Anyconnect import

Hello there! - I’m fairly new at configuring VPNs this is my first actual one that will be used in production..
I’ve created multiple connection profiles and all seem to work fine bar one.
This particular connection profile is designed to be deployed on a laptop (Windows 10). Once I have imported the VPN profile onto the laptop and try and connect, I get stuck on “establishing VPN” - now hears the thing…
From reviewing the logs I can see that the AnyConnect client is reaching the VPN and it even goes as far to have the correct group policy applied as well as correct IP address allocation, despite this it manages to time out and I receive the error on the client machine “failed to establish VPN connection” the logs on the VPN headend then show along the lines of “WebVPN disconnected: peer request”.
Anything I’m missing? Or at least anything I should check over.. honestly any help/suggestions would be great as I’m scratching my head over this one..

Dear ProtonVPN Team,
After learning from successful experiences with self-hosted proxy servers and other VPN providers, I would like to share some technical ideas with you about how ProtonVPN can improve its services for use in China.
There are a few things to pay attention to in your current services:
1.Use DNS over HTTPS to resolve API domain and server domain, and include at least 4 public DNS over HTTPS services built into the app for alternative routes.
Reason: DNS pollution is quite common in China. If you get wrong DNS results, ProtonVPN won't work correctly. Additionally, famous DOH services are not stable in China, which is why alternative routes are necessary.
2.For the app API endpoint, include at least 4 alternative routes and ensure they can be switched reliably.
Reason: The Chinese government takes many actions to block unknown and "harmful" websites.
3.For auto-selecting VPN protocols, once Proton's main API is detected as blocked, the app should try to connect using the stealth protocol first.
Reason: In network-restrictive environments, standard VPN protocols usually don't work properly. Users can't wait for a long time to connect, so a more user-friendly approach is needed.
4.Improve the stealth protocol to make it look like normal TLS traffic (without SNI).
Reason: The Chinese government usually doesn't block normal TLS traffic to unknown websites unless they are known to be harmful. Cisco AnyConnect works very well in China.
5.Encrypt the app's self-config file.
Reason: This is an important step for Windows client users. In China, software from Tencent and Qihoo usually scans users' disks without their permission. If they get hold of the application's config file, they can do some malicious activities.
I really hope the ProtonVPN team sees this and takes the appropriate steps to improve their services. Thank you for potentially saving countless netizens from the darkness.

Hello, internet.
For some context....
We currently have a pair of Firepower 2140s in HA that are currently running 7.2.5.1 managed by a single FMCv, also on 7.2.5.1.
There is a single 10Gbps connection on the FTD, our outside interface, which then feeds into a pair of Fatpipe Load Balancers. On said Fatpipes is where we have our ISPs connected to do our load-balancing for us. We have two ISPs that are just 1Gbps each, and we just acquired a 10Gbps circuit that will eventually replace our secondary 1Gbps. The FTD is assigned an IP that's within the IP space that was given from ISP #1. The LAN interface on the Fatpipes is 10Gbps.
In terms of traffic flow to the internet, you have: core switches -- ftd --- fatpipe lan ---- isp1/isp2 via fatpipe wan interfaces
The kicker is whenever we acquired ISP #1, it was setup as a /30 so the Fatpipe interface would get .1 and ISP would get .2. Fatpipe LAN interface is part of a /25, assigned by ISP1, so in that the LAN is .10 for example and the FTD has .100 in a range of .1 - .126 for usable addresses. If we have traffic that comes in via ISP2, and we do since have A records created on both ISP1 and ISP2, then that traffic gets NAT'd so an ISP1 address and then the FTD NATs that to it's real address behind the firewall.
If your head didn't just explode reading that, then I'll be very surprised. Wasn't exactly my idea at the time as this was 6-7 years ago and I was very fresh in network, but no reason to point fingers here but figured this piece of information was important.
Now to the juicy stuff.
So now, we have this new fancy 10Gbps circuit and we've been using it for a few things and would like our FTDs to use it as well. I've been reading up on Equal Cost Multi-Path (ECMP) Routing and Policy Based Routing that is evidently supported within the FTD starting on version 7.2. Flex config no longer required in this case, so that's a plus.
Also, we've looked into getting 10Gbps licensing on our fatpipe. My jaw about hit the floor when I saw the quote, so this is huge cost savings for us. The end goal here would be to rid of the fatpipes, and let the firewalls do the load balancing for us. They would also continue to terminate our site-to-site VPNs as well as Remote Access VPN.
So NOW the caveats kick into play and there are a couple things in particular that stand out as I'm reading through Cisco's documentation.
Link: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-centedevice-config/720/management-center-device-config-72/routing-ecmp.html

• Following interfaces cannot be associated with an ECMP Zone
  • Interfaces in RA VPN configuration with SSL enabled

So here is my first concern. I had about 150+ users that work from home daily with AnyConnect and I have them currently using IPsec. IPsec works fine. My concern is where I need to actually disable SSL should I proceed with this. Even with my using IPsec solely, SSL it still utilized regardless in the initial connection with the FTD from AnyConnect.
Here is another guideline that I noticed that could potentially impact us.

• Threat defense does not support ECMP with NAT in IPsec sessions—a standard IPsec virtual private network (VPN) tunnel does not work with NAT points in the delivery path of IPsec packets.

Not entirely sure on this one, however I do have an active case with TAC so hopefully they can go into more details and provide some clarify.
If anyone has had any experiences with this and would like to share, I'd be happy to listen. I'm also open for other comments and suggestions as well. I'm fully aware that this isn't the best setup or design and may go against many best practices.
Thank you for your time.

So my work requires constant strong internet connection and i work very big 30gb+ CAD files that have to be downloaded and uploaded.
I'm trying to choose offers between my current multinational company that uses Cisco anyconnect VPN and another company that's smaller and regional (not sure about their setup but I heard it's worse for smaller companies)
I've been researching what makes a seamless remote working experience. Solid VPN, good download speed, wired connections seem like the obvious but there is so much more to consider and you'll only know once you've had enough experience kind of things.
Can someone tell from their own experience the most important and essential things to consider that arent as obvious for good internet connectivity and efficient remote working?

good evening!
im tasked to move a pair of 4115s in HA (7.0.5) that currently run several s2s vpns, anyconnect portals, ospf, nat, etc to a new FMC.
The ftds are currently being managed by a FMC1000 in version 7.0.5. The new FMC 2600 is using 7.2.5 and its currently in production with other 7.2.5 ftd being managed.(the backup and restore method doesnt apply)
Whats the best way to move these 4115s to the new fmc without service interruption?
Do i need to manually replicate all device significant config like routing, interfaces, vpns?
I was thinking on breaking the HA. Register the secondary to new fmc, import ACP, NAT, etc and then replicate config manually and migrate to this ftd. After services have been tested, import the remaining FTD and setup HA again in new FMC.
Thanks

We are in the process of trying to migrate from Cisco AnyConnect to ZPA for remote access. The problem we are running into centers around a single application, unfortunately it's the most important application that we have.
The problem we have is that the application utilizes the source IP address of the device connecting when it is locking out users. This become a problem when all of our connection are originating from one of our two app connectors. If someone gets locked out over ZPA, it effectively locks out an entire app connector and if another lockout occurs on the remaining app connector service is essentially shut off.
Is there any way to have our client devices present some type of meaningless IP as the source address through ZPA?

Hello /networking!
I recently joined a new company that outsourced most of their networking architecture and management to a 3P vendor. There has been very little documentation, and what I do have is outdated, so I'm mostly flying blind until we pay them to update our network topology map (WIP)
I was tasked to look into potential upgrades for our older gear. The existing equipment we have currently are a mix of EOS/L Cisco (FP/ASA firewalls, Catalyst switches), and Meraki APs that were purchased and installed earlier this year.
I come from a Meraki background, so initially I wanted to just move everything over to Meraki, however, I keep hearing/reading that Meraki MXs are just not that good, and just to get a Fortigate Firewall.
I really want to upgrade to Meraki Switches (most likely MS250s) to make life a bit easier to manage and stick with what I'm used to, but I wanted to know if moving to Fortinet Firewalls will cause issues down the line, either with setup or future configuration changes. Most importantly, does it make sense for up to move to Fortinet?
To provide some context -

• This will be an upgrade to our larger offices of 200+ employees.
  
• We recently renewed our AnyConnect VPN, and have tunnels that connect to each site, although most these may be removed in the near future, as we are moving most of our physical servers to the cloud, but we still need a few VPNs setup to connect to a few sites, so we don't want to change VPNs.
  
• The current network vlan setup is relatively simple, basically an internal subnet that lets devices all talk to each other, and an internet only subnet that is pretty much exclusively used for guest wifi. I plan on expanding our vlans and locking them down via ACLs, setting them on the switches.
  
• We don't have many onsite physical servers, and there is movement to try and move them to the cloud as much as possible.
  
• Smaller offices (~20 employees) will most likely be moved to MX75s, and will not have any tunnels to our main offices.
  
• We did have MPLS, but this has been removed from my understanding. We do not have any SD-WAN configurations.
  
• I don't have much experience outside of Meraki, I am a relatively newer network admin and currently the only network admin that isn't a 3P vendor, but I am willing to learn how to use them if they make sense for our environment.
  

I'd appreciate any and all thoughts and advice around this!

I'm currently looking into MFA/2FA solutions for my organization, and I wanted to see what everyone's thoughts are on this. I'm relatively new to researching this type of thing, and have never had the opportunity to use one of these solutions firsthand (other than just basic MFA with a phone or email). The organization I work for has a couple hundred staff. It does work some sensitive data, although not a major amount. We do also have a lot of outside people using computers and devices in our sites (Although these systems are on separate networks, and staff usually do not use devices that outside people use, and outside people are not using the staff assigned devices. The overall security and ease of use for the end user are more important to us than the cost. We are trying to implement a solution that covers as much of our systems as possible, and offers a solution where we don't have to require that staff use their own personal devices to receive MFA. At the moment we're looking more specifically at hardware based tokens like a Yubikey or the RSA SecurID SID700 or DS100 that provide an on screen OTP. I'm finding it hard to find much info comparing the two solutions. I'm being told that might be because they're similar but fairly different products? Either way, We're looking to minimize staff needing to use their own devices to comply with MFA, so we'd rather just given them a hardware token than require them to send OTPs to their cell phone or email. We've had a brief demo of the both the RSA and Yubikey solutions, however it's still leaving us with a lot of uncertainty of which we should choose. It seems with the RSA option, you are purchasing both the hardware tokens and the online service to make the solution work, and end up with a yearly subscription. With the Yubikey they seem to be telling us that we only need to purchase the hardware tokens, then use 3rd party solutions like MS Authenticator, ADFS or SAML to connect the services we authenticate to (which could still result in more yearly fees).
We're basically looking for a fairly turnkey solution that integrates in some way with things like:

• AD/365 (Hybrid, both on premise and Azure/MS365)
• Cisco Anyconnect
• RADIUS
• RDP
• Various sites/services that currently are using LDAP to auth

There are other things, but those are some of the big things.
Really at this point, I think the biggest questions are:

• Is the level of security between the two different enough to warrant choosing one vs the other. Like, is one more susceptible to security issues or usability issues than the other?

-Are there known issues with one product vs the other where we might want to steer clear of? (For example, is plugging in the Yubikey every time you need to sign in a major annoyance for users vs using the OTP off the RSA? Or do you notice issues with having to attempt multiple OTP codes with the RSA before it'll proceed? etc)
-Anyone aware of a good resource such as videos or documentation that isn't extremely technical that might be helpful for us to better understand? I am fairly technical, but not extremely knowledgeable in some of the security technical areas.
-Are there other solutions that we should be looking at than these two? Or combinations of one of these and another solution? Such as Yubikey and one or two other products in conjunction?
-Should we be using one solution for certain types of users versus another. Like, I know it could make sense to have more security on more high risk or higher level/higher permissioned users, but should we be looking at just different levels of the same solutions for different staff or totally different solutions?
-Are there other questions we should be asking ourselves or asking the vendors?
-Even if you've only used one of these, I'm open to hearing feedback on that.
Thanks

Has anyone tried ASA version 9.19? This is the highest release number (as of August 2023), but I think there are more recent point releases such as 9.18(3).
I'm interested in the new tunnel protection ipsec policy command for IPSec VPNs because this allows better compatibility with far end equipment. More importantly though, is it stable with Anyconnect SSL vpn?
Any insights would be appreciated.
​

