Search Results

Search found 2962 results on 119 pages for 'cisco vpn'.

Page 29/119 | < Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >

  • NAT confusion regarding cisco ASA5510

    - by LonelyLonelyNetworkN00b
    I'm setting up my first cisco firewalls. A little information first:I have two asa5510 setup in a working active/standby pair. From my ISP i have two public subnets. A /29 and a /26. On my DMZ interface i have the /26 configured. On my WAN Interface i have configured the /29 IPs. My isp routes the /26 via the /29 primary IP. I'm running ASA 8.2. I've turned NAT-Control off, because i don't want to use nat for for other than some internal interfaces. In essence i don't want to use NAT unless i specify it. I have a internal interface with the network of 192.168.100.0/24. I've tried setting up nat limke this: nat (inside) 1 192.168.100.0 255.255.255.0 global (WAN) 1 interface I was under the impression that this would let connections that was going from 192.168.100.0/24 and out the WAN interface to be Port-Address-translated. I'm not getting this to work for some reason. Inside interface has security level of 100, and wan has security level of 0.

    Read the article

  • Cisco IOS BVI ACL: Only allow established UDP

    - by George Bailey
    Related: Cisco IOS ACL: Don't permit incoming connections just because they are from port 80 I know we can use the established keyword for TCP.. but what can we do for UDP (short of replacing a Bridge or BVI with a NAT)? Answer I found out what "UDP has no connection" means. DNS uses UDP for example.. named (DNS server) is lisenting on port 53 nslookup (DNS client) starts listening on some random port and sends a packet to port 53 of the server and notes the source port in that packet. nslookup will retry 3 times if necessary. Also the packets are so small that it does not have to worry about them coming in the wrong order. If nslookup receives a response on that port that comes from the servers IP and port then it stops listening. If the server tried to send two responses (for example a response and a response to the retry) then the server would not care if either of them made it because the client has the job to retry. In fact.. unless ICMP 3/3 packet gets through the server would not know about a failure. This is different from TCP where you get connection closed or timed out errors. DNS allows for an easy retry from the client as well as small packets.. so UDP is an excellent choice because it is more efficient. In UDP you would see nslookup sends request named sends answer In TCP you would see nslookup's machine sends SYN named's machine sends SYN-ACK nslookup's machine sends ACK and the request named's machine sends the response That is much more than is necessary for a tiny DNS packet

    Read the article

  • Clarification for setting up SSH terminal access on Cisco IOS

    - by Matt Malesky
    I'm attempting to set up SSH on a Cisco 2811 and having some difficulties. The first step to this should be running crypto key generate rsa I seem to be missing this though: better#crypto key generate rsa ^ % Invalid input detected at '^' marker. better# Furthermore, the only available commands I have in the crypto key namespace are lock and unlock, which seem to indicate a locked keypair (for which I don't know the password): better#crypto key ? lock Lock a keypair. unlock Unlock a keypair. better#crypto key unlock ? rsa RSA keys better#crypto key unlock rsa %% Please enter the passphrase: %% Unlocking failed. . better# More or less, I'm asking what exactly this might mean, and if I actually do have certificates already here (used router)? Otherwise, how can I solve this? It's my first time configuring this feature, but I definitely believe it's part of my IOS. Speaking of my IOS, I'm running the image c2800nm-advsecurityk9-mz.124-24.T6.bin I'll also note that I have my hostname and ip domain-name configured. I'll also give you a dir flash: below if it's at all of use: better#dir flash: Directory of flash:/ 2 -rw- 2748 Jul 27 2009 14:03:52 +00:00 sdmconfig-2811.cfg 3 -rw- 931840 Jul 27 2009 14:04:10 +00:00 es.tar 4 -rw- 1505280 Jul 27 2009 14:04:32 +00:00 common.tar 5 -rw- 1038 Jul 27 2009 14:04:46 +00:00 home.shtml 6 -rw- 112640 Jul 27 2009 14:05:00 +00:00 home.tar 7 -rw- 1697952 Jul 27 2009 14:05:26 +00:00 securedesktop-ios-3.1.1.45-k9.pkg 8 -rw- 415956 Jul 27 2009 14:05:46 +00:00 sslclient-win-1.1.4.176.pkg 9 -rw- 38732900 Dec 8 2011 06:28:56 +00:00 c2800nm-advsecurityk9-mz.124-24.T6.bin 64016384 bytes total (20598784 bytes free) better#

    Read the article

  • Cisco BVI: Claiming IP addresses

    - by cjavapro
    I would like to make sure I understand this correctly. Given a Cisco ISO router that is set up with a BVI (a variation of a bridge route).. and the following layout "ISP router" \ "Network switch" # nothing special here. | \ | \ | \ | \ "Router 1 with NAT" "Router 2 with BVI" If I understand correctly.. the outside of a BVI will only respond to IP addresses that have already been claimed on the inside of the BVI... example subnet is 123.123.123.??? and servers inside the BVI on 123.123.123.10 and 123.123.123.11, and the NAT router is holding a public IP address of 123.123.123.50. If a connection comes in to 123.123.123.10 it will be received by router 2 but if it is received on 123.123.123.50, it will be received by router 1 and not received by router 2. and if a connection comes in to 123.123.123.90 (does not exist) it will not be received by either router. Am I correct? Is it true that the BVI router will not even receive packets to IP addresses that it does not see as existing on the inside?

    Read the article

  • Cisco 7206 error trying to copy running-config (Bad file number)

    - by jasondewitt
    I have a cisco 7206 that terminates a bunch of pppoa sessions for dsl users. Today I noticed that if I tried to "show run" nothing happened. I mean that it doesn't show anything and just sends me right back to the command prompt. I decided I should probably try and back up the config and that is where I'm stuck. Any time I try to copy the running-config to tftp or to pcmcia card that I know is not full I get the following error: %Error opening system:/running-config (Bad file number) I get this error when I try to do anything with the running config. I've been googling around, but I haven't found any thing else that talks about this error. I've seen people say to erase the nvram and then try to "copy run start", but I don't want to erase the nvram until I can pull off a copy of the running-config. I would try to reboot it, but the startup-config that is on the nvram looks to be woefully out of date (good job me!). Any ideas what might be wrong? or how I can get the running config off the router?

    Read the article

  • VLAN Tagging Traffic on Cisco Switch

    - by David W
    I have a situation where I'm setting up multiple VLANS on a pfSense firewall on the same physical interface for a client. So in pfSense, I now have VLAN 100 (employees) and VLAN 200 (students - student computer lab). Downstream from pfSense, I have a Cisco SG200 switch, and coming off of the SG200 is the student lab (running on a Catalyst 2950. Yes, that's old, but it works, and this is a poor nonprofit we're talking about). What I'd like to do is tag everything on the network as VLAN 100, except for the student computer lab. Earlier today when I was on-site with the client, I went into to the old Catalyst 2950, and assigned all of its ports to access VLAN 200 (switchport mode access vlan 200) without setting up a trunk on the Catalyst or on the SG200. Looking back on it, I now understand why internet in the lab broke. I reverted the lab back to the default VLAN1 (we're still running on a different firewall - we haven't deployed pfSense -, and the traffic is still separated physically). So my question is, what do I need to do in order to properly deploy this scenario? I believe the correct answer is: Ensure VLANs 100 and 200 are setup in pfSense, and that DHCP is operating correctly (on separate subnets) Setup a trunkport VLAN that allows both 100 & 200 traffic, and plug that port directly into pfSense. Setup a VLAN 200 trunkport on the SG200 (It's not running iOS, but if it were, the command would be switchport trunk native vlan 200), which will then plug into the Catalyst 2950. Setup a VLAN 200 trunkport on the Catalyst 2950 (that is plugged into the SG200 VLAN200 port with the same command - switchport trunk native vlan 200) Setup the rest of the ports on the old Catalyst 2950 in the lab to be access ports on VLAN200. Is there anything that I'm missing, or do I need to tweak any of these steps, in order to properly segment the network traffic?

    Read the article

  • ASA5500 series logging for management interface in transparent mode

    - by ANervousTwitch
    i have a cisco asa5520 in transparent mode. the interface is on the same subnet as some windows machines, which are generating a lot of broadcast traffic that is filling up the logs. is there any way to have it not log that its blocking those packets? its a bunch of these messages: "through-the-device packet to from management-only network is denied: udp src..." im also seeing some of those zeroconf requests that id like to drop logging for. i tried to just put a rule on the management interface, but apparently thats not allowed.

    Read the article

  • Cisco IOS ACL: Don't permit incoming connections just because they are from port 80

    - by cjavapro
    I am going much based on my memory and I may not be correct on all of this. On a Cisco 851 (IOS) that uses a BVI or a bridge-route (the servers on the inside are configured with static and public IP addresses). I would apply two access lists (both end with deny ip any any log) on FastEthernet4 (the WAN port). There would be one for FA4 in and another for FA4 out. FA4 out would have a line like access-list 110 permit 98.76.54.0 0.0.0.255 gt 1023 any eq http I think this means from 98.76.54.* with a from port of at least 1024 can connect to any other machine with a destination port 80. So, then I have to allow the response to the HTTP connection. FA4 in would have a line like access-list 120 permit any eq http 98.76.54.0 0.0.0.255 gt 1023 Now the problem with that is that anybody on the outside can set their from port to port 80 and then connect to any inside port that is at least 1024. How do we prevent this and require the incoming data to be a response to the outgoing data.

    Read the article

  • Cisco Call Manager adding 7945's

    - by Will
    Hello we currently have a call manager settup (older we are working on upgrading it) but for now we are looking to add 7945 IP phones. We currently have 7960's all over the place, but we can't get these new anymore. Here is the info about our call manager ace.dll 5.2.5.0 CCM4.1(3) aced.dll CCM4.1(3) AdministrativeReportingTool.exe 4.1(0.45) 4.1(3)sr4d Apache Tomcat 4.1 CCM4.1(3) ASTIsapi.dll 3.3.2.0 4.1(3)sr4d AudioTranslator.exe 4.0.0.3 CCM4.1(3) Aupair.exe 4.1.3.10472 4.1(3)sr4d AupairChangeNotify.dll 4.1.0.11 CCM4.1(3) AuthFilt.dll 4.0.0.0 4.1(3)sr4d AVVIDCustomerDirectoryConfigurationPlugin.exe 4.1.0.17(0) CCM4.1(3) bootp.exe 2.0.2.2 CCM4.1(3) BulkAdministrationTool.exe 5.1(4c) 4.1(3)sr4d CallBackService.exe 3.3.2.3 4.1(3)sr4d ccm.exe 4.1.3.17472 4.1(3)sr4d CcmPerfMon.dll 4.1(3)sr4d CCNTEST.EXE CCM4.1(3) cdpintf.dll 4.0.0.0 CCM4.1(3) Cisco CallManager 4.1(3)sr4d 4.1(3)sr4d One of the admins recommenced downloading a device pack, which we did. However when we ran it on the call manager server it gave the error "unable to read script" Any recommendations on how to get these phones working with our Call Manager? Thank you.

