LDAP vs local login for remote access

Similar Messages

• VRF-Aware IPSec for Remote Access

  Dear All,
  Has anyone successfully implemented VRF-Aware IPSec for Remote Access ?
  I am trying to implement this feature on a PE which has MPLS enabled
  on the Internet facing interface.
  With the config below, I am being able to establish an IPSEc tunnel but not being able to PING the VRF interface configured on the same PE.
  I will be really grateful for any comment or any pointers for what could
  be possibly wrong with the configuration below:
  aaa new-model
  aaa authentication login USER-AUTHENTICATION local
  aaa authorization network GROUP-AUTHORISATION local
  crypto keyring test-1
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group test-1
  key test-1
  domain test.com
  pool cpe-1
  acl 101
  crypto isakmp profile test-1
  vrf test-1
  keyring test-1
  match identity group test-1
  client authentication list USER-AUTHENTICATION
  isakmp authorization list GROUP-AUTHORISATION
  client configuration address initiate
  client configuration address respond
  client configuration group test-1
  crypto map IPSEC-AWARE-VRF 2 ipsec-isakmp dynamic test-1
  ip local pool cpe-1 192.168.81.1 192.168.81.254 group test-1
  crypto dynamic-map test-1 1
  set transform-set test-1
  set isakmp-profile test-1
  reverse-route remote-peer
  Internet facing interface
  interface GigabitEthernet4/0/0
  ip address x.x.x.x 255.255.255.240
  ip router isis
  mpls ip
  crypto map IPSEC-AWARE-VRF
  Customer facing interface
  interface GigabitEthernet1/0/0.1
  encapsulation dot1Q 100
  ip vrf forwarding test-1
  ip address 110.110.110.1 255.255.255.0
  Kind regards,
  ZH

  Million thanks for this.
  This now works after disabling CEF on the public facing interface.
  Regards,
  Zahid

• Desperate help needed to configure WVC210 for remote access?

  Hi, I'm new and desperately need some help on setting up my WVC210 for remote access.
  I manage to setup and see images from my WVC210 using my home LAN via both wired and also wireless.
  I have 2 questions:
  (a) for wireless connection, i only manage to get connection to my WVC210 if i disable the wireless security from my router. But that means i'm opening my wireless LAN to everyone. How can i still get connection to the camera if i enable the wireless security from my router. (FYI: my router is 2Wire ADSL  from Singnet Mio)
  (b) how can i get connection to my WVC210 from outside or in my office? I type in the camera Fixed IP address (displayed on the front screen) on the web browser, by it shows a error page. Is there some setting that i might need to adjust ?
  Pls kindly help me
  Thank you.

  Bernard,
  For Item (2) is there any difference between the camera built-in dyndns updater versus the software updater? I am under the impression that the software updater is easier to manage.
  The biggest difference for you is that the camera always stays at the same location, and the laptop goes with you. Every time you access the internet from a different location with the laptop the software updater is sending the new IP address to dyndns.com. This causes you to lose access to your camera because the FQDN doesn't point to your home IP address anymore. Once the dyndns credentials are in the camera (or router) there is no management needed. The device will automatically update dyndns.com with your new IP address as it changes, and you do not need to do anything.
  For Item (3), are you saying port forward 1025 is it for the 2nd camera only or for both? Or is it 2nd camera use 1025 and first camera use 8080?
  Here's an example of what I mean:
  Camera 1: 192.168.1.210 port 1024. In router, forward port 1024 to 192.168.1.210
  Local Access: http://192.168.1.210:1024
  Remote Access: http://bernards210.dyndns.org:1024 (Example)
  Camera 2: 192.168.1.211 port 1025. In router, forward port 1025 to 192.168.1.211
  Local Access: http://192.168.1.211:1025
  Remote Access: http://bernards210.dyndns.org:1025 (Example)
  Camera 3: 192.168.1.212 port 1026. In router, forward port 1026 to 192.168.1.212
  Local Access: http://192.168.1.212:1026
  Remote Access: http://bernards210.dyndns.org:1026 (Example)
  to access the 2 camera outside, do i have to have another dyndns host name or can i use the current one for both camera?
  As you can see in the above example, the dyndns name remains the same for remote access to all three cameras. The only change is the port number at the end. Your router will translate the port number to the IP address that the port is forwarded to, allowing you to select the camera that you wish to view by changing the port number in the address.
  I was actually thinking that the camera web browser can show 2 camera at the same time. Is it possible?
  No. Each browser window will display a single camera. You can however opens multiple instances of your browser to allow viewing of more than one camera simultaneously. A better solution is to install the Video Monitoring Software that is included with the camera which allows you to view multiple cameras in the same window.

• I have a mac mini server which I want to set up for remote access from windows and mac pcs.  How do I do this.  I can access it form my home network OK

  I have a mac mini server which I want to set up for remote access from windows and mac pcs.  How do I do this.  I can access it form my home network OK

  Posted in error.

• How to Use synchronous RFC calls during test run for remote accesses

  there is a Setting for the usage of RFC accesses from a tested system
  using eCATT.
  'X' - Use asynchronous RFC calls during test run for remote accesses
  ' ' - Use synchronous RFC calls during test run for remote accesses
  I developed an eCATT as following :
    SAPGUI ( SAPGUI_1 , Target_system_1 ).
    SAPGUI ( SAPGUI_2 , Target_system_2 ).
  My question is how to run the eCATT in a synchronous RFC calls
  PS: I do not want to change the Target_system to the same one in the
  above script of ecatt.Because I need to run it in 2 different Target
  systems sometime.
  for example, I give a Target_system_3 when run this eCATT
  I want the SAPGUI_1 and SAPGUI_2 run the Target_system_3 but not the
  Target_system_1 or Target_system_2 .
  Could you please tell me how to make it without the changes in script?
  Edited by: Weitong Liu on Mar 24, 2011 9:44 AM

  Hi Liu,
  Weitong Liu wrote:
  > ' ' - Use synchronous RFC calls during test run for remote accesses
  This is the standard option value. Asynchronous are not the standard way and used only for very special purposes.
  Weitong Liu wrote:
  > I developed an eCATT as following :
  >   SAPGUI ( SAPGUI_1 , Target_system_1 ).
  >   SAPGUI ( SAPGUI_2 , Target_system_2 ).
  > My question is how to run the eCATT in a synchronous RFC calls
  The commands will be executed in sequence. So each call will be synchronously replayed against TS1 and TS2.
  What is you issue with this standard procedure?
  Kind regards,
  Christoph

• How to enable second HD DVR for remote access?

  I easily got my first HD DVR setup for remote access and it worked perfetly for 1 day, then it stopped working.  After 2 hours on the phone with tech support, we got it to work again.  However, we were unable to get my second DVR setup.  He said that I could only have one DVR setup for remote access, is that true?  If not, any assistance would be much appreciated. 
  Thank you!

  glcockrum wrote:
  I easily got my first HD DVR setup for remote access and it worked perfetly for 1 day, then it stopped working.  After 2 hours on the phone with tech support, we got it to work again.  However, we were unable to get my second DVR setup.  He said that I could only have one DVR setup for remote access, is that true?  If not, any assistance would be much appreciated. 
  Thank you!
  Are you speaking of Remote Access from the Web?  ...or from a mobile phone?
  For Web Access it is absolutely NOT TRUE!
  I have TWO DVRs.  I can access both remotely from the web and schedule or delete recordings.
  The tech MAY have been speaking of (or confused about) the MULTI-ROOM capability that the DVR's have.
  Only one of the DVRs can be (and is) a Home Media (or Multi-Room) DVR, and therefore can share recordings with my other NON-DVR STB and communicates with any computer on my home network for PC-based Audio, Vieo and Image files, as well as connecting to the certain Internet video streaming sites.
  The other DVR is a standalone machine is this regard, but regardless, it still has remote access to control it from the Web.
  (I do not know anything about the Remote Access from a mobile phone capability, since I do have a Verizon Wireless contract.  THAT Remote Access may indeed be limited to just a single DVR.)

• Configure Time Capsule for remote access

  I have a second generation 2TB Time Capsule, operating on Bridge Mode, connected to an Arris Touchstone Telephony Gateway TG862. I want to configure Back to My Mac to be able to access the Time Capsule remotely.
  I've followed the basic steps and get this message from the settings in the iCloud Pane in System Preferences: Setup router for better performance. And this details: Contact your ISP for a different server address.
  I've tried Google and OpenDNS, and also disabling the Firewall in the Arris router, and still can't access the Time Capsule remotely.
  I also tried disabling NAT and seeing it up as Bridged in the router, and disabling Wireless as well, trying to configure the Time Capsule to serve NAT and DHCP to no avail.
  Any steps I'm missing or a whole different approach I should take to be able to access my Time Capsule remotely?
  Thank you in advance for any help.

  You will have to learn how to port forward in your Arris Gateway..
  Arris Touchstone Telephony Gateway TG862
  The easiest way is to simply google it.
  http://forums.comcast.com/t5/Home-Networking-Router-WiFi/Port-forwarding-in-Arri s-TG852G-CT/td-p/954929
  It certainly appears to be problematic.. which is not surprising... If you really need remote access I would request a pure modem from your ISP (Comcast??) or simply replace it with one in the list. You will need to turn off any inbuilt firewall in the router and use DMZ perhaps to the TC.
  There is a few posts on youtube which also might help you. eg
  https://www.youtube.com/watch?v=_8tKBHvCz_0
  But I am on ADSL so my setup is too unlike yours to really tell you much.
  If you want to test something.. let me recommend you load Teamviewer onto a computer in your LAN.. set the computer up to never sleep and then try and reach it using Teamviewer from WAN connection.. if that works.. let me recommend you stick to something of this type. Unless you are prepared to change modems with your ISP I doubt you will solve it.
  If teamviewer fails nothing is going to work.. you need to at least turn off the firewalls in both the computer and the router..
  If you don't want to leave a computer running 24/7 to accept incoming requests.. then use WD MyCloud or similar type NAS.. which are far better designed for remote access than Apple routers.. or use a cloud storage and keep files you might want there.

• NAT for remote access VPN clients

  Hello,
  I have a simple remote access VPN setup on a 2811 router. The remote subnet of the clients connecting have access to the local LAN subnet, but I am wondering if it is possible to somehow NAT those remote access users, so that they can go beyond the local LAN, and through the VPN routers outside connection, giving them access to other resources.
  The remote subnet would need to be added to the NAT overload pool that the local LAN is on somehow, but since no interface is created, I am unsure where I would need to put "ip nat inside" if it even needs to be done, or if I am just missing something.
  I guess really what I want to do is tunnel all traffic, and have that remote client IP translate to the NAT pool on the router for internet access.
  Thanks.

  Have a look here for solution
  http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml
  Regards

• Routing Issue for Remote Access Clients over Site to Site VPN tunnels

  I have a customer that told me that Cisco has an issue when a customer has a topology of let's say 3 sites that have site to site tunnels built and a Remote Access client connects to site A and needs resources at Site B but the PIX won't route to that site. Has this been fixed in the ASA?

  Patrick, that was indeed true for a long time.
  But now it is fixed in PIX and ASA version 7.x.
  Please refer to this document for details:
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml

• Help For Remote Access Via VPN

  Need Help
  what cisco product or router specification or model  can we use for VPN connection in our remote site via Internet Connection
  thanks Godbless

  There are several options here, but more information is probably needed to give a good recommendation.
  1.  What type of VPN?  A site to site VPN that stays up, or remote VPN that is more on demand?
  2.  What type of Internet access to have at your remote site?
  3.  Are you going to also use this as a gateway to the Internet or will this device sit to the side or behind your gateway?
  My first inclination is that if you just need occasional remote access to your remote site for support issues check out the ASA 5505.  Depending on where you will place it and what amount of user traffic will flow through it, you may be able to get by with just a base license and use IPSec remote VPN. 
  If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

