I have to use Cisco VPN Client to connect to a remote secure network. With CPF installed, the computer simply crashes in blue screen even if I exited the CPF.
This problem also exists with a number of other firewall software, while there are some that work well with the Cisco VPN Client. I sincerely wish this can be fixed in the future releases, but for now, I had to uninstall CPF 
Iāll second this issue.
Further information.
The installation of the CPF worked fine and I was able to set up new rules.
I then started up the Cisco VPN client and was able to choose a connection, enter the password and click OK, then the computer blue screened.
Same thing happens even IF the CPF is turned off right after boot up.
Computer:
HP dv9000 laptop with Windows XP MCE (Yeah I know, but itās what came on the laptop. As soon as I have the time I will be wiping it and installing Windows XP Pro.)
I have been forced to uninstall CPF as I must be able to use the Cisco VPN client from this computer. This really ābums me outā since I donāt trust the XP-SP2 firewall on hostile networks.
I have exactly the same problem. Iāve used Comodo Firewall Pro 2.4.18.184 together with Cisco VPN Client 4.8.02.0010. I got a blue screen crash during connecting via the Cisco client. The only solution was to deinstall the Comodo firewall.
Obviously a number of users report of similar problems with other firewalls, too. One user suggested to deactivate the stateful firewall integrated in the Cisco VPN client by via ādevice manager ā non-PnP drivers ā vsdatantā (you need to āshow hidden devicesā in the device manager). But my Cisco client would refuse to connect with deactivated āvsdatantā device.
Well, any other solutions?
Iāve got the problem as well ā¦ using the Cisco Systems VPN Client 4.8.01.0300 and Windows XP Prof SP1!
I tried to disable the statefull firewall in the ādevice managerā but then the VPN-Server refuses the connection ā¦
Maybe one of the Comodo guys could tell us if they are working on it ā¦ this problem should be fixable (other firewall can handle this).
ā¦ Schlappwurst
This topic: https://forums.comodo.com/index.php/topic,6788.0.html has link to a thread in the Outpost forum where they discussed the exact issue, and it seemed that the ZA elements packed with the VPN were at the root of it. It may be worth a read. They specifically mention the total removal of certain registry entries, or if going thru the dev mgr, Uninstalling (as opposed to Disabling) vsdatantā¦
LM
Hello
I have similar crashes with Cisco VPN 4.8 and CPF. My PC (XP, SP2) goes black and restarts when I reach the VPN banner screen of the remote secure network. Done various uninstalls + reinstalls in various orders. VPN only works when Comodo PF uninstalled.
Iāve read the many posts on CPF forums and the web, including the references to Outpost (as above). Butā¦ When I rename vsdatant.sys (as *.old) the PC doesnāt crash but the VPN client doesnāt match the firewall policies of the secure network, so I canāt get in. I assume this means I need the stateful firewall functions (said to be of ZA origins) in Cisco VPN. Iām trying to lobby a change in network policy at work but I donāt like my chances (8000+ employees).
Regarding the above suggestion to follow the Outpost work-around (vsdatant and registry edits), Iāve recently done a clean re-install of XP so an anxious about editing the registry unless its very likely to work, and I assume it wonāt given renaming vsdatant violates my workās secure network policies.
So three questions:
Has anyone with this problem actually tried the Outpost workaround? To what effect? does your secure network require the Cisco stateful functions?
Has anyone who found CPF wouldnāt work found a firewall that will work with Cisco VPN 4.8? Iāve read ZA 6.5 might (and 7 likely wonāt) but given the drama of removing ZA Iām not sure if I want to go there.
have the friendly folk at Comodo acknowledged this issue for a fix? Its been plenty mentioned in the forums but as yet no FAQ or other official reference (that I can find). Iāve been impressed by CPF and donāt want to give it up yet need the VPN
Thanks for any light you can shine on thisā¦
Mike,
I am positive I have read here in the forums, a post or posts wherein the issue was addressed and resolved. I canāt put my finger on it at the moment, though.
Hereās a post where the user says the Outpost workaround did indeed work (links to the post with the Outpost linkā¦) https://forums.comodo.com/help/cisco_vpn_and_comodo_conflicts-t8237.0.html;msg63679#msg63679
Here are some others where solutions were posted, that were stated by the user to workā¦
https://forums.comodo.com/help/windows_xp_pro_sp2_cisco_vpn_client_402a_working_config-t5323.0.html
https://forums.comodo.com/help/cisco_systems_vpn_client_version_48010300-t4960.0.html
https://forums.comodo.com/help/cisco_vpn_will_not_work_with_running_cpf-t6004.0.html (partial repeat, but some additional info as well)
And the official Comodo response, from the FAQ https://forums.comodo.com/faq_for_comodo_firewall/cisco_vpn_client_and_comodo_firewall_blue_screen_problems-t2791.0.html
Hope that helps,
LM
Hi Little Mac
thanks for your reply. Iāve re-read the posts including the outpost post.
As the outpost post says, āits all about getting rid of ZAā. Problem is, our IS dept confirms if I do this (scuttle the cisco/ZA stateful firewall) it will violate the network policy on the cisco consolidator so I wonāt get in. Now, Iām a bit in the dark on this but I assume the various Outpost related registry changes are about a clean scrub of ZA elements and hence will not aid my case. Hence I remain reticent as I wouldnāt know how to get them back with ease. No one on that post mentions if their secure network policy requires the stateful inspection ZA thingy, but I canāt see what else they are trying to achieve.