​
https://preview.redd.it/p5kupdwtyidb1.jpg?width=815&format=pjpg&auto=webp&s=2303dc5a381f0c18fec0e0c587c48f4d5f5c25f8
Sorry I'm new to Reddit posting so I'm not sure if this is the correct format to post a picture and text.
This was the final rendition of my resume that started getting me a couple of interviews with some tech companies through Indeed. This is the template I followed from another reddit post that gave some good advice, although I left out a couple of things. (Like the personal interests suggestion) https://www.reddit.com/jobs/comments/7y8k6p/im_an_exrecruiter_for_some_of_the_top_companies/?utm_source=share&utm_medium=web2x&context=3
I applied for ~350 job postings over 4 months through LinkedIn, Indeed, and company website's career pages. During these 4 months of active applying (Jan - April 2023), I was not notified through a single LinkedIn job posting, recruiter, or company career page to move further in the hiring process other than just the classic rejection email. Indeed is funnily enough the only job board I have had success with, even though ~200 of my applications were through LinkedIn!
I ended up with 3 interviews that moved to the second round at the end of March. A few rounds of interviews in the following weeks and I had two offers for a remote entry level Data Analyst position at a small company for 50k a year, and a hybrid "junior" to mid level position at a mid-sized insurance company for 70k a year. I ended up taking the higher paying positon, even though I felt I was not experienced enough! Luckily, I've been at this current position for 3 months and am really enjoying it so far.
Too be quite frank, I'm not sure if my resume got me the job, but it did get my foot into some interviews that I must've done well at considering I got 2 offers in such a short time compared to my prior months of turmoil.
Some notes on my resume looking back I feel that need improvment...

• My bullet points for experience and projects could be condensed slightly. ( I wanted to fill the 1 page completely as without the projects my resume looked a little barren)
• I probably should've included a skill list instead of one or two of the academic projects.
• Maybe I could've listed my headers differently? Education over work experience since I was transitioning into a new field and only 1 year out of college.
• My projects kinda suck and don't exactly align with the job postings I was applying for. I was able to talk about them in my interviews though

Some things I felt helped...

• Using action verbs and quantifiable achievements for my bullet points.
• Boring template may look boring, but I do believe it was being parsed through ATS software better than resumes with multiple columns, colors and what not. This template is built entirely in Google Docs.
• Listing all my skills in my experience and projects may have helped?

Some other anecdotal points

• LinkedIn and Indeed have filters that show postings with less than 10 applicants. Near the end of my job search, I was only applying to those low applicant postings, as the Data Analyst field seems crazy difficult to break into right now.
• My two companies I got offers from had weird job titles that weren't showing in general results. I think this also lowered the applicant pool and assisted with me standing out amongst the few people who applied for these jobs.
• I left out months on my resume, just to make my 6 month contract in the top position 'look' better. Kinda scummy I feel but it didn't seem to be a big issue during my interviews. You can also notice the 1 year gap in 2022 I took to take care of sick relative. The companies I interviewed with did not push any harder than me explaining that to get over the gap in my experience. I might be an outlier, but hopefully this shows that gaps in your resume won't ruin your chances at a good company.
• I don't think my resume particularly stood out, but just being on the interview list allowed me to talk about my experience, and convince the interviewers that I'm willing to learn a new role and be personable with the team.

Hi homelab :)
I have an AD homelab, and I need to connect tablets and phones remotely to my on-prem infra. I am currently using manually-deployed WireGuard, one on the router and one peer for each device, with manually generated key pairs. This is not very scalable, and I am looking for something better (like, better management tools, more automatic, probably PKI-based auth, and most importantly incorporated with the built-in Windows always-on VPN facilities). In addition, I would like to try something new :), so I found Cisco AnyConnect a little bit interesting. However, I am totally new to AnyConnect and Cisco products, so I have several beginner questions:

1. How does AnyConnect compare to traditional VPNs (e.g. always on PPTP L2TP OpenVPN WireGuard etc)? What are the features?
2. How is the license (I am considering the proprietary Cisco one rather than OpenConnect)? Do I need to buy a hardware?
3. Does it need to access anything in the cloud, or is it completely self-hosted?
4. In general, how to get started? (i.e. what are the recommended hardware / software to get started?)

Thanks a lot!

AnyConnect client as subject 4.10.06079 predeploy k9 on Ubuntu 20.04 derivate - however same problem on Linux Manjaro 22.0.4.
Recently multi-factor authentication was activated remote network side.
To establish VPN to remote network doesn‘t work subsequently to MFA-activation. Failure fashion: the window pupping up to conduct 2FA- authentication flashes for no longer than 1 second then disappears from screen. This way user gets no chance to enter and complete multi-factor authentication.
Is this a known problem pattern? Where to look for possible root causes?
Procedure to establish VPN connection completes with one more pop-up: Authentication failed due to problem verifying server certificate. Indeed that prob of server certificate verification I have to live with for months, it started to exist long before MFA has been introduced network side.
I act only client side. No knowledge how setup network side looks like. Receiving remote network IT team support works badly.
Client side network config actually as delivered by Linux distribution in use. Please note it is about two independent Linux nodes (well, they share however virtualization host).
CISCO AnyConnect Secure Mobility Client app installer was downloaded from remote network operator (last available version) then installed to local machine.
Server certificate verification failure was communicated to organization IT many months ago. However up to this minute no answers, or incompetent yet upon heavy delay ones got back.
Profiles not used direct way. Just putting few data into ui form. Server dns address - which needed to be put once initially, then cached on disk - user name which ui caches on disk too, so I only need to put password. Since MFA is in game it is important to select user group properly from drop down list.
Windows running on different physical node has no problems if to use same credentials. Only these two Linux vm‘s of different distributions but same physical host are affected.

