Cisco Wrvs4000 VPN router quick connect not working

I think I am losing my mind, I have an WRVS 4000 version 2.0.1.3 I have:
created an account in the client acces list in the router
ensured I have allowed VPN pass through for ipsec, pptp, l2tp
installed the cisco quick connect client on the remote station (version 1.4.2.1)
setup a profile with the my statically assigned ip address.
I have tried from a couple of different workstations to connect and have no success. I just keep getting this error:
Yes I have triple checked my password
I have a valid ip
I have the right ip address for the wan/server
windows firewall i am not 100% sure but i have disabled it on both sides
i am not using the same ip subnet so there should be no conflict
I have set these connection up before but never had this much problem.....can someone please help me out.
Thanks in advance!
D

Similar Messages

You must have connected the Time Capsule with a router that does not work with my direct cable from my ISP

you must have connected the Time Capsule with a router that does not work with my direct cable from my ISP

I tried to answer in your other post.. please stick to one thread ..
What method of internet do you have.. is this fibre install.. if so the TC should just plug in and use dhcp in router mode.. press and hold the reset and it will go back to router mode by default.

RV215W router port forwarding not working

RV215W router port forwarding not working.
Port forwarding works for a short period of time, then stops working. Reboot router, works again for short period of time, then stops again.
I have updated firmware to latest. I had seen other similar bugs posted for 220 and I think 180, not sure if this router has similar bugs and waiting for fix release to firmware.
I had recently purchased two, one deployed, will hold off on other now because of issues, and may have to move to different unit if a resolution not found this week.
Dave Gritten
IT Director
Maritime Beauty
3695 Barrington St
Halifax NS B3K 2Y3
cell 902.223.9685
phone 902.429.8510 ext231
fax 902.422.7983
[email protected]
www.MaritimeBeauty.com

It's not just single port forwarding that has bugs, the entire router has bugs and simply does not work as advertised. I have found the following bugs/aspects of this router that just does not work correctly: 1. If you have to open ports, and who doesn’t, this router will eventually stop accepting packets from WAN>LAN. You will still have Internet access but no open ports. A reboot will fix this problem. Oh, by the way, this router has no scheduled reboot option! <--That would be a workaround but a welcome one for this router. 2. Firewall Access rules do not work!! Yep, a Cisco router and basic functionality simply does not work. I called Cisco and even though the tech saw the router not working denied it was a bug! Said we have to do port mirroring, setup a workstation with WireShark and capture packets so we can debug the issues. That would take several hours. I told him I would have appreciated if Cisco would have debugged the issues with their router BEFORE they shipped the units. Stay away from Cisco Small Business Routers. I wish I had. And if there are any Cisco die-hards out there willing to prove me wrong, just reply to this and please, prove me wrong that the RV series and specifically the RV215W is not JUNK.

Camera connection not working with my camera

Camera connect not working with my Sony boggie camera

The Bloggie will not work because it draws too much power from the USB port on the iPad. The solution is to interpose a powered USB hub between the Bloggie and the iPad - connect the Bloggie to the powered hub, then connect the hub to the ipad accessory. Works fine with my 3D Bloggie.

X-Fi Titanium PCI Express front pannel connection not working

<font face="verdana,geneva" size="3">I can not get any signal to or from the front pannel connector of my X-Fi Titanium PCI Express. (The rear jacks are working fine.)
<font face="verdana,geneva" size="3">The front header cable from my Antec P-80B worked perfectly with my onboard motherboard sound. Now that I have it connected to my X-Fi I get nothing from the jacks on the front of my case. (The onboard sound is disabled in my BIOS.)? I've double and tripple checked the connection and it is properly keyed and fitted. Is there a step or a setting that I'm missing somewhere to get this working? Can anyone confirm that the front pannel connection is acti've on the X-Fi Titanium PCI Express?

Re: X-Fi Titanium PCI Express front pannel connection not working? I was truly hoping that would help and I wanted to give you some additional hope. I have a coolermaster case, and it has the AC97 jack on the inside with all my other other front panel connectors for hard dri've activity light, reset, and power on. Three inches down from the AC97 jack, the INTEL HD *which works beautifully with the X-FI, only differs by three wires in different locations and the two pinouts configurations match those of the INTEL site identically.
Please tell me what happens as I would like to post a step by step guide for the others here in the forum. You will know when you have successfully adapted the connector because in VISTA and Windows 7, your sound applet in control panel will have a display of the connectors "lit up" when they are successfully connected. Mine shows FP microphone in the applet when its plugged in, and grayed out when its not. Its great for telling if I am connected on the rear of the soundcard of the front.
Best of luck and .......
Message Edited by jmacguire on 07-06-2009 :09 PM

L2TP VPN connection not working under 10.6.3

Hi everyone.
I need to connect to a VPN with L2TP/IPSec.
The connection works fine if I boot into Bootcamp (win7).
But if I boot into 10.6.3, it does not work.
any idea what the problem could be.
Settings are triple checked and copy pasted into their proper fields (like in win7). router settings are correct, otherwise it would not work in win7.
So it is a problem with osx.
The following is out of the ppp.log:
Thu Apr 22 19:14:03 2010 : L2TP connecting to server 'vpn.xxx.com' (x.x.x.x)...
Thu Apr 22 19:14:03 2010 : IPSec connection started
Thu Apr 22 19:14:03 2010 : IPSec phase 1 client started
Thu Apr 22 19:14:03 2010 : IPSec phase 1 server replied
Thu Apr 22 19:14:04 2010 : IPSec phase 2 started
Thu Apr 22 19:14:34 2010 : IPSec connection failed
the server is reachable, but something fails in phase 2.
in the system log, the entry is:
Apr 22 19:14:03 noname pppd[517]: pppd 2.4.2 (Apple version 412.0.10) started by x, uid x
Apr 22 19:14:03 noname pppd[517]: L2TP connecting to server 'vpn.xxx.com' (x.x.x.x)…
Apr 22 19:14:03 noname pppd[517]: IPSec connection started
Apr 22 19:14:03 noname racoon[518]: Connecting.
Apr 22 19:14:03 noname racoon[518]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
Apr 22 19:14:03 noname racoon[518]: IKE Packet: receive success. (Initiator, Main-Mode message 2).
Apr 22 19:14:03 noname racoon[518]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
Apr 22 19:14:03 noname racoon[518]: IKE Packet: receive success. (Initiator, Main-Mode message 4).
Apr 22 19:14:03 noname racoon[518]: IKE Packet: transmit success. (Initiator, Main-Mode message 5).
Apr 22 19:14:03 noname racoon[518]: IKEv1 Phase1 AUTH: success. (Initiator, Main-Mode Message 6).
Apr 22 19:14:03 noname racoon[518]: IKE Packet: receive success. (Initiator, Main-Mode message 6).
Apr 22 19:14:03 noname racoon[518]: IKEv1 Phase1 Initiator: success. (Initiator, Main-Mode).
Apr 22 19:14:03 noname racoon[518]: IKE Packet: transmit success. (Information message).
Apr 22 19:14:03 noname racoon[518]: IKEv1 Information-Notice: transmit success. (ISAKMP-SA).
Apr 22 19:14:04 noname racoon[518]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
Apr 22 19:14:04 noname racoon[518]: IKE Packet: receive success. (Information message).
Apr 22 19:14:07 noname racoon[518]: IKE Packet: transmit success. (Phase2 Retransmit).
Apr 22 19:14:08 noname racoon[518]: IKE Packet: receive success. (Information message).
Apr 22 19:14:10 noname racoon[518]: IKE Packet: transmit success. (Phase2 Retransmit).
Apr 22 19:14:10 noname racoon[518]: IKE Packet: receive success. (Information message).
Apr 22 19:14:13 noname racoon[518]: IKE Packet: transmit success. (Phase2 Retransmit).
Apr 22 19:14:13 noname racoon[518]: IKE Packet: receive success. (Information message).
Apr 22 19:14:16 noname racoon[518]: IKE Packet: transmit success. (Phase2 Retransmit).
Apr 22 19:14:16 noname racoon[518]: IKE Packet: receive success. (Information message).
Apr 22 19:14:19 noname racoon[518]: IKE Packet: transmit success. (Phase2 Retransmit).
Apr 22 19:14:19 noname racoon[518]: IKE Packet: receive success. (Information message).
Apr 22 19:14:22 noname racoon[518]: IKE Packet: transmit success. (Phase2 Retransmit).
Apr 22 19:14:22 noname racoon[518]: IKE Packet: receive success. (Information message).
Apr 22 19:14:25 noname racoon[518]: IKE Packet: transmit success. (Phase2 Retransmit).
Apr 22 19:14:26 noname racoon[518]: IKE Packet: receive success. (Information message).
Apr 22 19:14:28 noname racoon[518]: IKE Packet: transmit success. (Phase2 Retransmit).
Apr 22 19:14:28 noname racoon[518]: IKE Packet: receive success. (Information message).
Apr 22 19:14:31 noname racoon[518]: IKE Packet: transmit success. (Phase2 Retransmit).
Apr 22 19:14:31 noname racoon[518]: IKE Packet: receive success. (Information message).
Apr 22 19:14:34 noname pppd[517]: IPSec connection failed
Apr 22 19:14:34 noname racoon[518]: IKE Packet: transmit failed. (Information message).
Apr 22 19:14:34 noname racoon[518]: IKEv1 Information-Notice: transmit failed. (Delete ISAKMP-SA).
Apr 22 19:14:34 noname racoon[518]: Disconnecting. (Connection tried to negotiate for, 31.609591 seconds).
Apr 22 19:14:34 noname racoon[518]: IKE Packets Transmit Failure-Rate Statistic. (Failure-Rate = 7.143).
Apr 22 19:14:34 noname racoon[518]: IKE Information-Notice Transmit Failure-Rate Statistic. (Failure-Rate = 100.000).

Hi
i have the same messages on 10.6.4 and with the sonic xx170:
28.06.10 11:39:04 racoon[489] IKE Packet: transmit success. (Phase2 Retransmit).
28.06.10 11:39:07 racoon[489] IKE Packet: transmit success. (Phase2 Retransmit).
28.06.10 11:39:08 racoon[489] IKE Packet: receive success. (Information message).
28.06.10 11:39:10 pppd[488] IPSec connection failed
28.06.10 11:39:10 racoon[489] IKE Packet: transmit success. (Information message).
28.06.10 11:39:10 racoon[489] IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
any ideas?
waiting on 10.6.5, 10.6.6 ....?
regards, Arthur

Trying to Connect an Avaya 5610 VPN phone to a Cisco WRVS4400N VPN Router

I am trying to connect a VOIP VPN phone to a network that is hosted by a Cisco WRVS4400N Router running Firmware version 2.0.0.8
I do not need a tunnel as I want to be able to connect this phone from any remote location. But I need to be able to setup IPSec I believe.
The phone uss IKE parameters of DH2-3DES-ANY and IPSec Parameters od NOPFS-ANY-ANY.
Does the VPN Client Accounts support the above parameters?
I have tried setting the IKE to DH2-3DES-SHA1, and it did not work, and I tried DH?-ANY-ANY and IPSec of DH?-Null-ANY.
I see where people have got this phone to work with Netgear FVS314, and I figured this one sets up about the same as the Netgear.
Anyone ever do this with this router and phone? I would rather get this done witha $300 router versus an $1800 one.

The VPN Wizard, I believe is in the PDM menu... not sure since I don't use it.
SSH.....
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
Hope this helps,
JD

