Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 11 replies
  • Subscribers 0 subscribers
  • Views 3140 views
  • Users 0 members are here
Options
Suggested

[9.191][CLOSED]Cant disable Cisco VPN

NathanPConvergent
When I try to disable the Cisco VPN in WebAdmin it looks like it is going to turn off, but as soon as you refresh the page or browse to a different section and come back, the Cisco VPN is still enabled.

*EDIT* I should have mentioned that this is both with IE 11 and Firefox web browsers.
Parents
  • 0
    Hi,

    I can't reproduce your problem on my Windows 7 with Firefox and IE11 (9.192).
    Can you please clear your cache and check if the problem happens again? [:)]
  • 0 in reply to martin170
    Clearing cache did not make a difference.

    I did see that if I click apply without changing any settings I get the following error.  I wonder if this is related to it not disabling.

    "The Cisco VPN client connection object needs firewall objects for the outgoing auto-packetfilter rule attribute. "
  • 0 in reply to NathanPConvergent
    Hi, 
    can you please attach the confd-debug.log or the confd.log in your next post?
    It seems that there is a problem with your packetfilter rules.

    Maybe it helps if you remove the "Automatic Firewall rules" checkbox.
    Save your changes and then add it again and save it.
  • 0 in reply to martin170
    It pops up the same error when I try to remove auto packet filter rules and doesn't disable it as well.  Basically I cant make any changes to the cisco vpn that will save.  That error pops up no matter what I do.

    I will post log later.
  • 0 in reply to NathanPConvergent
    Here is the pertinent conf.d log :

    2014:01:17-11:28:18 nlphome confd[8577]:  id="3100" severity="warn" sys="System" sub="confd" name="OBJECT_OBJECT_BADREF (The Cisco VPN client connection object needs firewall objects for the outgoing auto-packetfilter rule attribute.)" class="ipsec_connection" type="roadwarrior_cisco" ref="REF_sFZxkudUZB" attr="auto_pf_out" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" call="change_object" check="input" badref="REF_GCyXsRNzHm" goodclass="packetfilter"
    2014:01:17-11:28:28 nlphome confd[8577]:  id="3100" severity="warn" sys="System" sub="confd" name="OBJECT_OBJECT_BADREF (The Cisco VPN client connection object needs firewall objects for the outgoing auto-packetfilter rule attribute.)" class="ipsec_connection" type="roadwarrior_cisco" ref="REF_sFZxkudUZB" attr="auto_pf_out" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" call="set_object" check="input" badref="REF_GCyXsRNzHm" goodclass="packetfilter"
    2014:01:17-11:28:30 nlphome confd[8577]:  id="3100" severity="warn" sys="System" sub="confd" name="OBJECT_OBJECT_BADREF (The Cisco VPN client connection object needs firewall objects for the outgoing auto-packetfilter rule attribute.)" class="ipsec_connection" type="roadwarrior_cisco" ref="REF_sFZxkudUZB" attr="auto_pf_out" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" call="set_object" check="input" badref="REF_GCyXsRNzHm" goodclass="packetfilter"


    I looked up the badref REF_GCyXsRNzHm and it does not exist in the configuration database.
  • 0 in reply to NathanPConvergent
    And here is the confd-debug log: 

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="get_cisco_object_or_default"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="internal call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" call="get_cisco_object_or_default" lock="none" method="get"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="internal call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" call="get_cisco_object_or_default" lock="none" method="get_object"

    2014:01:17-11:28:18 UTM confd[8577]: D Storage::lock:185() => id="3100" severity="debug" sys="System" sub="confd" name="locked storage" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" storage="/cfg"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="auto" method="change_object"

    2014:01:17-11:28:18 UTM confd[8577]: >=========================================================================

    2014:01:17-11:28:18 UTM confd[8577]: D Object::set_object:1136() => id="3100" severity="debug" sys="System" sub="confd" name="set_object" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" call="change_object" object="$VAR1 = {

    2014:01:17-11:28:18 UTM confd[8577]:           'ref' => 'REF_sFZxkudUZB',

    2014:01:17-11:28:18 UTM confd[8577]:           'lock' => '',

    2014:01:17-11:28:18 UTM confd[8577]:           'autoname' => 1,

    2014:01:17-11:28:18 UTM confd[8577]:           'hidden' => 0,

    2014:01:17-11:28:18 UTM confd[8577]:           'type' => 'roadwarrior_cisco',

    2014:01:17-11:28:18 UTM confd[8577]:           'class' => 'ipsec_connection',

    2014:01:17-11:28:18 UTM confd[8577]:           'data' => {

    2014:01:17-11:28:18 UTM confd[8577]:                       'status' => 0,

    2014:01:17-11:28:18 UTM confd[8577]:                       'certificate' => 'REF_eMuXPAUsTo',