    Read the article

  • Cisco configuration for public library internet

    - by AlternateZ
    I'm a C/C++ computer programmer turned IT support guy working for a public library. My day is usually spent helping random grandparents learn how to use email, so my networking knowledge is limited to what I can glean from google. Here's the situation. We have a public library with 20 PCs on a LAN and also public wifi access. Previously we were running all of this on 1 ADSL connection and people complained about low speeds. We hired a networking company to set up a Cisco dual-WAN router for us, and purchased an additional ADSL connection. The intention was to give the LAN PCs a guaranteed amount of bandwidth each, and then let the wifi users split the rest. The results were far worse than what we expected, and all we got from the company was excuses and they've since washed their hands of us. During busy periods, net performance on the LAN PCs are so poor that attaching files to gmail etc often times out and fails - far from the "guaranteed amount of bandwidth each" that we hope for! Sometimes it feels like performance is worse than before when we had 1 ADSL link and an unconfigured router? Anyways, surely this is a problem encountered a million times over across the world? (Sharing internet across many users effectively.) What are standard solutions for something like this? I admit to not even knowing the right jargon to google for (load balancing?) I'd appreciate any links to resources/guides that might help me get a better understanding of the problem/solutions, and perhaps some stories of your own experience in solving similar problems. This will help us evaluate and negotiate with network consultants in the future. If its relevant, our router config contains a section "policy-map" with "bandwidth percent" for each class of user (LAN, wifi), and "fair queue".

    Read the article

  • Cisco ASA 5505 - InterVLAN NAT Exemptions Implementation not working

    - by Brandon Bearden
    Short version is we cannot communicate between our subnets. We have a Cisco ASA 5505 we are using for our network router. We have a Netgear L3 switch behind that with 10 vlans. Each VLAN is on its own subnet. (10.0.10.x/24, 10.0.11.x/24, etc) So ASA Switch Hosts We have PAT for each subnet to our outside interface. Each subnet NATs out properly. I have NAT exemption enabled for 2 of the subnets (eventually I will need all, but am just testing at the moment). Config is here: http://pastebin.com/pDsG7hsh I have tried multiple ways for the NAT exemption to allow all traffic from our inside VLANS. At this point in time I am trying to get "Engineering" to communicate with all hosts on "AuthUser". I can ping some hosts, but not as many as if I am directly on the interface. I can reach a port 80 service, but not 443. I cannot access anything via hostname or NetBIOS. What am I missing to allow higher security level interfaces to fully communicate with lower security level interfaces? Thx!

    Read the article

  • Cisco 7206vxr cpu reducing

    - by naimson
    I have a 7206VXR (NPE-G2) . At the rate of 140 kpps i gain 80% of cpu . So i looking for ways how to reduce it? So i want to turn off netflow(but don't want to this,monitoring is highly important for me), but it will give me only 10-20% ? At this moment with 84kpps i have 58% sh processes cpu sorted give me this. PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 109 163534600 537236763 304 35.38% 32.83% 16.85% 0 IP Input 67 829396 52280 15864 0.15% 0.01% 0.00% 0 Per-minute Jobs 68 5542736 3053476 1815 0.15% 0.18% 0.16% 0 Per-Second Jobs 51 635852 1116315 569 0.07% 0.03% 0.02% 0 Net Background 329 120396 4607274 26 0.07% 0.00% 0.00% 0 EIGRP-IPv4 Hello 105 50508 95032488 0 0.07% 0.05% 0.05% 0 IPAM Manager 6 4068580 476916 8531 0.00% 0.07% 0.05% 0 Check heaps 7 7768 3634 2137 0.00% 0.00% 0.00% 0 Pool Manager 8 0 1 0 0.00% 0.00% 0.00% 0 DiscardQ Backgro 10 8 708 11 0.00% 0.00% 0.00% 0 WATCH_AFS 5 0 1 0 0.00% 0.00% 0.00% 0 RO Notify Timers 12 0 2 0 0.00% 0.00% 0.00% 0 ATM VC Auto Crea 9 0 2 0 0.00% 0.00% 0.00% 0 Timers 11 0 2 0 0.00% 0.00% 0.00% 0 ATM AutoVC Perio 13 296 610532 0 0.00% 0.00% 0.00% 0 IPC Event Notifi 16 0 1 0 0.00% 0.00% 0.00% 0 IPC Zone Manager 17 3584 2980311 1 0.00% 0.00% 0.00% 0 IPC Periodic Tim 4 0 1 0 0.00% 0.00% 0.00% 0 EDDRI_MAIN 19 0 1 0 0.00% 0.00% 0.00% 0 IPC Process leve 20 0 1 0 0.00% 0.00% 0.00% 0 IPC Seat Manager 21 96 174453 0 0.00% 0.00% 0.00% 0 IPC Check Queue 14 4 50890 0 0.00% 0.00% 0.00% 0 IPC Dynamic Cach 3 0 1 0 0.00% 0.00% 0.00% 0 cpf_process_tpQ 24 756 305371 2 0.00% 0.00% 0.00% 0 IPC Keep Alive M 25 2340 610561 3 0.00% 0.00% 0.00% 0 IPC Loadometer 22 0 1 0 0.00% 0.00% 0.00% 0 IPC Seat RX Cont 15 0 1 0 0.00% 0.00% 0.00% 0 IPC Session Serv 18 1620 2980310 0 0.00% 0.00% 0.00% 0 IPC Deferred Por 29 0 1 0 0.00% 0.00% 0.00% 0 Exception contro sh run(greped): http://pastie.org/5483194 Hardware: c7200p-adventerprisek9-mz.151-4.M1.bin Cisco 7206VXR (NPE-G2) processor (revision A) with 917504K/65536K bytes of memory. Processor board ID 2xxxxxxx MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2 6 slot VXR midplane, Version 2.1

    Read the article

  • Setting up a VPN connection to Amazon VPC - routing

    - by Keeno
    I am having some real issues setting up a VPN between out office and AWS VPC. The "tunnels" appear to be up, however I don't know if they are configured correctly. The device I am using is a Netgear VPN Firewall - FVS336GV2 If you see in the attached config downloaded from VPC (#3 Tunnel Interface Configuration), it gives me some "inside" addresses for the tunnel. When setting up the IPsec tunnels do I use the inside tunnel IP's (e.g. 169.254.254.2/30) or do I use my internal network subnet (10.1.1.0/24) I have tried both, when I tried the local network (10.1.1.x) the tracert stops at the router. When I tried with the "inside" ips, the tracert to the amazon VPC (10.0.0.x) goes out over the internet. this all leads me to the next question, for this router, how do I set up stage #4, the static next hop? What are these seemingly random "inside" addresses and where did amazon generate them from? 169.254.254.x seems odd? With a device like this, is the VPN behind the firewall? I have tweaked any IP addresses below so that they are not "real". I am fully aware, this is probably badly worded. Please if there is any further info/screenshots that will help, let me know. Amazon Web Services Virtual Private Cloud IPSec Tunnel #1 ================================================================================ #1: Internet Key Exchange Configuration Configure the IKE SA as follows - Authentication Method : Pre-Shared Key - Pre-Shared Key : --- - Authentication Algorithm : sha1 - Encryption Algorithm : aes-128-cbc - Lifetime : 28800 seconds - Phase 1 Negotiation Mode : main - Perfect Forward Secrecy : Diffie-Hellman Group 2 #2: IPSec Configuration Configure the IPSec SA as follows: - Protocol : esp - Authentication Algorithm : hmac-sha1-96 - Encryption Algorithm : aes-128-cbc - Lifetime : 3600 seconds - Mode : tunnel - Perfect Forward Secrecy : Diffie-Hellman Group 2 IPSec Dead Peer Detection (DPD) will be enabled on the AWS Endpoint. We recommend configuring DPD on your endpoint as follows: - DPD Interval : 10 - DPD Retries : 3 IPSec ESP (Encapsulating Security Payload) inserts additional headers to transmit packets. These headers require additional space, which reduces the amount of space available to transmit application data. To limit the impact of this behavior, we recommend the following configuration on your Customer Gateway: - TCP MSS Adjustment : 1387 bytes - Clear Don't Fragment Bit : enabled - Fragmentation : Before encryption #3: Tunnel Interface Configuration Your Customer Gateway must be configured with a tunnel interface that is associated with the IPSec tunnel. All traffic transmitted to the tunnel interface is encrypted and transmitted to the Virtual Private Gateway. The Customer Gateway and Virtual Private Gateway each have two addresses that relate to this IPSec tunnel. Each contains an outside address, upon which encrypted traffic is exchanged. Each also contain an inside address associated with the tunnel interface. The Customer Gateway outside IP address was provided when the Customer Gateway was created. Changing the IP address requires the creation of a new Customer Gateway. The Customer Gateway inside IP address should be configured on your tunnel interface. Outside IP Addresses: - Customer Gateway : 217.33.22.33 - Virtual Private Gateway : 87.222.33.42 Inside IP Addresses - Customer Gateway : 169.254.254.2/30 - Virtual Private Gateway : 169.254.254.1/30 Configure your tunnel to fragment at the optimal size: - Tunnel interface MTU : 1436 bytes #4: Static Routing Configuration: To route traffic between your internal network and your VPC, you will need a static route added to your router. Static Route Configuration Options: - Next hop : 169.254.254.1 You should add static routes towards your internal network on the VGW. The VGW will then send traffic towards your internal network over the tunnels. IPSec Tunnel #2 ================================================================================ #1: Internet Key Exchange Configuration Configure the IKE SA as follows - Authentication Method : Pre-Shared Key - Pre-Shared Key : --- - Authentication Algorithm : sha1 - Encryption Algorithm : aes-128-cbc - Lifetime : 28800 seconds - Phase 1 Negotiation Mode : main - Perfect Forward Secrecy : Diffie-Hellman Group 2 #2: IPSec Configuration Configure the IPSec SA as follows: - Protocol : esp - Authentication Algorithm : hmac-sha1-96 - Encryption Algorithm : aes-128-cbc - Lifetime : 3600 seconds - Mode : tunnel - Perfect Forward Secrecy : Diffie-Hellman Group 2 IPSec Dead Peer Detection (DPD) will be enabled on the AWS Endpoint. We recommend configuring DPD on your endpoint as follows: - DPD Interval : 10 - DPD Retries : 3 IPSec ESP (Encapsulating Security Payload) inserts additional headers to transmit packets. These headers require additional space, which reduces the amount of space available to transmit application data. To limit the impact of this behavior, we recommend the following configuration on your Customer Gateway: - TCP MSS Adjustment : 1387 bytes - Clear Don't Fragment Bit : enabled - Fragmentation : Before encryption #3: Tunnel Interface Configuration Outside IP Addresses: - Customer Gateway : 217.33.22.33 - Virtual Private Gateway : 87.222.33.46 Inside IP Addresses - Customer Gateway : 169.254.254.6/30 - Virtual Private Gateway : 169.254.254.5/30 Configure your tunnel to fragment at the optimal size: - Tunnel interface MTU : 1436 bytes #4: Static Routing Configuration: Static Route Configuration Options: - Next hop : 169.254.254.5 You should add static routes towards your internal network on the VGW. The VGW will then send traffic towards your internal network over the tunnels. EDIT #1 After writing this post, I continued to fiddle and something started to work, just not very reliably. The local IPs to use when setting up the tunnels where indeed my network subnets. Which further confuses me over what these "inside" IP addresses are for. The problem is, results are not consistent what so ever. I can "sometimes" ping, I can "sometimes" RDP using the VPN. Sometimes, Tunnel 1 or Tunnel 2 can be up or down. When I came back into work today, Tunnel 1 was down, so I deleted it and re-created it from scratch. Now I cant ping anything, but Amazon AND the router are telling me tunnel 1/2 are fine. I guess the router/vpn hardware I have just isnt up to the job..... EDIT #2 Now Tunnel 1 is up, Tunnel 2 is down (I didn't change any settings) and I can ping/rdp again. EDIT #3 Screenshot of route table that the router has built up. Current state (tunnel 1 still up and going string, 2 is still down and wont re-connect)

    Read the article

  • Issues getting a Cisco WLC 5508 to find AIR-LAP1142N

    - by user95917
    hoping someone can help me with a problem here. I'm attempting to setup a test (loan from Cisco) wireless network. Here's what i've got/done: 5508 Controller - Service Port IP set to 10.74.5.2 /24. Management IP set to 10.74.6.2 /24 with a default gateway of 10.74.6.1. Virtual IP set to 1.1.1.1. Copper SFP in slot 7, CAT5 (known good) going from there to port 1/0/47 on the switch. Green lights on both ends. 2960-S Switch - Vlan1 - 10.74.6.1 /24. dhcp pool 10.74.6.0 /24, default router 10.74.6.1. excluded-address 10.74.6.1, 10.74.6.2. 1/0/4 on the switch is set to switchport mode access and no shut. 1/0/47 on the switch is setup to switchport mode trunk and no shut. 1/0/4 has a CAT5 (known good) cable going from there to the AP. When I do a sh cdp nei from the switch, i can see the AP and Controller listed. When i configure my PC's nic to 10.74.5.5, and plug a cable from my nic to the SP port on the controller i can get on the device via the gui. In there, the only errors/info that show up in the trap are: Link Up: Slot: 0 Port: 7 Controller time base status - Controller is out of sync with the central timebase. I've manually set the time but apparently that's not quite the problem (or at least not the entire problem). When i plug the AP in, i see on the switch console that it grants it power, it sees it connect...but the controller won't see it for some reason. From what i've read you shouldn't have to do anything to the AP as it's managed by the controller...but i'm not sure what setting I'm missing for it to work. The AP light on top is continually cycling green, red, yellow. When I first start it up, it blinks green for 20 or so seconds, then goes to solid green for another 20 seconds or so, then flashes blue, green, red for awhile...but always ends up goinn back to the standard, green, red, yellow. Does anyone see any obvious issues with my setup or have any suggestions as to why i might be having a problem? Thanks for your help!

    Read the article

  • How to share internet over VPN and inside a virtual machine (Windows)?

    - by mountrix
    ` My final goal is to have a virtual machine at work in which anything that happen inside (tcp, udp, ping, ...) will use the Internet connection of a computer at home. So, if inside this VM should I open an Internet browser to a site such as "show my IP", my home IP should be printed. I am also looking for a way to debug/develop a software inside this VM, but I would like to tunnel only the connections of this software, not the full graphical interface, this is why a Remote Desktop solution won't fit me. The connection between the both computer should be secured somehow, like in a SSH tunnel. This ultimately should allow me to have a portable VM in which I can connect to whatever networks I have access at home, in a secure way. This is my configuration: At work, I have a LAN-connected desktop computer, with Windows 7 Professional Edition as a host [computer W] On this same computer, I have a Virtual Box machine running Windows XP [computer V] At home, I have a laptop computer, running Windows 7 Home Edition [computer H] This laptop is connected to a Livebox 2 broadband modem by Wifi. What I am trying to do is to sit at work in front of the virtual machine [V], and connect to a webpage as if the request was issued from the laptop [H] at home, and the data should be securely tunneled between the both. But if I am using internet directly inside [W], it should use the normal LAN interface at work. To achieve my goal, I first try using VPN, than SSH tunneling, without success. I first tried to install Teamviewer between [W] and [H]. This is working fine, I can send files, share desktop, etc. Teamviewer has a VPN mode that creates a new VPN network interface with its own IP, both on computer [W] and [H]. This allowed me to connect [H] as a network computer inside [W] and I was able to share files, but not to share Internet. At this point, I tried to use from [W] the Internet as if I was at home. I setup a route (using route add from command line in [W]) in order to instruct each packet going to a given website to pass by the new VPN interface on [W], with the hope it will be forwarded to [H], but the webpage was simply inaccessible. I then tried to setup a Windows VPN connection between [W] and [H], using the Windows 7 VPN feature. [H] was the server and [W] the client. But it failed: I got the "Unable to join a remote PC while trying to VPN" 720 Error when I was setting up the client on [W]. I think the problem is the Livebox 2 that could blocks the packets. But I am not sure of this: 1) with Teamviewer it works fine, 2) Livebox 2 has a configuration page for port mapping that gives the proper configuration to map VPN ports as an example so I guess that it should allow it, 3) I opened the ports 1723 (TCP) and 500 (UDP) according to some forums. Virtual box has a network configuration parameter in which I can use the VPN network interface created by Teamviewer as a bridged connection. This is suppose to work in the sense that all packets issued by the virtual machine [V] is supposed to go directly to [H]. But I had no internet connection inside [V]. Using the NAT mode, [V] has internet. For me this is the feature that I look for: filtering all connections from the virtual box application to the VPN network interface, and the remaining should use the normal LAN interface. Apart from the build-in feature of VBox, I even do not know if it is possible to route the packet from a given application to a given interface. Finally I tried also SSH tunneling, but this is not the solution I looked for. Using an external SSH server (Linux), I was able to create a localhost connection on [W] (or [V]), using something like 'ssh -N -D server[H]' in order to allow a web browser located in [W] to connect to any website using the SOCKS 5 proxy created locally (SOCKS is a build-in feature of SSH). But repeating the same operation on windows, using a windows SSH server inside [W] (I tried freeSSHd), it failed: SFTP worked, but not the SOCKS tunneling, it was like the browser in [H] did not find internet. Finally only Teamviewer looked able to create a VPN between [W] and [H], but I am not able to use it, as I want, I mean using the Internet connection of [H] sitting in front of [W]. I also tried to bridge the VPN interface and the wifi interface inside [H], but it blocked my laptop, and I tried also the Internet Connection Sharing, trying to share on [H] the wifi connection over the VPN interface. This fails also, but it seems because Teamviewer actually use the wifi interface to be able to provide the VPN link, so I guess I am creating a recursive loop. I do not know what to try next... Thank you for any advice!!

