Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Problems with AnyConnect 2.5.2006 / ASA 8.3 and some pc's

Posted on 2010-11-26
5
Medium Priority
?
2,691 Views
Last Modified: 2012-12-17
I have upgraded my firewalls to 8.3 and subsequently upgraded my AnyConnect to 2.5.2xxx
 
All seems good, except some PCs can't use the AnyConnect anymore.
 
The client will connect, and gets an ip address, but then drops the connection immediately, showing messages:
 
"The VPN client driver has encountered an error"
 
"AnyConnect was not able to establish a connection to the specified gateway, Please try connecting again"
 
and then at the bottom of the AC window:
 
"No trusted network detection rules defined. Contact your network admin"
 
 
But I have created a profile with trusted network rules set to Connect. I can see the profile is downloaded when the client attempts connection, and is stored in app support, and AC finds it during the connection but then the event manager logs indicate it's not being used, "No profile available for host xxxxxxxxx.com", that some default profile is being used, which has "TrustedNetworkPolicy:disconnect" set.
 
Any ideas?
 
I've also found out that the IPsec client won't work on this pc either, says the virtual adapter was not recognised by the operating system and fails to enable

Thanks for reading
0
Comment
Question by:cmrayer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 34218155
The Trusted network detection (TND) is a policy that helps determine when a user is not on the corporate network.     Do you use this feature?

From the error, it sounds like you enabled the feature, but didn't define any rules for the TND.      Is that correct?    You may want to test just turning it off.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html#wp1059922
0
 
LVL 4

Accepted Solution

by:
cmrayer earned 0 total points
ID: 34322415
It looks like the problem was the age old "Windows XP Home doesn't like Cisco VPN" one as most other machines are fine without any profiles or alterations.  As 2.4 was the last Windows XP supported version then I guess we have to live with it as the ASA does not support one client for XP and another for Vista/7

Anyone any ideas on this?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34365300
If it does, I've never seen it setup.   I suppose that would be a TAC call to see if its supported.    I've only ever done the textbook setup for different OS (win, mac, linux)
0
 
LVL 4

Author Closing Comment

by:cmrayer
ID: 34488368
Not a solution but simply a reality - problem still exists but as it is only for a few users with older machines we have told them that they just need to upgrade them...
0
 
LVL 1

Expert Comment

by:damelahn
ID: 38699170
Here is the solution:  Open AD Users and Computers, Open user account in question, Select the Account tab, scroll down in the Account options window, check the box labeled "Do not require kerberos preauthentication", click OK.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question