• Help setting up Lion Server for remote access

  I have been going in cricles for weeks trying to set this up correctly.  Can anyone tell me what I'm doing wrong?
  I got Lion Server and Server Admin Tools all updated and have been trying to follow Terry Walsh from We Got Served's guide but I missing something.
  I purchased a domain from GoDaddy. Let's call it bradnet.com
  My domain and dyn domain are not really what I have typed here but close enought that they should work for my example and trouble shooting.
  Because my ISP (Comcast) doesn't provide a static IP I registerd for an account with dyn.com.  This is where I get really confused.  With dyn.com i created a host name: bradnet.dyndns-rocks.com and downloaded there updater software.  It found my public IP address and said everything is ok.
  I went back to GoDaddy and in my DNS manger page added the host: bradnet.dyndns-rocks.com and entered my public IP.
  I then went to the server pane to edit the host name.  I followed your instructions to edit the name and selected Host Name for Internet.  I left the computer name as mini (what I had previously named it for file sharing before the server upgrade) and entered  mini.bradnet.dyndns-rocks.com as the host name.  When it takes me back to the server pane, in the bottom window it states:
  Your Server's host name is mini.bradnet.dyndns-rocks.com, and its IP address is 192.168.1.10. You can change network settings in the Server pane.
  I never get the your network is configured properly message.
  I went and set my computer's IP to DHCP with manual address (although all of my machines are set up with DHCP reservations so I guess that is a little redundant) to 192.168.1.10.
  I skipped the port forwarding step because I am using the latest AirPort Extreme as my router.
  I then opened a browser and tried:
  http://bradnet.com
  http://mini.bradnet.dyndns-rocks.com
  http://mini.bradnet.com
  http://bradnet.dyndns-rocks.com
  All of these got me the can't find the server response from Safari.
  Also, I have not yet set up Directory Services.  Terry's guide seems to suggest to do this step first.
  I'm sure I have messed up some step somewhere can you see what I have done wrong?
  Also, is it a problem to set up open directory services using a .local host and then go back and change it for internet access later or do you need to set that up from the start?  My family is getting impatient with me trying to get this to work.
  Thanks for any help anyone can offer!
  Brad

  That manual page is not fully correct. There is written:
  Public UDP Port(s): <enter the appropriate UDP port value(s)>
  Public TCP Port(s): <enter the appropriate TCP port value(s)>
  Private IP Address: <enter the reserved IP address of the host device (from step 1)>
  Private UDP Port(s): <enter the same Public UDP Ports or your choice>
  Private TCP Port(s): <enter the same Public TCP Ports or your choice>
  But it should be:
  Public UDP Port(s): <enter unique UDP Ports of your choice>
  Public TCP Port(s): <enter unique TCP Ports of your choice>
  Private IP Address: <enter the reserved IP address of the host device (from step 1)>
  Private UDP Port(s): <enter the UDP Ports used by your device>
  Private TCP Port(s): <enter the TCP Ports used by your device>
  Make sure you use the same ports in the private settings as you have defined in your IP camera. Normally a camera will use port 80 by default, so use 80 here.
  The Public ports must all be unique. If you have not defined a port 80 here, you can also use 80. This will fail however when using multiple cameras. I for instance have 5 IP cameras and use the public ports 8451, 8452, 8453 etc.

• Portal LDAP permission problems: Login causing "Insufficient access"