In the CPF FAQ (https://forums.comodo.com/faq_for_comodo_firewall/cisco_vpn_client_and_comodo_firewall_blue_screen_problems-t2791.0.html) tripplejoltās final comments leave the question hanging but panic comments that if you canāt get in (to the secure network) without vsdatant then youāre stuck. So I guess Iām stuck. the rest of the posts appear to be about various configurations of CPF which I have tried but these do not solve the BSOD for me at least.
Otherās also stuck may like to know the IS people at my work say Kerio works for them with Cisco VPN but Iām yet to try it (I know CPF also works for some people with Cisco VPN).
If you come across any solutions where people retained the cisco VPN statefull functions with CPF then please let me know.
Thanks
Mike
Mike,
Iām sorry that didnāt do it for you. I had hopes when I saw confirmations of solutions that worked. I understand, though, in that youāre somewhat at the mercy of the system, since youāre not in control of it.
Yes, as I understand it the registry scrub is about cleaning out ZA elements. As far as getting them back, that is easily accomplished, and I can tell you howā¦
You go to Start/Run and type in āregeditā (without the quotes). This will open the registry editor.
Go to File/Export. This will open your āMy Documentsā folder, where you will name the registry file and save it. This creates a backup copy of your entire registry.
Then you follow the instructions to remove the specific registry keys for the various ZA elements.
Then you can try to see if the solution works, and you can get in as you need to, etc. If it does not work, or if it trashes it in some other way, you can restore those by one of two meansā¦
or
LM
a final note for anyone else stuck with this problem. Kerio (now sunbelt kerio or something) does work with Cisco VPN and allows the stateful firewall functions. No BSOD. But Kerio isnāt really free - a 30 day trial then ICS gateway stops and some report nag screens. Iāll be trying CPF 3 when it arrives.
Hey Mike,
Thanks for the tip. I realize theyāre two different animals, but can you share the steps to take with Kerio to get it work? Did you have to do anything specific, or was it automatic? Whatever you did (or didnāt do), do you know why it worked? Perhaps thereās some cross-over info we can applyā¦
Tnx,
LM
Instead of hunting for these fixes why isnāt this fixed by the vendor? I just moved to this from Filseclab based on a fairly comprehensive review of firewalls that rated COMODO has the best choice and Filseclab was in their bottom group. Never had this problem with Filseclab and am really liking COMODO but Cisco VPN is required for my job so Iāll have to try the next one on the list.
LittleMac
I just installed Kerio and it worked. no thinking or cleverness required.
It was an older version - 4.2.2 - said to be without nag screens on expiry (tho still stops ICS after 30 days), but i never tried it for that long. (Rumor has it newer versions have more nagging and no new features so I went for this one). I noticed Kerio slowed my internet connection so iām currently back with comodo (without VPN!) and still searching for a better option. I may try Kerio 2.? - last of the truly free Kerios but with lower security. Or brace myself for settings-hell and try Jetico.
Iāve been watching www.scotsnewsletter.com where he is searching for the perfect firewall but he hasnāt had the Comodo and Cisco VPN problem. Would be good if CPF 3 fixed the problem, or someone could figure out why some folk have this clash and some donāt. In this case Iām pretty sure its not a clash with some weird 3rd party software as I recently did a clean install of XP and there was little else loaded prior to comodo and cisco VPN.
Cheers
Mike
Iāve been getting my list to try from this site: http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php
The next free one on the list after COMODO is Jetico Personal Firewall and so far Iām reallying liking it. Causes no issues with Cisco VPN either. When compared to COMODO Iām liking both but obviously prefer Jetico for the time being because of the no VPN problem.
I canāt seem to figure out how to control every thing I could in COMODO so if they ever fix COMODO Iād probably come back but till them Iām going to give Jetico a solid run.
hey alphaa
can you keep me posted on this, like if you can get your head around jetico. does it save your settings or drive you crazy with questions. are you using the free or trial/paid?
are you using ICS - with success?
thanks
I have to agree with you on that mike.batcheler. Not using ICS here though and I have it turned on in the options to automatically save the config.
As for being questioned it was annoying till realized the default response was to allow that single action and not make a rule for the app. Third option down on the questions has a pull-down menu to select a zone and create a rule for the action happening.
When it first installed I was able to enter allowed network and banned networks but canāt seem to figure out how to modify that now. Hoping when I get to work tomorrow it prompts me when trying to connect to a new subnet. Would still prefer to use COMODO so far but BSOD on VPN connect is not an option for me. The fix of removing the ZA stuff doesnāt work with our concentrator at work.
Please fix this COMODO!!! When I find great little apps like this I prefer to purchase when they really work and I can see that Iām going to use it for a long time. Iāll keep you updated on any thing else I can figure out in this firewall.
Keep your eyes peeled on v3 of CFP. Right now itās in Alpha testing and cannot be recommended for a production environment.
However, it looks very promising. I donāt know if this issue is/will be resolved with it, but I know that it has a lot more flexibility and control within its rules. Reminds in some ways of what Iāve seen/heard about Jetico. You can create ādefaultā rulesets and apply those to different applications and whatnot.
Very low CPU footprint. Seriously low. In the midst of a crash it peaked at 17MB of RAM, with two running processes, and a full HIPS (with a very sophisticated level of control). Normal usage is about 8MB with all that.
If the Cisco VPN issue is resolved as well, youāll have a humdinger of a firewall.
LM
I will for sure keep an eye out for it. Removed Jetico yesterday. My system just seemed unstable and the questions were getting annoying. I was okaying access for EXEs that I had done days ago. Going to try Dynamic Security Agent next.