AnyConnect shortcuts no longer work? VPN no longer opens after recent update?

BU recently updated to Cisco AnyConnect Secure Mobility Client. This update means previously created desktop shortcuts will no longer work. You can open the new client by going to Start-All Programs-Cisco-Cisco AnyConnect Secure Mobility Client. If you still experience problems, try logging in at http://vpn.bu.edu.

Can’t use AnyConnect and/or the regular Cisco client after a Windows 7 update? Seeing an error 440?

If you experience this problem, go to Start-Control Panel-Programs and Features. Look for the Cisco client(s) listed there and do a right click to Uninstall it. Once it is gone from the list, reboot your computer and try again by logging in at http://vpn.bu.edu.

Using AnyConnect on a Mac and prompted twice for your password?

When you go to http://vpn.bu.edu you will be prompted to login with your BU login name and Kerberos password in order to proceed with use of the AnyConnect client. Before the connection launches, you might then ALSO be prompted to login with the username and password used to install new software on your Mac. This is (hopefully) not your BU login name and Kerberos password, but something else, known only to you, as the administrator of your machine. If you intend to connect to the VPN often with a Mac, we suggest using the built-in VPN client for Mac OS X.

Seeing an “unable to create the interprocess communication depot” error?

This error occurs in Windows when Internet Connection Sharing (ICS) is enabled. To disable it,

  1. Go to Start
  2. In the Search programs window type services.msc and then hit Enter to launch it
  3. Scroll to find Internet Connection Sharing (ICS) and then double-click on it to launch it
  4. Change Startup Type to Disabled
  5. Reboot the computer
  6. Try the VPN againhttp://vpn.bu.edu

Are you in a BU residence hall connected via Ethernet?

VPN access is blocked from wired BU residence connections. You shouldn’t need it to access BU resources when you are directly connected.

Make sure you are using only the BU login name.

Make sure you are using only the BU login name (the part before @bu.edu) and not your full email address.

Check your account status with IS&T.

In order to use the VPN, you need to be authorized. The vast majority of BU accounts do have authorization by default, but authorization does depend on your affiliation with the university, and can vary. You can check your VPN status by contacting us.

Using Internet Connection Sharing?

See if it helps to disable it, as described above.

Are you sure you have an Internet connection?

This is easy to test — just open a web browser and choose Reload/Refresh. If you aren’t able to access any websites, then the problem is with your connection and not with the VPN. In the case of wireless users on the BU network, you should (only be able to) see a page that tells you how to use wireless. If you don’t see that page, you may not actually have wireless access from where you are and should review our wireless instructions. (You might see an error message that says “the remote peer is no longer responding.”)

Could VPN connections be blocked from your network?

Some companies won’t let people connect to an outside VPN. If this could apply to you, you should talk to your employer’s network administrator. He/she or you can contact the IT Help Center for more details on which ports the VPN needs open. This could be the explanation if you are able to use the VPN when you are connected to a different Internet Service Provider (such as from home) with the same computer.

Could outbound VPN connections be blocked from the BU network?

Yes, Boston University does restrict access to outbound VPN traffic for security purposes. In rare instances, an exception will be made to allow for such access. If you are interested in this, you must complete an Outbound VPN Request form.

Note that you must have a valid BU login name, Kerberos password, and email address in order to access this form. All correspondence regarding these requests will only be sent to active BU email addresses.

Are you using a firewall or something similar that could be blocking the VPN?

If so, explore the settings in this product to see if you can “allow” the VPN software.

For example, Kaspersky security software…

There is a setting in this suite which needs to be selected  in order to allow https (port 443) traffic to go through.  See http://forum.kaspersky.com/lofiversion/index.php/t118177.html.

If allowing the program doesn’t help, try disabling the firewall and rebooting (before running the VPN) to determine if that resolves the problem. If you are running one of these products but disabling doesn’t seem to help, it may be necessary to experiment a bit. For example, after the disable/reboot, try uninstalling and then reinstalling the VPN software to see if that helps. If it does, you might then be able to set the firewall again and have the VPN work with it.

Have you been VPN-disabled by IS&T?

If you have been notified by Information Services & Technology that you have a virus and will be network disabled, this could explain VPN access that has stopped working (i.e., it once worked and now doesn’t). If you have been VPN disabled, you probably already know it, and are hopefully taking the recommended steps toward fixing the problem.

Wireless? Try lowering your MTU setting.

We occasionally hear from wireless users that they can’t connect to the VPN, or that the connection seems unstable. For all of them, lowering the MTU setting in increments of 100 seems to help. You access the MTU setting by going to Start->All Programs->Cicso Systems VPN Client->Set MTU.

Wireless users should also keep in mind that 802.1x technology is also available and recommended over the VPN for securing wireless.

Off campus and having trouble accessing local resources such as printers?

If you find yourself unable to use local resources such as network printers while connected to the VPN, you need to turn on “Allow Local LAN access” in your connection settings.

  1. Do a right click on the VPN icon to Open AnyConnect
  2. Go to Connection and click on the Preferences icon
  3. Choose to Enable Local LAN Access and OK.

Off campus, using the download client, and want to two different computers to VPN in to BU simultaneously?

  1. Launch the VPN client and click on the BU off-campus connection. Then click the Modify button.
  2. Select the Transport tab. (You should see a checkmark next to the “Enable Transparent Tunneling” option.)
  3. Click on the empty radio button next to IPSec over TCP. (The TCP Port should fill automatically but, if not, then enter 10000 in that box.)
  4. Click Save.

Note:

  • You will need to do this on all machines on which you would like to connect to the VPN.
  • If it doesn’t work, make sure that TCP port 10000 is allowed through your router (follow the manufacturer’s instructions to configure this on the “port forwarding” section). Also make sure that “VPN pass-through” is selected (if your router provides this feature).

McAfee blocking the Cisco VPN client?

McAfee version 8.8 blocks the Cisco VPN client. To fix this issue:

  1. Open VirusScan Console
  2. Right-click Access Protection -> Properties -> Common Standard Protection
  3. Uncheck Block on Protect Network Settings

[back to top]