Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Vista and VPN Client Troubles

Hello. We are evaluating Windows Vista along with the VPN Client version Many of our VPN users are reporting that they are experiencing problems connecting VPN to the ASA 5520 firewall. We are experiencing the same problems with error such as "Reason 418: Unable to configure the firewall software." Also in the client's log we see:

3 08:11:49.845 08/07/07 Sev=Warning/2 IKE/0xE3000086

Invalid concentrator firewall configuration.

Is anyone else experiencing this problem and is there a workaround? Thanks in advance.


Re: Vista and VPN Client Troubles


Most likely the group that you are trying to connect to on the ASA has the integrated firewall feature. This feature is not supported for windows Vista Clients.

You can disable this on the ASA by getting into the group polices:

ASA(config)# group-policy "VPN group name" attributes

ASA(config-group-policy)#client-firewall none

If you have other clients connecting fine and you don�t want to do this change, you can configure a new group for the Vista Clients without the integrated firewall feature.

Please rate if helps



New Member

Re: Vista and VPN Client Troubles

Yes, this seems to be working, however, we will need to enable a client-side firewall for our VPN connections. What are the supported options? Thanks in advance.

New Member

Re: Vista and VPN Client Troubles

Fyi - I ended up opening up a TAC case for this (SR 606571713) and received the following information from the engineer:

"Either disable the firewall check on for that group on the VPN appliance or clear a custom DLL check looking for the Microsoft Firewall DLLS or use an alternative Firewall that is supported on Vista and by the VPN appliance.

CPP pushes will not work for any other Firewalls other then ZoneLabs, if or when ZoneLabs releases ZoneAlarm for Vista customers can install this to get CPP support.

For more reference on this BUG please go to the following link :

Note:This feature is not enabled because we are still waiting for the patch from ZoneLab for Vista vpn client."

New Member

Re: Vista and VPN Client Troubles

I have not see that error before, but from the log it looks like it has to do with IKE security policy. We have a 5520 setup and working with XP and Vista clients. Seems that the version before 5.0.01 didnt work too well bet 5.0.01 works good. We are running ASA version .

New Member

Re: Vista and VPN Client Troubles

We have learned that the reason for this issue is because we were using the integrated client firewall which this VPN client currently does not support.