[SOLUTION] The VPN client was unable to setup IP filtering

In the Cisco AnyConnect VPN Client my user would get “The VPN client was unable to setup IP filtering. A VPN connection will not be established.” and “AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.”

This happened after being infected with malware (ZeroAccess trojan to be specific). After cleaning, it still wouldn’t connect to the VPN. Thanks to a hint here, I found that the cause was because the trojan deleted the Base Filtering Engine service.

I got it back by following the instructions from my preferred antivirus company, ESET.

If you can’t find the SubInACL.exe, get it from Major Geeks here.

Please comment if this DID or DIDN’T help.

26 replies
  1. Gary M. says:

    Yep. It worked for me too. All I had to do was run the .exe file, reboot and all was well.


  2. Michael says:

    Worked like a charm – the malware messed with this service, and I believe BITS as well, but the repair brought them back and I am now able to get on VPN again. Thanks.

  3. Rakesh says:

    Many thanks for this very useful article!!

    It didn’t worked for me by using Repair Utility. I have to use section
    “How do I remove Sirefef (ZeroAccess)trojan?”
    which helped me in getting my laptop cleaned and services restored.

  4. Nico says:

    It could also mean that some setting in your group-policy is not supported. Removing this fixed my issue: “always-on-vpn profile-setting”

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *