Come Cisco! VPN can't see LAN

Similar Messages

• My touchscreen blacks out while on a call so I can't multitask. If I am on a call and a new call comes in, I can't see who is calling or even think of answering because the screen is blacked out.

  My touchscreen blacks out while on a call so I can't multitask. If I am on a call and a new call comes in, I can't see who is calling or even think of answering because the screen is blacked out.

  Thank you so very much! My husband is in Afghanistan and calls at different times. If I am on a call and can't answer him it could be days before I hear from him again. I never thought to just restart my phone! Duh...this is my first smartphone so I am learning. All day people were calling while I was on the phone but I couldn't answer. Thank GOD none of the calls were my husband because it would break my heart if I missed his call. Thank you again and GOD bless you! Ashley Combahee

• [cisco VPN] Can't build kernel module with 2.6.9-ARCH

  I need to setup a vpn tunnel to my university in order to gain acces to their resources and be able to surf when I am on the campus. With 2.6.8.1 I used the Cisco VPN client 4.0.5 k9. After my upgrade to 2.6.9 I had to rebuild the module, but now it fails to build. Anyone knows how to solve this? Or does anyone know another vpn client that is compatible with Cisco. This piece of software is essential to me. Please help. Here is the output:
  Cisco Systems VPN Client Version 4.0.5 (Rel) Linux Installer
  Copyright (C) 1998-2001 Cisco Systems, Inc. All Rights Reserved.
  By installing this product you agree that you have read the
  license.txt file (The VPN Client license) and will comply with
  its terms.
  Directory where binaries will be installed [/usr/local/bin] /usr/bin
  Automatically start the VPN service at boot time [yes] no
  In order to build the VPN kernel module, you must have the
  kernel headers for the version of the kernel you are running.
  For RedHat 6.x users these files are installed in /usr/src/linux by default
  For RedHat 7.x users these files are installed in /usr/src/linux-2.4 by default
  For Suse 7.3 users these files are installed in /usr/src/linux-2.4.10.SuSE by default
  Directory containing linux kernel source code [/lib/modules/2.6.9-ARCH/build]
  * Binaries will be installed in "/usr/bin".
  * Modules will be installed in "/lib/modules/2.6.9-ARCH/CiscoVPN".
  * The VPN service will *NOT* be started automatically at boot time.
  * Kernel source from "/lib/modules/2.6.9-ARCH/build" will be used to build the module.
  Is the above correct [y] y
  Making module
  make -C /lib/modules/2.6.9-ARCH/build SUBDIRS=/home/luk/sources/vpnclient modules
  make[1]: Entering directory `/usr/src/linux-2.6.9-ARCH'
  CC [M] /home/luk/sources/vpnclient/interceptor.o
  /home/luk/sources/vpnclient/interceptor.c: In function `add_netdev':
  /home/luk/sources/vpnclient/interceptor.c:59: sorry, unimplemented: inlining failed in call to 'supported_device': function body not available
  /home/luk/sources/vpnclient/interceptor.c:245: sorry, unimplemented: called from here
  make[2]: *** [/home/luk/sources/vpnclient/interceptor.o] Error 1
  make[1]: *** [_module_/home/luk/sources/vpnclient] Error 2
  make[1]: Leaving directory `/usr/src/linux-2.6.9-ARCH'
  make: *** [default] Error 2
  Failed to make module "cisco_ipsec.ko".

