web asccess for Juniper SSL VPN
On a XP - SP3 computer, webaccess juniper VPN V7 stopped working reliably a few days ago. Sometimes it connects, sometimes it crashes. Even after a reboot, same thing. It works fine on another computer on the same network.
I went to the center of fixit, and I get
"Input string was not in a correct format" when I try to install "diagnose and repair windows security issues...". »
So I looked in the event viewer.
I have several errors
DCOM got error "the service cannot be started, either because it is disabled or because it has no enabled devices associated with" try to start the service gupdate1ca2f26cf03c938 with arguments "/ comsvc" to start the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
This one is more disturbing
The Security Accounts Manager service failed to start due to the following error:
The system cannot find the specified file.
of course, brings us to this error
Windows Service Pack Installer update service depends on the Security Accounts Manager service which failed to start because of the following error:
The system cannot find the specified file.
Given that I can't identify the file that is missing. Active system with bootlog startup does not reveal something special.
I hate the idea of having to reload, because there was no stacking of XP to create a wake to install a clean system without patches more than 100.
ideas in addition to reload?
Hi devicedoc,
Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the TechNet forums.
http://social.technet.Microsoft.com/forums/en-us/category/windowsxpitpro
Tags: Windows
Similar Questions
-
Should what license I for 25 SSL VPN peers
Hi all
I want to implement cluster active / standby with a pair of ASAs 5550 and I have a licensing question. Here's the "sh - key retail activation" leave two output devices...
ASA1:
SH - activation in detail key:
Serial number: XXXXX
No temporary key assets.
Activation key running: XXXXX XXXXX XXXXX XXXXX XXXXX
The devices allowed for this platform:
The maximum physical Interfaces: unlimited
VLAN maximum: 250
Internal hosts: unlimited
Failover: Active/active
VPN - A: enabled
VPN-3DES-AES: enabled
Security contexts: 2
GTP/GPRS: disabled
SSL VPN peers: 2
Total of the VPN peers: 5000
Sharing license: disabled
AnyConnect for Mobile: disabled
AnyConnect Cisco VPN phone: disabled
AnyConnect Essentials: disabled
Assessment of Advanced endpoint: disabled
Proxy sessions for the UC phone: 2
Total number of Sessions of Proxy UC: 2
Botnet traffic filter: disabled
This platform includes an ASA 5550 VPN Premium license.
Flash activation key is the SAME as the key running.
ASA2:
SH - activation in detail key:
Serial number: XXXXX
No temporary key assets.
Activation key running: XXXXX XXXXX XXXXX XXXXX XXXXX
The devices allowed for this platform:
The maximum physical Interfaces: unlimited
VLAN maximum: 250
Internal hosts: unlimited
Failover: Active/active
VPN - A: enabled
VPN-3DES-AES: enabled
Security contexts: 2
GTP/GPRS: disabled
VPN SSL counterparts: 25
Total of the VPN peers: 5000
Sharing license: disabled
AnyConnect for Mobile: disabled
AnyConnect Cisco VPN phone: disabled
AnyConnect Essentials: disabled
Assessment of Advanced endpoint: disabled
Proxy sessions for the UC phone: 2
Total number of Sessions of Proxy UC: 2
Botnet traffic filter: disabled
This platform includes an ASA 5550 VPN Premium license.
Flash activation key is the SAME as the key running.
--------------------------------------------------------------
It seems so obvious that I have to upgrade the first ASA to support 25 SSL VPN peers in order to create the cluster HA, right?
Now, I want to know do I need the license "ASA5505-SSL25-K9" or something else.
Thank you very much in advance for any help!
Ah OK I see - right then: upgading pole will allow the license to share.
Re the version target, I would recommend going directly to 8.4 (4.1). I have it deployed on several sites without problem.
-
New for mapping SSL VPN ACS ASA - ASA groups
Greetings,
I am new to ASA, so any help is greatly appreciated.
I just installed and installed an ASA 5520. I installed an SSL VPN. What I'm trying to achieve is to configure profiles of different groups and different users can access various resources when they access the VPN.
Current config-
ASA 5520 v8.3
ACS 4.0
Field of Windwos 2003
I have different installation profiles in the ASA. (i.e. business Dept.) When I choose in the drop down menu, it allows me to open a session and displays the options I've chosen for this group. The problem is that I can connect in this group with any account. GBA, all windows domain users are in the default group. I guess the default group is being processed and which has hosted and user logon.
Can anyone provide a good article or tips on how to configure the ASA and the ACS for several groups of users. We have several departments that will have to get the parameters when they connect. The ACS groups are mapped to the Windows groups that correspond to each Department
Any help is greatly appreciated.
Thank you
Tim
Hello
I think that you need to activate locking group.
In order to configure Group locking, send group policy name in the attribute class 25 on the Authentication Dial - In User Service (RADIUS Remote) server and choose the group to lock the user in policy. For example, to lock the user 123 of Cisco in the RemoteGroup group, define the class of attributes 25 Internet Engineering Task Force (IETF) UO = RemotePolicy; for this user on the RADIUS server.
-
which product is right for the ssl vpn: asa 5505 cisco 1841 or
Hello
I want to install an outside link management related so that we can ssh to our cisco devices and microsoft RDP toour servers. It's my configuration (based on what I know):
Internet > DSL modem > ASA 5505 > management CONSOLES SWITCH > SWITCH CISCO or Windwos Server
or
Internet > 1841 with DSL HWIC > management CONSOLES SWITCH > SWITCH CISCO or Windwos Server
My questions are:
Should I go for ASA or 1841 router?
What options is better? and ASA will do the job?
Are there any technical support prior to purchase of products in Australia? I need technical advice on the choice of the right products, not justs eiling me products.
Hello
Its strongly suggested to go with ASA 5505 in the first place, it is supposed to feature for the main functionality of ssl vpn server from 1841 which has this feature to be a vpn server.
ASDM also gives you the freedom to config box on your own based on your condition.
regds
-
Control the access of the user for the SSL VPN profile.
I have two ssl vpn profile, can I restricted the user to access only ssl vpn profile, when they get to the page of the ssl vpn service. Each profile to create different types of access, and they will have different client IP address.
Hello
Yes, using different ways; one of them is using group-lock, which is a simple check to validate if the Tunnel group or the connection profile as you called it with that sign corresponds to what you have defined under group policy. If the value of Tunnel-Group-Lock (condition true), the VPN remote access session is allowed to install; otherwise the session is not allowed to be implemented.
The tunnel-group-lock featurecan be defined as follows:
- via the group-policy setting locally on ASA
- via the LDAP attribute
- via the Radius attribute
http://www.Cisco.com/en/us/partner/docs/security/ASA/asa82/configuration/guide/vpngrp.html#wp1134870
Step 4
Kind regards
-
Hello
We have configured the Juniper to start virtual desktops with Vmware View. But I have a problem with win7 64-bit. If I try to connect for the first time, the system detects there is no customer of vmware on it and download the client 64-bit (4.5). So the next time I want to connect to the desktop computer, Juniper starts the vmware customer, but I have no GUI (I don't even see the client connection). I only see that the wswc.exe * 32 is started, but no application.
When I do the same thing on a 32-bit win7, no problem, perfect on my virtual office connection. Even on XP-32 bt, perfect.
A person who recognizes the problem?
Maybe a strange question, but did restart after installation?
Edit:
What is the version of the vmware view client you use?
It may be the version that does not work when some Microsoft hotfixes are installed, see:
-
Try to customize login page for ASA 5505 SSL - VPN
Nice day
I'm looking for help to customize the login page for the ssl - vpn as mentioned. When the vpn is configured, the default template allows my customers to connect with this: IMAGE 1
While trying to change the login page, I have to create a new customization without CLIENT SSL VPN ACCESS-> PORTAL-> CUSTOMIZATION file in the ASDM. When I do this and I'm trying to change the login page, it comes up with 2 forms of authentication and a fast internal password like this: IMAGE 2
How can I change the login page, I created so that users only see the fields username and password for regular as the default template?
Thank you all for your time and assistance
Joel
Hi Joel,
What you see is just the preview, right?
Preview displays the purpose of customization, since the password internal and the second authentication controls are the features that are activated in different parts of the configuration.
WebVPN
allow outside
internal-password enable
!
attributes global-tunnel-group DefaultWEBVPNGroup
secondary-authentication-server-group second_authentication_server
INFO: This command applies only to the SSL VPN - Clientless and AnyConnect.
So I recommend to assign this object of customization to a group policy and test access to the content of the specific connection profile.
Thank you.
Portu.
Please note all useful posts
-
Hello
I want to configure SSL VPN for mobile users on ASA 5510 I have following requirements
> What are the condition of licence on ASA 5510 VPN with Anyconnect SSL?
> VPN users have full access to the local network via ASA
> Authentication method preferred, Local or AD (LDAP)
> users use not laptops should be limited to the Clientless SSL VPN
> How to add a URL is visible to users in the Web page
> Can someone view example configuration for the above requirements
TIA
Hitesh Vinzoda
> If you need both AnyConnect and WebVPN (Clientless SSL VPN), you can buy the AnyConnect Premium license (and this is a base user license). The ASA would come with default 2 SSL VPN license.
> To have full access to the local network, you must use AnyConnect SSL VPN. Here is an example of configuration:
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00808efbd2.shtml
> You can authenticate to AD or Local or RADIUS, etc. By default, this would be local authentication.
> Here's some example configuration for clientless SSL VPN:
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a008072462a.shtml
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00806ea271.shtml
Hope that helps.
-
prevent the SSL VPN user to access ASA cli
Hello
I set up multiple users on my ASA in its local database.
These users are used for the ssl vpn connection, but the problem I have is that users
also have SSH access. Is it possible to avoid this?
Thank you
Hello Raf,
If you do something like this:
username xxx attributes
type of remote access service
the user should not get access CLI more.
Kind regards
Bastien
-
Calculation of SSL VPN license
Hello
I need to purchase licenses for my SSL VPN (AnyConnect) 2901 router, and I would like to know how it is affected.
If I buy a license 10 users, it is up to the 10 named user, or it is counted by concurrent users?
If a user connects from a laptop computer and a mobile phone at the same time, with the same username, it counted as 2 user license, or just one?
Also, AFAIK, the AnyConnect Essentials license is only available to ASA and not IOS routers. Is that still OK?
Thank you.
The number of licenses using simultaneous connections, regardless of the associated user ID.
75 connected both unique usernames or a different user connected of 75 endpoints name would be count as 75 licenses in use. Laptop more phone = 2 users if the connections are simultaneous.
The Essentials vs Premium distinction is unique to the ASA. Premium features only as a clientless SSLVPN, hostscan etc are not available based on the IOS SSL VPN
-
Order SSL VPN with Cisco Cloud Web Security
We have implemented Cisco Cloud Web Security with the connector of the ASA and transfer all traffic port 80 and 443 to the Tower of the CCW. We have enabled HTTPS inspection, and I was wondering if there was anything, we can add in the configuration that would allow us to control (allow/block) SSL VPN?
#Clientless SSL VPN is not supported with Cloud Security Web; don't forget to exempt all SSL VPN traffic without client service ASA for Cloud Web Security Strategy.
Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/gu...
-
access of entrepreneurs and employees of the web site in-house using clientless ssl vpn.
We have a layout of web SSL VPN without customer who allow employees and suppliers of connection and internal display web page. I wonder if possible separate employees and contractors to access internal pages. The internal web page has no authentication of users. They would like to see if it is possible that traffic employees get proxy behind interface INSIDE IP de ASA and entrepreneur behind a different IP address proxy traffic. Thus, the internal web page can check IP to contractor and only give them access to view certain web page, but not all pages.
Hello
Creating a group policy for each user group will be a good option, you can also use DAP to assign an ACL web to the user who logs on the portal without client, you can use the Radius, LDAP or Cisco attributes to associate the DAP for the user. For example, if you are using LDAP, you can create 2 groups separated here for employees and entrepreneurs and based on the LDAP user group membership, they will be assigned to specific web acl configured according to their access restrictions.
You can follow this link to set up an acl of web:
http://www.Cisco.com/c/en/us/TD/docs/security/ASA/asa83/asdm63/Configura...
Once the ACL is ready, you can follow this guide to configure the DAP Protocol: "check the web for acls figure10.
http://www.Cisco.com/c/en/us/support/docs/security/ASA-5500-x-series-NEX...
Thank you, please note!
-
Dear all,
I have ASA 5510 and Version 8. I want to know IOS for SSL VPN, but I don't know which...
Please help me show...
HQ-ASA5510 # HS, fla
path-# - length - time -.
177 14137344 January 1, 2003 00:06:12 asa804 - k8.bin
75 4096 November 21, 2008 12:17:46 log
79 4096 crypto_archive November 21, 2008 12:18
178 7562988 November 21, 2008 12:19:30 Amps - 613.bin
180 4863904 November 21, 2008 12:21:10 securedesktop_asa_3_3_0_129.pkg.zip
181 4096 November 21, 2008 12:21:10 sdesktop
188 1462 November 21, 2008 12:21:10 sdesktop/data.xml
182 2153936 November 21, 2008 12:21:10 anyconnect-victory - 2.2.0133 - k9.pkg
183 3446540 November 21, 2008 12:21:12 anyconnect-macosx-powerpc - 2.2.0133 - k9.pkg
184 3412549 November 21, 2008 12:21:16 anyconnect-macosx-i386 - 2.2.0133 - k9.pkg
185 3756345 November 21, 2008 12:21:16 anyconnect-linux - 2.2.0133 - k9.pkg
For Version 7. he say the ssl VPN.
Please help me which line as SSL VPN.
Best regards
Rechard
Richard, you already have the code that supports SSL webvpn on your ASA.
See page medium low SSL VPN VPN/Web for more detailed examples, which provides all the necessary information for any additional/optional
plug-ins needed.
http://www.Cisco.com/en/us/products/ps6120/prod_configuration_examples_list.html
Details of the sample SSL VPN configuration and types... but all the SSL.
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00806ea271.shtml
What you have in your directory ASA applies the Anyconnect client who is also driven SSL but is a bit different from plain SSL webvpn, I suggest you go to the configuration examples of link that can provide information on the implementation of SSL vpn varios.
Concerning
-
possible redirect Web SSL VPN to another external ip?
Hi, it is possible to redirect the web ssl vpn to another external ip of my external range or could I do not use the external interface?
For example:
ASA outdoors: 213.23.4.50 (https://213.23.4.50)
Redirect outside: 213.23.4.51 (https://213.23.4.51)
same question to redirect the vpn client ip address external to the other that the IP outside of asa.
concerning
Jason
Jason,
Pretty easy
BSNs-ASA5520-10 (config) # webvpn
BSNs-ASA5520-10(config-WebVPN) # port?the WebVPN mode options/controls:
<1-65535>The WebVPN Server SSL listening port. The TCP 443 port is the
by default.Please note however that your users will use
to connect... even for clientless and SVC.
Marcin
1-65535> -
Unable to connect to the site Web SSL VPN with firewall zone configured
I recently updated my 2911 company and set up a firewall area. This is my first experience with this and I used Cisco Configuration Professional to build the configuration of the firewall first and then edited the names to make it readable by humans. The only problem I can't solve is to learn site Web SSL VPN from outside. I can navigate the website and connect without problem from the inside, and even if it was useful to verify that the Routing and the site work properly it is really not what I. I don't get anything on the syslog for drops because of the firewall server, or for any other reason but packet capture show that no response is received when you try to navigate to the outside Web site. I am currently using a customer VPN IPSEC solution until I can get this to work and have no problem with it. I have attached a sanitized with the included relevant lines configuration (deleted ~ 400 lines including logging, many inspections on the movement of the area to the area and the ipsec vpn, which I already mentioned). I searched anything about this problem and no one has no problem connecting to their Web site, just to get other features to work correctly. All thoughts are welcome.
See the security box
area to area
Members of Interfaces:
GigabitEthernet0/0.15
GigabitEthernet0/0.30
GigabitEthernet0/0.35
GigabitEthernet0/0.45
area outside zone
Members of Interfaces:
GigabitEthernet0/1
sslvpn area area
Members of Interfaces:
Virtual-Template1
SSLVPN-VIF0
I tried to change the composition of the area on the interface virtual-Template1 to the outside the area nothing helps.
See the pair area security
Name of the pair area SSLVPN - AUX-in
Source-Zone sslvpn-area-zone of Destination in the area
Service-SSLVPN-AUX-IN-POLICY
Name of the pair area IN SSLVPN
Source-Zone in the Destination zone sslvpn-zone
service-policy IN SSLVPN-POLICY
Name of the pair area SELF SSLVPN
Source-Zone sslvpn-area free-zone Destination schedule
Service-SELF-to-SSLVPN-POLICY
Zone-pair name IN-> AUTO
Source-Zone in the Destination zone auto
Service-IN-to-SELF-POLICY policy
Name of the pair IN-> IN box
In the Destination area source-Zone in the area
service-policy IN IN-POLICY
Zone-pair name SELF-> OUT
Source-Zone auto zone of Destination outside the area
Service-SELF-AUX-OUT-POLICY
Name of the pair OUT zone-> AUTO
Source-Zone out-area Destination-area auto
Service-OUT-to-SELF-POLICY
Zone-pair name IN-> OUT
Source-Zone in the Destination area outside zone
service-strategy ALLOW-ALL
The pair OUT zone name-> IN
Source-out-zone-time zone time Zone of Destination in the area
Service-OUT-to-IN-POLICY
Name of the pair area SSLVPN-to-SELF
Source-Zone-Zone of sslvpn-area auto
Service-SSLVPN-FOR-SELF-POLICY
I also tried to add a pair of area for the outside zone sslvpn-zone passing all traffic and it doesn't change anything.
The area of networks
G0/0.15
172.16.0.1 26
G0/0.30
172.16.0.65/26
G0/0.35
172.16.0.129/25
G0/0.45
172.18.0.1 28
Pool of SSL VPN
172.20.0.1 - 172.20.0.14
Latest Version of IOS:
Cisco IOS software, software C2900 (C2900-UNIVERSALK9-M), Version 15.0 (1) M10, RELEASE SOFTWARE (fc1)
Glad works now. Weird question, no doubt.
I guess that on the deployment guide said that the firewall will not support inspection of TCP to the free zone, however, class nested maps are used to accomplish this, to be completely honest, I think it's a mess and the best thing to do is action past to auto for the protocols that you want and then drop the rest.
Let us know if you have any other problems.
Mike
Maybe you are looking for
-
Move the update start and end tab does not work
I can't use the shortcut to move the tab to start or finish, it moves the scroll in this tab at the bottom bar and the top of the page. https://support.Mozilla.org/en-us/KB/keyboard-shortcuts-perform-Firefox-tasks-quickly?redirectlocale=en-us & redir
-
Taking wide angle, inside still shot s for rental properties with my Rebel T3i
I am the owner of the apartments and really struggled to get good shots of small rooms. My Rebel EOS T3i came with the EFS 18-55mm and 55-250 mm lens kit. I took a few photos wide-angle still rooms with lens 18-55 mm EFS, but my apartment rooms are u
-
I am using Windows Vista & trying to download Norton Security Suite for Comcast Xfinity.
I am the user principal and administrator of this desk top using Windows Vista Home. I'm trying to download Norton Security Suite Dowload Manager of Comcast Xfinity. When I select "Run" I get the message "Download Manager requires administrator pri
-
Problem to generate a library with the JDE plugin for Eclipse
Hello world I created a new library project in my workspace. I used the JDE plugin for Eclipse create this project (New-> other-> BlackBerry project) but when I build my project, I receive a generated .class file, there is no file .jar and .cod gener
-
After a problem with my sony ebook reader, I was told by the library to remove the program Sony and library of books on the computer and the drive, and then reinstall the program. I would then be able to download the books again. But now I have a m