ks.us] Sent: Thursday, February 18, 2010 9:08 AM To: NT System Admin Issues Subject: RE: CISCO VPN Client Not that I can help, but what issues? We still use the Cisco VPN Client and many of our machines are Win7 64 machines. Since Cisco will not make a 64bit version of the VPN Client we are looking at the anyconnect solution also. -----Original Message----- From: Ray [mailto:rz...@qwest.net] Sent: Thursday, February 18, 2010 9:48 AM To: NT System Admin Issues Subject: RE: CISCO VPN Client We're starting to see some issues with Win7 64 clients connecting. -----Original Message----- From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Thursday, February 18, 2010 8:19 AM To: NT System Admin Issues Subject: Re: CISCO VPN Client The AnyConnect from Cisco uses a cert and is webbased, it is very easy to work with and the users are happy with it. -------------------------------------------------- From: "Charlie Kaiser" <charl...@golden-eagle.org> Sent: Thursday, February 18, 2010 10:14 AM To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> Subject: RE: CISCO VPN Client > Hmmm. Yeah; that's a lot of overhead. Seems a shame to have to switch apps > because of a bad guy. That's an effective DOS attack, eh? I'd hesitate to > switch apps because I'd be afraid they'd do the same thing. But I don't > know > the AnyConnect app either. > > I seem to remember the VPN client could use certs as part of the auth. I > wonder if that feature could be utilized to block non-client access? I > haven't used the Cisco client for a year or so so I don't recall the > available options. > > > *********************** > Charlie Kaiser > charl...@golden-eagle.org > Kingman, AZ > *********************** > >> -----Original Message----- >> From: David W. McSpadden [mailto:dav...@imcu.com] >> Sent: Thursday, February 18, 2010 7:59 AM >> To: NT System Admin Issues >> Subject: Re: CISCO VPN Client >> >> They change every 20 or 30 hits. >> Mostly out of country. >> I started by setting up rules to block them but then I had >> about 100 rules to block and it became an all day job. >> Easier to move the authorized users to AnyConnect which is >> supported and kill the VPN Client which has end of lifed anyway. >> >> >> -------------------------------------------------- >> From: "Charlie Kaiser" <charl...@golden-eagle.org> >> Sent: Thursday, February 18, 2010 9:54 AM >> To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> >> Subject: RE: CISCO VPN Client >> >> > Is there a way you can block the source IP(s) before they >> get to the >> > VPN endpoint? >> > >> > *********************** >> > Charlie Kaiser >> > charl...@golden-eagle.org >> > Kingman, AZ >> > *********************** >> > >> >> -----Original Message----- >> >> From: David W. McSpadden [mailto:dav...@imcu.com] >> >> Sent: Thursday, February 18, 2010 7:45 AM >> >> To: NT System Admin Issues >> >> Subject: Re: CISCO VPN Client >> >> >> >> I have Kiwi Syslogger setup to email me every failed attempt to >> >> authenticate through the VPN. >> >> It went from 2 or 3 a day from lusers to 2500 to 5000 a >> day and all >> >> accounts I don't have in AD and all originating from the >> VPN tunnel. >> >> So disabling the tunnel didn't work, had to remove the >> reference to >> >> the tunnel entirely. Now we are back to 2 or 3 a day. >> >> >> >> >> >> From: Bob Fronk <mailto:b...@btrfronk.com> >> >> Sent: Thursday, February 18, 2010 9:25 AM >> >> To: NT System Admin Issues >> >> <mailto:ntsysadmin@lyris.sunbelt-software.com> >> >> Subject: RE: CISCO VPN Client >> >> >> >> >> >> How did you discover this was happening? >> >> >> >> >> >> >> >> From: David W. McSpadden [mailto:dav...@imcu.com] >> >> Sent: Wednesday, February 17, 2010 1:30 PM >> >> To: NT System Admin Issues >> >> Subject: Re: CISCO VPN Client >> >> >> >> >> >> >> >> Ok. I am looking at that area under Remote VPN in >> Configuration and >> >> someone has my VPN Client info and they are trying a Brute Force >> >> Vocab attack to my AD's. So I have moved all my users to >> AnyConnect >> >> and I am ready to remove the VPN Client from the ASA or >> disable it... >> >> >> >> >> >> >> >> From: Jon Harris <mailto:jk.har...@gmail.com> >> >> >> >> Sent: Wednesday, February 17, 2010 1:24 PM >> >> >> >> To: NT System Admin Issues >> >> <mailto:ntsysadmin@lyris.sunbelt-software.com> >> >> >> >> Subject: Re: CISCO VPN Client >> >> >> >> >> >> >> >> Why are you getting rid of the VPN client? You don't >> remove it you >> >> disable it on the ASA. Just make sure all the rules are >> correct for >> >> the ASA first. >> >> >> >> >> >> >> >> Jon >> >> >> >> On Wed, Feb 17, 2010 at 1:13 PM, David W. McSpadden >> <dav...@imcu.com> >> >> wrote: >> >> >> >> >> >> >> >> Actually on the ASA. I think I have it found now but I am still >> >> testing. >> >> >> >> From: Jon Harris <mailto:jk.har...@gmail.com> >> >> >> >> Sent: Wednesday, February 17, 2010 12:10 PM >> >> >> >> To: NT System Admin Issues >> >> <mailto:ntsysadmin@lyris.sunbelt-software.com> >> >> >> >> Subject: Re: CISCO VPN Client >> >> >> >> >> >> >> >> Remove it is the best, they install into the same root directory >> >> under Program Files but have separate directories under >> that. They >> >> are separate programs as Microsoft sees them. >> >> >> >> >> >> >> >> Jon >> >> >> >> On Wed, Feb 17, 2010 at 8:07 AM, David W. McSpadden >> <dav...@imcu.com> >> >> wrote: >> >> >> >> Anyone point me on how to Disable the old CISCO VPN Client >> and leave >> >> the AnyConnect still enabled? >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource >> hog! ~ ~ >> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource >> hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