    2014:01:17-11:28:18 UTM confd[8577]:                       'iphone_ondemand_enabled' => 0,

    2014:01:17-11:28:18 UTM confd[8577]:                       'auto_pf_out' => 'REF_GCyXsRNzHm',

    2014:01:17-11:28:18 UTM confd[8577]:                       'aaa' => [

    2014:01:17-11:28:18 UTM confd[8577]:                                  'REF_rMwITjdISa'

    2014:01:17-11:28:18 UTM confd[8577]:                                ],

    2014:01:17-11:28:18 UTM confd[8577]:                       'interface' => 'REF_NmErvDwQkB',

    2014:01:17-11:28:18 UTM confd[8577]:                       'ip_assignment_pool' => 'REF_DefaultCiscoRWPool',

    2014:01:17-11:28:18 UTM confd[8577]:                       'iphone_ondemand_domains' => [],

    2014:01:17-11:28:18 UTM confd[8577]:                       'auto_pfrule' => 1,

    2014:01:17-11:28:18 UTM confd[8577]:                       'iphone_hostname' => 'HOSTNAME',

    2014:01:17-11:28:18 UTM confd[8577]:                       'auto_pf_in' => 'REF_qKwNRistpY',

    2014:01:17-11:28:18 UTM confd[8577]:                       'name' => 'for User to Internal (Network)',

    2014:01:17-11:28:18 UTM confd[8577]:                       'networks' => [

    2014:01:17-11:28:18 UTM confd[8577]:                                       'REF_cpWdncLlma'

    2014:01:17-11:28:18 UTM confd[8577]:                                     ],

    2014:01:17-11:28:18 UTM confd[8577]:                       'iphone_ondemand_type' => 'OnDemandMatchDomainsOnRetry',

    2014:01:17-11:28:18 UTM confd[8577]:                       'iphone_connection_name' => 'CISCO VPN NAME',

    2014:01:17-11:28:18 UTM confd[8577]:                       'comment' => '',

    2014:01:17-11:28:18 UTM confd[8577]:                       'iphone_status' => 1

    2014:01:17-11:28:18 UTM confd[8577]:                     },

    2014:01:17-11:28:18 UTM confd[8577]:           'nodel' => ''

    2014:01:17-11:28:18 UTM confd[8577]:         };" external="1"

    2014:01:17-11:28:18 UTM confd[8577]:  id="3100" severity="warn" sys="System" sub="confd" name="OBJECT_OBJECT_BADREF (The Cisco VPN client connection object needs firewall objects for the outgoing auto-packetfilter rule attribute.)" class="ipsec_connection" type="roadwarrior_cisco" ref="REF_sFZxkudUZB" attr="auto_pf_out" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" call="change_object" check="input" badref="REF_GCyXsRNzHm" goodclass="packetfilter"

    2014:01:17-11:28:18 UTM confd[8577]: D Storage::unlock:289() => id="3100" severity="debug" sys="System" sub="confd" name="discarded changes and released lock" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" storage="/cfg"

    2014:01:17-11:28:18 UTM confd[8577]: D Storage::update:88() => id="3108" severity="debug" sys="System" sub="confd" name="reloading storage" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" version="4740" storage="/cfg"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="get_object"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="may"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="wait_for_update"

    2014:01:17-11:28:18 UTM confd[8577]: D Storage::update:88() => id="3108" severity="debug" sys="System" sub="confd" name="reloading storage" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" call="wait_for_update" version="4740" storage="/cfg"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="freeze"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="get_version"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="thaw"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="list_sessions"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="list_sessions"
Reply
  • 0 in reply to NathanPConvergent
    And here is the confd-debug log: 

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="get_cisco_object_or_default"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="internal call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" call="get_cisco_object_or_default" lock="none" method="get"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="internal call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" call="get_cisco_object_or_default" lock="none" method="get_object"

    2014:01:17-11:28:18 UTM confd[8577]: D Storage::lock:185() => id="3100" severity="debug" sys="System" sub="confd" name="locked storage" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" storage="/cfg"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="auto" method="change_object"

    2014:01:17-11:28:18 UTM confd[8577]: >=========================================================================

    2014:01:17-11:28:18 UTM confd[8577]: D Object::set_object:1136() => id="3100" severity="debug" sys="System" sub="confd" name="set_object" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" call="change_object" object="$VAR1 = {

    2014:01:17-11:28:18 UTM confd[8577]:           'ref' => 'REF_sFZxkudUZB',

    2014:01:17-11:28:18 UTM confd[8577]:           'lock' => '',

    2014:01:17-11:28:18 UTM confd[8577]:           'autoname' => 1,

    2014:01:17-11:28:18 UTM confd[8577]:           'hidden' => 0,

    2014:01:17-11:28:18 UTM confd[8577]:           'type' => 'roadwarrior_cisco',

    2014:01:17-11:28:18 UTM confd[8577]:           'class' => 'ipsec_connection',

    2014:01:17-11:28:18 UTM confd[8577]:           'data' => {

    2014:01:17-11:28:18 UTM confd[8577]:                       'status' => 0,

    2014:01:17-11:28:18 UTM confd[8577]:                       'certificate' => 'REF_eMuXPAUsTo',

    2014:01:17-11:28:18 UTM confd[8577]:                       'iphone_ondemand_enabled' => 0,

    2014:01:17-11:28:18 UTM confd[8577]:                       'auto_pf_out' => 'REF_GCyXsRNzHm',

    2014:01:17-11:28:18 UTM confd[8577]:                       'aaa' => [

    2014:01:17-11:28:18 UTM confd[8577]:                                  'REF_rMwITjdISa'

    2014:01:17-11:28:18 UTM confd[8577]:                                ],

    2014:01:17-11:28:18 UTM confd[8577]:                       'interface' => 'REF_NmErvDwQkB',

    2014:01:17-11:28:18 UTM confd[8577]:                       'ip_assignment_pool' => 'REF_DefaultCiscoRWPool',

    2014:01:17-11:28:18 UTM confd[8577]:                       'iphone_ondemand_domains' => [],

    2014:01:17-11:28:18 UTM confd[8577]:                       'auto_pfrule' => 1,

    2014:01:17-11:28:18 UTM confd[8577]:                       'iphone_hostname' => 'HOSTNAME',

    2014:01:17-11:28:18 UTM confd[8577]:                       'auto_pf_in' => 'REF_qKwNRistpY',

    2014:01:17-11:28:18 UTM confd[8577]:                       'name' => 'for User to Internal (Network)',

    2014:01:17-11:28:18 UTM confd[8577]:                       'networks' => [

    2014:01:17-11:28:18 UTM confd[8577]:                                       'REF_cpWdncLlma'

    2014:01:17-11:28:18 UTM confd[8577]:                                     ],

    2014:01:17-11:28:18 UTM confd[8577]:                       'iphone_ondemand_type' => 'OnDemandMatchDomainsOnRetry',

    2014:01:17-11:28:18 UTM confd[8577]:                       'iphone_connection_name' => 'CISCO VPN NAME',

    2014:01:17-11:28:18 UTM confd[8577]:                       'comment' => '',

    2014:01:17-11:28:18 UTM confd[8577]:                       'iphone_status' => 1

    2014:01:17-11:28:18 UTM confd[8577]:                     },

    2014:01:17-11:28:18 UTM confd[8577]:           'nodel' => ''

    2014:01:17-11:28:18 UTM confd[8577]:         };" external="1"

    2014:01:17-11:28:18 UTM confd[8577]:  id="3100" severity="warn" sys="System" sub="confd" name="OBJECT_OBJECT_BADREF (The Cisco VPN client connection object needs firewall objects for the outgoing auto-packetfilter rule attribute.)" class="ipsec_connection" type="roadwarrior_cisco" ref="REF_sFZxkudUZB" attr="auto_pf_out" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" call="change_object" check="input" badref="REF_GCyXsRNzHm" goodclass="packetfilter"

    2014:01:17-11:28:18 UTM confd[8577]: D Storage::unlock:289() => id="3100" severity="debug" sys="System" sub="confd" name="discarded changes and released lock" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" storage="/cfg"

    2014:01:17-11:28:18 UTM confd[8577]: D Storage::update:88() => id="3108" severity="debug" sys="System" sub="confd" name="reloading storage" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" version="4740" storage="/cfg"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="get_object"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="may"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="wait_for_update"

    2014:01:17-11:28:18 UTM confd[8577]: D Storage::update:88() => id="3108" severity="debug" sys="System" sub="confd" name="reloading storage" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" call="wait_for_update" version="4740" storage="/cfg"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="freeze"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="get_version"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="thaw"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="list_sessions"

    2014:01:17-11:28:18 UTM confd[8577]: D sys::AUTOLOAD:301() => id="3100" severity="debug" sys="System" sub="confd" name="external call" user="admin" srcip="***.***.***.***" facility="webadmin" client="webadmin.plx" lock="none" method="list_sessions"
Children
No Data
Unfiltered HTML