[from 2010, bit me once and stole an hour or two of my time..]
Caution: technical networking discsussed
From the Cisco AnyConnect vpn software:
Secure VPN connection terminated locally by the client. Reason 403: Unable to contact the secure gateway.
This was from WinXP running in a vm on my Mac. Worked under two other vm's fine.
I could ping the VPN host fine. This WinXP machine was setup with some port forwarding and squid, because they took away the Mac client for no reason. So, this VM was my gateway (application-level routed..).
I tried rebooting; updated the VMware tools too; I thought this might be the issue. Updated the VMware tools on another machine, it was fine. Checked for any other DTLS (datagram transport layer security--basically, SSL over UDP) vpn clients that might work with Cisco but didn't find any.
I was about to start sniffing the traffic to see what was actually happening at the wire level.
I decided to just uninstall it; after all, it couldn't get more broken that it already was.
Uninstall was successful, so I started a browser to make the SSL connection which automatically downloads and installs the client. Right away, an error in IE: 'Check your Internet connection'.
The proxy! I forgot all about it, and hadn't started it because I didn't have the VPN connection up, and without the VPN, the proxy was of little use... I only use the proxy for tunneling to the one internal network that I access via VPN by use of a pac (proxy auto-config) file.
However, I had set IE in the VM to use the proxy, not for access, but for timing analysis by checking the squid access log. And then I left the configuration in, and got hit when AnyConnect tried to next connect.
I wouldn't expect it to use the proxy, but there is probably an initial connect check that it does over TCP.
Caution: technical networking discsussed
From the Cisco AnyConnect vpn software:
Secure VPN connection terminated locally by the client. Reason 403: Unable to contact the secure gateway.
This was from WinXP running in a vm on my Mac. Worked under two other vm's fine.
I could ping the VPN host fine. This WinXP machine was setup with some port forwarding and squid, because they took away the Mac client for no reason. So, this VM was my gateway (application-level routed..).
I tried rebooting; updated the VMware tools too; I thought this might be the issue. Updated the VMware tools on another machine, it was fine. Checked for any other DTLS (datagram transport layer security--basically, SSL over UDP) vpn clients that might work with Cisco but didn't find any.
I was about to start sniffing the traffic to see what was actually happening at the wire level.
I decided to just uninstall it; after all, it couldn't get more broken that it already was.
Uninstall was successful, so I started a browser to make the SSL connection which automatically downloads and installs the client. Right away, an error in IE: 'Check your Internet connection'.
The proxy! I forgot all about it, and hadn't started it because I didn't have the VPN connection up, and without the VPN, the proxy was of little use... I only use the proxy for tunneling to the one internal network that I access via VPN by use of a pac (proxy auto-config) file.
However, I had set IE in the VM to use the proxy, not for access, but for timing analysis by checking the squid access log. And then I left the configuration in, and got hit when AnyConnect tried to next connect.
I wouldn't expect it to use the proxy, but there is probably an initial connect check that it does over TCP.
No comments:
Post a Comment