CPF with Cisco VPN Client causes blue screen crash

I have to use Cisco VPN Client to connect to a remote secure network. With CPF installed, the computer simply crashes in blue screen even if I exited the CPF.

This problem also exists with a number of other firewall software, while there are some that work well with the Cisco VPN Client. I sincerely wish this can be fixed in the future releases, but for now, I had to uninstall CPF :frowning:

I’ll second this issue.

Further information.
The installation of the CPF worked fine and I was able to set up new rules.
I then started up the Cisco VPN client and was able to choose a connection, enter the password and click OK, then the computer blue screened.

Same thing happens even IF the CPF is turned off right after boot up.

Computer:
HP dv9000 laptop with Windows XP MCE (Yeah I know, but it’s what came on the laptop. As soon as I have the time I will be wiping it and installing Windows XP Pro.)

I have been forced to uninstall CPF as I must be able to use the Cisco VPN client from this computer. This really “bums me out” since I don’t trust the XP-SP2 firewall on hostile networks.

I have exactly the same problem. I’ve used Comodo Firewall Pro 2.4.18.184 together with Cisco VPN Client 4.8.02.0010. I got a blue screen crash during connecting via the Cisco client. The only solution was to deinstall the Comodo firewall.

Obviously a number of users report of similar problems with other firewalls, too. One user suggested to deactivate the stateful firewall integrated in the Cisco VPN client by via “device manager → non-PnP drivers → vsdatant” (you need to “show hidden devices” in the device manager). But my Cisco client would refuse to connect with deactivated “vsdatant” device.

Well, any other solutions?

I’ve got the problem as well … using the Cisco Systems VPN Client 4.8.01.0300 and Windows XP Prof SP1!

I tried to disable the statefull firewall in the “device manager” but then the VPN-Server refuses the connection … :frowning:

Maybe one of the Comodo guys could tell us if they are working on it … this problem should be fixable (other firewall can handle this).

… Schlappwurst

This topic: https://forums.comodo.com/index.php/topic,6788.0.html has link to a thread in the Outpost forum where they discussed the exact issue, and it seemed that the ZA elements packed with the VPN were at the root of it. It may be worth a read. They specifically mention the total removal of certain registry entries, or if going thru the dev mgr, Uninstalling (as opposed to Disabling) vsdatant…

LM

Hello
I have similar crashes with Cisco VPN 4.8 and CPF. My PC (XP, SP2) goes black and restarts when I reach the VPN banner screen of the remote secure network. Done various uninstalls + reinstalls in various orders. VPN only works when Comodo PF uninstalled.

I’ve read the many posts on CPF forums and the web, including the references to Outpost (as above). But… When I rename vsdatant.sys (as *.old) the PC doesn’t crash but the VPN client doesn’t match the firewall policies of the secure network, so I can’t get in. I assume this means I need the stateful firewall functions (said to be of ZA origins) in Cisco VPN. I’m trying to lobby a change in network policy at work but I don’t like my chances (8000+ employees).

Regarding the above suggestion to follow the Outpost work-around (vsdatant and registry edits), I’ve recently done a clean re-install of XP so an anxious about editing the registry unless its very likely to work, and I assume it won’t given renaming vsdatant violates my work’s secure network policies.

So three questions:

  1. Has anyone with this problem actually tried the Outpost workaround? To what effect? does your secure network require the Cisco stateful functions?

  2. Has anyone who found CPF wouldn’t work found a firewall that will work with Cisco VPN 4.8? I’ve read ZA 6.5 might (and 7 likely won’t) but given the drama of removing ZA I’m not sure if I want to go there.

  3. have the friendly folk at Comodo acknowledged this issue for a fix? Its been plenty mentioned in the forums but as yet no FAQ or other official reference (that I can find). I’ve been impressed by CPF and don’t want to give it up yet need the VPN

Thanks for any light you can shine on this…

Mike,

I am positive I have read here in the forums, a post or posts wherein the issue was addressed and resolved. I can’t put my finger on it at the moment, though.

Here’s a post where the user says the Outpost workaround did indeed work (links to the post with the Outpost link…) https://forums.comodo.com/help/cisco_vpn_and_comodo_conflicts-t8237.0.html;msg63679#msg63679

Here are some others where solutions were posted, that were stated by the user to work…

https://forums.comodo.com/help/windows_xp_pro_sp2_cisco_vpn_client_402a_working_config-t5323.0.html

https://forums.comodo.com/help/cisco_systems_vpn_client_version_48010300-t4960.0.html

https://forums.comodo.com/help/cisco_vpn_will_not_work_with_running_cpf-t6004.0.html (partial repeat, but some additional info as well)

And the official Comodo response, from the FAQ https://forums.comodo.com/faq_for_comodo_firewall/cisco_vpn_client_and_comodo_firewall_blue_screen_problems-t2791.0.html

Hope that helps,

LM

Hi Little Mac
thanks for your reply. I’ve re-read the posts including the outpost post.

As the outpost post says, “its all about getting rid of ZA”. Problem is, our IS dept confirms if I do this (scuttle the cisco/ZA stateful firewall) it will violate the network policy on the cisco consolidator so I won’t get in. Now, I’m a bit in the dark on this but I assume the various Outpost related registry changes are about a clean scrub of ZA elements and hence will not aid my case. Hence I remain reticent as I wouldn’t know how to get them back with ease. No one on that post mentions if their secure network policy requires the stateful inspection ZA thingy, but I can’t see what else they are trying to achieve.

In the CPF FAQ (https://forums.comodo.com/faq_for_comodo_firewall/cisco_vpn_client_and_comodo_firewall_blue_screen_problems-t2791.0.html) tripplejolt’s final comments leave the question hanging but panic comments that if you can’t get in (to the secure network) without vsdatant then you’re stuck. So I guess I’m stuck. the rest of the posts appear to be about various configurations of CPF which I have tried but these do not solve the BSOD for me at least.

Other’s also stuck may like to know the IS people at my work say Kerio works for them with Cisco VPN but I’m yet to try it (I know CPF also works for some people with Cisco VPN).

If you come across any solutions where people retained the cisco VPN statefull functions with CPF then please let me know.

Thanks

Mike

Mike,

I’m sorry that didn’t do it for you. I had hopes when I saw confirmations of solutions that worked. I understand, though, in that you’re somewhat at the mercy of the system, since you’re not in control of it.

Yes, as I understand it the registry scrub is about cleaning out ZA elements. As far as getting them back, that is easily accomplished, and I can tell you how…

You go to Start/Run and type in “regedit” (without the quotes). This will open the registry editor.

Go to File/Export. This will open your ‘My Documents’ folder, where you will name the registry file and save it. This creates a backup copy of your entire registry.

Then you follow the instructions to remove the specific registry keys for the various ZA elements.

Then you can try to see if the solution works, and you can get in as you need to, etc. If it does not work, or if it trashes it in some other way, you can restore those by one of two means…

  1. Open Regedit again, go to File/Import, and select that registry file you exported earlier

or

  1. Open your ‘My Documents’ folder, and double-click the registry file you exported earlier

LM

a final note for anyone else stuck with this problem. Kerio (now sunbelt kerio or something) does work with Cisco VPN and allows the stateful firewall functions. No BSOD. But Kerio isn’t really free - a 30 day trial then ICS gateway stops and some report nag screens. I’ll be trying CPF 3 when it arrives.

Hey Mike,

Thanks for the tip. I realize they’re two different animals, but can you share the steps to take with Kerio to get it work? Did you have to do anything specific, or was it automatic? Whatever you did (or didn’t do), do you know why it worked? Perhaps there’s some cross-over info we can apply…

Tnx,

LM

Instead of hunting for these fixes why isn’t this fixed by the vendor? I just moved to this from Filseclab based on a fairly comprehensive review of firewalls that rated COMODO has the best choice and Filseclab was in their bottom group. Never had this problem with Filseclab and am really liking COMODO but Cisco VPN is required for my job so I’ll have to try the next one on the list.

LittleMac
I just installed Kerio and it worked. no thinking or cleverness required.

It was an older version - 4.2.2 - said to be without nag screens on expiry (tho still stops ICS after 30 days), but i never tried it for that long. (Rumor has it newer versions have more nagging and no new features so I went for this one). I noticed Kerio slowed my internet connection so i’m currently back with comodo (without VPN!) and still searching for a better option. I may try Kerio 2.? - last of the truly free Kerios but with lower security. Or brace myself for settings-hell and try Jetico.

I’ve been watching www.scotsnewsletter.com where he is searching for the perfect firewall but he hasn’t had the Comodo and Cisco VPN problem. Would be good if CPF 3 fixed the problem, or someone could figure out why some folk have this clash and some don’t. In this case I’m pretty sure its not a clash with some weird 3rd party software as I recently did a clean install of XP and there was little else loaded prior to comodo and cisco VPN.

Cheers
Mike

I’ve been getting my list to try from this site: http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

The next free one on the list after COMODO is Jetico Personal Firewall and so far I’m reallying liking it. Causes no issues with Cisco VPN either. When compared to COMODO I’m liking both but obviously prefer Jetico for the time being because of the no VPN problem.

I can’t seem to figure out how to control every thing I could in COMODO so if they ever fix COMODO I’d probably come back but till them I’m going to give Jetico a solid run.

hey alphaa
can you keep me posted on this, like if you can get your head around jetico. does it save your settings or drive you crazy with questions. are you using the free or trial/paid?
are you using ICS - with success?
thanks

I have to agree with you on that mike.batcheler. Not using ICS here though and I have it turned on in the options to automatically save the config.

As for being questioned it was annoying till realized the default response was to allow that single action and not make a rule for the app. Third option down on the questions has a pull-down menu to select a zone and create a rule for the action happening.

When it first installed I was able to enter allowed network and banned networks but can’t seem to figure out how to modify that now. Hoping when I get to work tomorrow it prompts me when trying to connect to a new subnet. Would still prefer to use COMODO so far but BSOD on VPN connect is not an option for me. The fix of removing the ZA stuff doesn’t work with our concentrator at work.

Please fix this COMODO!!! When I find great little apps like this I prefer to purchase when they really work and I can see that I’m going to use it for a long time. I’ll keep you updated on any thing else I can figure out in this firewall.

Keep your eyes peeled on v3 of CFP. Right now it’s in Alpha testing and cannot be recommended for a production environment.

However, it looks very promising. I don’t know if this issue is/will be resolved with it, but I know that it has a lot more flexibility and control within its rules. Reminds in some ways of what I’ve seen/heard about Jetico. You can create “default” rulesets and apply those to different applications and whatnot.

Very low CPU footprint. Seriously low. In the midst of a crash it peaked at 17MB of RAM, with two running processes, and a full HIPS (with a very sophisticated level of control). Normal usage is about 8MB with all that.

If the Cisco VPN issue is resolved as well, you’ll have a humdinger of a firewall.

LM

I will for sure keep an eye out for it. Removed Jetico yesterday. My system just seemed unstable and the questions were getting annoying. I was okaying access for EXEs that I had done days ago. Going to try Dynamic Security Agent next.