TS2972 when i connect my apple TV flashes quickly and not working

when i connect my apple TV flashes quickly and not working

connect it using usb to the computer and restore the os

Cisco CP-78XX SIP Phone Pickup Not Work on CME

Hi,
I configured some SIP phones (CP-7821, CP-7841) with pickup function. Is it the Pickup / GPickup soft keys not function as the SIP phone? If yes, then I can use the FAC to access that? And I tried the FAC std. / custom as the pickup / gpickup .. both not work ... I don't know how to use the FAC on CME? As the FAC std., if I pickup local, that I should press (**3) > call?
Ref.:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/admin/configuration/guide/cmeadm/cmecover.html#45535
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/admin/configuration/guide/cmeadm/cmefacs.html#30064
This is the configuration:
CME-SIP-Phone#sh run
Building configuration...
Current configuration : 5413 bytes
! Last configuration change at 11:06:12 UTC Fri Nov 28 2014 by mtlops
version 15.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname CME-SIP-Phone
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.154-2.T1.bin
boot-end-marker
! card type command needed for slot/vwic-slot 0/0
enable secret 5 $XXXXXXXXXXXXXXXXXXXXXXXX
aaa new-model
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
aaa session-id common
ip cef
no ipv6 cef
multilink bundle-name authenticated
stcapp feature access-code
voice-card 0
dspfarm
dsp services dspfarm
voice service pots
voice service voip
ip address trusted list
ipv4 10.118.0.0 255.255.255.0
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
no supplementary-service h225-notify cid-update
redirect ip2ip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
h323
no h225 timeout keepalive
call preserve
sip
bind control source-interface GigabitEthernet0/0
bind media source-interface GigabitEthernet0/0
registrar server expires max 600 min 60
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
voice class h323 1
h225 timeout tcp establish 3
call preserve
voice class custom-cptone ABC-Company
dualtone disconnect
frequency 425
cadence 500 500
voice register pool-type 7821
description Cisco IP Phone 7821
reference-pooltype 6921
voice register pool-type 7841
description Cisco IP Phone 7841
reference-pooltype 6941
voice register global
mode cme
source-address 10.118.0.10 port 5060
timeouts interdigit 2
max-dn 200
max-pool 100
authenticate register
authenticate realm all
timezone 42
time-format 24
date-format D/M/Y
mwi stutter
mwi reg-e164
voicemail 5000
call-feature-uri pickup http://10.118.0.10/pickup
call-feature-uri gpickup http://10.118.0.10/gpickup
tftp-path flash:
file text
create profile sync 0001170446349417
ntp-server 10.118.0.10 mode unicast
ip qos dscp af11 media
ip qos dscp cs2 signal
ip qos dscp af43 video
ip qos dscp 25 service
camera
video
voice register dn 2
number 1000
pickup-call any-group
pickup-group 1
name BB Leung
label BB Leung
voice register dn 3
number 1001
pickup-call any-group
pickup-group 1
name CC Chan
label CC Chan
voice register dn 4
number 1002
pickup-call any-group
pickup-group 1
name DD Leung
label DD Leung
voice register dn 50
mwi
voice register template 1
softkeys hold Newcall Resume
softkeys idle Newcall Redial Gpickup Pickup Cfwdall DND
softkeys seized Cfwdall Endcall Redial
softkeys connected Confrn Endcall Hold Trnsfer
voice register pool 1
busy-trigger-per-button 1
id mac A8XX.XXXX.XXXX
type 7841
number 1 dn 2
template 1
dtmf-relay sip-notify
username 1001 password 112233
codec g711ulaw
no vad
voice register pool 2
busy-trigger-per-button 1
id mac 50XX.XXXX.XXXX
type 7841
number 1 dn 3
template 1
dtmf-relay sip-notify
username 1002 password 112233
codec g711ulaw
no vad
voice register pool 3
busy-trigger-per-button 1
id mac 00XX.XXXX.XXXX
type 7821
number 1 dn 4
template 1
dtmf-relay sip-notify
username 1003 password 112233
codec g711ulaw
no vad
license udi pid CISCO2921/K9 sn FHK1407F25D
license accept end user agreement
license boot c2900 technology-package uck9
hw-module pvdm 0/0
hw-module sm 1
username mtlops privilege 15 secret 5 $1$0qqx$1WGdfRW.flJrwmY7k8eUy0
redundancy
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 10.118.0.10 255.255.255.0
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
interface SM1/0
no ip address
shutdown
service-module fail-open
interface SM1/1
no ip address
interface Vlan1
no ip address
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.118.0.1
control-plane
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
mgcp profile default
dspfarm profile 1 conference
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 7
associate application SCCP
shutdown
gatekeeper
shutdown
telephony-service
max-conferences 8 gain -6
transfer-system full-consult
fac standard
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
transport input all
scheduler allocate 20000 1000
end
CME-SIP-Phone#sh telephony-service fac
telephony-service fac standard
callfwd all **1
callfwd cancel **2
pickup local **3
pickup group **4
pickup direct **5
park **6
dnd **7
redial **8
voicemail **9
ephone-hunt join *3
ephone-hunt cancel #3
ephone-hunt hlog *4
ephone-hunt hlog-phone *5
trnsfvm *6
dpark-retrieval *0
cancel call waiting *1

VPN is not Configured prints on all phones now with the built-in VPN client if VPN isn't configured. That's normal and is just cosmetic. That should not be causing your registration issues.

Cisco 1841 as PPTP client Does not work

Dear All,
I have Cisco 1841 router running the below roles
1) SSL VPN Server
2) PPTP Server
3) Site to Site Connection with Sonicwall router
I want the router to be configured a pptp client to internet vpn server (so that i will get a fixed public ip )
Once i get this ip address i want to use this connection to accept in coming connection and forward ports to internal host,
I went through below
http://www.mreji.eu/content/cisco-router-pptp-client
https://supportforums.cisco.com/thread/2167562
But it does not work as i do not have the option for the below 2 commands in vpdn-group 2 section.(Please see section in blue)
protocol pptp
rotary-group 4
Please Advise and Help
Regards
Hasan Reza
My Current Config is as below
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.06.09 17:55:23 =~=~=~=~=~=~=~=~=~=~=~=
exit
Gateway#show run |
Building configuration...
Current configuration : 25109 bytes
! Last configuration change at 13:33:57 UTC Sun Jun 9 2013 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Gateway
boot-start-marker
boot system flash c1841-advsecurityk9-mz.151-2.T1.bin
boot-end-marker
logging buffered 4096
no logging console
enable secret 5 $1$SciF$TlX1tR5qaG9ZE7pdZHcRJ/
no aaa new-model
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.236.5.1 10.236.5.20
ip dhcp excluded-address 10.236.5.21 10.236.5.50
ip dhcp excluded-address 172.21.51.2 172.21.51.50
ip dhcp pool ContosoPool
   network 10.236.5.0 255.255.255.0
   default-router 10.236.5.254
   dns-server 213.42.20.20 195.229.241.222
ip dhcp pool DMZ
   network 172.21.51.0 255.255.255.0
   dns-server 172.21.51.10
   default-router 172.21.51.1
   domain-name contoso.local
ip cef
ip domain name contoso.local
ip name-server 213.42.20.20
ip name-server 195.229.241.22
ip name-server 195.229.241.222
ip ddns update method dyndns
HTTP
add http://xxxxxx:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://xxxxxx:yyyyy@@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 0 1 0 0
multilink bundle-name authenticated
vpdn enable
vpdn-group 2
request-dialin
protocol l2tp
initiate-to ip 173.195.0.42
vpdn-group RAS-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
crypto pki token default removal timeout 0
crypto pki trustpoint TP.StartSSL.CA
enrollment terminal pem
revocation-check none
crypto pki trustpoint TP.StartSSL-vpn
enrollment terminal pem
usage ssl-server
serial-number none
fqdn ssl.spktelecom.com
ip-address none
revocation-check crl
rsakeypair RSA.StartSSL-vpn
crypto pki trustpoint TP-self-signed-1981248591
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1981248591
revocation-check none
rsakeypair TP-self-signed-1981248591
crypto pki trustpoint VMWare
enrollment terminal
revocation-check crl
crypto pki trustpoint OWA
enrollment terminal pem
revocation-check crl
crypto pki certificate chain TP.StartSSL.CA
certificate ca 01
(removed the certificate info for clarity)
   quit
crypto pki certificate chain TP.StartSSL-vpn
certificate 0936E1
    (removed the certificate info for clarity)9
   quit
certificate ca 18
(removed the certificate info for clarity)
   quit
crypto pki certificate chain TP-self-signed-1981248591
certificate self-signed 01
    (removed the certificate info for clarity)
   quit
crypto pki certificate chain VMWare
certificate ca 008EDCE6DBCE6B
    (removed the certificate info for clarity)
   quit
crypto pki certificate chain OWA
   (removed the certificate info for clarity)
license udi pid CISCO1841 sn FCZ122191TW
archive
log config
hidekeys
username admin privilege 15 password 7 1304131F02023B7B7977
username ali password 7 06070328
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 84000
crypto isakmp key admin_123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
crypto ipsec transform-set strongsha esp-3des esp-sha-hmac
crypto dynamic-map mydyn 10
set transform-set strongsha
crypto map Dxb-Auh 1000 ipsec-isakmp dynamic XXXXXXXXXX
interface FastEthernet0/0
description Internal Network (Protected Interface)
ip address 10.236.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
interface Virtual-Template1
ip unnumbered Dialer1
peer default ip address dhcp-pool ContosoPool
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2 eap
interface Dialer1
ip ddns update hostname XXXXXXX.dyndns.org
ip ddns update dyndns
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1450
dialer pool 1
ppp pap sent-username vermam password 7 13044E155E0913323B
crypto map Dxb-Auh
interface Dialer2
mtu 1460
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 2
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2 callin
ppp eap refuse
ppp chap hostname hasanreza
ppp chap password 7 070E2541470726544541
interface Dialer995
no ip address
ip local pool webssl 10.236.6.10 10.236.6.30
ip forward-protocol nd
ip http server
ip http secure-server
ip nat inside source list nat interface Dialer1 overload
ip nat inside source static tcp 10.236.5.12 25 interface Dialer1 25
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.21.51.0 255.255.255.0 10.236.5.253
ip access-list extended internal
permit ip any 10.236.5.0 0.0.0.255
ip access-list extended nat
deny   ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
deny   ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 any
ip access-list extended nonat
permit ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
ip access-list extended sslacl
ip access-list extended webvpn
permit tcp any any eq 443
logging esm config
access-list 101 permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
control-plane
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
line vty 5 15
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
scheduler allocate 20000 1000
webvpn gateway gateway1
ip interface Dialer1 port 443
ssl encryption rc4-md5
ssl trustpoint TP.StartSSL-vpn
inservice
webvpn install svc flash:/webvpn/anyconnect-win-3.1.00495-k9.pkg sequence 1
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context webvpn
ssl authenticate verify all
url-list "Webservers"
   heading "SimpleIT Technologies NBNS Servers"
   url-text "Google" url-value "www.google.com"
   url-text "Mainframe" url-value "10.236.5.2"
   url-text "Mainframe2" url-value "https://10.236.5.2"
nbns-list "ContosoServer"
   nbns-server 10.236.5.10
   nbns-server 10.236.5.11
   nbns-server 10.236.5.12
port-forward "PortForwarding"
   local-port 3389 remote-server "10.236.5.10" remote-port 3389 description "Server-DC01"
policy group policy1
   url-list "Webservers"
   port-forward "PortForwarding"
   nbns-list "ContosoServer"
   functions file-access
   functions file-browse
   functions file-entry
   functions svc-enabled
   svc address-pool "webssl"
   svc default-domain "Contoso.Local"
   svc keep-client-installed
   svc split include 10.236.5.0 255.255.255.0
   svc split include 10.236.6.0 255.255.255.0
   svc split include 172.31.1.0 255.255.255.0
   svc split include 172.21.51.0 255.255.255.0
   svc dns-server primary 172.21.51.10
default-group-policy policy1
gateway gateway1
inservice
end
Gateway#

Dear All,
I have Cisco 1841 router running the below roles
1) SSL VPN Server
2) PPTP Server
3) Site to Site Connection with Sonicwall router
I want the router to be configured a pptp client to internet vpn server (so that i will get a fixed public ip )
Once i get this ip address i want to use this connection to accept in coming connection and forward ports to internal host,
I went through below
http://www.mreji.eu/content/cisco-router-pptp-client
https://supportforums.cisco.com/thread/2167562
But it does not work as i do not have the option for the below 2 commands in vpdn-group 2 section.(Please see section in blue)
protocol pptp
rotary-group 4
Please Advise and Help
Regards
Hasan Reza
My Current Config is as below
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.06.09 17:55:23 =~=~=~=~=~=~=~=~=~=~=~=
exit
Gateway#show run |
Building configuration...
Current configuration : 25109 bytes
! Last configuration change at 13:33:57 UTC Sun Jun 9 2013 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Gateway
boot-start-marker
boot system flash c1841-advsecurityk9-mz.151-2.T1.bin
boot-end-marker
logging buffered 4096
no logging console
enable secret 5 $1$SciF$TlX1tR5qaG9ZE7pdZHcRJ/
no aaa new-model
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.236.5.1 10.236.5.20
ip dhcp excluded-address 10.236.5.21 10.236.5.50
ip dhcp excluded-address 172.21.51.2 172.21.51.50
ip dhcp pool ContosoPool
   network 10.236.5.0 255.255.255.0
   default-router 10.236.5.254
   dns-server 213.42.20.20 195.229.241.222
ip dhcp pool DMZ
   network 172.21.51.0 255.255.255.0
   dns-server 172.21.51.10
   default-router 172.21.51.1
   domain-name contoso.local
ip cef
ip domain name contoso.local
ip name-server 213.42.20.20
ip name-server 195.229.241.22
ip name-server 195.229.241.222
ip ddns update method dyndns
HTTP
add http://xxxxxx:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://xxxxxx:yyyyy@@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 0 1 0 0
multilink bundle-name authenticated
vpdn enable
vpdn-group 2
request-dialin
protocol l2tp
initiate-to ip 173.195.0.42
vpdn-group RAS-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
crypto pki token default removal timeout 0
crypto pki trustpoint TP.StartSSL.CA
enrollment terminal pem
revocation-check none
crypto pki trustpoint TP.StartSSL-vpn
enrollment terminal pem
usage ssl-server
serial-number none
fqdn ssl.spktelecom.com
ip-address none
revocation-check crl
rsakeypair RSA.StartSSL-vpn
crypto pki trustpoint TP-self-signed-1981248591
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1981248591
revocation-check none
rsakeypair TP-self-signed-1981248591
crypto pki trustpoint VMWare
enrollment terminal
revocation-check crl
crypto pki trustpoint OWA
enrollment terminal pem
revocation-check crl
crypto pki certificate chain TP.StartSSL.CA
certificate ca 01
(removed the certificate info for clarity)
   quit
crypto pki certificate chain TP.StartSSL-vpn
certificate 0936E1
    (removed the certificate info for clarity)9
   quit
certificate ca 18
(removed the certificate info for clarity)
   quit
crypto pki certificate chain TP-self-signed-1981248591
certificate self-signed 01
    (removed the certificate info for clarity)
   quit
crypto pki certificate chain VMWare
certificate ca 008EDCE6DBCE6B
    (removed the certificate info for clarity)
   quit
crypto pki certificate chain OWA
   (removed the certificate info for clarity)
license udi pid CISCO1841 sn FCZ122191TW
archive
log config
hidekeys
username admin privilege 15 password 7 1304131F02023B7B7977
username ali password 7 06070328
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 84000
crypto isakmp key admin_123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
crypto ipsec transform-set strongsha esp-3des esp-sha-hmac
crypto dynamic-map mydyn 10
set transform-set strongsha
crypto map Dxb-Auh 1000 ipsec-isakmp dynamic XXXXXXXXXX
interface FastEthernet0/0
description Internal Network (Protected Interface)
ip address 10.236.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
interface Virtual-Template1
ip unnumbered Dialer1
peer default ip address dhcp-pool ContosoPool
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2 eap
interface Dialer1
ip ddns update hostname XXXXXXX.dyndns.org
ip ddns update dyndns
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1450
dialer pool 1
ppp pap sent-username vermam password 7 13044E155E0913323B
crypto map Dxb-Auh
interface Dialer2
mtu 1460
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 2
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2 callin
ppp eap refuse
ppp chap hostname hasanreza
ppp chap password 7 070E2541470726544541
interface Dialer995
no ip address
ip local pool webssl 10.236.6.10 10.236.6.30
ip forward-protocol nd
ip http server
ip http secure-server
ip nat inside source list nat interface Dialer1 overload
ip nat inside source static tcp 10.236.5.12 25 interface Dialer1 25
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.21.51.0 255.255.255.0 10.236.5.253
ip access-list extended internal
permit ip any 10.236.5.0 0.0.0.255
ip access-list extended nat
deny   ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
deny   ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 any
ip access-list extended nonat
permit ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
ip access-list extended sslacl
ip access-list extended webvpn
permit tcp any any eq 443
logging esm config
access-list 101 permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
control-plane
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
line vty 5 15
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
scheduler allocate 20000 1000
webvpn gateway gateway1
ip interface Dialer1 port 443
ssl encryption rc4-md5
ssl trustpoint TP.StartSSL-vpn
inservice
webvpn install svc flash:/webvpn/anyconnect-win-3.1.00495-k9.pkg sequence 1
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context webvpn
ssl authenticate verify all
url-list "Webservers"
   heading "SimpleIT Technologies NBNS Servers"
   url-text "Google" url-value "www.google.com"
   url-text "Mainframe" url-value "10.236.5.2"
   url-text "Mainframe2" url-value "https://10.236.5.2"
nbns-list "ContosoServer"
   nbns-server 10.236.5.10
   nbns-server 10.236.5.11
   nbns-server 10.236.5.12
port-forward "PortForwarding"
   local-port 3389 remote-server "10.236.5.10" remote-port 3389 description "Server-DC01"
policy group policy1
   url-list "Webservers"
   port-forward "PortForwarding"
   nbns-list "ContosoServer"
   functions file-access
   functions file-browse
   functions file-entry
   functions svc-enabled
   svc address-pool "webssl"
   svc default-domain "Contoso.Local"
   svc keep-client-installed
   svc split include 10.236.5.0 255.255.255.0
   svc split include 10.236.6.0 255.255.255.0
   svc split include 172.31.1.0 255.255.255.0
   svc split include 172.21.51.0 255.255.255.0
   svc dns-server primary 172.21.51.10
default-group-policy policy1
gateway gateway1
inservice
end
Gateway#

Cisco RV042 VPN unable to connect to Netgear PS FVS318

Hello,
We recently replaced one of two Netgear ProSafe VPN FVS318 with a Cisco RV042 VPN. Both Netgear were configured site-site and was working fine until one of them failed. We copied as much configuration settings from the failed Netgear PS to the RV042 but were unsuccessful in establishing a connection between the two sites.
The logs on the Cisco router shows this:
VPN Log packet from 1.1.1.1:500: received Vendor ID payload [RFC 3947]
VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
VPN Log packet from 1.1.1.1:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
VPN Log packet from 1.1.1.1:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
VPN Log packet from 1.1.1.1:500: initial Main Mode message received on 2.2.2.2:500 but no connection has been authorized with policy=PSK
Each time we select a tunnel test connect, that last message appears with "but no connection has been authorized with policy=PSK"
*replaced actual IP with sample IP.
Any ideas why this is happening?
Thank you!

Hello,
It looks as RV042 receive phase 1 configuration from Netgear, but due to mismatch with it's phase 1 settings does not reply back.
I can't be more specific as this could be anything in phase 1 - aggressive/main mode; the WAN IP addresses, encryption or SA lifetime. As well if any of the devices is behind NAT, the option NAT traversal should be checked.
Regards,
Kremena

Corporate connectivity not working for some users

Hi,
I'm having an issue that started about a month ago but is getting worse. A select group of users are no longer able to connect using DirectAccess, even though these users have been using their computers for a few months without issue.
BACKGROUND:
-Windows 2008 R2 DirectAccess server
-Windows 7 x64 enterprise clients
-Most clients experiencing the issue have a newer laptop (Lenovo T440 with Intel 7260AC wireless), but the issue is not limited to this model. Also, I have 25+ other Lenovo T440 units that connect without issue to this day.
TROUBLESHOOTING STEPS:
I have tried disabling the various interfaces used for directaccess on these problem machines and have not been able to narrow it down. Essentially- I've noticed the IP-HTTPS interface shows deactivated, so I'll disable Teredo. This
usually allows the IP-HTTPS to show activated, and connectivity is restored. However, after 30 seconds to a few minutes, connectivity will once again drop. So I'll re-enable teredo (default,client, or enterprise client) and connectivity will kick
on for another brief period, but drops again shortly after.
I have confirmed that during these short periods of connectivity working, the wf.msc shows connectivity using NTLM and Kerberos, but the clients just can't seem to stay connected on any interface.
However, in the wf.msc when the clients are not functioning, I only ever see one NTLM entry.

LOGS:
Below is a directaccess client log pulled from a non-functioning client before making any changes or any testing. Feel free to ask for the rest of the log if needed-- I have put in place holders for information that may be sensitive. Thank you!!
RED: Corporate connectivity is not working.
Windows is unable to relocationve corporate network names. Please contact your administrator if this problem persists.
24/3/2015 18:21:43 (UTC)
Probes List
FAIL PING: location-dc.domain.local
FAIL PING: location-file.domain.local
DTE List
PASS PING: 2002:'mac':5a1c::'mac':5a1c
PASS PING: 2002:'mac':5a1d::'mac':5a1d
C:\WINDOWS\system32\LogSpace\{05471C14-7140-4651-84C2-230EC7D70628}>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : c2075
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local
domain2.ad
System Quarantine State . . . . . : Not Restricted
Wireless LAN adapter Wireless Network Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 2A-B2-BD-'mac2'-E5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 2A-B2-BD-'mac2'-E6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 28-B2-BD-'mac2'-E9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : attlocal.net
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 7260
Physical Address. . . . . . . . . : 28-B2-BD-'mac2'-E5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2602:304:'mac3':d370:5a1:c77:834:86a9(Preferred)
Temporary IPv6 Address. . . . . . : 2602:304:'mac3':d370:f9ce:db89:87ad:'mac4'(Preferred)
Link-local IPv6 Address . . . . . : fe80::5a1:c77:834:86a9%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.86(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, March 24, 2015 1:48:21 PM
Lease Expires . . . . . . . . . . : Wednesday, March 25, 2015 1:48:21 PM
Default Gateway . . . . . . . . . : fe80::21b:5bff:febf:4f21%12
192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain.local
Description . . . . . . . . . . . : Intel(R) Ethernet Connection I218-LM
Physical Address. . . . . . . . . : 28-D2-44-C5-24-59
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.attlocal.net:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : attlocal.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter iphttpsinterface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : iphttpsinterface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{FD31098B-E475-49A1-9AFA-8C43FF928F97}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.domain.local:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:'mac':5a1c:342d:25dd:b4e1:12c8(Preferred)
Link-local IPv6 Address . . . . . : fe80::342d:25dd:b4e1:12c8%18(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{E1BE09BA-B38B-4F87-8893-E3D32A88EDFC}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{0C04B587-7861-4D8D-9DA9-6326AB71D701}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\WINDOWS\system32\LogSpace\{05471C14-7140-4651-84C2-230EC7D70628}>netsh int teredo show state
Teredo Parameters
Type : client
Server Name : 204.16.90.28 (Group Policy)
Client Refresh Interval : 30 seconds
Client Port : unspecified
State : qualified
Client Type : teredo host-specific relay
Network : unmanaged
NAT : restricted
NAT Special Behaviour : UPNP: No, PortPreserving: Yes
Local Mapping : 192.168.1.86:55842
External NAT Mapping : 75.30.237.55:55842
C:\WINDOWS\system32\LogSpace\{05471C14-7140-4651-84C2-230EC7D70628}>netsh int httpstunnel show interfaces
Interface IPHTTPSInterface (Group Policy) Parameters
Role : client
URL : https://uag.webdomain.com:443/IPHTTPS
Last Error Code : 0x0
Interface Status : IPHTTPS interface deactivated
C:\WINDOWS\system32\LogSpace\{05471C14-7140-4651-84C2-230EC7D70628}>netsh dns show state
Name Relocationution Policy Table Options
Query Failure Behavior : Always fall back to LLMNR and NetBIOS
if the name does not exist in DNS or
if the DNS servers are unreachable
when on a private network
Query Relocationution Behavior : Relocationve only IPv6 addresses for names
Network Location Behavior : Let Network ID determine when Direct
Access settings are to be used
Machine Location : Outside corporate network
Direct Access Settings : Configured and Enabled
DNSSEC Settings : Not Configured
C:\WINDOWS\system32\LogSpace\{05471C14-7140-4651-84C2-230EC7D70628}>netsh name show policy
DNS Name Relocationution Policy Table Settings
(ENTRIES OMITTED TO SAVE SPACE)
Settings for .domain.local
Certification authority : DC=local, DC=domain, CN=HDT CA
DNSSEC (Validation) : disabled
DNSSEC (IPsec) : disabled
DirectAccess (DNS Servers) : 2002:'mac':5a1d::'mac':5a1d
DirectAccess (IPsec) : disabled
DirectAccess (Proxy Settings) : Bypass proxy
C:\WINDOWS\system32\LogSpace\{05471C14-7140-4651-84C2-230EC7D70628}>netsh name show effective
DNS Effective Name Relocationution Policy Table Settings
(ENTRIES OMITTED TO SAVE SPACE)
Settings for .domain.local
Certification authority : DC=local, DC=domain, CN=HDT CA
DNSSEC (Validation) : disabled
IPsec settings : disabled
DirectAccess (DNS Servers) : 2002:'mac':5a1d::'mac':5a1d
DirectAccess (Proxy Settings) : Bypass proxy
C:\WINDOWS\system32\LogSpace\{05471C14-7140-4651-84C2-230EC7D70628}>netsh int ipv6 show int level=verbose
Interface Loopback Pseudo-Interface 1 Parameters
IfLuid : loopback_0
IfIndex : 1
State : connected
Metric : 50
Link MTU : 4294967295 bytes
Reachable Time : 40000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 0
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : disabled
Neighbor Unreachability Detection : disabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : enabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface Wireless Network Connection Parameters
IfLuid : wireless_0
IfIndex : 12
State : connected
Metric : 25
Link MTU : 1472 bytes
Reachable Time : 1101000 ms
Base Reachable Time : 1805000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : enabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 64
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface isatap.attlocal.net Parameters
IfLuid : tunnel_4
IfIndex : 22
State : disconnected
Metric : 50
Link MTU : 1280 bytes
Reachable Time : 27500 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 0
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : disabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : enabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface Wireless Network Connection 2 Parameters
IfLuid : wireless_5
IfIndex : 15
State : disconnected
Metric : 5
Link MTU : 1500 bytes
Reachable Time : 24000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : enabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface iphttpsinterface Parameters
IfLuid : tunnel_5
IfIndex : 17
State : disconnected
Metric : 50
Link MTU : 1280 bytes
Reachable Time : 31500 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : enabled
Other Stateful Configuration : enabled
Weak Host Sends : enabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface Local Area Connection Parameters
IfLuid : ethernet_6
IfIndex : 11
State : disconnected
Metric : 5
Link MTU : 1500 bytes
Reachable Time : 31500 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : enabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface 6TO4 Adapter Parameters
IfLuid : tunnel_6
IfIndex : 19
State : disconnected
Metric : 50
Link MTU : 1280 bytes
Reachable Time : 39500 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 0
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : disabled
Neighbor Unreachability Detection : disabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : enabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface isatap.{FD31098B-E475-49A1-9AFA-8C43FF928F97} Parameters
IfLuid : tunnel_7
IfIndex : 21
State : disconnected
Metric : 50
Link MTU : 1280 bytes
Reachable Time : 33000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 0
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : disabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : enabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface isatap.domain.local Parameters
IfLuid : tunnel_8
IfIndex : 39
State : disconnected
Metric : 50
Link MTU : 1280 bytes
Reachable Time : 36000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 0
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : disabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : enabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface Bluetooth Network Connection Parameters
IfLuid : ethernet_9
IfIndex : 14
State : disconnected
Metric : 50
Link MTU : 1500 bytes
Reachable Time : 17000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : enabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface Wireless Network Connection 3 Parameters
IfLuid : wireless_9
IfIndex : 16
State : disconnected
Metric : 5
Link MTU : 1500 bytes
Reachable Time : 17000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : enabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface Teredo Tunneling Pseudo-Interface Parameters
IfLuid : tunnel_9
IfIndex : 18
State : connected
Metric : 50
Link MTU : 1280 bytes
Reachable Time : 14500 ms
Base Reachable Time : 15000 ms
Retransmission Interval : 2000 ms
DAD Transmits : 0
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : enabled
Weak Host Receives : enabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface isatap.{E1BE09BA-B38B-4F87-8893-E3D32A88EDFC} Parameters
IfLuid : tunnel_10
IfIndex : 20
State : disconnected
Metric : 50
Link MTU : 1280 bytes
Reachable Time : 41000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 0
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : disabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : enabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
Interface isatap.{0C04B587-7861-4D8D-9DA9-6326AB71D701} Parameters
IfLuid : tunnel_11
IfIndex : 23
State : disconnected
Metric : 50
Link MTU : 1280 bytes
Reachable Time : 40000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 0
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : disabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : disabled
Weak Host Sends : enabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 0
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
C:\WINDOWS\system32\LogSpace\{05471C14-7140-4651-84C2-230EC7D70628}>netsh advf show currentprofile
Private Profile Settings:
State ON
Firewall Policy BlockInbound,AllowOutbound
LocalFirewallRules N/A (GPO-store only)
LocalConSecRules N/A (GPO-store only)
InboundUserNotification Enable
RemoteManagement Disable
UnicastResponseToMulticast Enable
Logging:
LogAllowedConnections Disable
LogDroppedConnections Disable
FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log
MaxFileSize 4096
Ok.
C:\WINDOWS\system32\LogSpace\{05471C14-7140-4651-84C2-230EC7D70628}>netsh advfirewall monitor show consec
Global Settings:
IPsec:
StrongCRLCheck 0:Disabled
SAIdleTimeMin 5min
DefaultExemptions ICMP
IPsecThroughNAT Never
AuthzUserGrp None
AuthzComputerGrp None
StatefulFTP Enable
StatefulPPTP Enable
Main Mode:
KeyLifetime 60min,0sess
SecMethods DHGroup2-AES128-SHA256,DHGroup2-AES128-SHA1,DHGroup2-3DES-SHA1
ForceDH No
Categories:
BootTimeRuleCategory Windows Firewall
FirewallRuleCategory Windows Firewall
StealthRuleCategory Windows Firewall
ConSecRuleRuleCategory Windows Firewall
Quick Mode:
QuickModeSecMethods ESP:SHA1-None+60min+100000kb,ESP:SHA1-AES128+60min+100000kb,ESP:SHA1-3DES+60min+100000kb,AH:SHA1+60min+100000kb
QuickModePFS None
Security Associations:
Main Mode SA at 03/24/2015 14:21:44
Local IP Address: 2602:304:'mac3':d370:f9ce:db89:87ad:'mac4'
Remote IP Address: 2002:'mac':5a1d::'mac':5a1d
Auth1: ComputerCert
Auth2: UserNTLM
MM Offer: None-AES128-SHA256
Cookie Pair: 9398e38420480425:51071d5bae9eb503
Health Cert: No
Quick Mode SA at 03/24/2015 14:21:44
Local IP Address: 2602:304:'mac3':d370:f9ce:db89:87ad:'mac4'
Remote IP Address: 2002:'mac':5a1d::'mac':5a1d
Local Port: Any
Remote Port: Any
Protocol: Any
Direction: Both
QM Offer: ESP:SHA1-AES192+60min+100000kb
PFS: None
Thanks again,

Remote Desktop Connection not working

I am able to remote desktop connect to my home computer from work; however, I can't remote desktop connect to my work comptuer and server. I believed it has something to do with my Linksys E3000 access point settings but I'm not sure where to look for and verify. I took my home laptop to work and able to do remote desktop connect to the server. I also took a laptop that's working fine with remote desktop connect to the server home and tried to remote desktop connect to the server at work and it's not working. Therefore, I've concluded that it has something to do with the access point and not the settings in the computer because it works fine when I took it out of my home network. I also VPNP in to my work place so that it has the same IP address as at work and still, remote desktop connection from home to work is not working. Any suggestion is much appreciated.

thebluemamba_24 wrote:
Connecting from home to your remote desktop server has nothing to do with your router. Certain ports are needed to be opened from the server’s end in order to host an application. Try to connect your computer to your modem or to another wireless network just to check if your work’s remote desktop will work. In case it will not work, then contact your IT guy.
If you read my previous post it said:
"I took my home laptop to work and able to do remote desktop connect to the server. I also took a laptop that's working fine with remote desktop connect to the server home and tried to remote desktop connect to the server at work and it's not working. Therefore, I've concluded that it has something to do with the access point and not the settings in the computer because it works fine when I took it out of my home network."
I think my above statement answers your question of "Try to connect your computer to your modem or to another wireless network just to check if your work’s remote desktop will work." However, your statement prompts me think of something else. What I have tried is bring my laptop to work and tried connect via RDC to the server and it works but it just not working when trying at home. What I have not done is instead of brining my laptop to work and try RDC there, perhaps I should I try it on a friend's or relative's network and see if I can do RDC to my server at work. If this does not work as well, then, could it be that at work there is something something outside RDC coming? But even if this is so, why can't VPN work?

Vpn-framed-ip-address not working with anyconnect

Hi Folks, please help me to verify if this case is a bug or a "not valid scenario".
Scenario:
ASA 5520, OS 9.1, SSL VPN with Anyconnect v3.x, static ip address for the client, and RSA token authentication (all the users/pin/passwords are in the RSA server, not in the ASA, but i need to create some users in the ASA in order to apply the vpn-framed-ip-address attribute for specific users).
In fact the anyconnect ssl vpn with RSA auth works fine, the ssl connection works, the user is authenticated, the anyconnect works, traffic passing, BUT.. the anyconnect its getting an ip address from the ip local pool INSTEAD of the static ip defined with the vpn-framed-ip-address command.
I'm trying to assign a static ip address for a user (defined locally on the ASA) that performs auth via RSA (aaa-server), by using the vpn-framed-ip-address command as an attribute for this local user. But it seems the command is not working.
Already I´ve tried to resolve (with no success) by entering the
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
vpn-addr-assign local
Also i´ve tried by removing the pool from tunnel-group in order to force all the connection session to use the static ip address, but in this case, the anyconnect sends a message "No Address Available for SVC Connection". Meaning the ASA simply is ignoring the vpn-framed-ip-address command.
Its supposed the ASA implement the policies in this order, DAP > User policy > UserGrp policy > ConnProfile > DefGrpPolicy, and according to this, the vpn-framed-ip-address command should take effect first since its specified as User policy, overriding everything else. But its not working.
At this point i think the issue is... since the user is locally defined but its password its being authenticated via RSA (not local), the user attributes (static ip) are being ignored by the ASA because its not expecting to receive an ip address from the aaa server (RSA), so jumps to the next policies falling to the pool. Anyway the user policies attributes SHOULD work according to cisco.
Please your advise, or tell if its a bug? or a not valid scenario for this command to work with the ASA.
This is the current config:
ip local pool PoolSSL 192.168.229.10-192.168.229.19 mask 255.255.255.0
aaa-server RSA protocol sdi
aaa-server RSA (inside) host 192.168.12.1
retry-interval 5
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
group-policy GroupPolicyABC internal
group-policy GroupPolicyABC attributes
wins-server none
dns-server value 192.168.61.1 192.168.61.2
vpn-tunnel-protocol ssl-client
group-lock value TunnelGroupABC
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ServersDB
default-domain value my.domain.com
split-tunnel-all-dns disable
webvpn
anyconnect ask none default anyconnect
username USER1 password xHhacRZ56Uadqoq encrypted
username USER1 attributes
vpn-framed-ip-address 192.168.229.7 255.255.255.0
group-lock value TunnelGroupABC
tunnel-group TunnelGroupABC type remote-access
tunnel-group TunnelGroupABC general-attributes
address-pool PoolSSL
authentication-server-group RSA
default-group-policy GroupPolicyABC
tunnel-group TunnelGroupABC webvpn-attributes
group-alias AccessToDB enable
I´ll wait for your answers, regards!

https://tools.cisco.com/bugsearch/bug/CSCtf71671/
you need AAA assignment, or at least you needed to have it a couple of years back.

827H router web setup not working

We were having problems with our 827H router, so I decided to reset it to the factory defaults and re-run the quick setup. I've done that before with no problems.
This time, after it loads the configuration in the web setup, it keeps checking the model, IOS version, etc.--over and over again. It won't stop, nor can we exit out of it to get to the quick setup.
Originally the router was connected to a hub. When we couldn't configure it from the web setup, we put the router directly onto a pc with an ethernet cable. We could ping the router. Using the console cable, we are able to see the router's settings. (See attached)
The pc was set to dhcp. The dns was originally set to "Obtain automatically". We also tried to set the dns and the gateway to the router's ip, and added the domain controller's dns as another dns server. Nothing has worked.
Any help will be greatly appreciated.
Thanks!

Your description of the symptoms is quite puzzling as is the console log that you sent. You say that you connected a PC directly to the router. Was that using a cross over Ethernet cable?
You say that when you connected the PC to the router you could ping the router. What IP address was on the PC at that point.
The console output that you included has a kind of garbled output in the show run. It looks as if two things were outputting at the same time. I am not clear if there were actually two things happening together or if the router is really messed up. (Though most of the config that showed up looked reasonable)
I would suggest that you connect to the console port again and capture all of the console output. I would suggest that whle you are connected and capturing output that you power cycle the router (it may be very helpful to see what messages go to the console while the router is booting).
After the router boots again, you may be able to use the web interface. If the web interface does not work you should be able to use the console interface to get a congif that should work basically.
Try these steps and post the output. Maybe then we can find a solution.
HTH
Rick

Cisco Wrvs4000 VPN router quick connect not working

Similar Messages

Maybe you are looking for