Unable to connect to Cisco Any Connect Client (VPN) after installation of Webroot DWP

I have been happily using Cisco Any Connect VPN client with no problems.

I have just started to use the Webroot SAAS web filtering service which uses a local proxy client 'DWP', which also all works fine, except that now the VPN client no longer connects.

I get a password box.  I get the usual security alert because of unsigned certificate (to which you click yes) and then I get "Unable to establish VPN" error message followed by "The VNP client is unable to establish a connection".

Presumably a setting needs altering somewhere to allow the VPN client to talk to the firewall (Cisco ASA5500) but do I need to change a setting on the Webroot software or on the ASA device?

Thanks for your help
MPWOODAsked:
Who is Participating?
 
MPWOODConnect With a Mentor Author Commented:
Hi Terry, well this did turn out to be a problem on the webroot side and controlled from there, they have indicated that a change in the configuration to allow the VPN client to bypass the proxy is what was required - I have made this change and it worked.  thanks anyway for your help and hopefully this PAQ will be of use to others in the future who come up against the same issue.
0
 
terrygreensillCommented:
What version of the Cisco Any Connect Client are you using. From version 2.3 you can ignore Proxies.

To enable Ignore Proxy, insert the following line into the <ClientInitialization> section of the AnyConnect profile (anyfilename.xml):

<ProxySettings>IgnoreProxy</ProxySettings>
0
 
terrygreensillCommented:
Sorry its avalible from version 2.3.2016 onwards not just 2.3
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
MPWOODAuthor Commented:
Hi terry, thanks for the reply.  I'm using 2.4.1012, so that's good news.

Please could you point me in the direction of the xml file that holds the profile?  It's not configurable through the client itself.
0
 
terrygreensillCommented:
In Win7 its C:\Users\username\AppData\Local\Cisco\Cisco AnyConnect VPN Client\

Windows XP will be C:\Documents and Settings\as above
0
 
MPWOODAuthor Commented:
Hi Terry,

I modified the file but unfortunately it hasn't worked - here is the XML, does it look right to you?

i wasn't sure if the <clientinitialisation> section of the file was basically all of it so I have inserted the ignoreproxy into the body next to two other proxy lines.

<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectPreferences>
<DefaultUser>matthew</DefaultUser>
<DefaultSecondUser></DefaultSecondUser>
<ClientCertificateThumbprint></ClientCertificateThumbprint>
<ServerCertificateThumbprint>9622E99DDE023EDF70EC6C7</ServerCertificateThumbprint>
<DefaultHost>223.246.117.200</DefaultHost>
<DefaultGroup>VPNGRPP</DefaultGroup>
<ProxyHost></ProxyHost>
<ProxyPort></ProxyPort>
<ProxySettings>IgnoreProxy</ProxySettings>
<SDITokenType></SDITokenType>
<ControllablePreferences>
<LocalLanAccess>true</LocalLanAccess></ControllablePreferences>
</AnyConnectPreferences>
0
 
terrygreensillCommented:
Sorry I have miss informed you on the file you need to modify. It is the global profile you need to change which is here.

C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\Profile\AnyConnectProfile.xsd

You should find the <clientinitialisation>  section in this file :-)
0
 
MPWOODAuthor Commented:
Well I found that file - below is the extract from it re proxy which already has the parameters set to 'IgnoreProxy'. Wondering if it's not a VPN client problem but is a webroot configuration problem instead?  there isn't much about VPNs on their support pages though but perhaps I should go back to them on this?

 <xs:element name="ProxySettings" default="Native" minOccurs="0">
              <xs:annotation>
                <xs:documentation>This setting allows an administrator to control the user proxy settings.</xs:documentation>
              </xs:annotation>
              <xs:simpleType>
                <xs:restriction base="xs:string">
                  <xs:enumeration value="Native">
                    <xs:annotation>
                      <xs:documentation>Use browser settings.</xs:documentation>
                    </xs:annotation>
                  </xs:enumeration>
                  <xs:enumeration value="IgnoreProxy">
                    <xs:annotation>
                      <xs:documentation>Use no proxy settings.</xs:documentation>
                    </xs:annotation>
                  </xs:enumeration>
                  <xs:enumeration value="Override">
                    <xs:annotation>
                      <xs:documentation>Use AnyConnect proxy settings.</xs:documentation>
                    </xs:annotation>
                  </xs:enumeration>
                </xs:restriction>
              </xs:simpleType>
            </xs:element>
0
 
MPWOODAuthor Commented:
The problem did not lie in the VPN client itself, but in the Webroot proxy not allowing the VPN to bypass the proxy.  By changing a setting in the Webroot configuration in the DWP settings to allow the VPN to bypass the proxy (Accoutns > DWP Configuration, setting the IP address the the VPN connects to in the 'Browser Bypass' box) it all worked
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.