Sometimes I really loathe end-users.
Background:
We used to use Cisco VPN 3000 machines for VPN access, but are now upgrading to Cisco ASA 5000 machines. The 3000’s used mutual group authentication (a root signed certificate was required to connect), but the 5000’s do not require the certificate. Because the clients are setup with the certificate requirement, some minor changes are required on the user’s part to reconnect to our VPN.
The setting required the user to:
Open the Cisco VPN Client
Click on the Connections Tab
Click on the connection
Click the Modify Button
Click on the radio button Group Authentication instead of Mutual Group Authentication
Click OK
Click Connect to test
So I had a user call me up and say they could no longer connect. They must not have received the message.
SAS: “Jason, I can’t connect to the VPN”
Jason: “Yeah, you should have received the notice in an email. But we made some changes to the VPN devices and you’ll need to change a setting to connect. Open up the VPN Client for me.”
SAS: “OK, I’ve done that already”
Jason: “Great, now click on the *** connection and then go ahead and click the modify button.”
SAS: “Oh, so you want me to open up the VPN Client?”
Jason: “Yes…”
SAS: “Hold on… Logging in… *humming*… Ok, start… Cisco… VPN… OK, it’s open.”
Jason: “Click on the connection and click Modify”
SAS: “…OK”
Jason: “Then click the radio button for Group Authentication instead of Mutual Group. Everything else stays the same.”
SAS: “Ok. Connecting. Looks like it’s working. Thanks Jason!”
Jason: “Have a great day.”
I also got a phone message delivered to me by the secretary:
A***a: “R***n can’t connect to the VPN”
Jason: “I won’t be able to help him for a while, so I’ll have to call him back.”
A***a: “Ok”
Jason: “Actually, can you tell him to check his webmail, it’ll tell him how to change the settings”
A***a: “He said he can’t login at all”
Jason: “Um, to webmail?”
A***a: “No, to his entire system”
Jason: “I guess I’ll have to call him back when I get a chance, thanks though.”
A***a: “OK”
Weird since I have cached logins enabled on the remote users. So before I can even call, I see on the logs for VPN that he’s connected. Jerk.