  I modified the pkgbuild posted here by someone (thank you!) so it includes all relevant files (meaning also vpnc-connect and vpnc-disconnect and vpnc.conf).
  pkgname=vpnc
  pkgver=0.2
  pkgrel=1
  pkgdesc="Client for Cisco3000 VPN Concentrator"
  url="http://www.unix-ag.uni-kl.de/~massar/vpnc/"
  license="GPL"
  depends=(libgcrypt)
  source=(http://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-0.2-rm+zomb.1.tar.gz)
  md5sums=(ded67de747874c4245ed8405146dc94a)
  build() {
  cd $startdir/src/vpnc-0.2-rm+zomb.1
  # We want the CFLAGS specified in makepkg.conf to be used
  mv Makefile Makefile.old
  sed -e 's/-W -Wall -O -g/$(MYCFLAGS)/g' -e 's/LDFLAGS=-g /LDFLAGS=/g' Makefile.old > Makefile
  export MYCFLAGS=$CFLAGS
  make
  install -d $startdir/pkg/usr/sbin
  install vpnc $startdir/pkg/usr/sbin
  install vpnc-connect $startdir/pkg/usr/sbin
  install vpnc-disconnect $startdir/pkg/usr/sbin
  install -d $startdir/pkg/etc
  install vpnc.conf $startdir/pkg/etc
  Guess what, it works
  I can reproduce my steps.
  - makepkg
  - pacman -A vpnc-xxxxxx.tar.gz
  - add tun to the daemons array in rc.conf
  - Modify /etc/vpnc.conf
  - vpnc-connect

• Can't see LAN

  Client connects to PIX 501 but cannot see the LAN in Windows Explorer.
  Devices can be pinged by IP and hostname (netbios name)
  I can navagate to a server by typing in \\servername
  Why can I not get a resolution from Cisco techs?
  PIX Version 6.3(5)
  interface ethernet0 auto
  interface ethernet1 100full
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  hostname pixfirewall
  domain-name ciscopix.com
  fixup protocol dns maximum-length 512
  fixup protocol ftp 21
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol http 80
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  fixup protocol smtp 25
  fixup protocol sqlnet 1521
  fixup protocol tftp 69
  names
  access-list Axis-VPN_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any
  access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 192.168.20.96 255.255.255.240
  access-list outside_cryptomap_dyn_20 permit ip any 192.168.20.96 255.255.255.240
  pager lines 24
  mtu outside 1500
  mtu inside 1500
  ip address outside 222.111.33.2 255.255.255.248
  ip address inside 192.168.1.1 255.255.255.0
  ip audit info action alarm
  ip audit attack action alarm
  ip local pool VPN-Pool 192.168.20.101-192.168.20.110
  pdm logging informational 100
  pdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_outbound_nat0_acl
  nat (inside) 1 0.0.0.0 0.0.0.0 0 0
  route outside 0.0.0.0 0.0.0.0 222.111.33.1 1
  timeout xlate 0:05:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout sip-disconnect 0:02:00 sip-invite 0:03:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server TACACS+ max-failed-attempts 3
  aaa-server TACACS+ deadtime 10
  aaa-server RADIUS protocol radius
  aaa-server RADIUS max-failed-attempts 3
  aaa-server RADIUS deadtime 10
  aaa-server LOCAL protocol local
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server community public
  no snmp-server enable traps
  floodguard enable
  sysopt connection permit-ipsec
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map client authentication LOCAL
  crypto map outside_map interface outside
  isakmp enable outside
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption 3des
  isakmp policy 20 hash md5
  isakmp policy 20 group 2
  isakmp policy 20 lifetime 86400
  vpngroup Axis-VPN address-pool VPN-Pool
  vpngroup Axis-VPN wins-server 192.168.1.10
  vpngroup Axis-VPN default-domain axis
  vpngroup Axis-VPN split-tunnel Axis-VPN_splitTunnelAcl
  vpngroup Axis-VPN idle-time 1800
  vpngroup Axis-VPN password ********
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd address 192.168.1.50-192.168.1.70 inside
  dhcpd dns 167.206.112.138 167.206.7.4
  dhcpd wins 192.168.1.10
  dhcpd lease 3600
  dhcpd ping_timeout 750
  dhcpd domain axis
  dhcpd auto_config outside
  dhcpd enable inside
  username dentest password 2bUGX7ZnEwBHIU2J encrypted privilege 15
  username cmurcha password ouqdyA3s8ZAguJYz encrypted privilege 3
  terminal width 80
  Cryptochecksum:7a32aa123a3b003a1f3db925164fc269
  PIX Version 6.3(5)
  interface ethernet0 auto
  interface ethernet1 100full
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  hostname pixfirewall
  domain-name ciscopix.com
  fixup protocol dns maximum-length 512
  fixup protocol ftp 21
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol http 80
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  fixup protocol smtp 25
  fixup protocol sqlnet 1521
  fixup protocol tftp 69
  names
  access-list Axis-VPN_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any
  access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 192.168.20.96 255.255.255.240
  access-list outside_cryptomap_dyn_20 permit ip any 192.168.20.96 255.255.255.240
  pager lines 24
  mtu outside 1500
  mtu inside 1500
  ip address outside 222.111.33.2 255.255.255.248
  ip address inside 192.168.1.1 255.255.255.0
  ip audit info action alarm
  ip audit attack action alarm
  ip local pool VPN-Pool 192.168.20.101-192.168.20.110
  pdm logging informational 100
  pdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_outbound_nat0_acl
  nat (inside) 1 0.0.0.0 0.0.0.0 0 0
  route outside 0.0.0.0 0.0.0.0 222.111.33.1 1
  timeout xlate 0:05:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout sip-disconnect 0:02:00 sip-invite 0:03:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server TACACS+ max-failed-attempts 3
  aaa-server TACACS+ deadtime 10
  aaa-server RADIUS protocol radius
  aaa-server RADIUS max-failed-attempts 3
  aaa-server RADIUS deadtime 10
  aaa-server LOCAL protocol local
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server community public
  no snmp-server enable traps
  floodguard enable
  sysopt connection permit-ipsec
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map client authentication LOCAL
  crypto map outside_map interface outside
  isakmp enable outside
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption 3des
  isakmp policy 20 hash md5
  isakmp policy 20 group 2
  isakmp policy 20 lifetime 86400
  vpngroup Axis-VPN address-pool VPN-Pool
  vpngroup Axis-VPN wins-server 192.168.1.10
  vpngroup Axis-VPN default-domain axis
  vpngroup Axis-VPN split-tunnel Axis-VPN_splitTunnelAcl
  vpngroup Axis-VPN idle-time 1800
  vpngroup Axis-VPN password ********
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd address 192.168.1.50-192.168.1.70 inside
  dhcpd dns 167.206.112.138 167.206.7.4
  dhcpd wins 192.168.1.10
  dhcpd lease 3600
  dhcpd ping_timeout 750
  dhcpd domain axis
  dhcpd auto_config outside
  dhcpd enable inside
  username vpntest password 2bUGX7ZnEwBHIU2J encrypted privilege 15
  terminal width 80
  Cryptochecksum:7a32aa123a3b003a1f3db925164fc269

  Anyone have a guess?

• VPN with 2 network cards - vpn clients cannot see LAN.

  Problem: When a VPN client connects they can only access the server and not any LAN computers. Unable to even ping the LAN computers. The VPN client machine connects via PPTP and receives the appropriate IP address but the subnet mask field is blank. The router is being set to 192.168.1.2
  Here's my network setup:
  en0: (external) IP: 192.168.1.2 and is connected to aDSL modem (192.168.1.1)
  en1: (internal net) IP: 192.168.2.1
  The internal en1 network range is: 192.168.2.2 - 192.168.2.25
  The VPN range being handed out is: 192.168.2.26 - 192.168.2.30
  VPN client machines are able to fully interact with the server, just cannot reach any LAN computers.
  Any ideas??
  XServe Mac OS X (10.4.9) Various Intel laptops and G5/G4 Lan machines
  XServe   Mac OS X (10.4.9)   Various Intel laptops and G5/G4 Lan machines

  >The network address at the vpn client location is not 192.168.2.0/24. The vpn client has a public IP.
  So you're saying that your client system has a 192.168.2.x address, and that's also the address range you're using behind the VPN?
  That won't work.
  You now have two 192.168.2.x networks - one local to the client and one over the VPN.
  Normal routing rules dictate that the local connection wil always take priority over the remote connection, so the client will look on the local LAN for anything in the 192.168.2.x range, completely ignoring the VPN.
  If you think about it, your machine is told that it has two paths to get to anything in the 192.168.2.x network, either directly connected, or across the VPN connection. Given teh choice, which one do you think you'd take?
  The only real solution here is to use a different subnet at each end of the link - either change the client network to something else, or change the internal corp network. If you don't do that you'll have to set up host-based routes (one per system over the VPN) that overrides the local routing table (assuming that's even possible... I'd have to think about it).

• Can't see LAN Apache servers.

  With any and all computers on the router, I can see any Apache servers around the LAN, but when iPhone is on WI-FI it cannot see any of them. I get a "Server stopped responding" error. I can see the one server (port mapped in the router) from outside using Edge, but not "inside the loop".
  Is this related to a fix for the early network flip-out at Duke University? Any known way to fix this? I'd like to test some web sites to see how they look on the phone during development.
  Dave.

  Well, I managed to get it working... I reset the router to wide open and it worked, and when I went back to password protection, it still worked... I don't remember now which way I set it, but my router has 2 passwords available... One that allows LAN access and one that only passes Internet through... I "may" have used the Internet only passwords when I first set up the phones. Not sure, but I'm going OK now.

• IPhone OS 3.0 - internet tethering and Cisco VPN Client

  Hello,
  The latest OS for the iPhone allows users to tether their iPhone to a Mac/PC so that the user can browse the internet through the carriers mobile 3G network.
  I can confirm that internet tethering works on my Macbook Pro, but the following error is displayed when i load the CiscoVPN Client (version 4.9.01 (0100))
  "Error 51: Unable to communicate with the VPN subsystem.
  Please make sure that you have at least one network interface that is cuurently active and has an ip address and start this application again."
  Does this mean that the Cisco VPN client cannot see the internet connection supplied by the iPhone even though i can browse the internet while this error is being displayed??
  Regards,
  Eddie S

  Same problem here and I'm wondering the same. I also noticed that the same error comes also when my ethernet connection and iPhone tethering are active at the same time. Then there really should be a connection.
  Despite that, I have the same problem and using bluetooth tethering doesn't solve this. Still the same error even though Internet connection works otherwise fine.
  Any suggestions? Have Cisco tested this?
  I'm using MacBook Pro 13" OS X 10.5.8, iPhone 3GS 3.0.1 with official finnish carrier Sonera, Cisco Systems VPN Client 4.9.01 (0100)

• E4500 - Can't see networked PC's

  Since the upgrade by Cisco I can only see Win7 PC's on the network. I can not see the USB drive attached to the E4500, nor can I see my Media server which is Linux based nor any Win XP computuers.
  Solved!
  Go to Solution.

  Similar issue after rollback for me as well. No machines showing in "Workgroup computers" (XP Pro SP3) and no shares in "Network Places".
  Having a list of IP reservations and wi-fi MAC permissions, I didn't want to hard reset/reconfig the router yet again. What seemed to work cleanly for me was to change the (XP Pro machines) 'Workgroup' name under 'Computer Name' properties, 'OK' my way out to the 'Reboot now?' prompt then, without a reboot, going back in and changing the 'Workgroup' name back to the original one, 'OK' out and then rebooted.
  That returned all my shares and workgroup details back to 'normal' and everything plays well together.
  NetScan showed all the IPs prior and all were pingable from CMD prompt just nothing showing in the workgroup screens.
  FWIW - I don't run any media or devices other than 6 XP Pro and 2 WIN7 machines (and 2 DD-WRT based LinkSys 54Gs) in the network. One laptop with a LinkSys 300N wi-fi card did need me to "force" connect using my saved default profile. The auto would keep me out of the shares, etc. All machines had Internet access prior as well.
  What I detailed above was only done to the LAN wired machines on the EA4500. Once that was done, the machines on the other end of the DD-WRTed 54Gs showed properly as did the ones wired to the router.
  Looking back, I do wonder how it would've worked out if I had started with the "primary machine" that I set up the router with. Maybe save me a step or two? I don't know...

• Windows 7 Pro can't see Internet IP's after recovery from having WGA invalidate OEM license

  My Win 7 Pro receives an IP, can ping local IPs, can see right up to the internal router IP but cannot see the internet. Yes the network functions for other PCs.
  Important historical data:
  Some weeks ago my spare admin pc was rebooting after the usual monthly WAU when it failed to complete the last stages of installation of the updates (this would have been June 2014 updates.) Instead of booting normally to Windows, the system ran a bunch
  of registry change attempts and then booted to a black Windows desktop that contained the dreaded "You're a filthy pirate" message that Microsoft so gently slaps onto newly discovered Winhacks. The trouble is my Gigabyte/AMD powered barebones box
  was purchased, by ME, from TigerDirect.ca WITH an OEM Windows 7 Pro bundle. Now I should point out that I have suspected the Seagate Barracuda that was included with this machine as being a little off as the machine would occasionally freeze up or reboot itself.
  Instead of putting up with this HDD any longer, I ghosted the fractured build off of the Seagate and onto a new WD Caviar Black. On first boot the system seemed to work but the "pirate" message was still there. I then attempted to go through the
  recovery wizard and fix my license issue. The wizard failed and advised that the installation was corrupt and that I should reinstall. I reinstalled (not scratch installed) Windows and was rewarded by a successful install  minus the activation. I proceeded
  to phone the MS automated attendant and successfully activated my installation. I have a functioning network card but can only see LAN stuff. What the deuce? Gigabyte GA-M68MT-S2 with  AMD Phenom II X6 1045T.

  You can try this:
  From administrative account, go to start, type cmd, press Ctrl+Shift+Enter. Click Yes, if UACD prompots. Now, type the following command and restart the PC:
  netsh winsock reset
  After restart, check internet connectivity.
  Balaji Kundalam

• Can i see the macro code in labview?

  i want to know how to make the macro in labview in order to be able to modify them in labview, so i don't want to write the named of macro made in excel or word and saved there, executing it with Run Macro where i call the macro with name.xls!macro, i would like to view the basic code of the macro.
  please, don´t say me, that the solution it´s easymacro.com, there i can´t see the diagram and i am a student, i need to learn.

  Hello,
  If you want to view the macro code in LabVIEW, there is a description at www.easymacro.com that will show you...
  Just kidding...
  To my knowledge, there is no way to view the code of an existing macro in LabVIEW. I could be wrong about this, however. The best way for you to find out what functionality is available is to obtain information from Microsoft on what specific macro functionality is available through ActiveX.
  I hope this suggestion gets you pointed in the right direction. Also, I recommend that in the future you only post your question to the Developer Exchange once...there is no need to post the same question multiple times.
  Have a nice day.
  Sincerely,
  Darren N.
  NI Applications Engineer
  Darren Nattinger, CLA
  LabVIEW Artisan and Nugget Penman

• Renderable text I can't see

  I make fillable forms and send them out to be filled in. If people don't fill them in using Acrobat, when they come back I can not see what they wrote.  I used to be able to select on my acrobat pro a line that said "render text" or something similar. This would scan the document and the words my clients wrote in the fields would magically appear. I can't find it now.  It seems to have disappeared and i used it only three weeks ago.  In the past someone at Adobe helped me figure out how to solve my problem by doing this by going into the software and changing things. Now because of this I can't even upload updates.
  Thanks!

  This has become a problem, particularly for MAC folks who use the MAC preview package. You need to indicate that the form needs to be completed with Acrobat or Reader. Reader XI actually allows the form data to be saved now.

• I can not see any download Icon for Mozilla Firefox.

  On your site pages there is no "download" box or icon. So, I am unable to download Mozilla Firefox.

  There should be a green download button at http://www.mozilla.com
  If you can not see it, you can download Firefox from http://www.mozilla.com/en-US/firefox/all.html

• Can't see folders/files but connected to VPN

  I'm trying to connect to my office VPN. Unfortunately, I'm the only person in the office who uses a Mac and our remotely-based IT guy doesn't have a lot of Max experience, so I haven't been able to get much assistance recently.
  After a lot of trying, I finally was able to connect to the VPN tonight. However, now that I'm connected, I don't see any folders/drivers/whatever in my finder. It's as if I'm not even connect. I did search around and see that apparently Macs need a little boost to find and populate those items in the Finder by going to "Connect to Server" in Finder. However, even that doesn't work.
  I've tried "Connect to Server" using the IP address I used to connect to the VPN with –– didn't work. Error comes back as "Check the server name of IP address, and then try again."
  I've also tried connecting via another IP address my IT guy gave me –– that didn't work either. Same error message.
  I have a username and password to access the shared drive on our network. Is there some place I can enter that in the command line or something? Any help? This is so frsutrating. I feel like I've wasted 2 complete nights (hours at a time) trying to get this to work so I can actually do work from home...
  FYI, I'm connected over Cisco VPN IPSec using the Mac OSX internal VPN client.

  Hi
  I have the same issue, I have a Vodafone branded Huawei HG556a with an external drive connected. I have found that it isn't possible to connect via Finder and that SMB doesn't work either. The only way I could connect to it was via FTP using Cyberduck (or Filezilla), but no use as I can't add my media files from the drive to iTunes, so unfortunately disappointing. I'm still looking, but here's the document I was referred too from another forum.
  broadband.vodafone.ie/download/files/storage_mac.pdf
  Although not an answer to your question, hopefully this will give you an idea why you are getting the password and username errors when you know they are correct. In the end when I entered the FTP details into Cyberduck I was able to connect.
  I know this doesn't help solve the problem (as I'm still looking too), but at leas you know why (ish).
  Cheers
  Topes

• CSM 3.1.1 Can't see existing VPN in MAP view

  Hi Friends,
  I have installed cisco security manager 3.1.1 with SP3, RME 4.0.5, MCP 3.0, cisco common services 3.0.5 and AUS 3.1.1
  The existing PIX, ASA and ISR routers are added in RME and its working fine.
  The same devices are import from DCR and added in cisco security manager console.
  I can see the devices in map view but I can't see existing site to site VPN's
  Can anyone help me on this issue.
  Thanks,
  Chandru

  Go through this Site-to-Site/Remote Access/SSL VPN Configuration section of Release Notes for Cisco Security Manager 3.1.1. Inthis section they are discussing about various VPN issues . It might be useful for you.
  http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/3.1.1/release/notes/csmrn311.html#wp80315

• Polycom utilising Cisco WAN device not seeing remote video but remote can see us

  Hi,
  Before I proceed,  I can say this, system was working fine before untill all of a sudden it cannot.
  I Was called in as an expert to assist our Branch Tech who claims no changes were done.
  Now here is the case:
  When I test calling Polycom test sites, my video displays to them but I can't see their video.
  I have captured some log files m the Polycom PC but could not pick out the fault.
  PC can ping the remote end and virtually everything goes through out to Internet.
  We come off an ISP through their VPN wireless link.
  We have a cisco 2800 series router.
  I am not too keen at the Remote end as they can see us not we cannot see them.
  In Our Router we only have Static NT of the internal IP for the polycom PC to the Single Public IP which remote users use to call us.
  Any help would be much appreciated.

  Just got off the phone with SonicWall Support and here is the solution to the AirPlay issue:
  Follow these directions:
  http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=9059&SearchType=ad vanced&referrer=&gpn=&CustID=&bUseEditor=&keyword=airplay&rfield=&sortmethod=re l &usertype=&gpv=&catID2=&formaction=search&catID1=&IncludeHTML=&logsearch=False& c atID3=&TotalResults=5491&sct=KB&submitbutton=Go&match=and
  http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=10132
  If you want to only allow the AirPlay/Bonjour ports, use this list:
  http://bowersandwilkins.custhelp.com/app/answers/detail/a_id/55/~/firewall-ports -utilised-by-airplay
  Finally, enable Interface Trust on the Wireless Interface (Network > Zones).
  AirPlay will work via wireless using these directions!