Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
807
Views
0
Helpful
6
Replies

vpn error

Go to solution
secureIT
Level 4
Level 4

‎06-11-2012 11:48 PM

We are getting the below logs in cisco ASA 55xx firewall with 8.x version continously.

%ASA-3-713141: IP = x.x.x.x, Client-reported firewall does not match configured firewall: terminating tunnel. Received -- Vendor: Sygate(4), Product Sygate Security Agent(3), Caps: 0001. Expected -- Vendor: Cisco Systems(1), Product: Cisco Integrated Client(0x00000001), Caps: 0002.

where x are multiple ip addresses used by Ras users..

can someone please help me.....

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to secureIT

‎06-12-2012 03:38 AM

You can either change the firewall on the client's PC, or you can turn off the firewall checking for VPN Client if you don't actually use that feature. Because it hasn't failed the VPN Client connection, it is probably configured as an optional firewall setting on the ASA.

To disable it, you can configure the following under the respective group-policy:

client-firewall none

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎06-12-2012 01:44 AM

That means you are checking to see if you have firewall installed on the VPN Client's PC, and you have configured to see if Cisco Integrated Client firewall exists, while it detected Sygate firewall instead.

0 Helpful

Go to solution
secureIT
Level 4
Level 4
In response to Jennifer Halim

‎06-12-2012 02:01 AM

Thanks for the update...!!!

Does this indicate any problem and is there any way to suppress these logs ?

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to secureIT

‎06-12-2012 03:38 AM

You can either change the firewall on the client's PC, or you can turn off the firewall checking for VPN Client if you don't actually use that feature. Because it hasn't failed the VPN Client connection, it is probably configured as an optional firewall setting on the ASA.

To disable it, you can configure the following under the respective group-policy:

client-firewall none

0 Helpful

Go to solution
secureIT
Level 4
Level 4
In response to Jennifer Halim

‎06-16-2012 08:53 PM

thanks for the update.. i think in stead of client-firewall none, we can even try firewall optional i guess.. correct me if i am wrong.

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to secureIT

‎06-16-2012 08:54 PM

That is correct, you can have optional and the vpn will still get connected.

0 Helpful

Go to solution
secureIT
Level 4
Level 4
In response to Jennifer Halim

‎06-16-2012 08:57 PM

thanks..this thread can be closed.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents