December 30, 2009

Getting the Cisco AnyConnect VPN adapter working with Kaspersky Anti-Virus

I hadn't used my VPN connection to the office in a while and for the past week I've been having problems connecting. I haven't had time to sort it out until this morning and as I had problems nailing down why I wasn't able to connect I thought I'd share the solution in case anyone else has the same issue and set up.

I've been connecting to the office using the Cisco AnyConnect VPN Client and after entering my username and password and clicking connect my system administrator tells me that the authentication at the server end was successful. But still I get the message when I try and connect:

"The VPN client is unable to establish a connection."

No reason is provided and delving through the log file didn't indicate anything sinister either.

By complete dumb luck, I remembered that I'd installed Kaspersky Anti-Virus about a month ago - maybe a bit longer. I disabled virus scanning and attempted to connect again and the connection was successful.

Surfing without protection enabled isn't something I particularly want to do, so I needed to figure out how to go about fixing this. It turns out the solution is simple - disable port scanning on port 443, that is all.

  1. Fire up the Kaspersky GUI.
  2. Select the Online activity option.
  3. In the online activity window that follows, select the Web Anti-Virus option.
  4. In the web anti-virus page select Network from the options down the left hand side.
  5. The network settings options will now be displayed on the right side of the window.
  6. In the Monitored ports section, select Monitor selected ports only and click the Select... button.
  7. The Network ports window will now be displayed.
  8. In the top part of the window, scroll down until you find HTTP SSL (https://) in the list - port 443.
  9. Uncheck this port and click OK to confirm the setting change and close the network window.
  10. Click the OK button to close the web anti-virus window.
  11. Click the Close to close the online security window.
  12. Click the red X in the top right corner of the Kaspersky Anti-Virus window to close the GUI

You should now find that your Cisco AnyConnect VPN adapter works again now even when Kaspersky Anti-Virus and Online Scanning is enabled.

5 comments:

  1. Hi Ben,

    I am so happy to find out this post through Google.

    I've been trying to install Cisco VPN on my pc where Kaspersky IS 2010 is installed. I have exactly the same problem as you mentioned.

    It worked when I deactivate KIS but the message you mentioned came up when I try to reconnect with KIS pretection and no way to connect.

    I've been looking for the solution for this and I just found out your post. Tonight, I'll try to fix it as you explained and will let you know!!!

    ReplyDelete
  2. Hi Ben,

    It's me again, Nyi.

    Yeah...I followed exactly what you explained and bingo...it worked. Yes, it did work. Fantistic....man!

    Thanks a mil for your sharing which is so precious to me!

    Keep going and take care,
    Nyi

    ReplyDelete
  3. For Kaspersky AV 2011 the user interface must be different. To tackle the same problem I added the https:// url my cisco web vpn connects to as a trusted url under settings:web anti virus settings:settings:Trusted URLS
    That's also a more secure approach rather than just trusting all SSL traffic.

    ReplyDelete
  4. I was having this problem with this issue for a long time now. Thank you very much for sharing the solution.
    US VPN

    ReplyDelete
  5. This is exactly what I needed. Thank you for posting this.
    US VPN

    ReplyDelete