    Read the article

  • help setting up an IPSEC vpn from my linux box

    - by robthewolf
    I have an office with a router and a remote server (Linux - Ubuntu 10.10). Both locations need to connect to a data supplier through a VPN. The VPN is an IPSEC gateway. I was able to configure my Linksys rv42 router to create a VPN connection successfully and now I need to do the same for Linux server. I have been messing around with this for too long. First I tried OpenVPN, but that is SSL and not IPSEC. Then I tried Shrew. I think I have the settings correct but I haven't been able to create the connection. It maybe that I have to use something else like a direct IPSEC config or something like that. If someone knows of a way to turn the following settings that I have been given below into a working IPSEC VPN connection I would be very grateful. Here are the settings I was given that must be used to connect to my supplier: Local destination network: 192.168.4.0/24 Local destination hosts: 192.168.4.100 Remote destination network: 192.167.40.0/24 Remote destination hosts: 192.168.40.27 VPN peering point: xxx.xxx.xxx.xxx Then they have given me the following details: IPSEC/ISAKMP Phase 1 Parameters: Authentication method: pre shared secret Diffie Hellman group: group 2 Encryption Algorithm: 3DES Lifetime in seconds:28800 Phase 2 parameters: IPSEC security: ESP Encryption algortims: 3DES Authentication algorithms: MD5 lifetime in seconds: 28800 pfs: disabled Here are the settings from my attempt to use shrew: n:version:2 n:network-ike-port:500 n:network-mtu-size:1380 n:client-addr-auto:0 n:network-frag-size:540 n:network-dpd-enable:1 n:network-notify-enable:1 n:client-banner-enable:1 n:client-dns-used:1 b:auth-mutual-psk:YjJzN2QzdDhyN2EyZDNpNG42ZzQ= n:phase1-dhgroup:2 n:phase1-keylen:0 n:phase1-life-secs:28800 n:phase1-life-kbytes:0 n:vendor-chkpt-enable:0 n:phase2-keylen:0 n:phase2-pfsgroup:-1 n:phase2-life-secs:28800 n:phase2-life-kbytes:0 n:policy-nailed:0 n:policy-list-auto:1 n:client-dns-auto:1 n:network-natt-port:4500 n:network-natt-rate:15 s:client-dns-addr:0.0.0.0 s:client-dns-suffix: s:network-host:xxx.xxx.xxx.xxx s:client-auto-mode:pull s:client-iface:virtual s:client-ip-addr:192.168.4.0 s:client-ip-mask:255.255.255.0 s:network-natt-mode:enable s:network-frag-mode:disable s:auth-method:mutual-psk s:ident-client-type:address s:ident-client-data:192.168.4.0 s:ident-server-type:address s:ident-server-data:192.168.40.0 s:phase1-exchange:aggressive s:phase1-cipher:3des s:phase1-hash:md5 s:phase2-transform:3des s:phase2-hmac:md5 s:ipcomp-transform:disabled Finally here is the debug output from the shrew log: 10/12/22 17:22:18 ii : ipc client process thread begin ... 10/12/22 17:22:18 < A : peer config add message 10/12/22 17:22:18 DB : peer added ( obj count = 1 ) 10/12/22 17:22:18 ii : local address 217.xxx.xxx.xxx selected for peer 10/12/22 17:22:18 DB : tunnel added ( obj count = 1 ) 10/12/22 17:22:18 < A : proposal config message 10/12/22 17:22:18 < A : proposal config message 10/12/22 17:22:18 < A : client config message 10/12/22 17:22:18 < A : local id '192.168.4.0' message 10/12/22 17:22:18 < A : remote id '192.168.40.0' message 10/12/22 17:22:18 < A : preshared key message 10/12/22 17:22:18 < A : peer tunnel enable message 10/12/22 17:22:18 DB : new phase1 ( ISAKMP initiator ) 10/12/22 17:22:18 DB : exchange type is aggressive 10/12/22 17:22:18 DB : 217.xxx.xxx.xxx:500 <- 206.xxx.xxx.xxx:500 10/12/22 17:22:18 DB : c1a8b31ac860995d:0000000000000000 10/12/22 17:22:18 DB : phase1 added ( obj count = 1 ) 10/12/22 17:22:18 : security association payload 10/12/22 17:22:18 : - proposal #1 payload 10/12/22 17:22:18 : -- transform #1 payload 10/12/22 17:22:18 : key exchange payload 10/12/22 17:22:18 : nonce payload 10/12/22 17:22:18 : identification payload 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( draft v00 ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( draft v01 ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( draft v02 ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( draft v03 ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( rfc ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports DPDv1 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local is SHREW SOFT compatible 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local is NETSCREEN compatible 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local is SIDEWINDER compatible 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local is CISCO UNITY compatible 10/12/22 17:22:18 = : cookies c1a8b31ac860995d:0000000000000000 10/12/22 17:22:18 = : message 00000000 10/12/22 17:22:18 - : send IKE packet 217.xxx.xxx.xxx:500 - 206.xxx.xxx.xxx:500 ( 484 bytes ) 10/12/22 17:22:18 DB : phase1 resend event scheduled ( ref count = 2 ) 10/12/22 17:22:18 ii : opened tap device tap0 10/12/22 17:22:28 - : resend 1 phase1 packet(s) 217.xxx.xxx.xxx:500 - 206.xxx.xxx.xxx:500 10/12/22 17:22:38 - : resend 1 phase1 packet(s) 217.xxx.xxx.xxx:500 - 206.xxx.xxx.xxx:500 10/12/22 17:22:48 - : resend 1 phase1 packet(s) 217.xxx.xxx.xxx:500 - 206.xxx.xxx.xxx:500 10/12/22 17:22:58 ii : resend limit exceeded for phase1 exchange 10/12/22 17:22:58 ii : phase1 removal before expire time 10/12/22 17:22:58 DB : phase1 deleted ( obj count = 0 ) 10/12/22 17:22:58 ii : closed tap device tap0 10/12/22 17:22:58 DB : tunnel stats event canceled ( ref count = 1 ) 10/12/22 17:22:58 DB : removing tunnel config references 10/12/22 17:22:58 DB : removing tunnel phase2 references 10/12/22 17:22:58 DB : removing tunnel phase1 references 10/12/22 17:22:58 DB : tunnel deleted ( obj count = 0 ) 10/12/22 17:22:58 DB : removing all peer tunnel refrences 10/12/22 17:22:58 DB : peer deleted ( obj count = 0 ) 10/12/22 17:22:58 ii : ipc client process thread exit ...