  Hello,
  We have OID / Portal / 10gAS version 9.0.4.1 in development and production. We are using the 10gAS as a J2EE webapp server and the OID server as an LDAP server. Portal was working, but we had to make modifications to the default ACP's in OID for our DIT to be secure.
  Bottom line:
  Logging in as a user to portal yields:
  " Unexpected error encountered in wwsec_app_priv.process_signon (User-Defined Exception) (WWC-41417)
  An exception was raised when accessing the Oracle Internet Directory: 50: Insufficient access
  Details
  Operation: dbms_ldap_utl.get_group_membership. (WWC-41743)
  Looking back at the ACL trace yields the following:
  BEGIN
  2004/12/10:08:57:25 * ServerWorker:4 * ConnID:31 * OpId:1 * OpName:search
  gslsfbiDumpSubscribedGroups: Op. ID: <1> Subscribed Orclprivilege Groups for the user DN: <orclapplicationcommonname=portal.040405.1647,cn=portal,cn=products,cn=oraclecontext>
  08:57:25 * Op. ID: <1> Group0 for the user DN:<cn=authenticationservices,cn=groups,cn=oraclecontext>
  08:57:25 * Op. ID: <1> Group1 for the user DN:<cn=userproxyprivilege,cn=groups,cn=oraclecontext>
  08:57:25 * Op. ID: <1> Group2 for the user DN:<cn=oracledascreateuser,cn=groups,cn=oraclecontext>
  08:57:25 * Op. ID: <1> Group3 for the user DN:<cn=oracledascreategroup,cn=groups,cn=oraclecontext>
  08:57:25 * Op. ID: <1> Group4 for the user DN:<cn=common group attributes,cn=groups,cn=oraclecontext>
  08:57:25 * Op. ID: <1> Group5 for the user DN:<cn=oracledasconfiguration,cn=groups,cn=oraclecontext,dc=tekelec,dc=com>
  08:57:25 * Op. ID: <1> Group6 for the user DN:<cn=authenticationservices,cn=groups,cn=oraclecontext,dc=tekelec,dc=com>
  08:57:25 * Op. ID: <1> Group7 for the user DN:<cn=userproxyprivilege,cn=groups,cn=oraclecontext,dc=tekelec,dc=com>
  08:57:25 * Op. ID: <1> Group8 for the user DN:<cn=oracledascreateuser,cn=groups,cn=oraclecontext,dc=tekelec,dc=com>
  08:57:25 * Op. ID: <1> Group9 for the user DN:<cn=oracledascreategroup,cn=groups,cn=oraclecontext,dc=tekelec,dc=com>
  08:57:25 * Op. ID: <1> Group10 for the user DN:<cn=common group attributes,cn=groups,cn=oraclecontext,dc=tekelec,dc=com>
  08:57:25 * gslsfbiDumpSubscribedGroups: Op. ID: <1> Subscribed Orclacp Groups for the user DN: <orclapplicationcommonname=portal.040405.1647,cn=portal,cn=products,cn=oraclecontext>
  08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Entry DN:(uid=saitken,cn=users,dc=tekelec,dc=com)
  08:57:25 * gslfacZEvaluate_Filter: Operation id:(1) User DN: (orclapplicationcommonname=portal.040405.1647,cn=portal,cn=products,cn=oraclecontext)
  08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Visiting ACP at: (cn=users,dc=tekelec,dc=com)
  08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Filter Accees denied by ACP: (cn=users,dc=tekelec,dc=com)
  08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) User being Privileged group member, Evaluation continues
  08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Visiting ACP at: (dc=tekelec,dc=com)
  08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Visiting ACP at: (dc=com)
  08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Filter Accees denied by ACP: (dc=com)
  08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) User being Privileged group member, Evaluation continues
  08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Visiting ACP at: (cn=root)
  08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Filter Accees denied by ACP: (cn=root)
  08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) User being Privileged group member, Evaluation continues
  08:57:25 * gslfacZEvaluate_Filter: Op id:(1) Filter Access to entry (uid=saitken,cn=Users,dc=tekelec,dc=com) not allowed
  08:57:25 * INFO: gslfrsDSendSearchEntry : Access to filter attributes not allowed
  END
  The interpretation of this is that the service account "(orclapplicationcommonname=portal.040405.1647,cn=portal,cn=products,cn=oraclecontext)" does not have sufficient privileges to "Op id:(1) Filter Access to entry" or, "Browse the entry" with the DN "uid=saitken,cn=Users,dc=tekelec,dc=com". This is the user I am attempting to log in as.
  The current ACP entries against the "users" container that is causing the deny.. "Filter Accees denied by ACP: (cn=users,dc=tekelec,dc=com)" seems to be the problem.
  The real issue is that "entry level" access should be possible by all users in the system. The ACP entries I have on the 'users' entry / container is as follows:
  - orclaci: access to entry by self (browse)
  - orclaci: access to entry filter=(objectclass=tekuser) by * (browse) by group="cn=service accounts,cn=groups,dc=tekelec,dc=com" (browse,delete) by group="cn=it - user admins,cn=groups,dc=tekelec,dc=com" (browse,delete)
  - orclaci: access to entry filter=(objectclass=inetorgperson) by group="cn=oracledascreateuser, cn=groups,cn=OracleContext,dc=tekelec,dc=com" added_object_constraint=(objectclass=orcluser*) (browse,add) by group="cn=oracledasdeleteuser, cn=groups,cn=OracleContext,dc=tekelec,dc=com" (browse,delete) by group="cn=oracledasedituser, cn=groups,cn=OracleContext,dc=tekelec,dc=com" (browse) by group="cn=UserProxyPrivilege, cn=Groups,cn=OracleContext,dc=tekelec,dc=com" (browse, proxy) by dn="orclApplicationCommonName=DASApp, cn=DAS, cn=Products,cn=oraclecontext" (browse,proxy) by self (browse, nodelete, noadd) by group="cn=Common User Attributes, cn=Groups,cn=OracleContext,dc=tekelec,dc=com" (browse)
  All users under the "Users" container are of objectclass 'tekuser'. The last ACP point was massaged from the original install of Portal.
  The real clincher that I don't understand is that the single entry "access to entry filter=(objectclass=tekuser) by * (browse)" should be allowing browse access to my entry to everyone! (Including the service account for portal!)
  So, as I wind around this ball of wax, I deparately seek assistance. I understand the complexities of ACP's and know of a few problems, but nothing that would cause this.
  Does anyone have any insight? Any feedback is greatly appreciated!
  The best thing that I could have right now would be a spec (or requirements) of permission configuration against an LDAP server (or OID) for Portal to perform it's normal tasks. Unfortunately, I have yet to find any docos on ACL requirements of Portal. :(
  -Sean

  Sean: Did you find an answer to your issue. We seem to be experiencing the same issue here - but not much help for the Error - WWC-41743.
  Error Text - Operation: dbms_ldap.modify_s
  Entry DN: cn=AUTHENTICATED_USERS,cn=portal.050125.132734.548814000,cn=groups,dc=us,dc=deloitte,dc=com
  Changes
  uniquemember: Add: cn=invcm1,cn=users,dc=us,dc=deloitte,dc=com.
  Would appreciate any help. You can send mail to [email protected]
  Thank you again!
  Shomic

• Make thunderbolt storage device be available for remote access

  I have an external thunderbolt HDD (Drobo 5D) that I'd like to make available for remote file access. A simple file browser should be sufficient, but the prettier the better of course ;-).
  Essentially, I'd like to "dropbox" my Drobo 5D. I have a pogoplug but that requires plugging my thunderbolt device into a USB 2.0 port...so that won't work out too well.
  Any ideas?

  I also have a very similar concern.
  I am about to purchase a hard drive enclosure with ethernet capability. If you go to ebay and search for "3.5 ethernet" you will find many "USB 2.0 LAN Ethernet Enclosure" for $30-40. Then I will buy a 3.5 IDE hard drive of 500GB for about $100.
  My idea is to attach this setting to my Netgear wireless router and access photos, music and videos from my laptop and desktop.

• How do I setup TimeCapsule up for remote access through the internet.

  I have a first gen time capsule that I would like to access remotely when I'm not at home. I have a modem/router combo Motorola sb6141 at home that my time capsule is attached to. I have read on other threads that I need to turn off the wireless on my time capsule and have a dedicated IP address from Comcast. I was just hoping for more confirmation/ideas that have worked for everyone else. Thanks!

  A Gen1 TC will need to be updated to 7.6.1 firmware for preference although the latest is 7.6.3 and use BTMM and iCloud.. as long as the TC is operating as the main router it will work better than other methods.. assuming you are a Mac to access it remotely. If you are not using a Mac what are you using??
  http://jimmymacsupport.com/remotely-access-your-airport-extreme-or-time-capsule- files/
  There is lots of info if you just google.. remote access time capsule
  Or BTMM and icloud
  Apple have several documents about how to do the setup..
  Then of course there is the real world.. if you do all this and it fails.. as it can do.. post again.
  Perhaps in this thread.
  https://discussions.apple.com/thread/3699096?start=0&tstart=0

• VPN between XP client IPSec and IOS for remote access

  Solved.
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=General&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd7d54c/0
  Hi,
  I am trying to implement remote access for XP clients using their IPSec built-in feature and my 805 router configured with dynamic crypto map, but it's not working. Apparently the remote client IKE phase1 is successful but it stucks there.
  Does any one face it before.
  The client is behind a adsl router but I am allowing the traffic 500 through it and I am not seeing traffic leaving the cisco router. So it's in the 805.
  Thanks in advance
  David

  If you setup a VPN server on your Mac (server) at home, and configure it to root all traffic via the VPN connection by defining the network 0.0.0.0 as being 'private' this will cause all traffic to go via your home Mac and therefore bypass the hospital filter.
  You can test this by going to the following address when not connected to the VPN and after connecting to the VPN, the public IP address should change to show when connected to the VPN the public IP address becomes your home address.
  See http://www.whatismyip.com (or similar site)
  This approach can also get round 'geo-ip' protection. For example if your abroad on holiday and still want to get access to BBC iPlayer or Hulu.