AnyConnect VPN Client FAQ
喜提新车Document ID: 107391
Questions
Introduction
What level of rights is required for the AnyConnect VPN Client?
Is a reboot required after AnyConnect is installed or upgraded?
Is it possible to save the password credentials on AnyConnect so that it will not request authentication from the ur (password storage feature)?
Is there a way to prevent the Adaptive Security Appliance (ASA) from automatically upgrading to a new AnyConnect version?
Is AnyConnect VPN Client supported on PIX Security Appliances?
Has Secure Socket Layer (SSL) VPN (AnyConnect/Clientless) been validated on Novell Linux Desktop
Thin Client Edition?
AnyConnect VPN Client installation fails with this error message: Error 1722. There is a problem with this Windows Installer package. How can I resolve this issue?
Is the launching a dialer feature available on the AnyConnect VPN Client?
On what platforms is Datagram Transport Layer Security (DTLS) supported?
Does DTLS support both 32−bit and 64−bit platforms?
Is it possible to turn off the automatic AnyConnect upgrade via ASA?
What is the difference between the SSL−Tunnel and DTLS−Tunnel? What type of traffic goes through each?
Is there a way to support SOCKS type proxy?
What are the requirements for AnyConnect and SSL versions?
Is there a method by which we can automatically map the network drives when the urs connect via
用力造句VPN and disconnect them once the ur disconnects VPN?
AnyConnect connects through a proxy rver and DTLS is not ud. Why?
Is AnyConnect supported on the Cisco VPN 3000 Concentrator?
Is AnyConnect supported on Cisco IOS® devices?
Can the AnyConnect VPN Client work through an IPc VPN Client tunnel?
Does AnyConnect VPN Client support Mac OS?
Can AnyConnect (or Clientless SSL VPN) urs initiate password−management changes from the AnyConnect VPN Client itlf?
Does AnyConnect support a pool with a single address? If you want the ASA to do Port Address Translation (PAT), such that all the remote clients appear on the inside network as a single address, differentiated by source TCP port number?
Does AnyConnect have the ability to prent a popup with the list of certificates, such as what is available for SSL VPN Clientless?
VPN ssion failover (SSL) is possible with dual Internet Service Providers (ISPs) without breaking the ssion. For example, if a customer is communicating through SSL VPN through ISP 1, if ISP 1 goes down, will this take over the connection through ISP 2 without losing any packet (VPN ssion)? Is this possible with any Cisco device?
Does SSL VPN have the facility where the ur can create two tunnels at the same time and then after accessing the network, if one tunnel goes down the VPN Client can automatically shift the ur to the cond tunnel?
Does AnyConnect require any Java and permissions?
Does AnyConnect standalone mode require the system to have Internet Explorer installed?
Can a DHCP rver assign DNS and WINS rvers to an AnyConnect VPN Client?
Do both tunnels have to Idle Timeout for the ssion to be disconnected?
Where are the Windows AnyConnect installation logs stored on Windows operating systems?
Where are the AnyConnect installation logs stored on Linux operating systems?
Can you run a logon script after AnyConnect establishes a VPN connection? Rather than running Start Before Logon (SBL), which must be run every time I start the computer (whether or not I want to VPN), I would like to be able to process a logon script only when connecting to the corporate network.
Urs behind a Microsoft Proxy receive this error when they connect to the VPN Concentrator via the SSL VPN Client: None of the authentication protocols offered by the proxy rver are supported. How is this issue resolved?
How do I prompt remote urs to download the client?
What is the AnyConnect reconnect behavior?
When a reconnect occurs, does the AnyConnect Virtual Adapter (VA) flap or does the routing table change at all?
Will AnyConnect Start Before Logon (SBL) function with whole−disk encryption software such as Encryption Anywhere, PointSec, and PGP?
Is AnyConnect 2.x supported on Windows Vista x86 (32−bit) and Windows Vista x64 (64−bit)?
I am trying to install AnyConnect VPN Client on Windows 2003 rver. During installation I receive this error message: Administrator privileges are required to install the VPN client. How can I resolve this issue?
AnyConnect VPN Client software crashes with this error message: Cisco Anyconnect vpn
client downloader has encountered a problem and needs to clo. How can I resolve this issue?
When I attempt to connect with AnyConnect VPN Client version 2.4, I receive this error message: A certificate problem has been encountered. A VPN connection will not be established. How can I resolve this issue?
How can I receive the AnyConnect Mobile licen for the ASA?
When I u Datagram Transport Layer Security (DTLS) on AnyConnect VPN tunnel, I cannot download large files and have connectivity issues. How is this issue resolved?
AnyConnect VPN Client downloads the older profiles when a new profile of the same file name is uploaded to the ASA flash. How is this resolved?
I cannot connect with AnyConnect and I receive this error: ANYConnect is not enabled on the VPN Server. How is this issue resolved?
When I attempt to connect with AnyConnect VPN Client using Internet Explorer 7, I receive this error message: Revocation information for the curity certificate for this site is not available. Do you want to proceed? I click the Yes radio button three times before the window goes away. Why does this error occur and how is it resolved?
Is AnyConnect VPN Client supported on the Google Chrome browr?
Is AnyConnect VPN Client supported on the Apple iPAD or iPhone?
Does AnyConnect VPN Client support two−factor authentication?
I am unable to connect with AnyConnect VPN Client on Windows Vista after the sleep and resume feature has been ud. I receive this error message on the AnyConnect GUI: The VPN client driver has encountered an error. Why does this error occur and how is it resolved?
Does AnycConnect VPN Client support SSL clients from other vendors installed simultaneously on the same PC?
Related Information
Introduction
This document provides answers to the most frequently asked questions (FAQs) related to the Cisco AnyConnect VPN Client.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Q. What level of rights is required for the AnyConnect VPN Client?
A. For the first installation, you need administrative privileges. However, subquent
给友人upgrades do not require the admin level privilege.朋友搬家送什么
Q. Is a reboot required after AnyConnect is installed or upgraded?
A. No. Unlike the IPc VPN Client, a reboot is not required after a AnyConnect installation
or upgrade.
Q. Is it possible to save the password credentials on AnyConnect so that
it will not request authentication from the ur (password storage
feature)?
A. No, this is not possible.
Q. Is there a way to prevent the Adaptive Security Appliance (ASA) from automatically upgrading to a new AnyConnect version?
A. No. Currently there is no way to disable automatic AnyConnect upgrades.
Q. Is AnyConnect VPN Client supported on PIX Security Appliances?
A. No. AnyConnect VPN Client is not supported on PIX.
Q. Has Secure Socket Layer (SSL) VPN (AnyConnect/Clientless) been validated on Novell Linux Desktop Thin Client Edition?
A. Cisco does not test with this edition of Linux. The best bet is to make sure you meet the
prerequisites defined in the relea notes. Then, give it a try, assuming you are asking about
AnyConnect. This would not be officially qualified, but if the system meets the pre−requisites
it might work fine. Asking about Clientless SSL VPN should work fine, becau you
generally just need the browr.
Q. AnyConnect VPN Client installation fails with this error message:
Error 1722. There is a problem with this Windows
Installer package. How can I resolve this issue?
A. AnyConnect installation fails with this error:
MSI (s) (D8:70) [14:59:10:750]: Product: Cisco AnyConnect VPN Client
−− Error 1722. There is a problem with this Windows Installer package
A program run as part of the tup did not finish as expected. Contact
动的反义词your support personnel or package vendor. Action VACon_Install,
location:C:\Program Files\Cisco\Cisco AnyConnect VPN , comm
−install "C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnva.inf" VPN The 1722 error is an generic code for an MSI action failure. In this ca, as revealed in the
MSI log, the Virtual Adapter installer has failed. Therefore, you need to check whether this
registry key is prent or not:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce.
Q. Is the launching a dialer feature available on the AnyConnect VPN Client?
A. No. Dialer and third−party application launchers are not supported for AnyConnect Start
Before Logon (SBL).
Q. On what platforms is Datagram Transport Layer Security (DTLS) supported?
A. DTLS is supported on Windows 2000, Windows XP, Windows Vista, Mac OS, and Linux
operating systems.
