Configure VPN access on a Cisco WRV210 wireless-G vpn router -range booster

Please help....
I need to configure a vpn on a Cisco WRV210 Wireless-G VPN Router - RangeBooster, i have five users that are going to connect to a file server. windows and Mac laptops will be connecting. The file server access is all set i just need a step by step document to configure the vpn screens on the router.thanks

Hi Robert
You can refer the below link in finding out the exact config to start with.
do make sure that your Cisco 831 box with the current IOS code installed in it supports the required feature to run the same..
http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html#anchor16
regds

Similar Messages

  • Plantronics C12 Wireless Phone a Wireless Killer/Would a Range Booster Linksys Product help with Interference?

    Hi All,
    I am a technician in the I.T field of about 12 years. I am a rather decent troubleshooting, however wireless is not my area of expertise, but I am far from a beginner with it.
    I read in some review that that phone mentioned inthe subject was a wireless killer, but I went ahead and bought it anyway.
    Worked for a while with little issue, but often..as soon as I pick up the phone when receiving a phone call, my Wireless is shot.
    I have tried changing frequencies from 1-11 hearing that 11 was the luckier pick. Nothing seems to be working.
    It is cause and effect when I pick up the phone. Quite sick.
    Plus, very recently it has been drop[ping frequently and intermittently. I have read the articles on intermittent connection and none of it seems to apply.
    I am wondering if there is a way to analyze wireless traffic/noise/interference.
    Live in an apartment and it usually works, but for the past month it has been the worst ever.
    Any ideas?
    Oh, I re-upgraded the firmware to 4,7,1,1 I think Its a WRT54GS V2
    Be good.
    Message Edited by souloffire on 06-20-2007 05:23 PM

    There are also other things that you can do to improve your wireless connections:
    First of all, give your network a unique SSID. Do not use "linksys". If you are using "linksys" you may be trying to connect to your neighbor's router. Also set "SSID Broadcast" to "enabled". This will help your computer find and lock on to your router's signal.
    Poor wireless connections are often caused by radio interference from other 2.4 GHz devices. This includes wireless phones, wireless baby monitors, Bluetooth (including Bluetooth game controllers), microwave ovens, wireless mice and keyboards, wireless speakers, and your neighbor's wireless network. Even some 5+ GHz phones also use the 2.4 Ghz band. Unplug these devices, and see if that corrects your problem.
    In your router, try a different channel. There are 11 channels in the 2.4 GHz band. Usually channel 1, 6, or 11 works best. Check out your neighbors, and see what channel they are using. Because the channels overlap one another, try to stay at least +5 or -5 channels from your strongest neighbors. For example, if you have a strong neighbor on channel 9, try any channel 1 through 4.
    Ultimately, an apartment complex is often a difficult environment to run a wireless system.  Other possible solutions include:  (1) setting up a single (or perhaps just a few) wireless router in the building, and having all users share this router  (2) change your system to wireless a, which runs in the 5+ GHz band  or (3)  change your system to a wired network.
    Hope this helps.

  • QuickVPN at RV110W Wireless-N VPN Firewall

    Good day,
    I try enable VPN remote access from internet trougth RV110W Wireless-N VPN FIREWALL with any result. Please revise my error.
    Pertinent information RV110W:
    WAN Server Address = 200.124.243.172
    LAN Server Address = 192.168.8.111
    Routing Operating Mode = Gateway
    VPN Client Setting Table = Username Protocol QuickVPN
    cert.pem copied into VPN CLIENT Folder
    Log QuickVPN Client
    2013/06/30 20:52:45 [STATUS]OS Version: Unknown
    2013/06/30 20:52:45 [STATUS]One network interface detected with IP address 10.10.10.13
    2013/06/30 20:52:45 [STATUS]Connecting...
    2013/06/30 20:52:45 [DEBUG]Input VPN Server Address = 200.124.243.172
    2013/06/30 20:52:45 [STATUS]Connecting to remote gateway with IP address: 200.124.243.172
    2013/06/30 20:52:46 [STATUS]Remote gateway was reached by https ...
    2013/06/30 20:52:46 [STATUS]Provisioning...
    2013/06/30 20:52:49 [STATUS]Success to connect.
    2013/06/30 20:52:49 [STATUS]Tunnel is configured. Ping test is about to start.
    2013/06/30 20:52:49 [STATUS]Verifying Network...
    2013/06/30 20:52:55 [WARNING]Failed to ping remote VPN Router!
    2013/06/30 20:52:58 [WARNING]Failed to ping remote VPN Router!
    2013/06/30 20:53:01 [WARNING]Failed to ping remote VPN Router!
    2013/06/30 20:53:04 [WARNING]Failed to ping remote VPN Router!
    2013/06/30 20:53:07 [WARNING]Failed to ping remote VPN Router!
    The remote gateway in not responding. Do you want to wait?
    2013/06/30 20:53:10 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
    2013/06/30 20:53:56 [STATUS]Disconnecting...
    2013/06/30 20:54:00 [STATUS]Success to disconnect.
    Thanks for your time,
    Juan L. Mera

    Solution: MTU to 1372 instead of default 1400

  • Cisco WRV210 unable to reset

    I have a Cisco WRV210 wireless router that wont boot correctly after enabling WMM, problem is that after I enabled WMM and router rebooted I only see the power led and DMZ led on but not the wireless led and Internet led. I tried using the reset switch several times and nothing worked. Should I dispose of it and buy a new router or is this one still repairable?

    Alvaro,
    Please call support since the router is still under warranty.
    www.cisco.com/go/sbsc
    - Marty

  • I have an airport extreme with a HP Folio laptop and cannon pixma MX882 printer. when i am VPN'd in thru Cisco vpn and try to print the wireless print connection stops. i Un-VPN and it prints. then i have to go back into VPN to continue?how do i configure

    i have an Airport Extreme wireless router, HP Folio laptop (company supplied) and a Canon PIXMA MX882 wireless printer,copier, scanner and fax.
    when i am VPN's in thru CISCO VPN to my company Intranet site I cannot print wirelessly. i have to turn off VPN, priint and log back into the company intranet site.  is there a way to configure the router so that it is not blocking the signal?
    Tx

    The problem is not the router.. the issue is the vpn has put your computer in a different IP range with a different gateway. When you turn off the vpn the computer returns to local lan and can print.
    Some vpn software allows you to set gateway to use local net instead of remote gateway or access to other webistes or local lan.
    Read up the issue.
    http://stevejenkins.com/blog/2010/01/using-the-local-default-gateway-with-a-wind ows-vpn-connection/
    Cisco vpn client..
    https://supportforums.cisco.com/thread/239113
    I did not search much.. just grabbed the first article I could find that explains the issue.
    The whole point of the vpn is whilst it is connected your computer is NOT part of the Local Lan .. it is part of the Remote LAN via the vpn tunnel.
    It is also a security risk using split tunnelling so often it will not be allowed.
    Plug the printer directly into the computer via usb or whatever.. Local connection will work.. not local lan.

  • Need help configuring Cisco/Linksys wireless router to extend wi-fi signal to living room

    My U-verse wireless gateway is in the back of our house. We live in an old 1920's home with solid wood walls. For our macbooks, we get a pretty decent signal, but my wife's iPad 2 get's poor wi-fi speeds. I bought a Cisco/Linksys WRT160N wireless N broadband router. I have a wired connection in my living room (going to a 4 port switch) then connected to my DVR. I tried hooking up the new router but ended up getting no signal on the iPad. In fact, it caused other issues. I ended up disconnecting it and re-booting my gateway. All came back fine. This wireless router replaces a similar unit that went out in after a power failure, so I know this can be done, but I forget exactly how I confiured the old one. I would like it to "extend" my signal to the living room, but I am also willing to create a new network (different SSID). Do I need to turn of DHCP? Are there any web sites that can assist me in configuring the router? I wish I didn't have to deal with this. The signal from the RG is great when you are in the back room (20+ down). But my wife gets about 3 down on her iPad in the living room. Thanks in advance.

    Hi ,
    I was doing some research on how this can be done. It does not appear there is an option in the Cisco router to set it up as an access point, but there are several options you can do to extend your network. 
    The first thing you can do is just set it up as a router behind router setup, and you will just have two separate networks. Make sure the DHCP pool does not conflict with the U-verse's gateway of 192.168.1.x. 
    The second thing you can do is connect the Ethernet cable to one of the LAN ports on your Cisco router instead of using the internet port. This should make it work like a smart switch. 
    With both setups, you want to probably change the SSID, network key, and wireless security settings to the same thing for wireless roaming abilities. That way, anyone that configures their wireless connection will be connected to both networks. Just make sure the wireless channels are not the same, and I would suggest having them at least 5 apart.
    Hope this helps.
    -ATTU-verseCare

  • Cisco ASA 5505 L2TP VPN cannot access internal network

    Hi,
    I'm trying to configure Cisco L2TP VPN to my office. After successful connection I cannot access to internal network.
    Can you jhelp me to find out the issue?
    I have Cisco ASA:
    inside network - 192.168.1.0
    VPN network - 192.168.168.0
    I have router 192.168.1.2 and I cannot ping or get access to this router.
    Here is my config:
    ASA Version 8.4(3)
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 198.X.X.A 255.255.255.248
    ftp mode passive
    same-security-traffic permit intra-interface
    object network net-all
    subnet 0.0.0.0 0.0.0.0
    object network vpn_local
    subnet 192.168.168.0 255.255.255.0
    object network inside_nw
    subnet 192.168.1.0 255.255.255.0
    access-list outside_access_in extended permit icmp any any echo-reply
    access-list outside_access_in extended deny ip any any log
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    ip local pool sales_addresses 192.168.168.1-192.168.168.254
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    nat (inside,outside) source dynamic net-all interface
    nat (inside,outside) source static inside_nw inside_nw destination static vpn_local vpn_local
    nat (outside,inside) source static vpn_local vpn_local destination static inside_nw inside_nw route-lookup
    object network vpn_local
    nat (outside,outside) dynamic interface
    object network inside_nw
    nat (inside,outside) dynamic interface
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 198.X.X.B 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa authentication enable console LOCAL
    aaa authentication ssh console LOCAL
    aaa authentication http console LOCAL
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    crypto ipsec ikev1 transform-set my-transform-set-ikev1 esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set my-transform-set-ikev1 mode transport
    crypto dynamic-map dyno 10 set ikev1 transform-set my-transform-set-ikev1
    crypto map vpn 20 ipsec-isakmp dynamic dyno
    crypto map vpn interface outside
    crypto isakmp nat-traversal 3600
    crypto ikev1 enable outside
    crypto ikev1 policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh 192.168.1.0 255.255.255.0 inside
    ssh timeout 30
    console timeout 0
    management-access inside
    dhcpd address 192.168.1.5-192.168.1.132 inside
    dhcpd dns 75.75.75.75 76.76.76.76 interface inside
    dhcpd enable inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    group-policy sales_policy internal
    group-policy sales_policy attributes
    dns-server value 75.75.75.75 76.76.76.76
    vpn-tunnel-protocol l2tp-ipsec
    username ----------
    username ----------
    tunnel-group DefaultRAGroup general-attributes
    address-pool sales_addresses
    default-group-policy sales_policy
    tunnel-group DefaultRAGroup ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group DefaultRAGroup ppp-attributes
    authentication ms-chap-v2
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:5d1fc9409c87ecdc1e06f06980de6c13
    : end
    Thanks for your help.

    You have to test it with "real" traffic to 192.168.1.2 and if you use ping, you have to add icmp-inspection:
    policy-map global_policy
      class inspection_default
        inspect icmp
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

  • Need help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 8.2(1)

    Need urgent help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 - 8.2(1).
    The following is the Layout:
    There are two Leased Lines for Internet access - 1.1.1.1 & 2.2.2.2, the latter being the Standard Default route, the former one is for backup.
    I have been able to configure  Client to Site IPSec VPN
    1) With access from Outside to only the Internal Network (172.16.0.0/24) behind the asa
    2) With Split tunnel with simultaneous assess to internal LAN and Outside Internet.
    But I have not been able to make tradiotional Hairpinng model work in this scenario.
    I followed every possible sugestions made in this regard in many Discussion Topics but still no luck. Can someone please help me out here???
    Following is the Running-Conf with Normal Client to Site IPSec VPN configured with No internat Access:
    LIMITATION: Can't Boot into any other ios image for some unavoidable reason, must use 8.2(1)
    running-conf  --- Working  normal Client to Site VPN without internet access/split tunnel
    ASA Version 8.2(1)
    hostname ciscoasa
    domain-name cisco.campus.com
    enable password xxxxxxxxxxxxxx encrypted
    passwd xxxxxxxxxxxxxx encrypted
    names
    interface GigabitEthernet0/0
    nameif internet1-outside
    security-level 0
    ip address 1.1.1.1 255.255.255.240
    interface GigabitEthernet0/1
    nameif internet2-outside
    security-level 0
    ip address 2.2.2.2 255.255.255.224
    interface GigabitEthernet0/2
    nameif dmz-interface
    security-level 0
    ip address 10.0.1.1 255.255.255.0
    interface GigabitEthernet0/3
    nameif campus-lan
    security-level 0
    ip address 172.16.0.1 255.255.0.0
    interface Management0/0
    nameif CSC-MGMT
    security-level 100
    ip address 10.0.0.4 255.255.255.0
    boot system disk0:/asa821-k8.bin
    boot system disk0:/asa843-k8.bin
    ftp mode passive
    dns server-group DefaultDNS
    domain-name cisco.campus.com
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group network cmps-lan
    object-group network csc-ip
    object-group network www-inside
    object-group network www-outside
    object-group service tcp-80
    object-group service udp-53
    object-group service https
    object-group service pop3
    object-group service smtp
    object-group service tcp80
    object-group service http-s
    object-group service pop3-110
    object-group service smtp25
    object-group service udp53
    object-group service ssh
    object-group service tcp-port
    object-group service udp-port
    object-group service ftp
    object-group service ftp-data
    object-group network csc1-ip
    object-group service all-tcp-udp
    access-list INTERNET1-IN extended permit ip host 1.2.2.2 host 2.2.2.3
    access-list CSC-OUT extended permit ip host 10.0.0.5 any
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq www
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq https
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ssh
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ftp
    access-list CAMPUS-LAN extended permit udp 172.16.0.0 255.255.0.0 any eq domain
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq smtp
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq pop3
    access-list CAMPUS-LAN extended permit ip any any
    access-list csc-acl remark scan web and mail traffic
    access-list csc-acl extended permit tcp any any eq smtp
    access-list csc-acl extended permit tcp any any eq pop3
    access-list csc-acl remark scan web and mail traffic
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 993
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq imap4
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 465
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq www
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq https
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq smtp
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq pop3
    access-list INTERNET2-IN extended permit ip any host 1.1.1.2
    access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
    access-list DNS-inspect extended permit tcp any any eq domain
    access-list DNS-inspect extended permit udp any any eq domain
    access-list capin extended permit ip host 172.16.1.234 any
    access-list capin extended permit ip host 172.16.1.52 any
    access-list capin extended permit ip any host 172.16.1.52
    access-list capin extended permit ip host 172.16.0.82 host 172.16.0.61
    access-list capin extended permit ip host 172.16.0.61 host 172.16.0.82
    access-list capout extended permit ip host 2.2.2.2 any
    access-list capout extended permit ip any host 2.2.2.2
    access-list campus-lan_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.150.0 255.255.255.0
    pager lines 24
    logging enable
    logging buffered debugging
    logging asdm informational
    mtu internet1-outside 1500
    mtu internet2-outside 1500
    mtu dmz-interface 1500
    mtu campus-lan 1500
    mtu CSC-MGMT 1500
    ip local pool vpnpool1 192.168.150.2-192.168.150.250 mask 255.255.255.0
    ip verify reverse-path interface internet2-outside
    ip verify reverse-path interface dmz-interface
    ip verify reverse-path interface campus-lan
    ip verify reverse-path interface CSC-MGMT
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-621.bin
    no asdm history enable
    arp timeout 14400
    global (internet1-outside) 1 interface
    global (internet2-outside) 1 interface
    nat (campus-lan) 0 access-list campus-lan_nat0_outbound
    nat (campus-lan) 1 0.0.0.0 0.0.0.0
    nat (CSC-MGMT) 1 10.0.0.5 255.255.255.255
    static (CSC-MGMT,internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255
    access-group INTERNET2-IN in interface internet1-outside
    access-group INTERNET1-IN in interface internet2-outside
    access-group CAMPUS-LAN in interface campus-lan
    access-group CSC-OUT in interface CSC-MGMT
    route internet2-outside 0.0.0.0 0.0.0.0 2.2.2.5 1
    route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    aaa authentication enable console LOCAL
    http server enable
    http 10.0.0.2 255.255.255.255 CSC-MGMT
    http 10.0.0.8 255.255.255.255 CSC-MGMT
    http 1.2.2.2 255.255.255.255 internet2-outside
    http 1.2.2.2 255.255.255.255 internet1-outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map internet2-outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map internet2-outside_map interface internet2-outside
    crypto ca trustpoint _SmartCallHome_ServerCA
    crl configure
    crypto ca certificate chain _SmartCallHome_ServerCA
    certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy
            a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as
      quit
    crypto isakmp enable internet2-outside
    crypto isakmp policy 10
    authentication pre-share
    encryption aes
    hash md5
    group 2
    lifetime 86400
    telnet 10.0.0.2 255.255.255.255 CSC-MGMT
    telnet 10.0.0.8 255.255.255.255 CSC-MGMT
    telnet timeout 5
    ssh 1.2.3.3 255.255.255.240 internet1-outside
    ssh 1.2.2.2 255.255.255.255 internet1-outside
    ssh 1.2.2.2 255.255.255.255 internet2-outside
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    group-policy VPN_TG_1 internal
    group-policy VPN_TG_1 attributes
    vpn-tunnel-protocol IPSec
    username ssochelpdesk password xxxxxxxxxxxxxx encrypted privilege 15
    username administrator password xxxxxxxxxxxxxx encrypted privilege 15
    username vpnuser1 password xxxxxxxxxxxxxx encrypted privilege 0
    username vpnuser1 attributes
    vpn-group-policy VPN_TG_1
    tunnel-group VPN_TG_1 type remote-access
    tunnel-group VPN_TG_1 general-attributes
    address-pool vpnpool1
    default-group-policy VPN_TG_1
    tunnel-group VPN_TG_1 ipsec-attributes
    pre-shared-key *
    class-map cmap-DNS
    match access-list DNS-inspect
    class-map csc-class
    match access-list csc-acl
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class csc-class
      csc fail-open
    class cmap-DNS
      inspect dns preset_dns_map
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y
    : end
    Neither Adding dynamic NAT for 192.168.150.0/24 on outside interface works, nor does the sysopt connection permit-vpn works
    Please tell what needs to be done here, to hairpin all the traffic to internet comming from VPN Clients.
    That is I need clients conected via VPN tunnel, when connected to internet, should have their IP's NAT'ted  against the internet2-outside interface address 2.2.2.2, as it happens for the Campus Clients (172.16.0.0/16)
    I'm not much conversant with everything involved in here, therefore please be elaborative in your replies. Please let me know if you need any more information regarding this setup to answer my query.
    Thanks & Regards
    maxs

    Hi Jouni,
    Thanks again for your help, got it working. Actually the problem was ASA needed some time after configuring to work properly ( ?????? ). I configured and tested several times within a short period, during the day and was not working initially, GUI packet tracer was showing some problems (IPSEC Spoof detected) and also there was this left out dns. Its working fine now.
    But my problem is not solved fully here.
    Does hairpinning model allow access to the campus LAN behind ASA also?. Coz the setup is working now as i needed, and I can access Internet with the NAT'ed ip address (outside-interface). So far so good. But now I cannot access the Campus LAN behind the asa.
    Here the packet tracer output for the traffic:
    packet-tracer output
    asa# packet-tracer input internet2-outside tcp 192.168.150.1 56482 172.16.1.249 22
    Phase: 1
    Type: ACCESS-LIST
    Subtype:
    Result: ALLOW
    Config:
    Implicit Rule
    Additional Information:
    MAC Access list
    Phase: 2
    Type: FLOW-LOOKUP
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Found no matching flow, creating a new flow
    Phase: 3
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   172.16.0.0      255.255.0.0     campus-lan
    Phase: 4
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   192.168.150.1   255.255.255.255 internet2-outside
    Phase: 5
    Type: ACCESS-LIST
    Subtype: log
    Result: ALLOW
    Config:
    access-group internnet1-in in interface internet2-outside
    access-list internnet1-in extended permit ip 192.168.150.0 255.255.255.0 any
    Additional Information:
    Phase: 6
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 7
    Type: CP-PUNT
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 8
    Type: VPN
    Subtype: ipsec-tunnel-flow
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 9
    Type: NAT-EXEMPT
    Subtype: rpf-check
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 10
    Type: NAT
    Subtype:     
    Result: DROP
    Config:
    nat (internet2-outside) 1 192.168.150.0 255.255.255.0
      match ip internet2-outside 192.168.150.0 255.255.255.0 campus-lan any
        dynamic translation to pool 1 (No matching global)
        translate_hits = 14, untranslate_hits = 0
    Additional Information:
    Result:
    input-interface: internet2-outside
    input-status: up
    input-line-status: up
    output-interface: internet2-outside
    output-status: up
    output-line-status: up
    Action: drop
    Drop-reason: (acl-drop) Flow is denied by configured rule
    The problem here as you can see is the Rule for dynamic nat that I added to make hairpin work at first place
    dynamic nat
    asa(config)#nat (internet2-outside) 1 192.168.150.0 255.255.255.0
    Is it possible to access both
    1)LAN behind ASA
    2)INTERNET via HAIRPINNING  
    simultaneously via a single tunnel-group?
    If it can be done, how do I do it. What changes do I need to make here to get simultaneous access to my LAN also?
    Thanks & Regards
    Abhijit

  • Configure vpn 3030 snmp for cisco works 2000

    vpn 3030 snmp error in cisco works 2000
    I want to monitor vpn3030 through vpn monitor,so do some config on vpn3030:
    1)Configuration | System | Management Protocols | SNMP
    enabled port 161
    2)Configuration | System | Management Protocols | SNMP Communities
    public
    3)Administration | Access Rights | Administrators | Modify Properties
    snmp modify config
    I can telent & http vpn3030,but when I run test in in cisco works 2000(server
    configuration|diagnostics|connectivity tools|management station to device)
    it said:
    Interface Status Test Results
    172.16.8.1 DOWN SNMPR failed
    sent: 5 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 size: 91 protocol: snmp_get port: 161
    SNMPW failed
    sent: 0 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 size: 0 protocol: snmp_set port: 161
    about my vpn3030
    Monitoring | System Status Thursday, 10 October 2002 16:40:16
    VPN Concentrator Type: 3030
    Bootcode Rev: Cisco Systems, Inc./VPN 3000 Concentrator Series Version 2.5.Rel Jun 21 2000
    18:57:52
    Software Rev: Cisco Systems, Inc./VPN 3000 Concentrator Series Version 3.0.2.Rel Apr 05 2001
    20:50:58
    Up For: 6d 0:04:27
    Up Since: 10/04/2002 16:35:49
    RAM Size: 128 MB
    There is only a 6509 between cisco works 2000 server and vpn3030,and no restrictions on tcp/ip
    flow.
    Please help me .thanks in advance.

    I test it in cw2000 cdone.
    This is really a strange question.
    the cw2000 server ip address is 10.8.1.122
    the vpn3030 's ip address is 172.16.8.1
    between them is a 6509, ip address is 10.8.1.201
    when I test connectivity between cw2000 server and 6509, everything is good,snmp is ok.
    when i test connectivity between cw2000 server and vpn3030, everything is good,except snmp is not response,while use third party snmp program,snmp status is ok!
    when I change the cw2000 server's ip address to 172.16.8.3 and connect it directly to vpn3030,test connectivity between cw2000 server and vpn3030 ,everything is good,snmp is ok.

  • I need helping!!! configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.

    I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
    I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
    I need to allow the following IP addresses to have RDP access to my server:
    66.237.238.193-66.237.238.222
    69.195.249.177-69.195.249.190
    69.65.80.240-69.65.80.249
    My external WAN server info is - 99.89.69.333
    The internal IP address of my server is - 192.168.6.2
    The other server shows up as 99.89.69.334 but is working fine.
    I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
    THE FOLLOWING IS MY CONFIGURATION FILE
    Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
    Also the bolded lines are the modifications I made but that arent working.
    ASA Version 7.2(4)
    hostname ciscoasa
    domain-name default.domain.invalid
    enable password DowJbZ7jrm5Nkm5B encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.6.254 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 99.89.69.233 255.255.255.248
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    ftp mode passive
    dns server-group DefaultDNS
    domain-name default.domain.invalid
    object-group network EMRMC
    network-object 10.1.2.0 255.255.255.0
    network-object 192.168.10.0 255.255.255.0
    network-object 192.168.11.0 255.255.255.0
    network-object 172.16.0.0 255.255.0.0
    network-object 192.168.9.0 255.255.255.0
    object-group service RDP tcp
    description RDP
    port-object eq 3389
    object-group service GMED tcp
    description GMED
    port-object eq 3390
    object-group service MarsAccess tcp
    description MarsAccess
    port-object range pcanywhere-data 5632
    object-group service MarsFTP tcp
    description MarsFTP
    port-object range ftp-data ftp
    object-group service MarsSupportAppls tcp
    description MarsSupportAppls
    port-object eq 1972
    object-group service MarsUpdatePort tcp
    description MarsUpdatePort
    port-object eq 7835
    object-group service NM1503 tcp
    description NM1503
    port-object eq 1503
    object-group service NM1720 tcp
    description NM1720
    port-object eq h323
    object-group service NM1731 tcp
    description NM1731
    port-object eq 1731
    object-group service NM389 tcp
    description NM389
    port-object eq ldap
    object-group service NM522 tcp
    description NM522
    port-object eq 522
    object-group service SSL tcp
    description SSL
    port-object eq https
    object-group service rdp tcp
    port-object eq 3389
    access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
    access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
    access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
    access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
    access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
    access-list outside_access_in extended permit tcp any interface outside eq 3389
    access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
    access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
    access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
    access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-524.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
    static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    http server enable
    http 192.168.6.0 255.255.255.0 inside
    http 0.0.0.0 0.0.0.0 outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto map outside_map 1 match address outside_1_cryptomap
    crypto map outside_map 1 set peer 68.156.148.5
    crypto map outside_map 1 set transform-set ESP-3DES-MD5
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash md5
    group 1
    lifetime 86400
    crypto isakmp policy 30
    authentication pre-share
    encryption 3des
    hash md5
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    tunnel-group 68.156.148.5 type ipsec-l2l
    tunnel-group 68.156.148.5 ipsec-attributes
    pre-shared-key *
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
    : end
    ciscoasa(config-network)#

    Unclear what did not work.  In your original post you include said some commands were added but don't work:
    static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
    and later you state you add another command that gets an error:
    static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
    You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
    The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface.  Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
    Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive?  Static PAT usually makes sense when you need to change the TCP port number.  In your example, you are not changing the TCP port 3389.

  • I just set up an Optus Cisco DPQ3925 wireless router to access higher speed internet I signed up for. I have a 4th gen airport extreme I want to put in another room and use as a wifi extender the wifi but I get an error message each time I try. Help?

    Hello all.
    I have just set up a new cisco DPQ3925 wireless router that Optus sent me to be able to access the higher speed internet I have signed up for.
    I have a 4th gen apple extreme that I want to use to extend the wifi but when I try to update the settings via the airport utility I get a message that says it cannot do so, and to check it is in range and the wifi is set up correctly. I'm not experienced with these things but I can't think what I have done wrong.
    Is anybody able to help me please.

    You cannot use the AE to extend wireless from a non apple router such as your cisco modem router.. they are not compatible..
    You need to tie to the two devices together either with ethernet or something like EOP adapters.. They are about $120 and you can price match in officeworks.

  • Can cisco MSE(mobility service engine) configured to work with non-cisco access points?

    I understand that access points can be configured to forwards all the probe requests to cisco wifi controller. cisco MSE(mobility service engine) gets the probes from wifi controller to find the location of the mobile devices.
    My question, can cisco MSE(mobility service engine) be configured to work with non-cisco access points?

    No and the reason why is the NMSP communication from the MSE to the WLC. Other vendors don't support this so there is no communication happening.
    -Scott

  • Implement a Cisco WAP200E Wireless-G Exterior Access Point

    Hi everybody,
    I am asked to install a Cisco WAP200E Wireless-G Exterior Access Point into my company network infrastructure.
    But there is an issue that I would like you to help me to solution it.
    In fact the AP mentioned above is a PoE device, and our Switch is not PoE (Cisco Catalyst 2960 24TC-L).
    How to make my Wireless device works without having to change my Switch?
    Thank you for helping

    You can get a POE injector & power it without changing the switch.
    http://www.cisco.com/c/en/us/products/collateral/wireless/wap200e-wireless-g-exterior-access-point-poe/data_sheet_c78-503126.html
    Also better if you could move this thread to Small Business Support community where you may get more responses.
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Cisco Guest Wireless Access Solution - Local Printing

    Hi,
    Does Cisco have a solution that provides printing for a guest WLAN. Cisco Guest wireless deployment solutions recommend terminating the guest WLAN on an anchor controller in the DMZ which causes issues when needed to print locally as the print traffic will need to traverse the DMZ anchor controller causing excessive WAN link usage.
    Is there a better solution to enable a guest WLAN to print locally?

    FlexConnect with Split tunneling may work. 
    Read about this feature & see how that can be used in your branch setup. Here is the Ciscolive presentation slides the above came from.
    BRKEWN-2016: Architecting Network for Branch Offices with Cisco Unified Wireless 
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Configuring the iPhone and your environment for wireless corporate email

    I'm posting this as a top level thread, because I'm certain that there are others out there, who like me, are trying to figure this out.
    Configuring the iPhone for Enterprise Use
    With Apple’s release of the iPhone, IT organizations are presented with an interesting challenge. Senior execs, gadget heads, and technoratti are all flocking to this device, heralded as the be all and end all of smartphone telecommunications technology. As these devices begin to flood into our organizations, we are met with the challenge to ‘make it work’.
    After much explaining that the iPhone is not intended for Enterprise integration, and many discussions surrounding the technical feasibility of bringing said devices into the fold, and being the resident Mac and Linux head with an iPhone in hand, I decided to embark on the mission of making one ‘work’. I succeeded in part, however it’s not the kind of ‘work’ that is going to be viable for most end users.
    First of all, it’s important to understand that the email client for the iPhone is a modified version of Mac’s Mail program. Not the best client in the world, but it does support Exchange integration. It also does external email sources, such as Yahoo and gMail, very well. For my interest though, I’m focusing on the Exchange integration functionality, as that is just about everyone’s corporate standard.
    Bringing this task to fruition requires some understanding about the limitations of the iPhone, as well as some of its current quirks. Wireless802.11x, EDGE, VPN and Mail are all components necessary to provide a serviceable solution for mobile email access, and each of these things has some peculiarities that don’t appear to be fully worked out by Apple at this time.
    For instance, within my organization, we have a secured wireless connectivity option available within our building; however, the SSID of this network is not broadcast, for the obvious reasons. SO, connecting the iPhone to it is a manual process of defining the network, and automatic reconnection seems to be very hit or miss, so it becomes far less of an option for any form of direct network access to your Exchange environment. (As an example, I had to redefine that network, on the iPhone, at least half a dozen times during this process.)
    The other components have equally quirky issues, and I will discuss the how’s to get around them below.
    In coordinating this into a cohesive plan however, I will break this into three sections;
    1. Wireless and EDGE connectivity
    2. VPN access to your network
    3. Connecting to Exchange
    So, without further ado;
    Wireless and EDGE Connectivity
    The wireless capabilities of the iPhone are, on the surface at least, excellent. It connects seamlessly to unsecured networks, offers the option of prompted or unprompted automatic connectivity, and is capable of 802.11G performance. Not bad for such a small package. However, it is very limited in the forms of secure network access it supports. These are, to quote Apple’s website; (and my iPhone)
    WEP Password
    WEP hex or ASCII
    WPA (personal)
    WPA2 (personal)
    Now, due to the obvious security problems in implementing WEP security, it’s likely that any network you run into is going to be WPA or WPA2. The iPhone ONLY supports the personal versions of these protocols, so be aware of this going into the situation. If you’re not connecting to your work or school wireless, and you’re entering the information correctly, then it’s probably because they have the Enterprise version of one of the protocols enabled. If that is the case, then you’re either hunting for unsecured hotspots, or else depending on EDGE.
    In my case, I did have access to a WPA2 (Personal) enabled wireless signal to connect to my internal network. I thought my problem was half solved! I defined the connection, the wireless capability of the phone worked perfectly, and I was connected. I was wrong. Apparently, and judging from the Mac forums I’m not alone in this, the iPhone does not do a very good job of RE-connecting to a secured wireless network. It does an even worse job, when this is coupled with the fact that it doesn’t do a very good job reconnecting to a wireless network with an unpublished SSID.
    After much fiddling and research into this, I determined that this simply was not the way to go, and I abandoned the idea. I wasn’t about to compromise my network security in order to get this silly phone working! So, that left me with either unsecured WiFi, or EDGE.
    Either one of these connects pretty seamlessly, and gives me a relatively decent Internet connection. There are some issues being reported of the iPhone swapping between EDGE and WiFi for not apparent reason, but that said, it can still be made to work.
    Now that I had this connection outside of my network, I obviously had to consider options for getting a secured connection into my network, which of course leads us to;
    VPN Access Into Your Network
    Being that this device was touted as the ‘real internet’ I was very excited to see if I could achieve this connection through my SSL VPN appliance. To make a long story short, I could not. Because Apple’s idea of the ‘Real Internet’ apparently does not include those wacky concepts like Java support, this proved to be impossible. My Apple cohorts will scream that it does support JavaScript, but we all know that that and 2 bucks will get you a small coffee at Starbucks… and not much more.
    (The iPhone also does not support Flash, but that’s a topic for another conversation. I know, how could they leave that out? I’m amazed too, but then Steve Jobs always has been a bit too arrogant for his own good… I mean what does he expect, we’re all going to rewrite everything into QuickTime??? Please.)
    Since that option didn’t work, I was left with the wide selection of two possibilities provided within the iPhone software. Either, a PPTP or L2TP VPN tunnel.
    We went ahead and configured a PPTP connection on one of our Cisco routers in order to test this. It didn’t work. I couldn’t connect to it. Tried and tried. Nada. SOOOO, we said OK, and configured a L2TP connection on one of our Cisco routers, with similar results.
    Figuring that this was something in the config, we called Cisco, and did the technical support dance with them for several days, trying one thing after another to get this connection to actually work. Nothing helped, and it never worked using either protocol. Then, I noticed an obscure article somewhere on some website that said something to the effect that getting one of these tunnels to work from the iPhone to Cisco was nigh on impossible.
    About the same time, my senior network guy said screw it, let’s put this on a Microsoft server. And so we did. Now, this is interesting in it’s own right, because configuring out of the box L2TP or PPTP on a Microsoft server results in a default authentication method of Windows Authentication. This does not work for the iPhone, because it has no idea what to do with the Windows security token it receives. So, you authenticate, and then are immediately dropped due to an inability to communicate with the PPP server.
    Fortunately, we (as do most organizations) have a Radius server. We selected Radius authentication, configured both sides of the Radius authentication setup properly, and launched the PPTP tunnel…. AND…. EUREKA!!! The iPhone’s VPN software connected, authenticated, got an IP, and I was on the network! Well, no.
    After about 2 seconds, I realized that while I did indeed have a connection, I couldn’t do anything with it. Couldn’t even browse to an internal site via IP address. The connection was up, the connection was working, the connection was useless.
    So, we decided to give L2TP a shot. Configured it pretty much identically to the PPTP setup, used Radius, launched the iPhone client, and finally, after many days of screwing around, it worked. Now all I needed was to get my email working, so I started working on;
    Connecting to Exchange
    In the Mail program on the iPhone, the first time you launch it, you’re presented with the ability to configure an email source. However on subsequent or additional accounts, you must go under Settings, Mail to get to this functionality.
    Going into the Mail configuration, I selected an additional account, the account type is, of course, Exchange. The configuration components are pretty obvious, however some things of note are;
    Do NOT include your domain information in the User Name field
    For all Host Names, use the fully qualified domain name of the server, or else IP
    You WILL need to have SMTP enabled somewhere in order to send email
    Anyway, I set all this up, and nothing happened. It said that my server was not responding. Did a little research, and it turns out that the only way to connect to Exchange is through an IMAP4 connection, and just in case you didn’t know, IMAP4 is disabled by default, so you have to enable and configure it.
    Went onto the Exchange server, set the service to Auto, Started the listener, and finally, at long last, EUREKA! I finally had Corporate email on my iPhone, connecting securely, and not sending anything plain text anywhere. Hooray!
    Now for the problems with this solution;
    First of all, it depends upon VPN access into your environment, something that you may or may not be comfortable with. One good thing is that the iPhone does prompt for password to reconnect, and will tie the continuity of the VPN connection into the general phone lock security, such that an inability to provide the appropriate access code to a locked phone results in the VPN not being accessible.
    The VPN of course is dependant upon a reliable network connection. I’ve noticed that it’s somewhat graceful in switching between WiFi and EDGE, however it’s not totally graceful, and you can experience some hinky things, like being able to send and not receive, or the mail client saying ‘Connecting’ for about 5 minutes before it figures things out.
    The best cure for this is to simply stop and restart the VPN connection. Note that when you reconnect, the first attempt will prompt you for a numeric password, this is meaningless unless you have the device lock turned on. Just enter anything. (I think this is another bug) THEN it will re-prompt you for your real VPN password.
    This solution for email delivery is obviously dependant upon the VPN connection being active. I’ve noticed that at times the iPhone will disconnect the VPN (probably when service switching) and not bother to mention it. When that happens, of course the VPN must be restarted.
    For the lazy, this is an inconvenient solution because while it would appear that the iPhone will cache the VPN password, in fact it will not. That means that each re-launch requires that you re-enter your password. Not terrible for me, but I could see it being very tedious for the average corporate user.
    The OSX Mail client has several little deficiencies, which may or may not impact your use of the device in this manner. For instance, if you have subfolders defined for your inbox, and server side rules to move mail into them, then you will not see any synchronization of that mail until you actually select the subfolder. Also, since there is such poor management of attachments and downloads, moving anything around via email on this device is nigh on impossible.
    EDGE access to your corporate email, via a VPN, is a bit sloooooow. It works, it’s certainly fast enough for my purposes, but it’s not the slick quick access that we’ve all become accustomed to with Blackberry and Good devices. The lack of 3G support becomes a very noticeable shortcoming here.
    (Why Apply didn’t simply partner with Good Technologies to crank out a client for this thing, I’ll never understand, but I guess you can refer to my comment above about certain people’s arrogance.)
    The biggest problem of all of course is that it’s simply klugey. I hate klugey. But, with the capabilities at this device’s disposal, and given Apple’s ambitious, if a bit idiotic, stance that no third party will develop software for the iPhone, then this is about as good as it’s going to get for now.
    It is my understanding that overseas there is some initiative underway to provide a more seamless Visto or Synchronica integration for enterprise email. However, given Apple’s unbelievably restrictive agreement with ATT regarding this device and the OTA necessity of delivering the client, I seriously doubt if we’ll see this in the near future in the US.
    But I digress, so…
    In Conclusion
    This solution is not for the faint of heart, it doesn’t work all that well, and it has way too many moving parts that are subject to failure. However, I would say that this solution is serviceable for the corporate technology professional who needs email, and really, REALLY wants the other features of the iPhone. (ie, phone whores such as me.) It requires patience, it requires an understanding that this is not a 100% thing, and there definitely needs to be a prebuilt expectation that this device will not serve your email in anything approaching the manner to which you’ve become accustomed.
    As long as all of that is okay though, then go right ahead, set it up, and enjoy!
    The Short Version;
    (I put this at the end because I want everyone to feel my pain!)
    Wireless:
    Use unsecured wireless or EDGE. Secured wireless may be serviceable as long as the SSID is broadcast, but there are known issues with this.
    VPN:
    L2TP, shared secret, running on Microsoft server, with Radius. (May work elsewhere, but doesn’t seem to run on Cisco at all) Accounts enabled for external access.
    Exchange:
    Configure IMAP4 Virtual Server on your Exchange environment, ensure that you have some SMTP resource for outbound email, use fully qualified domain names for all servers (or IP) in the mail config and do not include any domain prefix or suffix for user accounts.
    The BIG Disclaimer at the End
    Please note that all of this is provided ‘as is’. It worked for me, and I hope it works for you. To my knowledge, it’s not endorsed by Apple, and I’m not in the business of providing support for this thing. If it breaks something, if it doesn’t work, or if you simply don’t like it or me, I don’t care. However, if you have a question, and I’m not busy, and I feel like answering, I may lend a hand. You can email me at
    Matthew dot Yotko at mac dot com
    Don’t be surprised or offended if I don’t answer. Also, understand that I don’t check this address every day… Maybe a couple times a week.
    Macbook Pro   Mac OS X (10.4.10)   iphone

    Thanks, now I understand why the wifi keeps dropping. On my personal wireless network, it also seems the distance from the access point is not good compared to my laptop. At work our network & exchange teams don't seem to have the desire to struggle with this "toy" until customers start forcing its adoption. I am using OWA and it works fine over EDGE. I will share your posting with them.
    Thank you again.
    Dell   Windows XP Pro

Maybe you are looking for

  • Export to Excel - File Name WAD 7.0

    Hi All, I am using Export to Excel Functionality with WAD 7.0 to export the report to excel format. I have used button web item, with an excel picture above it. The functionality works fine. But while exporting the name of excel file shown is WAD 7.0

  • Varying font size based on information entered in a field

    Please let me know if there is a way to adjust the font on a fillable field so that whatever is keyed in the field will fit. We can do this in Word with autofit and were hoping that there was a way to do this in Acrobat. We are using Acrobat Pro 7, b

  • Transport of Class (CL02) and Characteristics (CT04)

    Hi Gurus, Can both class and characteristics be transported using ALE. Example from DEV to QAS? I understand in CT04, it is not possible. Everything need to be done manually to the specific system/client. Thanks in advance, Azir

  • Tme Saving day light 2015 in Egypt

    Dears , The Government in Egypt cancel work with time saving daylight , so i need hot-fix to adjust my time saving in our production environment as the time adjust to forward the clock one our on 1 may ,we want to cancel this action  Thanks Ahmed

  • HT203128 Iphone 5s internal device error, cannot sync

    I have an internal device error on iTunes 12 related to my iPhone 5s IOS 8.3.  Is this a backup/restore action to get rid of the error?