Things don't always go as smoothly as we expect. Sometimes, even though you've followed every step in the how-to guide as carefully as you can, that next step doesn't turn out to be what the guide told you it was going to be. We already know of a few situations where that happens, and we have some tips for what to do about it, listed below. In other cases, you may be the first person to encounter the problem (lucky you!). In that case, you can help us identify what's going on by making sure to collect the following information before calling us (at 610-758-4357):
- The make, model, and approximate age of the computer you're working on, and what platform and version (operating system--for example, Windows 7, or Mac OS X 10.7.5 [Lion]) you are using.
- What kind of connection you have to the Internet at your location (for example: Verizon DSL, RCN cable modem).
- If there is any sort of error message, at what point in the process does it appear and exactly what does it say?
Webpage Not Available (Google Chrome)
This error occurs when attempting to download and install the Cisco SSL VPN client from the VPN device using the Google Chrome web browser, which is not supported. The error message suggests that the server vpn.lehigh.edu may be down, which is not the case.
This error may be intermittent (the download occasionally works, although it usually does not), and it can occur on both Windows and Mac OS platforms. The solution is to use another browser for the download. Mozilla Firefox, Safari (on a Mac), or Internet Explorer (in Windows) are recommended. Once the client has been downloaded and the VPN connection has been established, Chrome can be used for browsing the web over the VPN connection.
Group Policy is Preventing Login (Switch User)
The complete message is: "Group policy is preventing login in because multiple users are logged into this machine." This occurs on Windows computers when you use the " Switch User" function to login a new user while keeping the original user logged in (so as not to have to close the first user's programs and documents). Unfortunately, this just doesn't work. Before attempting to connect to the VPN, you must log all of the other users out. You must be the only user logged into the computer when you establish a VPN connection.
Interprocess Communication Depot Error (Internet Connection Sharing)
The error message is: "The vpn client agent was unable to create the interprocess communication depot." This error is caused by having Internet Connection Sharing (ICS) enabled. See Turn Off Internet Connection Sharing for instructions on how to disable Internet Connection Sharing, should you encounter this problem.
VPN Client Driver Error
The initial error message is: "The VPN client driver has encountered an error," followed by another dialog that says "AnyConnect was not able to establish connection to the specified secure gateway. Please try connecting again." We aren't yet sure what causes this problem. However, it appears that it may be resolved, at least in some cases, by un-installing and re-installing the SSL VPN client. Use the Add/Remove Programs control panel to remove the Cisco AnyConnect client, just as you would any other program (do not just delete the desktop icon). It may be advisable to reboot. Then direct your web browser to http://vpn.lehigh.edu and download a fresh copy of the client.
Cisco has provided documentation on two other possible fixes for this problem, in case reinstalling does not work. See Cisco Fixes for VPN Client Driver Error for the documented solutions. Also read the information about third-party firewalls, below.
We have not yet found any situation in which the built-in software firewall that is provided by the operating system interferes with setting up a VPN connection. However, we have encountered some situations where a third-party security product that includes network protection, such as McAffee Internet Security, may prevent a VPN connection from being established. (The error message in such a case may be the generic "Driver Error" message described above.) Theoretically, there should be either configuration settings to permit the connection, or a way to temporarily disable the network function of the security product, but as each product is different (including different versions from the same vendor), we cannot provide details (consult the vendor's website for your particular product). In one case, it was necessary to remove (uninstall) the security product in order to get the VPN to work.
Cisco's Troubleshooting Guide
If you don't find the answer you're looking for here, you might also try the Cisco Troubleshooting Guide at http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-nex.... Of course, for many people, this guide is way too technical; that's ok. Contact the Help Desk at 610-758-4357, and tell us what's going on.