Advice needed for VPN connections

OK to first describe what I'm looking at .We have a bookmobile that goes to 13 different locations within our county. At each stop we are using the service provider's DSL modem to connect to their network, we have two different providers and staff changes the modem at each stop, and a Cisco831 router to make a VPN connection to our PIX. We are using the router to make the VPN connection so that we can have two staff computers use internal network resources i.e. Library database, network drives, e-mail. We tried using Cisco VPN client on the local machine but when we have two clients going on two machines at the same time neither would work. So we let the router make that connection.
We are going to have two bookmobiles operating and I need to purchase another router to make the connection and I am wondering which router would be a better solution for us.
So for me the question is
1) should I keep things as they are and buy a 871 and have staff change modems as needed
2) Should I get an 877, 878 router and make configuration changes daily as needed. Staff have not been able to do this in past. I've enough to do without this!
3) Up for any suggestions Maybe SDM with a pretty GUI for staff to use. It seems Cisco's CLI was too much for them.
Thanks to all for any help
Systems A

No Nat-traversal is enabled.
When we tried multiple VPN connections it was through a DSL modem/router. This is why we went to a Cisco831 router and having it make the secure connection to our PIX.
Thanks for you help

Similar Messages

  • Entering Correct info for VPN connection

    please suggest the correct configuration for entering information in order for my laptop to connect via VPN to my newly installed Leopard Server software. On my laptop, I have entered the following info on the System Preferences> network tab...
    Configuration: Default
    Server Address: 76.173.xx.xxx (my public IP address - do I need anything else?)
    Account name: XXXXXX (same as the account name in Server)
    under Authentication Settings, my password is fine and my shared secret is the same as on the Server.
    Am I entering in everything correctly? i am most concerned as to how the server address is supposed to be written. thanks!!

    Hi
    If Appletalk is enabled server side and you simply enter the IP address afp is assumed as the protocol to be used. If you prefer the extra effort involved in typing afp:// followed by the IP address you can use that as well. If you want to use the smb service rather than afp simply type smb://followed by the IP address. The same thing applies to ftp services. The Finder supports reads only for ftp services.
    If you are using VPN services you simply type in the private IP (LAN-side) address of the server rather than the public IP (WAN-side) address. Once a VPN connection has been established, the remote client behaves as if it is on the same LAN.
    You can make a connection using the Public WAN address if you enable port forwarding to a single LAN IP address for services you are interested in. For example if you wanted to access your server remotely using afp you configure your router to forward requests for port 548 to the internal IP address of your server. You can use this method for as many services you like as well as how many your router supports. Most commercially available routers support 10-20. Depending on the router you may have to configure an appropriate firewall rule as well. When faced with that it makes more sense to use a single VPN connection.
    I may be in danger of teaching granny to suck eggs but for what its worth for VPN connections to work successfully the remote client’s private IP address has to be different from the host site. For example if the remote site is on 192.168.1.x/24 as is the server then you won’t establish a connection. As far as the remote site is concerned its already connected to that network, why look elsewhere? 192.168.1.x/24 to 192.168.2.x/24 or 10.10.10.x/24 to 192.168.0.x/24 should result in successful VPN connections.
    For a list or IP addresses reserved for private use:
    http://www.iana.org/faqs/abuse-faq.htm#SpecialUseAddresses
    Hope this helps, Tony

  • Unable to set manual IP address for VPN connection

    Recently a VPN connection with a client stopped working. They changed phone companies and changed some of the IP addresses.
    After alerting them I could no longer log in, I received the new server address which I can log in with it,
    BUT my computer is assigned a dynamic address that is already in use on their network. This causes my computer to *not* be connected to their network, even though I am inside their firewall; therefore I cannot adjust the database files I need to.
    I have tried to set the VPN (PPTP) connection TCP/IP address IPv4 manually, using the static address they just gave me. But each time I connect, [I believe] their router assigns me an address that is already in use.
    They do not use IPv6.
    Can anyone give me direction on how to make the manual IP address *stick*?
    The tech person at the site keeps telling me it is a problem with my "Mac, because with Windows.... blah, blah, blah".
    I am pretty sure this is not the case and in fact I was the one who let her know I was receiving a duplicate address.
    Your VPN expertise is really appreciated.
    Thanks in advance,
    Michele

    Hi,
    Please make sure the Ad hoc connection IP adress is at the same range with your local connection. In addition, how about recreate the ad hoc connection for test, please have a try.
    If problem persists, please use Network troubleshooter in Action Center to fix this problem for test.
    Roger Lu
    TechNet Community Support

  • Trying to set a delay in an Applescript for VPN connection

    I need to be able to set some routes upon opening a particular VPN connection so I did some searching and found a really simple Applescript that does the job. Problem is it tries to set the routes before the VPN actually connects so the routes don't go in.
    I added in a 10 second delay which does the trick, but I'm thinking there has to be a way to do this that waits until the VPN actually connects before continuing - so if it takes 5 seconds or 10 or whatever, it waits.
    The other thing I'm doing that I think is bad is I'm sending a route delete command before sending the add command. Why? Because if I don't and for some reason the route is partially in the table, it doesn't give an error and ends up not routing. Again, probably a better way to do this.
    Here is my current script"
    -- Connect Work VPN
    tell application "System Events"
    tell current location of network preferences
    set VPNservice to service "Work" -- name of the VPN service
    if exists VPNservice then connect VPNservice
    end tell
    end tell
    delay 10
    set gateway to "x.x.x.x" -- omitted here for security
    do shell script "route delete 192.168.25.0/24 " & gateway with administrator privileges
    do shell script "route delete 192.168.20.0/24 " & gateway with administrator privileges
    do shell script "route add 192.168.25.0/24 " & gateway with administrator privileges
    do shell script "route add 192.168.20.0/24 " & gateway with administrator privileges
    Any suggestions??
    Thanks.

    you might want to try asking in the Applescript forum under OS X technologies.
    I don't have any VPN connections so can't test anything but applescript dictionary for system events indicates that configuration property of a service has a boolean property "connected". so just run a loop with, say, 1 second delay until this porperty becomes true. presumably it would be something along the lines
    <pre style="
    font-family: Monaco, 'Courier New', Courier, monospace;
    font-size: 10px;
    margin: 0px;
    padding: 5px;
    border: 1px solid #000000;
    width: 720px;
    color: #000000;
    background-color: #ADD8E6;
    overflow: auto;"
    title="this text can be pasted into the Script Editor">
    tell application "System Events"
    tell current location of network preferences
    set VPNservice to service "Work" -- name of the VPN service
    if exists VPNservice then connect VPNservice
    repeat until (connected of current configuration of VPNservice)
    delay 1
    end repeat
    end tell
    end tell
    set gateway to "x.x.x.x" -- omitted here for security
    do shell script "route delete 192.168.25.0/24 " & gateway with administrator privileges
    do shell script "route delete 192.168.20.0/24 " & gateway with administrator privileges
    do shell script "route add 192.168.25.0/24 " & gateway with administrator privileges
    do shell script "route add 192.168.20.0/24 " & gateway with administrator privileges</pre>

  • Making Application deployment working for VPN connection

    Hi Guys,
    Am trying to deploy application to users machines which are connected to VPN.
    I dont have any idea, is that any https connection my SCCM will support. If it is failing, what all the series of steps i need to follow to enable deployment via VPN connection.
    Please suggest.

    If clients are connected through VPN, they will work exactly as any other client you have on your LAN.
    Just make sure that you also specify a boundary for you VPN clients, like you do with you LAN clients.
    Ronni Pedersen | Microsoft MVP - ConfigMgr | Blogs:
    www.ronnipedersen.com/ and www.SCUG.dk/ | Twitter
    @ronnipedersen

  • Help needed for VPN IPSEC configuration.

    Hi There,
    I'm trying to set up a IPSEC VPN connection in my GNS3 lab and all the show commands and debugs does not seem to give me any clues of what is wrong or missing...can someone please help me in troubleshooting my VPN config. Below is the config of router 1
    R1#sh run
    crypto isakmp policy 1
    authentication pre-share
    group 2
    crypto isakmp key 6 cisco123 address 200.20.1.1
    crypto ipsec transform-set CISCO_SET esp-des esp-sha-hmac
    crypto map VPN_map 10 ipsec-isakmp
    ! Incomplete
    set peer 200.20.1.1
    set security-association lifetime seconds 190
    set transform-set CISCO_SET
    match address INT_TRAFFIC
    interface Loopback1
    ip address 172.16.1.1 255.255.255.255
    interface Loopback2
    ip address 172.16.1.2 255.255.255.255
    interface FastEthernet0/0
    ip address 200.11.1.1 255.255.255.252
    ip ospf 1 area 0
    duplex auto
    speed auto
    crypto map VPN_map
    router ospf 1
    log-adjacency-changes
    network 172.16.0.0 0.0.255.255 area 0
    router bgp 65001
    no synchronization
    bgp log-neighbor-changes
    network 200.11.1.0 mask 255.255.255.252
    neighbor 200.11.1.2 remote-as 65030
    no auto-summary
    ip forward-protocol nd
    ip http server
    no ip http secure-server
    ip access-list extended INT_TRAFFFIC
    permit ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.255.255
    permit ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.255.255 log
    end
    R1#sh crypto isakmp sa
    IPv4 Crypto ISAKMP SA
    dst             src             state          conn-id slot status
    IPv6 Crypto ISAKMP SA
    R1#show crypto ipsec sa
    nill.......
    R1#sh debugging
    Cryptographic Subsystem:
      Crypto ISAKMP debugging is on
      Crypto Engine debugging is on
      Crypto IPSEC debugging is on
    settlement:
      memory tracing is on
    R1#sh ip route
    Gateway of last resort is not set
         200.20.1.0/30 is subnetted, 1 subnets
    B       200.20.1.0 [20/0] via 200.11.1.2, 01:28:21
         200.11.1.0/30 is subnetted, 1 subnets
    C       200.11.1.0 is directly connected, FastEthernet0/0
         172.16.0.0/32 is subnetted, 2 subnets
    C       172.16.1.1 is directly connected, Loopback1
    C       172.16.1.2 is directly connected, Loopback2
    R1#ping 200.20.1.1
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 200.20.1.1, timeout is 2 seconds:
    Cheers,
    Fabio

    Thanks guys for getting back to me.
    I found one problem!!!! The ACL spelling it's been fixed....
    crypto map VPN_map 10 ipsec-isakmp
    ! Incomplete
    set peer 200.20.1.1
    set security-association lifetime seconds 190
    set transform-set CISCO_SET
    match address INT_TRAFFIC
    p access-list extended INT_TRAFFFIC
    permit ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.255.255
    permit ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.255.255 log
    now when I do "sh crypto ipsec sa" sure enough I can see the VPN putput
    interface: FastEthernet0/0
        Crypto map tag: VPN_map, local addr 200.20.1.1
       protected vrf: (none)
       local  ident (addr/mask/prot/port): (192.168.0.0/255.255.0.0/0/0)
       remote ident (addr/mask/prot/port): (172.16.0.0/255.255.0.0/0/0)
       current_peer 200.11.1.1 port 500
         PERMIT, flags={origin_is_acl,}
        #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
        #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 0, #pkts compr. failed: 0
        #pkts not decompressed: 0, #pkts decompress failed: 0
        #send errors 0, #recv errors 0
         local crypto endpt.: 200.20.1.1, remote crypto endpt.: 200.11.1.1
         path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
         current outbound spi: 0x0(0)
         inbound esp sas:
         inbound ah sas:
         inbound pcp sas:
         outbound esp sas:
         outbound ah sas:
         outbound pcp sas:
    sh isa    
    and
    R1#sh crypto isakmp sa
    IPv4 Crypto ISAKMP SA
    dst             src             state          conn-id slot status
    200.20.1.1      200.11.1.1      QM_IDLE           1001    0 ACTIVE
    IPv6 Crypto ISAKMP SA
    and for the last
    R1#ping 192.168.1.1 source 172.16.1.1 repeat 10
    Type escape sequence to abort.
    Sending 10, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
    Packet sent with a source address of 172.16.1.1
    Success rate is 100 percent (10/10), round-trip min/avg/max = 36/62/80 ms
    Hey Brian I put that OSPF to run for troubleshooting purposes but I confess it was very silly....
    Thanks guys all fixed and it's so good every now and then to brush up your cisco skills... don't you reckon??
    Cheers,
    Fabio

  • Zone Base Forewall for VPN connections does not work after IOS upgrade

    Hi all,
    We use cisco router 2911 as corporate gateway - there is Zone Based Firewall implemented - I upgraded IOS to last version (15.2(2)T1) - originaly version 15.1(4)M1 - to solve issue with Anyconnect connections (bug CSCtx38806) but I found that after upgrade the VPN users are not able to communicate with sources in other zones.
    More specific
    WebVPN use this virtual template interface
    interface Virtual-Template100
    description Template for SSLVPN
    ip unnumbered GigabitEthernet0/1.100
    zone-member security INSIDE
    There are other zones VOICE, LAB, ...
    In the policy any connection is allowed (used inspection of icmp, tcp and udp) from INSIDE zone to VOICE or LAB zone
    After VPN connection I am able to reach resources in INSIDE zone (which is the most important), but not in other zones. Before upgrade it worked.
    Once I changed zone in Virtual-Template interface to VOICE, I was able to reach sources in VOICE zone but not in any other. I searched more and found the stateful firewall is not working for connections from VPN as ping is blocked by policy on returning way - it means by policy VOICE->INSIDE, once I allowed communication from "destination" zone to INSIDE zone - the connections started to work, but of cause it is not something I want to setup.
    Does anybody has the same experiance?
    Regards
    Pavel

    It seems to me I should add one importatant note - if client is connected directly in INSIDE zone, he can reach resources in other zones without any issue - so the problem is only when the client is connected by VPN - not in ZBF policy setup.
    Pavel

  • Traffic only allowed one-way for VPN connected computers

    Hello,
    I currently have an ASA 5505.  I have set it up as a remote access SSL VPN. My computers can connect to the VPN just fine.  They just can't access the internal LAN (192.168.250.0).  They can't ping the inside interface of the ASA, or any of the machines.  It seems like all traffic is blocked for them.  The strange thing is that when someone is connected to the VPN, I can ping that VPN-connect machine from the ASA and other machines inside the LAN.  It seems the traffic only allows one way.  I have messed with ACL's with no avail.  Any suggestions please?
    DHCP Pool: 192.168.250.20-50 --> For LAN
    VPN Pool: 192.168.250.100 and 192.168.250.101
    Outside interface grabs DHCP from modem
    Inside interface: 192.168.1.1
    Current Running Config:
    : Saved
    ASA Version 8.2(5)
    hostname HardmanASA
    enable password ###### encrypted
    passwd ####### encrypted
    names
    interface Ethernet0/0
    switchport access vlan 20
    interface Ethernet0/1
    switchport access vlan 10
    interface Ethernet0/2
    switchport access vlan 10
    interface Ethernet0/3
    shutdown
    interface Ethernet0/4
    shutdown
    interface Ethernet0/5
    shutdown    
    interface Ethernet0/6
    shutdown
    interface Ethernet0/7
    switchport access vlan 10
    interface Vlan1
    no nameif
    no security-level
    no ip address
    interface Vlan10
    nameif inside
    security-level 100
    ip address 192.168.250.1 255.255.255.0
    interface Vlan20
    nameif outside
    security-level 0
    ip address dhcp setroute
    ftp mode passive
    dns domain-lookup inside
    dns domain-lookup outside
    pager lines 24
    mtu inside 1500
    mtu outside 1500
    ip local pool VPN_Pool 192.168.250.100-192.168.250.101 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 10 interface
    nat (inside) 10 192.168.250.0 255.255.255.0
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    http server enable
    http 192.168.250.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet timeout 5
    ssh 192.168.250.0 255.255.255.0 inside
    ssh timeout 5
    ssh version 2
    console timeout 0
    dhcpd dns 8.8.8.8
    dhcpd address 192.168.250.20-192.168.250.50 inside
    dhcpd enable inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    enable outside
    svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
    svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
    svc image disk0:/anyconnect-linux-2.5.2014-k9.pkg 3
    svc enable
    tunnel-group-list enable
    group-policy DfltGrpPolicy attributes
    dns-server value 8.8.8.8
    vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
    tunnel-group AnyConnect type remote-access
    tunnel-group AnyConnect general-attributes
    address-pool VPN_Pool
    tunnel-group AnyConnect webvpn-attributes
    group-alias AnyConnect enable
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect ip-options
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny 
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip 
      inspect xdmcp
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:30fadff4b400e42e73e17167828e046f
    : end

    Hello,
    I seem to be having the same kind of issue although I cannot ping from either end.
    Ive set up a l2tp/ipsec vpn which I am able to connect to and get ip from my ip pool (radius authentication is working).
    I tried running:
    access-list NAT_0 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
    nat (inside) 0 access-list NAT_0
    but i get an error msg saying that the syntax of the nat command is deprecated. Im running ASA version 8.4.
    Ive fiddled around abit to find the correct syntax but have been unsuccessfull so far.
    Any help would be much appreciated
    This is a part of my config:
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network AD1
    host 192.168.1.31
    description AD/RADIUS
    object network NETWORK_OBJ_192.168.1.0_24
    subnet 192.168.1.0 255.255.255.0
    object network vpn_hosts
    subnet 192.168.2.0 255.255.255.0
    access-list AD_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
    access-list split-acl standard permit 192.168.1.0 255.255.255.0
    access-list inside_nat0_outbound extended permit ip any 192.168.1.0 255.255.255.0
    access-list inside_0_outbound extended permit ip object NETWORK_OBJ_192.168.1.0_24 object vpn_hosts
    ip local pool POOL2 192.168.2.2-192.168.2.10 mask 255.255.255.0
    nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.1.0_25 NETWORK_OBJ_192.168.1.0_25 no-proxy-arp route-lookup
    nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.1.0_25 NETWORK_OBJ_192.168.1.0_25 no-proxy-arp route-lookup
    nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static vpn_hosts vpn_hosts
    object network obj_any
    nat (inside,outside) dynamic interface
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 ########## 1
    no vpn-addr-assign aaa
    no vpn-addr-assign dhcp

  • Access-list needed for vpn

    Hi,
    if we have a LAN to LAN vpn between to two cisco firewalls and allowed the service as IP (ipsec tunnel) do we need indivugial access-list in the security policy ? (i had a similar case where i had to put in a entry on the security policy for port 16000 between the two subnets used onthe LAN to LAN firewalls)
    i was under the impression the security policy applies only for non vpn and for vpn traffic we need to specify on the ipsec tunnel (under the tab service)
    Thanks

    There are two way you can filter traffic which is moving over VPN.
    1) Filter at source ofcourse ACLs are required.
      For example Crypto acl allows - Site A 10.0.0.0/24 to Site-B 20.0.0.0/24 but traffic can be filtered at interface where  10.0.0.0/24  is configured .Lets assume port 80 we want to deny.
    ACL would be -- access-list XXX extended deny tcp 10.0.0.0 255.255.255.0 20.0.0.0 255.255.255.0 eq 80
                                                                                permit any any
                                  acess-group xxxx in inside
    So this will deny port 80 and permit rest of the traffic.
    2) You can configure VPN filter which is called under group policy .
    Thanks
    Ajay

  • Advice needed for alternative to HH3 adsl

    Hi all 
     I am having problems with my HH3 and need to replace it 
     I am looking for an alternative  such as aTP-link
    My needs are quite simple but it must have a good WiFi range I live in a fairly isolated rural spot and am not likely to be able to ever get infinity / cable in the near or even distant future so I am stuck with basic Broadband which I get quite a reasonable dowload speed of aprox 8MBPS
    any suggestions ?
    IE I want something better than HH3
    Regards 
     Mike 

    What about this one, its used by othe forum members?
    TP-LINK TD-W8960N 300 Mbps Wireless N ADSL2+ Modem Router for BT Connections  £26.99 Amazon
    Guide is here.
    http://forumhelp.dyndns.info/hardware/TP_link/wa89​60/adsl/td8960adsl.html
    There are some useful help pages here, for BT Broadband customers only, on my personal website.
    BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

  • Check for VPN Connection Exists

    Hello
    I am working on a windows store app for Enterprise. This app will require internet and VPN connection to get data. I have found a way to check for internet access. However, I am not sure how to check if there is a VPN tunnel available. If VPN is available
    then I can make a call to a WebService and get data. If there is no VPN then the WebService call will fail [after about 10-15 seconds]. I can assume that if the WebService calls fails that means there is no VPN but there must be another way to find this out
    before even calling a Service.
    Please help.
    Thanks
    Bevan

    We're using Microsoft Direct Access rather than a VPN but I think this is worth sharing anyway.
    Rather than calling a web service I'm just using the HttpClient's GetAsync() method to call a small file hosted on an internally hosted web server. This minimises the payload as much as possible which may be important if your users are connected using devices
    with 3G/4G with data limit.
    I'm wrapping the call in a Stopwatch to get a rough idea of the round robin request/response and visualising that for the users so they know how good their connection to the corporate network is. This info is far more useful than the WiFi/Mobile signal bars.
    Stopwatch stopWatch = new Stopwatch();
    stopWatch.Start();
    HttpClient httpClient = new HttpClient();
    HttpResponseMessage response = await httpClient.GetAsync(nslUri);
    response.EnsureSuccessStatusCode(); // -- throw exception if not a success code
    stopWatch.Stop();
    TimeSpan ts = stopWatch.Elapsed;
    This might also be of interest...
    https://msdn.microsoft.com/en-us/library/windows/apps/xaml/windows.networking.vpn.aspx

  • Best setup for vpn connection

    Hi all, Can anyone tell me the normal way of setting up a vpn connection, here we have a router terminating the internet link, and a cisco pix behind it ?

    you can try a very simple Easy VPN configuration in this document.
    http://www.cisco.com/application/pdf/en/us/guest/products/ps6659/c1650/cdccont_0900aecd80313bdf.pdf
    hope this helps.
    rate this post.

  • OS X Server setup advice needed for small business

    I work as audio engineer at a recording studio. I'm an experienced Mac user, but I don't have Mac Server experience. I'm my company's default IT guy. Our office consists of four people, currently using PCs, but we are changing to a Mac-based office: each person will get an iMac, and we'll also get a Mac Mini with OS X Server. And a Time Capsule for both the Apple router and Time Machine backups. The machines will be connected with ethernet for Gigabit networking.
    The server will be used primarily for two things:
    1. Server-based scheduling/contact database program that each user will log-in to for access
    2. Hard drive for storing audio files that will be delivered to clients (currently FTP delivery)
    I'm learning about OS X Server services - there's some great You Tube tutorials by Todd Olthoff http://www.youtube.com/user/tolthoff.
    The office users currently run their computers as independent PC's with all files stored on their local machines. The network lets them share files, as well as share two printers. Note that my plan is for each office user to continue to store their files locally on the iMacs, not on the server.
    I'm trying to decide how much of OS X services I can take advantage of.
    I have some specific questions I'm hoping to get some advice on. These questions came up after viewing Todd's tutorials:
    1. Do I need Open Directory
    I think I do, in order to create local network users. Is this a given for me?
    2. We do not have a static IP address. Do I need to establish DNS services?
    3. Do I need a verified SSL Certificate?
    This is what I have for starters. Any additional advice is welcome!

    Bob Kirschner wrote:
    2. Hard drive for storing audio files that will be delivered to clients (currently FTP delivery)
    Remember that ftp is wildly insecure, and a very large ftp credentials dump — reportedly including credentials from the New York Times and some other users — was just posted.    ftp is a massive pain in the rump around modern networks; the protocol design predates the uniquitious use of firewalls in modern networks. 
    Read: I'm not a fan of ftp.
    Use sftp or VPNs where you can.
    1. Do I need Open Directory
    I think I do, in order to create local network users. Is this a given for me?
    If you want to start using the same login across different Macs in your office, then you want OD.
    2. We do not have a static IP address. Do I need to establish DNS services?
    You need local DNS services on your LAN (probably established via OS X Server), and you'll need external DNS to allow external folks to get to your file servers, and you'll need static IP from your ISP.  If you get to using your own mail, you'll need a proper DNS configuration — forward and reverse DNS translations and the MX record must all match — for that.
    3. Do I need a verified SSL Certificate?
    Unless you're serving HTTPS or such, no.  You don't even need a certificate and can use a self-signed one, if you're small and not serving much publicly from this server, and not doing something like ecommerce, and if whatever you're doing isn't a target for those that want to spoof or crack web sites; if you're not more of a target than most of the rest of us on the 'net.
    Any additional advice is welcome!
    I'd probably look to add a VPN-capable firewall router box here, and would use the Time Capsule as a so-called Access Point on the network — not as a NAT-capable gateway router.  This if you don't already have a router of some sort.  Time Capsule makes a nice home router or low-end SOHO router, but it's fairly limited in its features. 
    You absolutely need LAN-local DNS, and you need that correct and working and tested before you enable other services on your network.
    I'd recommend using a real and registered domain on your internal network, and using a separate (and registered) domain outside your network.  You can get away with using a subdomain inside, but that means more typing as it's just longer.  I'd avoid a made-up domain, as ICANN is adding all sorts of new domains.  I'd also avoid squatting on a domain, and never use the .local top-level domain as your own DNS domain.  Leave .local to Bonjour only.

  • Advice needed for backup strategy for office

    My office is switching from PC to Mac (yay!) and I'm in charge of setting up the system. We'll be using 4 iMacs and a Mac Mini Server with ethernet connections. I'd like to ask what is recommended for backing up these computers.
    My thought would be to back up the iMacs separately from the server - is this definitely the way to go?
    I'm thinking to get a 3TB Time Capsule for the 4 iMacs so that Time Capsule will do automatic backups.
    - Is it OK to have 4 iMacs backup to one Time Capsule like this?
    As for the Mac Mini server, I'm not sure how to best back it up.
    Since it has two 1TB drives, I'm thinking of using one drive for data and having it automatically backup to the other internal drive. Any thoughts on this idea?
    Or, it is possible to connect an external USB drive to the Time Capsule's USB port, and have Time Machine backup the server to the external drive?
    Any advice is greatly appreciated!

    The TC is really a home solution.
    For business I think you should consider something extra.
    Although 4 computers and a server is not a big setup, it is worthwhile doing a more professional backup and use something more professional than Time Machine.
    For instance..
    http://www.retrospect.com/au/products/mac
    I have not used it.. but I see it recommended in business / larger installs. It is not cheap but well worth considering.
    I would not use the internal disk of the server for backup.
    As for the Mac Mini server, I'm not sure how to best back it up.
    Since it has two 1TB drives, I'm thinking of using one drive for data and having it automatically backup to the other internal drive. Any thoughts on this idea?
    You can raid the two disks if you don't need the capacity.
    But backup to a USB drive plugged in.. USB3 drives are cheap and speedy. Much more reliable than using network drives.
    Raid for integrity of working data.. backup to separate change over disks.
    So weekly you change over the USB drive for backup and store the other one at home.
    I'm thinking to get a 3TB Time Capsule for the 4 iMacs so that Time Capsule will do automatic backups.
    - Is it OK to have 4 iMacs backup to one Time Capsule like this?
    You can do this.. It is fine to have 4 Macs backup to it. But if you are not using the wireless router it is a waste.. you can just backup over network to the server.. TM works fine on network.
    You can buy another 3TB USB drive for backup of the clients.. normally though you want all the working data on the server and back that up. You are thinking a more peer to peer model.. once you introduce the server you can work on a more server client model where the current files are held on the server.

  • Urgent: Advice needed for buying my first RAID

    Hi,
    I am looking to place an order today as I have a pile of editing to get through - so I would love to hear your recommendations!
    First of all I am a networking and RAID newbie so don't go all acronym and geek-speek-tastic on me or I won't have a clue what you are talking about. Seriously I don't know my NAS from my elbow!
    My requirements are:
    1. Suitable for working with HDV
    2. 2TB of storage
    3. Must work with PowerMac G5 2GHz Dual (later model)
    4. Must support RAID 5
    5. RAID must be controlled by hardware (on RAID box or via PCIe card)
    The following have been suggested - has anyone used them?:
    Opt1: http://www.enhance-tech.com/products/desktop/t4_cr.html
    (Would probably need to put an eSATA card in my Mac but RAID control is on the box.
    Only goes to 80MB/sec - is this good enough for working with ProRes 422? I am looking to convert my HDV to ProRes 422 before output to mpeg2 as I believe this can give better results.)
    Opt2: http://www.g-technology.com/Products/G-SPEED-eS.cfm
    (Would need to put a RAID controller in my Mac so not so good for connecting to other Macs.)
    But I found this and was wondering if it was also suitable (as its cheaper!):
    Opt3: http://www.thecus.com/products_over.php?cid=11&pid=28&PHPSESSID=091b7808cfa54754 383932fc512ea056
    (Would connect by 1Gb/sec ethernet to my Mac. RAID controller on the box. Someone said stay away from ethernet but I don't understand why?).
    Any advice gratefully received. I need to make a decision real quick!
    Keep it mellow, B.

    It appears that you need to step back and rethink your business. Heck, we don’t even know that you have a business. What you’re up to might just be personal editing. So I apologize if what I’m about to say overestimates you or underestimates you.
    FORMAT
    You say, “suitable for working with HDV”, but you don’t say whether you MUST work with HDV. As others in this thread have pointed out, HDV is a “poor man’s Hi-Def”. It compresses images so diabolically in Long GOP that image quality suffers, and, as Shane points out, “the long GOP format is very complex and takes a LOT of time to do things.”
    The other extreme is recording and editing in 1080i/p at 4K. Very few people in this world demand extreme quality. So, the best format overall is DVCPro HD. Today, DVCPro HD cameras cost only about a third more than the next nearest HDV. What’s more important, to me, is that DVCPro allows you to move away from having to use tape at all. It’s the year 2008 (almost). Tape is over. If it’s too late to sell your camera and switch, then so be it.
    STORAGE
    You say, “2TB of storage”. For HD work, that’s a bare minimum. My recommendation is to get a 4-tray or 5-tray box with room to grow, even though the extra trays will remain empty your first 6-12 months.
    Buy an empty enclosure that you can populate with your own drives. That way, you can use 1TB bare drives. (Don’t buy anything smaller.) You can put together a stack of 5 1TB drives in an eSATA RAID box for less than $2,000.
    RAID
    You say, “PowerMac G5 2GHz Dual...via PCIe card”. You mean PCIx card. PCIe is for Intel Macs.
    You write, “I want RAID (esp. RAID 5... If a drive fails I want to simply be able to swap a new drive in, restore, and be under way again.” But several of your comments indicate that you really don’t need in-line failsafe. For that reason, let me recommend mirroring or something even simpler: a backup drive.
    JBOD (Just a Bunch Of Disks) treats each drive in your stack as a separate volume. So, what you see on your desktop is Drive_01, Drive_02. If you subtract the cost for the RAID controller (in the box or in your PCI slot), you can afford to buy TWO plain JBOD boxes, and maintain one as redundant. That satisfies your, “If a drive fails I want to simply be able to swap a new drive in, restore, and be under way again.” In fact, you can skip the “restore” part.
    Ken Summerall wrote: “If you are shooting HDV then you have the tapes, those are your backups. If a drive goes down you recapture.”
    You responded, “that is not the same as having redundancy of data - and simply being able to swap in a new drive and do a restore.”
    You make it sound as though you expect this to happen once a week. It won’t. Backup is good enough. That kind of “time saved” once every year or two isn’t worth it.
    SATA vs. FIREWIRE
    Again, it’s the year 2008 (almost). Why would you want FireWire? Apple is being so stubborn, pretending that eSATA does not exist, because it has so much invested in its FW technology. But even Apple will be forced to come around in its next models.
    While we’re talking about it, the claimed 80MB/sec for the Enhance T4 CR probably refers to the FireWire and USB interfaces, not to the SATA.
    ENCLOSURE SHARING
    You write, “I also wanted to use the same RAID box with a Macbook Pro. So how would two Macs share the same RAID box?
    What kind of sharing do you mean? If you mean that you and your partner can access the same video simultaneously in adjoining rooms, then you need FibreChannel. But, as Shane points out, “...a Fibrechannel setup, then an XServe Server...is NOT cheap.”
    As Ken writes, “You can get a eSata card for your G5 and an ExpressCard for your MBP and share the box. With this you could get a Kona or Blackmagic card and capture your footage as DVCProHD and also have a way to monitor your HDV footage.”
    Amen.
    VENDORS
    G-SPEED is reliable, with good support. Caldigit has a platinum reputation. Of course, there are MaxxDigital, Sonnet and Dulce Systems.
    Enhance is the new kid on the block, and they are significantly less expensive with, in my experience so far, excellent build quality and quick (human) response. They manufacture in Taiwan, but they’re headquartered in -- and ship out of -- Lower California. So they don’t talk to you in Taiwanese as the cheap enclosure sites do.
    So there.
    Message was edited by: Al Hatch

Maybe you are looking for