    Read the article

  • Accessing MySQL server via VPN in python

    - by user210481
    Hi I have a MySQL server that I need access through a VPN. I use MySQLdb package to access MySQL server in Python. When I can access the server without VPN, it works fine, but when I'm at certain locations, I need to connect through VPN. My computer is connected to the VPN and I can access the database through PHPMyAdmin, but MySQLdb gives me an error message: OperationalError: (2003, "Can't connect to MySQL server on 'MY_IP' (10061)") Any ideas on why it's not working? Thanks

    Read the article

  • How to set up ProxMox 1.9 on VPN?

    - by Gnudiff
    Disclaimer: I have only rudimentary knowledge of VPNs. I would love to learn about them properly, however, at the moment I really need to make stuff work on short notice. I am trying to set up a ProxMox virtualization platform in an existing network. The network currently consists of several servers which have VMWare free edition. There is some sort of VPN defined in switch. In order for VMWare management interface to be accessible, there needs to be ticked a checkbox in the network settings for VPN and entered the VPN id. I didn't notice any such configuration option during ProxMox installation, so my Proxmox VE on the same physical server, using same manual IP settings (ip/nm/gw), is not accessible. As I understand I should touch the Proxmox's underlying Debian config in /etc/network/interfaces, but I have no idea, what should I aim for: do I specify the settings for eth0, do I make a virtual interface? How to make it accessible for both ProxMox VE and underlying future VMs? I read the ProxMox installation guide, but unfortunately it presumes better understanding of VPNs than I have. A config template or similar would be appreciated. Thanks in advance.

    Read the article

  • Providing access to a Samba server for VPN clients

    - by Kamil Kisiel
    We have some Windows users that connect to our network via VPN from home. They need to be able to connect to our Samba server and access a mapped network drive just as they do as when they are on our LAN. The complication is that VPN clients are placed on a subnet other than our office LAN, and behind a firewall. What's the easiest way for me to allow them to still connect to the network share? The solutions I've currently seen involve setting up a WINS server for name resolution purposes and then tunnelling a bunch of the NetBIOS stuff through the firewall. However that means I'd have to set up the VPN DHCP server to hand out the WINS address, something I'm not even sure is possible on the Cisco hardware we have. I'm thinking there must be an easier way. Should I use an LMHOSTS file? Or just map by IP address? Also, I'm not terribly familiar with Windows networking, so which ports would I need to pass through my firewall in order to get the file sharing through?

    Read the article

  • VPN Error 691 but server says authenticated on server

    - by Andy
    Hello all, I have a problem with a vpn connection on Windows XP SP3 that appears to be related to an account (maybe privilleges or an option that I have missed). When connecting using my account, which is a domain administrator account it will connect to through the vpn fine. However, using an account created for another person they receive Error 691: Username or Password is not valid for this domain. On the domain controller (windows 2003) I see a logon successful message: User DOMAIN\user was granted access. Fully-Qualified-User-Name = int.company.net.au/People/Management/User NAS-IP-Address = 10.30.0.3 NAS-Identifier = not present Client-Friendly-Name = MelbourneCore Client-IP-Address = Router-ip Calling-Station-Identifier = not present NAS-Port-Type = Virtual NAS-Port = 77 Proxy-Policy-Name = Use Windows authentication for all users Authentication-Provider = Windows Authentication-Server = undetermined Policy-Name = Remote VPN Access Authentication-Type = MS-CHAPv1 EAP-Type = Does anyone have any ideas as to where else I should look for finding a solution? If i use the wrong password it gives a logon failure error in the event viewer. Also removing them from the remote access group gives a logon failure error. Nothing appears in the event viewer on the local machine. In the past all that is required is to add them into our Remote Access Users group. Any help?

    Read the article

  • cannot connect to vpn server (error 721)

    - by callmeblessed
    I got 2 internet connections in my computer. One is using 3.5G HSDPA modem (vodafone huawei e220) and the other using mobile phone (cdma zte c261). Both are using different ISP and i have both. at the moment, i can connect to my office vpn using the HSDPA modem one. But when i tried to use cdma modem (dial up - mobile phone modem), i am just able to get "verifying username and password" and then after a few minutes it display error : Error 721 The Remote Computer didn't respond. I tried to ping into my office ip address, it got good result but still cannot connect to the vpn. I tried to turn off all my firewall (i'm using commodo) and has no response as well. In my cdma mobile phone modem Network connections I tried to allow iNternet connection sharing as well ... and turn on all Internet Protocol TCP/IP, File & Printer Sharing & Client for microsoft networks. But all of my effort has no effect. How to fix this problem ? note: my office using windows vpn as well. thank you .

