networking - How to configure Cisco AnyConnect (VPN client) on MacOS not to use port 80?

27
2013-10
  • amphibient

    In response to this issue, I have determined that it is the Cisco AnyConnect (VPN client) that is hijacking my port 80. I am looking to find out whether it is possible to reconfigure the VPN client to use a different port. I also would appreciate an explanation why lsof does not properly identify the causing process.

    • Answers
  • JoeLansing

    Cisco Anyconnect can route all of it's traffic through Cisco servers. They check all traffic for bad sites/reputation and all that. It does all this on Port 80. If you do a Google search and the results come back with little green marks by them showing they are ok, that's how you are setup. I put it in at our bank. There might be a way to defeat it, but normal ways like stunnel/Pytunnel probably won't work. It might be very difficult. Anyconnect probably wants a certificate, so you can't hijack the whole thing. I wish I was more help. We tell our employees "buy your own computer if you don't want Big Brother watching". Maybe you could boot from an external drive running another OS? - Joe


    • Related Question

    networking - Cisco VPN disconnects after 5 seconds with error 422
  • Marius

    I'm trying to connect to my university's server with VPN using Cisco VPN Client version 5.0.04, but after 5 seconds it disconnects with the error message 422: Lost contact with the secure gateway. Check your connection.

    From my research on the net it seems this could be because it tries to find my IP, and finds out that this is 127.0.0.1. Then 5 seconds later it discovers that I have a new IP (my actual IP), and it disconnects because I'm not allowed to change IP.

    Does anyone know how I could fix this, or if there is another reason i get this error?

    Update

    I looked through the log, and found this error, which confirms what I thought, except it gets the correct IP first, then changes it to localhost.

    87 18:56:53.250 08/24/09 Sev=Warning/3 CM/0xA3100027 Adapter address changed from 149.171.237.25. Current address(es): 127.0.0.1.


    • Related Answers
  • Samuel K

    Based on this thread and this thread, it looks like there could be a number of reasons why the Cisco VPN client is returning this error. These reasons could include a routing conflict, conflict with a program on your computer (like Toshiba's ConfigFree utility), or some issues with NAT traversal. Good diagnostics would be trying to connect with a disabled firewall (as Col mentioned), trying to connect with a direct connection to the internet (not behind a router), and looking at the log (located in the Log tab of the VPN Client window). If you can't determine what the problem is, post the log in your question so someone else can look at it.

  • random

    If you're connecting through a USB Key to access internet such as through movistar or Huawei connection or whatever you have, make sure that your Airport is turned off and you're not sharing internet.

    If it's on, it registers two different IPs and won't work.

  • 8088

    This fixes it on VMWare Fusion:

    (in /Library/Application Support/VMWare Fusion/)

    sudo ./vmnet-apps.sh --stop
  • Col

    This isn't specific to your questions but many problems with VPNs are caused by firewalls. As a test try disabling any firewall software temporarily (including windows built in one) and see if it works. If it does you'll probably need to either open some ports or add exceptions for the vpn software.

  • Marius

    I got it to work, I know why, and I doubt anyone is going to have the same problem as me.

    My computer name has always been localhost (no, really, In the system->computer name dialog, I named it localhost). This screws up the network for other windows machines, because if they try to enter \localhost\ in the address bar, windows reports a network name collision.

    And apparently Cisco VPN doesn't like my computer name either.