Organizations utilize Cisco AnyConnect as a method of establishing a VPN connection to their network.
We will demonstrate how DLL Side-Loading can be used by threat actors, such as Advanced Persistent Threats (ATPs), to gain a persistent foothold on a user's machine running Cisco AnyConnect version 4.x.
The attack involves dropping the malicious "dbgcore.dll" into the working directory of the AnyConnect software, which is then loaded into memory by the legitimate AnyConnect process.
The video will highlight the impact of the attack, including how the ATP can gain a persistent foothold on the user's machine and potentially gain access to sensitive data or use the machine as a launchpad for further attacks.
Overall, this video serves as an important reminder of the ongoing threat of DLL side jacking and the need for organizations to remain vigilant against such attacks.
https://youtu.be/8joVou239JA

Wanted to post here before I post in cisco / networking. We bought two Firepower 1120 devices. One has been in production on one of our ISP's for a year now but never added to FMC. It doesnt have that much going on, a few ACL's / NATS, no S2S vpn's or remote access VPN's, pretty slim setup really.
What's the best way to get that guy attached to FMC? Do I build a policy on FMC, then register it with FMC and push the policy? I know it blows away the config so wasnt sure the right order to do things?
The other FP1120 is replacing an ASA 5516 at a diff building which has a crapload of config on. Both devices are registered in FMC already. Using the firewall migration tool it brought over a lot of it, but having to do some stuff manually. Mostly worried about the cutover since we have 5-7 site to site VPN's that are important and also our remote users use anyconnect on that one.
I do have services money available for cutover or double checking my work, and I'll probably book a half day or day to do so prior to cutover.
Just looking for recommendations or suggestions. TIA

Hi all, if I were to switch to a BSD, which one should I choose? I've run OpenBSD for a wee while some years back, but apart from that, have run Linux only. I would thus like to know what's the state of desktop BSD in 2022?
For private use, I'd need: - Play Steam/Linux games - Watch Netflix
For work, I'd need: - Cisco Anyconnect VPN support (Openconnect will not suffice) - Java (OpenJDK normally, but also legacy Oracle JDKs). - Virtualised Linux that performs well enough to run: -- Docker -- Kubernetes - MS Teams (in Chrome is fine)
I see there are nice looking desktop themed BSDs, like Nomad, that give a smooth installation experience and desktops. These two things are indeed nice, but not that important to me. A text based installer is fine and I'll run i3 as window manager anyway. But if they resolves the issues on my lists, I'll be happy to give them a go. What would you guys recommend?

Hello, I’m new to VPN’s in general so my question might sound dumb. I need to connect to a tunnel through Cisco AnyConnect which requires a username/password (which I have) and also sertificates. I’m trying to connect through my iPhone but whenever I put the login data in it says ‘Login failed’. Then i cheked out the info in why it failed and it says that it failed to find the required serificate. The sertificate is verified in my Settings app but I’m guessing it’s only ‘applied’ to the iOS VPN but not the third party app I’m using to try and log in. Is there any way to ‘import’ the certificated onto AnyConnect? Maybe I misunderstood the problem elsewhere. Thanks!

Anyone have any issues with not being able to connect to database servers using SQL Server Management Studio 17/18 using ZPA? We have no issues over our old Cisco AnyConnect VPN client that ZPA is replacing and RDP/SMB into the same servers running SQL Server with no issues. Thanks!
The error is the same across all SQL servers over ZPA:
The target principal name is incorrect. Cannot generate SSPI context
Update:
We've confirmed that users can log into SSMS over our old Cisco AnyConnect VPN, turn on the zScaler client, turn off the VPN client while keeping SSMS to the SQL server open, and connectivity to the SQL server over SSMS continues to work normally. So zScaler definitely only has an issue establishing the connection, but works normally to maintain current connections. This leads me to believe that it's some sort of authentication issue.
Update: We've tried the following fixes:
-Exporting the localhost SQL server's certificate and importing it to a client workstation running SSMS: Still getting the same SSPI error
-Opening the SQL server to all ports on zScaler and on the Windows Firewall on the Windows server that the SQL server is running on
-Accessing the SQL servers using Azure Data Studio app, but it runs into the same SSPI error.

Hi,
I am using zorin os, and cisco anyconnect VPN for my work. I use 2 network interfaces, my WIFI for the internet and my LAN to connect to my tablet. My LAN cable directly connects my desktop to my tablet, I don't use a router or switch in between (also no internet over the LAN, if that's important). I use synergy as kvm switch for my desktop and tablet, and I use my LAN interface (not WIFI) to connect them. The problem is, when I start using the anyconnect VPN, I am guessing, it tunnels all the network traffic from all the interfaces through the VPN, rendering synergy unusable. Anyconnect doesn't support split tunneling in linux.
What I am looking for:

1. I want to make synergy work even when my desktop is connected to a VPN.
2. I don't want to add my tablet to the VPN network (don't think that would help anyways).
3. I want to use my LAN interface and not WIFI to achieve this.

I found a blog with a possible solution, but I couldn't get it to work. My networking knowledge is a bit dodgy, which is why I am posting my question here.

Hey all,
For some reason I can't seem to terraform init on my Windows computer from PowerShell. It will attempt to install the provider but then it gives me the following error:

Initializing provider plugins... - Finding drfaust92/confluence versions matching "0.1.0"... - Installing drfaust92/confluence v0.1.0... ╷ │ Error: Failed to install provider │ │ Error while installing drfaust92/confluence v0.1.0: archive has incorrect checksum │ zh:412bb7f2940a7c7a9e7877840ee3982d8bbb8d78388ec5309594e821e0c88599 (expected │ zh:4998e39d3b9ff49efa4b8bdbf96a1e9adb215896d6c48d19bedcaf18669be403) 

I've noticed this now with two different providers, one Grafana, and now this one.

│ Error: Failed to install provider │ │ Error while installing grafana/grafana v1.24.0: archive has incorrect checksum │ zh:ad731a8be1b0382a6ca74e867ad54c54808b3f89d9788c4e5bae8fd417d349a1 (expected │ zh:75adfde6b063cd8d96e7276e9a8f18e6d7023c224b5680adccdd5a177d2f3872) 

That said, I can use other providers and they work, like azurestack.
Another wrinkle is that I can use Windows SubSystem for Linux which lets me enter an Ubuntu VM and if I init the non-working providers from there they work fine. Unfortunately though if I'm on the VPN I can't access the internet as Cisco AnyConnect messes up the connection with the VM.
This seems to mean that the providers are working as expected but for some reasons I can't import them using Windows.
Thoughts?
EDIT:Here's the config for those who're curious:

terraform { required_providers { confluence = { source = "DrFaust92/confluence" version = "0.1.0" } } } provider "confluence" { site = "confluence.yourdomain.com" user = "user" token = "token" } resource confluence_content "default" { space = "MyPage" title = "Example Page" body = "This page was built with Terraform
" } 

Thanks!

Hello,
I am running into an issue with importing a start layout. I've searched through countless threads and I'm not understanding why the import file is invalid. The current XML is below which includes taskbar settings. When I remove the taskbar settings, it works fine. What am I missing?

I am looking for a basic, lightweight, Windows laptop that could run Cisco AnyConnect VPN and connect to my work Remote Desktop. Hoping to spend less than $300 and refurb is fine. (I very rarely travel, and I do all my work at home on a desktop PC. But I am finally going on a trip starting on Wednesday next week and with the way things are looking I am going to be contacted during my vacation. I have no plans to use it for anything else. It will be used at most a few hours once a year. lol )
​
LAPTOP QUESTIONNAIRE

• Total budget (in local currency) and country of purchase. Please do not use USD unless purchasing in the US: $300
• Are you open to refurbs/used? Yes
• How would you prioritize form factor (ultrabook, 2-in-1, etc.), build quality, performance, and battery life? I won't be using it very much and I'll be able to plug in, so not particularly important.
• How important is weight and thinness to you? This is important because I am only going to use it when travelling.
• Do you have a preferred screen size? If indifferent, put N/A. Whatever is appropriate for seeing the text on a remote desktop to be able to work a little. Perhaps 14-15?
• Are you doing any CAD/video editing/photo editing/gaming? List which programs/games you desire to run. No
• If you're gaming, do you have certain games you want to play? At what settings and FPS do you want? N/A
• Any specific requirements such as good keyboard, reliable build quality, touch-screen, finger-print reader, optical drive or good input devices (keyboard/touchpad)? No