    Read the article

  • Changing Mac OS X 10.6 Routing after VPN'd In

    - by Matt Rogish
    I have a coffee shop around the corner that I use to do some work when I want to get away from home. They offer free wi-fi and I then use my Mac 10.6 VPN to log into my work network. I have "Send all traffic over VPN connection" checked. Before, their network was 10.0.0.x. I think they got a new router because it's now 192.168.2.x However, this interferes with one of the subnets at work so now I can't visit 192.168.2.x at work. So: 1) Office network: VPN gives IPs as 192.168.1.x. Another network is 192.168.2.x 2) Coffee network: Gives IPs as 192.168.2.x I think if I set a route to send all 2.x traffic over the tunnel, it would blow up my routing to their system, right? What should I do? I know the individual IPs of the servers I want... Maybe I could add each one, or can I add all of them minus the default gateway of their router? How do I set that up "temporarily" in my Mac? Thanks!!

    Read the article

  • Checkpoint VPN-1 R60 and Windows 7 64 Bit Client

    - by Mohit
    As per my knowledge of checkpoint VPN-1. My company is using checkpoint VPN-1 R 60 ( I guess as I dont know how to check server version) Firewall(VPN Server). Now the problem is that I installed Windows 7 64 bit. But, after my research I found that there are not even one client (SecuRemote/SecuClient) for Win7 64 bit, when Firewall or server is R60. I thought of some open source solutions. Can you guys please suggest me some with the configuration required. As of now, I know the IP of the server. I know my username and password using which I connect and that is not my domain password. that i can confirm to you guys. I am not a network guy. I am more of a developer. But, I need some help in this.So, let me know if I can provide you more details. Please please i need urgent help on this.

    Read the article

  • Configuring Wireless on Cisco 851W

    - by Aequitarum Custos
    Either a powersurge or something caused our router's configuration to get wiped, and our last backup was before the wireless network was setup. We have not been able to reconfigure the wireless since then, so was curious if anyone here would be able to determine what configuration is needed. We are using a Cisco 851W running 12.4(15)T9 We would like to use WPA encryption, and have it on the same network as the rest of the office network. Config file is below: User Access Verification Building configuration... Current configuration : 3857 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption no service dhcp ! hostname BOB ! boot-start-marker boot-end-marker ! enable secret 5 ********************* ! no aaa new-model ! ! dot11 syslog no ip source-route ! ! ip cef no ip bootp server ip domain name BOB.com ip name-server 61.11.1.1 ip name-server 61.11.1.2 ! ! ! username BOBB privilege 15 password 7 ************************* ! ! archive log config hidekeys ! ! ip tcp synwait-time 10 ! ! ! interface FastEthernet0 no cdp enable ! interface FastEthernet1 no cdp enable ! interface FastEthernet2 no cdp enable ! interface FastEthernet3 no cdp enable ! interface FastEthernet4 description WAN Connection$ETH-WAN$ ip address 61.11.1.14 255.255.254.0 ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable ! interface Dot11Radio0 no ip address shutdown ! encryption mode ciphers tkip speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root no cdp enable ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio0.20 ip access-group Guest-ACL in no cdp enable ! interface Vlan1 description Internal Network ip address 192.168.2.60 255.255.255.0 ip nat inside ip nat enable ip virtual-reassembly ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 61.11.2.14 ! ip http server no ip http secure-server ip nat inside source list 1 interface FastEthernet4 overload ! ip access-list extended Guest-ACL deny ip any 192.0.0.0 0.0.0.255 permit ip any any ! access-list 1 permit 192.0.0.0 0.0.0.255 access-list 100 remark SDM_ACL Category=2 access-list 100 permit ip 192.0.0.0 0.0.0.255 any no cdp run ! control-plane ! !

    Read the article

  • VPN from Windows XP to OpenSwan: correct setup?

    - by Gnudiff
    Main question is what I am doing wrong in my OpenSwan or L2TP client setup? I am trying to create a Linux OpenSwan VPN connection from Windows XP machine, using preshared key and the builtin Windows XP L2TP IPsec option. I have followed the instructions in Linux Home networking Wiki for setting up OpenSwan and a guide to making it work with the Windows XP client, but am now stuck. The net setup is as follows: [my windows client, private IP A]<->[f/wall B]<-internet->[g/w X]<->[Linux OpenSwan server Y] A - private subnet /24 B - internet address X - internet address /24 Y - internet address on same subnet as X What I essentially want is for computer with A address to feel and work, as if it was in X subnet for purposes of outgoing and incoming TCP and UDP connections. My OpenSwan setup is as follows: /etc/ipsec.conf (AAA and YYY indicates ip address parts of A and Y addresses): conn net-to-net authby=secret left=B leftsubnet=AAA.AAA.AAA.0/24 leftnexthop=%defaultroute right=Y rightsubnet=YYY.YYY.YYY.0/24 rightnexthop=B auto=start the secret in /etc/ipsec.secrets is listed as: B Y : PSK "0xMysecretkey" where B & Y stand for respective IP adresses of gateway B and linux server Y My L2TP WinXP setup is: IP of destination: Y don't prompt for username security options: typical, require secured pass, don't require data encryption, IPSec PSK set to 0xMysecretkey networking options: VPN Type: L2TP IPSec VPN; TCPIP protocol (with automatic IP address assignment) and QOS packet schedulers enabled The error I get from Windows client is 789: "error during initial negotiation"

    Read the article

< Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >