10.4.7: Cisco, VPN, Groups ... How?
I see in the release notes for OS X 10.4.7 that it now supports the Cisco VPN "groups". Since my company uses that, I'm very interested! But I can't see how to configure that ... Internet Connect still looks the same, doesn't appear to have anywhere to enter the group name / password.
Clues?
MacBook Pro (2x2.16GHz, 2Gb RAM, 100Gbx7200) Mac OS X (10.4.6) iMac G5, iBook, Parallels/WinXP, linux
Yeah, go to the Configuration drop down menu and select Edit Configurations... you can then enter the advanced info there. However don't expect it to work. At this point I don't believe anything Apple says about VPN connectivity with Cisco anymore. They've been saying it's fixed since 10.4.5 and it continues to fail everytime I try to connect.
Here's my log with the url and ip of our server obfuscated.
Tue Jun 27 16:57:54 2006 : L2TP connecting to server 'vpn url' (vpn ip)...
Tue Jun 27 16:58:57 2006 : L2TP cannot connect to the server
Tue Jun 27 16:59:47 2006 : L2TP connecting to server 'failover vpn url' (failover vpn ip)...
Tue Jun 27 17:00:46 2006 : L2TP cannot connect to the server
Tue Jun 27 17:00:46 2006 : L2TP cannot connect to the server
Similar Messages
-
How to add new group entry in Cisco Vpn using powershell
I am working on a powershell script to connect cisco vpn using powershell, I am able to connect to vpn but not sure how to add new group to vpn. I am using the following script$vpn_profile = 'Test'
$username = 'TestUser'
$userPassword = ConvertTo-SecureString -String "Password" -AsPlainText -Force
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist
$username,$userPassword
$password = $credentials.GetNetworkCredential().Password
Set-Location 'c:\Program Files (x86)\Cisco Systems\VPN Client'
.\vpnclient.exe connect $vpn_profile user $username pwd $password
Write-Host "You Are Connected"
cd "C:\"Have you entered .\vpnclient.exe /? to see if it will return information about other switches you can use with this executable? Other than connect, I was able to track down a few without actually having the executable (http://www.scribd.com/doc/40108893/Cisco-VPN-Client-Command-Line).
That said, I do not believe that there is a switch that will help you create a connection. These are either done manually through the GUI, or can be likely be added by supplying a properly formatted file in the proper place.
If you're using the version of the Cisco VPN client I think you are, then your connection settings, or profiles, are stored in individual .pcf files somewhere on your computer (likely in the Cisco directory). These are simple, text-based files. Find one
on your computer, save it with another name, and then modify it manually. If you really want to use PowerShell, then use this opportunity to learn how to create and edit basic text files using PowerShell. If you have a standard connection file, then you can
put that file onto remote computers any number of ways. If a .pcf file exists in the proper place when the VPN client is opened, then it likely will not prompt for a new connection.
Update: Added more info; clarified -
How to uninstall Cisco VPN client 5.0.07.0440, using SCCM \group policy or may be a login script?
msiexec /u "vpnclient_setup.msi" /q /norestart , but it did not worked.
msiexec /x "vpnclient_setup.msi" /q /norestart , but it did not worked.
I hav apprx 500+ win 8 clients.
Thanks in AdvanceLooks like I have to follow this exactly:
http://myitforum.com/cs2/blogs/smchugh/archive/2006/11/15/automating-removing-the-cisco-vpn-client.aspx
msiexec.exe /uninstall {Cisco VPN 5.x guid} /qn
MsiExec.exe/X{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D} /q /norestart -
How to increase built-in cisco vpn peer response timer?
Hi,
I use OS x in-built cisco vpn client to connect to work VPN.
The VPN server, or perhaps the radius server, takes a long time to return a response. OS X always try for 10 seconds, then drop the conneciton when no response from the remote peer. When I use cisco vpn client on a windows machine, the vpn client has a setting to allow for 90 seconds remote peer response time. It works fine using cisco vpn client.
I prefer to use os x as my primary working environment, so I need to fix this problme. My question is how to increase the phase 1 & 2 timer for vpn under 10.6.7. I have tried to change racoon.conf phase 1 & phase 2 timer, but it made no difference. OS X only try for 10 seconds.
Any ideas? (besides asking work people to fix the server or radius problem)
Thanks
jmsherry123i have the same problem ... certificate is imported in keychain, but cant select it when setup vpn connection
-
How setup SPA525 vpn client?How configuration Cisco VPN server?
Hi all,
How setup SPA525 vpn?
How configuration Cisco VPN server for SPA525?
Regards
JohnHi John,
Do you want to setup the SPA525 on the UC300? If so the UC300 does not support any VPN or remote users. If you need configuration help with the UC5XX just let me know.
Thank you,
Jason Nickle -
How long does Cisco VPN client keeps its logs
Hi,
How long does the Cisco VPN client keeps its logs? It seems like 2 weeks. Is it right?February 18, 2010
Due to popular demand, the Cisco VPN Client v5.0.7 open beta is now available!
In addition to serving as a general maintenance release, the Cisco VPN Client 5.0.7 beta is compatible with Windows 7 & Windows Vista 64-bit environments.
A 64-bit specific compatible image is available for installation on these platforms.
Please have communicate feedback (both positive and problems) to [email protected]
Key Capabilities available for Beta Testing:
New Platform support – Windows 7 & Windows Vista 64-bit platform compatibility
Software Access: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=281940730 (under 5.BETA)
Software is available for download by any customer with a Cisco.com SMARTnet™ enabled login.
Release Notes will be available next week via a link once the download image is selected.
There are currently no plans to support Windows XP 64 bit in the VPN client. -
Support for Cisco VPN "mutual group authentication"
Hi,
Does anyone know of support plans for Cisco VPN mutual group authentication in the built-in VPN client on MacOSX?
Thanks,
JohnI would like to know the answer to this as well.
Thanks,
Josh -
i have an Airport Extreme wireless router, HP Folio laptop (company supplied) and a Canon PIXMA MX882 wireless printer,copier, scanner and fax.
when i am VPN's in thru CISCO VPN to my company Intranet site I cannot print wirelessly. i have to turn off VPN, priint and log back into the company intranet site. is there a way to configure the router so that it is not blocking the signal?
TxThe problem is not the router.. the issue is the vpn has put your computer in a different IP range with a different gateway. When you turn off the vpn the computer returns to local lan and can print.
Some vpn software allows you to set gateway to use local net instead of remote gateway or access to other webistes or local lan.
Read up the issue.
http://stevejenkins.com/blog/2010/01/using-the-local-default-gateway-with-a-wind ows-vpn-connection/
Cisco vpn client..
https://supportforums.cisco.com/thread/239113
I did not search much.. just grabbed the first article I could find that explains the issue.
The whole point of the vpn is whilst it is connected your computer is NOT part of the Local Lan .. it is part of the Remote LAN via the vpn tunnel.
It is also a security risk using split tunnelling so often it will not be allowed.
Plug the printer directly into the computer via usb or whatever.. Local connection will work.. not local lan. -
Since upgrading to Lion, I can no longer use VPN because my RSA securid token and CIsco VPN Client won't load. Any suggestioins out there?
.
-
Cisco VPN on Edgy Ubuntu v6.10
I have a complicated (to me) problem with trying to use Ubuntu 6.10 on our office network.
Our IT group set me up with the proprietary Cisco VPN client for Mac OS X for my home machine. This client lets me connect to our secure office network without a problem. I am interested now in doing the same thing for an Intel-based ubuntu machine I have on the same home network.
To do that, I've been using the free kVPN program. It seems to have a mode that allows for Cisco connections, but I have not been able to make it work. The client is looking for something called an IPSec ID and group password, two things the official Cisco VPN client on OS X does not ask for. Blank entries don't seem to work. Copying my username and password doesn't work either. Do you have any idea what this client wants and
what I should be putting there? This is something that the proprietary Cisco client on the Mac does not ask for. I've tried entering nothing, the IP address I'm connecting to (which I also entered already), but none of these settings seem to work
OK. I wgeted (w-got?) the official cisco vpnclient, compiled and installed it.
I don't have a .pcf file for my work network. My Mac client doesn't seem to need one - at least, I can't find one.
I've tried to create one using the sample.pcf, but it's not working. It still seems to want group ID and an IPsec address.
I've tried leaving those blank, making up entries, but each time I get the error:
eric@frank:/etc/init.d$ vpnclient connect cmg
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.17-10-generic #2 SMP Fri Oct 13 18:45:35 UTC 2006 i686
Config file directory: /etc/opt/cisco-vpnclient
privsep: unable to drop privileges: group set failed.
The application was unable to communicate with the VPN sub-system.
eric@frank:/etc/init.d$
Network security is not one of my skills. Any guidance as to how to proceed from here would be truly appreciated.
EBTry this link:
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_chapter09186a00801011e6.html -
Cisco VPN client & Microsoft ISA firewall client.
Hi all,
could someone give me advice how to set
up Cisco VPN client to route traffic
to our proxy ISA 2004. We have installed
Microsoft firewall client on PCs but we dont know how to set up routing of IPSEC
to Proxy.
I know that this is maybe problem of Microsoft but maybe it is possible to do this directly in Cisco VPN client.
Any suggestions?
BR
jlBe sure that the Department or organizational unit (OU) corresponds to the Cisco VPN Client group name, as configured in the PIX vpngroup name. Select the correct Certificate Service Provider (CSP) appropriate for your setup
http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094e69.shtml -
Preventing mac osx users from using cisco vpn
Hi,
I have setup ASA to act as our vpn server with radius as my authentication server. Users use the cisco vpn client utility to vpn in which has the .pcf file. This .pcf file has the group password, name and so on. Some users went online and found websites to decrypt the group password and have used that on their local macs to vpn in.
That irritates me and i want to know how i can prevent them from logging on. Are there any ways to block by os type within ASA?
Please help!!
thanksthanks i set it up to get 2 syslog messages: 713120 and 713904.
<165>Feb 09 2012 06:48:56: %ASA-5-713120: Group = vpnaccess-xyz123, Username = xyzcompany\jdoe, IP = 10.10.10.10, PHASE 2 COMPLETED (msgid=xxxxxx).
Which is good, now i know who is connected to my vpn and i get an alert, but i also want to know they type of OS they are using. When i do a lookup of syslog message id: 713904, that is suppose to give me the OS type (ex: winnt mac ox and so on), but i am not getting that.
Any reason why i dont get an alert from message id 713904, but i get one from 713120.
thanks -
Need HELPS! ASA 5505 8.4 Cisco VPN Client cannot ping any internal host
Hi:
Need your great help for my new ASA 5505 (8.4)
I just set a new ASA 5505 with 8.4. However, I cannot ping any host after VPN in with Cisco VPN client. Please see below posted configuration file, thanks for any suggestion.
ASA Version 8.4(3)
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.29.8.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 177.164.222.140 255.255.255.248
ftp mode passive
clock timezone GMT 0
dns server-group DefaultDNS
domain-name ABCtech.com
same-security-traffic permit inter-interface
object network obj_any
subnet 172.29.8.0 255.255.255.0
object service RDP
service tcp source eq 3389
object network orange
host 172.29.8.151
object network WAN_173_164_222_138
host 177.164.222.138
object service SMTP
service tcp source eq smtp
object service PPTP
service tcp source eq pptp
object service JT_WWW
service tcp source eq www
object service JT_HTTPS
service tcp source eq https
object network obj_lex
subnet 172.29.88.0 255.255.255.0
description Lexington office network
object network obj_HQ
subnet 172.29.8.0 255.255.255.0
object network guava
host 172.29.8.3
object service L2TP
service udp source eq 1701
access-list VPN_Tunnel_User standard permit 172.29.8.0 255.255.255.0
access-list VPN_Tunnel_User standard permit 172.29.88.0 255.255.255.0
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended deny tcp any any eq 135
access-list inside_access_in extended deny tcp any eq 135 any
access-list inside_access_in extended deny udp any eq 135 any
access-list inside_access_in extended deny udp any any eq 135
access-list inside_access_in extended deny tcp any any eq 1591
access-list inside_access_in extended deny tcp any eq 1591 any
access-list inside_access_in extended deny udp any eq 1591 any
access-list inside_access_in extended deny udp any any eq 1591
access-list inside_access_in extended deny tcp any any eq 1214
access-list inside_access_in extended deny tcp any eq 1214 any
access-list inside_access_in extended deny udp any any eq 1214
access-list inside_access_in extended deny udp any eq 1214 any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any any eq www
access-list inside_access_in extended permit tcp any eq www any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq 33
89
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq sm
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq pp
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ww
w
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ht
tps
access-list outside_access_in extended permit gre any host 177.164.222.138
access-list outside_access_in extended permit udp any host 177.164.222.138 eq 17
01
access-list outside_access_in extended permit ip any any
access-list inside_access_out extended permit icmp any any
access-list inside_access_out extended permit ip any any
access-list outside_cryptomap extended permit ip 172.29.8.0 255.255.255.0 172.29
.88.0 255.255.255.0
access-list inside_in extended permit icmp any any
access-list inside_in extended permit ip any any
access-list inside_in extended permit udp any any eq isakmp
access-list inside_in extended permit udp any eq isakmp any
access-list inside_in extended permit udp any any
access-list inside_in extended permit tcp any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool ABC_HQVPN_DHCP 172.29.8.210-172.29.8.230 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
nat (inside,outside) source static orange interface service RDP RDP
nat (inside,outside) source static obj_HQ obj_HQ destination static obj_lex obj_
lex route-lookup
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_WWW JT_W
WW
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_HTTPS JT
_HTTPS
nat (inside,outside) source static guava WAN_173_164_222_138 service RDP RDP
nat (inside,outside) source static guava WAN_173_164_222_138 service SMTP SMTP
nat (inside,outside) source static guava WAN_173_164_222_138 service PPTP PPTP
nat (inside,outside) source static guava WAN_173_164_222_138 service L2TP L2TP
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 177.164.222.142 1
route inside 172.29.168.0 255.255.255.0 172.29.8.253 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Guava protocol nt
aaa-server Guava (inside) host 172.29.8.3
timeout 15
nt-auth-domain-controller guava
user-identity default-domain LOCAL
http server enable
http 172.29.8.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_VPN_Set esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_vpn_set esp-3des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set Remote_VPN_Set
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 173.190.123.138
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5
ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ES
P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet 172.29.8.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside vpnclient-wins-override
dhcprelay server 172.29.8.3 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
group-policy ABCtech_VPN internal
group-policy ABCtech_VPN attributes
dns-server value 172.29.8.3
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_Tunnel_User
default-domain value ABCtech.local
group-policy GroupPolicy_10.8.8.1 internal
group-policy GroupPolicy_10.8.8.1 attributes
vpn-tunnel-protocol ikev1 ikev2
username who password eicyrfJBrqOaxQvS encrypted
tunnel-group 10.8.8.1 type ipsec-l2l
tunnel-group 10.8.8.1 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 10.8.8.1 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
tunnel-group ABCtech type remote-access
tunnel-group ABCtech general-attributes
address-pool ABC_HQVPN_DHCP
authentication-server-group Guava
default-group-policy ABCtech_VPN
tunnel-group ABCtech ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 173.190.123.138 type ipsec-l2l
tunnel-group 173.190.123.138 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 173.190.123.138 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect pptp
inspect ftp
inspect netbios
smtp-server 172.29.8.3
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:6a26676668b742900360f924b4bc80de
: endHello Wayne,
Can you use a different subnet range than the internal interface, this could cause you a LOT of issues and hours on troubleshooting, so use a dedicated different Ip address range...
I can see that the local Pool range is included into the inside interface Ip address subnet range, change that and the related config ( NAT,etc, ) and let us know what happens,
Regards,
Julio
Security Trainer -
Cisco VPN client can't ping remote network.
I have recently installed a Cisco 5505 and have problems with some of the Cisco VPN Hosts I connect to using the Cisco VPN dialer. The Cisco Dialer connects fine but I am unable to connect to any computers on the remote network.
I have tracked the issue down to the ones that work & the ones that don't. If the remote Cisco is on the same sub-net as the computers I am connecting to it works fine. If the remote Cisco is on a differant sub-net then the computer I am trying to connect to it won't work unless I set up a static nat for a given pc on my network.
When I run through the dynamic Nat for my network I get the following error on the 5505.
regular translation creation failed for protocol 50 src inside:192.168.97.215 dst outside:xx.xxx.xx.xxx
I have been trying to find a solution to this issue ever since I installed the router and have not had any luck with any of the suggestions I have found on the Web. I have attached my config.
Any help would be appreciated.
MikeThanks for your response.
Yes that exactly the setup we are trying to get to work.
I have a call into them now and will check on their set up but I have no control over how they configure their routers I can only make requests.
I was hoping there was something causing it on my side as I deal with Hospitals and they can get very picky about their security.
I guess what is confusing me is it works if it goes through a Static Nat but not if it runs through our dynamic Nat.
Mike -
Hi all,
I wonder if someone can be more helpful than my uni IT department who take a minimum of a week to get you an IP address...
My new uni uses Cisco VPN client for connection to the Wi-Fi network. It all works great apart from one (very annoying problem):-my e-mail accounts in mac mail don't seem to be able to connect via the VPN. I have had both an IMAP and a POP server e-mail account work automatically wherever I connect in the world for over a year now-so its not the way I've set up the accounts.
Is there any way to get mac mail to "see" the VPN connection. If I have to physically plug-in my mac this seems a tad ridiculous when it works in every coffee shop with free wi-fi.
My uni are not helpful as they want people to use either outlook or better still log-on to their e-mail using the web. I don't even want to use their e-mail-what is the point when I move jobs again in a year. What I do currently is use an IMAP account from my last job which I've set to forward to my "e-mail for life" from my undergrad uni. I basically only give out my life e-mail address and this also goes on all my papers.
If I can't access this easily and sort all my mail in all the folders I've created to filter out things like facebook etc. I'm wondering what the point of mac mail is.Yeah, that stuff normally works for me. Unfortunately this is a situation where you have to use an external Cisco VPN client software, whether you like it or not. Its this horrible clunky thing (which at least half works I guess). So its only like normal wi-fi in terms of selecting the network, then you have to open up this application and put in your log-in etc. Most of the settings on this client seem locked, so there isn't much I can do to configure it.
I've just got to my (temporary) accommodation which doesn't have wi-fi or VPN (just ethernet) and my mail is working again-so it must be the VPN. Goodness knows how it works with an iPod touch (interested in getting one but kind of pointless if I spend most of my time at work and it doesn't work...)
Thanks for your suggestions though!
Maybe you are looking for
-
Hi All, I have two packages in a webapplication. com.mycompany.myapp and com.mycompany.myapp.classbank. I set up the application so I have a package for re-usable classes(myapp.classbank) and the other for the backing beans for my pages and the sessi
-
Blurry text after Tabbed Cycler runs on IE
http://faculty.medicine.iu.edu/mentoring/ So three quotes rotate through on this page using the TabbedPanelsCycler that I found on the forum long ago. I recently have been getting complaints that as the second panel rotates the fonts dont render out
-
DNxHD (.mxf) export with alpha channel
Hello! I'm working with one Finnish children's feature film which will star end of this year as an DIT. Movie will include lot's of green screen and the production want's me to do chroma keyed DNxHD 36 renders with alpha channel for AVID editorial. S
-
Did my hard drive crash? What is this screen?
I was out of town for a couple days and came home to an a screen I'd never seen before. When I turned on my MBP, a gray screen booted up with 2 folders - one said "Hard Drive HD" and the other said "Recovery 10.8.2". Not knowing what was going on, I
-
Tengo problemas con flash cs6 en windows 7
como me pongo en contacto con alguien de soporte de adobe