Q. Does DTLS support both 32−bit and 64−bit platforms?
A. Yes.
Q. Is it possible to turn off the automatic AnyConnect upgrade via ASA?
A. Yes. From the ASA, configure either of the commands in order to turn off the automatic
upgrade:
♦
no svc ask enable
♦
svc ask enable
Q. What is the difference between the SSL−Tunnel and DTLS−Tunnel? What type of traffic goes through each?
A. The SSL−Tunnel is the TCP tunnel that is first created to the ASA. When it is fully
established, the client will then try to negotiate a UDP DTLS−Tunnel. While the
DTLS−Tunnel is being established, data can pass over the SSL−Tunnel. When the
DTLS−Tunnel is fully established, all data now moves to the DTLS−tunnel and the
SSL−tunnel is only ud for occasional control channel traffic. If something should happen to
UDP, the DTLS−Tunnel will be torn down and all data will pass through the SSL−Tunnel
可爱的邻居
again.
The decision of how to nd the data is very dynamic. As each network bound data packet is
procesd there is a point in the code where the decision is made to u either the SSL
connection or the DTLS connection. If the DTLS connection is heathly at that moment, the
packet is nt via the DTLS connection. Otherwi it is nt via the SSL connection.
The SSL connection is established first and data is pasd over this connection while
attempting to establish a DTLS connection. Once the DTLS connection has been established,
the decision point in the code described above just starts nding the packets via the DTLS
connection instead of the SSL connection. Control packets, on the other hand, always go over
the SSL connection.
The key point is if the connection is considered healthy. If DTLS, an unreliable protocol, is in
u and the DTLS connection has gone bad for whatever reason, the client does not know this
until Dead Peer Detection (DPD) occurs. Therefore, data will be lost over the DTLS
connection during that short period of time becau the connection is still considered healthy.
Once DPD occurs, data will immediately be t via the SSL connection and a DTLS
reconnect will happen.
The ASA will nd data over the last connection it received data on. Therefore, if the client
has determined that the DTLS connection is not healthy, and starts nding data over the SSL
connection, the ASA will reply on the SSL connection. The ASA will resume u of the
DTLS connection when data is received on the DTLS connection.
父亲写的散文诗歌词
Q. Is there a way to support SOCKS type proxy?
A. AnyConnect is not supported with SOCKS type proxy. SOCKS is not a HTTPS proxy, so
Cisco does not support SOCKS proxies.
AnyConnect will work in SSL mode via "HTTPS" proxies (specifically HTTPS 1.1).
Additionally, authenticating proxies that u Basic or NTLM for authorization can also be
ud.
You must enable u https 1.1 for proxies in the advanced IE ttings.
沉着反义词Q. What are the requirements for AnyConnect and SSL versions?
A. AnyConnect requires that the ASA be configured to accept TLSv1 traffic and that the
browr ttings be t for TLSV1.0.
The AnyConnect VPN Client cannot establish a connection with the ASA ttings for ssl
rver−version:
♦
ssl rver−version sslv3
♦
ssl rver−version sslv3−only (CSCsh76698)
Q. Is there a method by which we can automatically map the network drives when the urs connect via VPN and disconnect them once the ur disconnects VPN?
A. No. There is no automatic way for the client to perform this.
Q. AnyConnect connects through a proxy rver and DTLS is not ud. Why?
A. The AnyConnect SSL VPN Client can u a configured proxy rver in your browr (IE
only). However, when it connects, it does not negotiate a Datagram Transport Layer Security
(DTLS) Ur Datagram Protocol (UDP) tunnel. Only TLS TCP is ud when you connect this
way becau the proxy rver configuration is not configurable to proxy UDP packets ud by
DTLS.
Q. Is AnyConnect supported on the Cisco VPN 3000 Concentrator?
A. No.
Q. Is AnyConnect supported on Cisco IOS® devices?
A. Yes.
As of Cisco IOS Software Relea 12.4(15)T in browr−initiated mode only as per the
Relea 12.4T New Security Features Notes.
