This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot enable Cisco VPN Remote Access

I cannot seem to enable the Cisco VPN Client option on my UTM. When I go to Remote Access > Cisco VPN Client everything is grey-ed out because it's disabled. However, when I attempt to enable Cisco VPN remote access, an information box pops up with the following message: "No users have Cisco VPN client remote access". I click ok and it remains disabled.

I'm running version 9.309-3 and nothing is showing up under the IPsec VPN logs. I restarted the UTM, but that didn't fix the problem.

I had this feature enabled in the past and it worked fine. About a month ago I disabled it and deleted the user accounts associated with it. I assume I wouldn't have to remove the users from the Cisco VPN User and Groups list before deleting them from the UTM.

I can enable and disable every other remote access category. I'm currently using IPsec with the Sophos IPsec Client and it's working fine.

Any suggestions to fix this?

This thread was automatically locked due to age.

Parents

0 BAlfson over 10 years ago

Hi, and welcome to the User BB!.

Now that we've confirmed that the field is empty, let'e get the ref for your user name:
cc get_object_by_name 'aaa' 'user' 'li442il'

With that, we find the ref we needed: 'REF_AaaUseli442il'. Now that we know the ref, we can add it to 'aaa' in the Cisco profile:
cc change_object REF_IpsRoaForTestToInter aaa 'REF_AaaUseli442il'

Let's check our work:
cc get_object REF_IpsRoaForTestToInter

Did that work for you?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 10 years ago

Hi, and welcome to the User BB!.

Now that we've confirmed that the field is empty, let'e get the ref for your user name:
cc get_object_by_name 'aaa' 'user' 'li442il'

With that, we find the ref we needed: 'REF_AaaUseli442il'. Now that we know the ref, we can add it to 'aaa' in the Cisco profile:
cc change_object REF_IpsRoaForTestToInter aaa 'REF_AaaUseli442il'

Let's check our work:
cc get_object REF_IpsRoaForTestToInter

Did that work for you?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 li442il over 10 years ago in reply to BAlfson

Here is the output for the 1st command :

sophos:/root # cc get_object_by_name 'aaa' 'user' 'li442il'

{

          'autoname' => 0,

          'class' => 'aaa',

          'data' => {

                      'acc_managed' => 0,

                      'allowed_networks' => [

                                              'REF_NetworkAny'

                                            ],

                      'authentication' => 'local',

                      'backend_update' => 0,

                      'clearpass' => '',

                      'comment' => '',

                      'email_primary' => 'email@email.com',

                      'email_secondary' => [],

                      'enabled' => 1,

                      'lastauth_backend' => 'local',

                      'lastauth_facility' => 'portal',

                      'lastauth_time' => '1427576067',

                      'loc' => 'english',

                      'md4hash' => 'ba......,

                      'name' => 'li442il',

                      'network' => 'REF_NetAaaLi442UserNetwo',

                      'pop3_accounts' => [],

                      'ras_ip' => '0.0.0.0',

                      'ras_online' => 0,

                      'realname' => 'li442il',

                      'sender_blacklist' => [],

                      'sender_whitelist' => [],

                      'status' => 1,

                      'use_ras_ip' => 0,

                      'user_preferences' => '',

                      'x509_cert' => 'REF_IpsX502',

                      'x509_cert_gost' => ''

                    },

          'hidden' => 0,

          'lock' => '',

          'nodel' => '',

          'ref' => 'REF_AaaUseLi442il',

          'type' => 'user'

        }

Here is the output for the 2nd :

sophos:/root # cc change_object REF_IpsRoaForTestToInter aaa 'REF_AaaUseli442il'

0

{

          'Aattrs' => [

                        'class',

                        'type',

                        'attr'

                      ],

          'Cattrs' => [

                        'goodclass'

                      ],

          'Oattrs' => [

                        'class',

                        'type'

                      ],

          'attr' => 'aaa',

          'attrs' => [],

          'badref' => 'REF_AaaUseli442il',

          'check' => 'input',

          'class' => 'ipsec_connection',

          'fatal' => 0,

          'format' => 'The %_O object needs %_C objects for the %_A attribute.',

          'goodclass' => 'aaa',

          'msgtype' => 'OBJECT_OBJECT_BADREF',

          'name' => 'The Cisco VPN client connection object needs user and group objects for the allowed user and group list attribute.',

          'never_hide' => 0,

          'ref' => 'REF_IpsRoaForTestToInter',

          'type' => 'roadwarrior_cisco'

        }

{

          'attr' => 'aaa',

          'attrs' => [

                       'number',

                       'remove'

                     ],

          'check' => 'input',

          'class' => 'ipsec_connection',

          'fatal' => undef,

          'format' => 'Removing %d invalid element(s) \'%s\' from the list.',

          'msgtype' => 'DATATYPE_ARRAY_ELEMENT',

          'name' => 'Removing 1 invalid element(s) \'REF_AaaUseli442il\' from the list.',

          'never_fatal' => 1,

          'never_hide' => 0,

          'number' => 1,

          'ref' => 'REF_IpsRoaForTestToInter',

          'remove' => 'REF_AaaUseli442il',

          'type' => 'roadwarrior_cisco'

        }

¸

3rd command :

sophos:/root # cc get_object REF_IpsRoaForTestToInter

{

          'autoname' => 1,

          'class' => 'ipsec_connection',

          'data' => {

                      'aaa' => [],

                      'auto_pf_in' => '',

                      'auto_pf_out' => '',

                      'auto_pfrule' => 1,

                      'certificate' => 'REF_gzjPwSXtVfsa',

                      'comment' => '',

                      'interface' => 'REF_IntPppExternaWan',

                      'ip_assignment_pool' => 'REF_DefaultCiscoRWPool',

                      'iphone_connection_name' => 'Home (IPsec)',

                      'iphone_hostname' => '',

                      'iphone_ondemand_domains' => [],

                      'iphone_ondemand_enabled' => 0,

                      'iphone_ondemand_type' => 'OnDemandMatchDomainsOnRetry',

                      'iphone_status' => 1,

                      'name' => 'to Internal (Network)',

                      'networks' => [

                                      'REF_DefaultInternalNetwork'

                                    ],

                      'status' => 0

                    },

          'hidden' => 0,

          'lock' => '',

          'nodel' => '',

          'ref' => 'REF_IpsRoaForTestToInter',

          'type' => 'roadwarrior_cisco'

        }

It's not working, I have the same error message :

"No users have Cisco VPN client remote access"