Configure vpn connection

How can I configure the openvpn connection? Thank you.

Hi, see if the basics here are of any help...
http://www.it.northwestern.edu/oncampus/vpn/native/mac.html

Similar Messages

How to Configure an Cisco 5505 for PPTP VPN connectivity

I currently have a Cisco ASA 5505(ASA Version 8.2(1), and ASDM gui version 6.2) and a Windows 2008 R2 server with one NIC card. Currently the router is connected to the interent sucessfully using the 'outside' interface(devices connected to the 'inside' interface have access to the internet and are assigned IP addresses via DHCP on the Windows 2008 Server which is also connected to the 'inside' interface) When connected with a client on the inside interface I can establish a VPN connection with the W2008 server, however when I try to connect through the internet I cannot. I have tried researching this on the internet, but have not had much luck. I know it has something to do with pptp port and allowing gre, but I am not familiar enough with configuring Cisco devices or the language they use, to configure this router. I feel as though I am missing something small but very critical. Any help or feedback you can provide regarding this issue is most appreicated, thank you.
*Edit: I have attached a network diagram of what I am trying to accomplish, and I have also attached a dump of the current running-config.

Hi,
Below is the link to the admin guide for the RV042. Chapter 9 covers the configuration of site to site VPN’s and begins on page 123.
http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
If you need further assistance please feel free to contact Cisco Small Business for help in configuring and troubleshooting your VPN.
Thank you,
Jason Nickle

Configuring PPP options for only one VPN connection

How do you configure PPP options for only one VPN connection that is using L2TP over IPSec? The built-in VPN client in 10.4.9 is failing authentication because it won't talk MSCHAP-V2 (this is the only authentication protocol I can use) with the server. I am able to establish a connection if I add the following to /etc/ppp/options:
refuse-eap
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
However, these options will affect all PPP connections. The preference file that contains the network configurations (/Library/Preferences/SystemConfiguration/preferences.plist) also contains PPP options for each specific network service. After some searching around, I found that there are several keys that seem promising (MSCHAP2, etc.). But these keys take a string value and I have no clue what they should be. These keys are defined in SCSchemaDefinitions.h file.
Any ideas?
Mac OS X (10.4.9)

Hi Brian,
I just tried to check all of ADDT´s "includes" files for any internal references (read: "require" or "require_once" statements) to the file "tNG_config.inc.php". So far I can only see this file referenced in the file "tNG.inc.php" (within the "$KT_tNG_uploadFileList1" array).
So what could this mean ? Maybe you´ll have to make copies of the the original "tNG.inc.php" as well and save them as, say, "tNG.inc_ital.php" file plus make sure that these copies internally point to a different "tNG_config_ital.inc.php" file -- because it´s always the first mentioned file which gets referenced from e.g. an ADDT login page (see the "Load the tNG classes" - part)
I want to use ADDT’s User Registration Wizard and I have looked at all the neat stuff in the Control Panel/Login Settings
The Control Panel will always update the main "tNG_config.inc.php" file, so any further modifications will have to become manually applied to the custom files you´re creating.
Cheers,
Günter

Possibility to configure Freedome VPN connection on unsupported devices

I have this idea, which I think would be useful in this world of many different OSes:
I suggest that you would make it possible to, for example, configure the VPN connection on Windows Phone. Windows Phone has the possibility to configure VPN profiles at the settings, and so do many other OSes that are not supported by Freedome. This would also solve the problem of having no VPN on Linux. Of cource it wouldn't be as easy as pressing a big button, but many privacy-aware users would benefit from it.

Hi Jay,
So, when you say you need to connect your website to your Local Network, is your website a Paas instance or a IaaS instance, i.e., website hosted in a VM using IIS?
Do you have a single instance of the website or multiple instances that have been added to a VNET and need to be connected to the On-Premise Network?
What VPN device are you using to connect Azure to On-Prem?
If you have one website instance that needs to connect to an On-prem network Point-to-Site (P2S) connection would make sense. However, if you have multiple instances of your website in a VNET you would need a Site-to-Site (S2S) connection.
Please be advised that only devices that support Dynamic Routing Gateway would work when configuring P2S connections.
Regards,
Malar.

I established a VPN configuration and connected but cannot connect to server?

I work from an imac at home and need to connect to my work server and files. I established the VPN configuration and connected to the building but cannot access the server. What am I doing wrong or what else do I need to do.

Once your VPN is connected, you still need to log in to the server(s) you are using. This does not necessarily happen automatically - you may have to manually log in to your server(s).   To do this, in the Finder menu do Go > Connect to Server and enter the server address. If these are windows servers it's probably an SMB connection in which case you would enter smb://<serveraddress> in the server address field.
Best bet is to talk with the IT folks where you work, as you may need specific information about how to log in to your server(s). There are ways to automate the login but you first need the correct login details (server address, userID, password).
If you want to automate the login process, here's a simple Applescript that I wrote in my own case. Create this using Applescript Editor. After testing, save it as an Application; then in System Preferences you can add it to your list of Login Items so it runs automatically whenever you sign in to your Mac. Of course, your VPN will have to already be connected in order for this to actually work.
delay 30
tell application "Finder"
    mount volume "smb://servername1/mountpoint_A"
    mount volume "smb://servername2/mountpoint_B"
end tell
(Note: "servernameX/mountpoint_Y" is the address of each of the 2 servers I log into, except that in this example they are completely fictitious names.)

How can I use VPN connection to access my Outlook email?

My company doesn't support iPhone's so I can't get any help from them -- here is my problem:
We run Outlook 2003 and they won't tell me the server name for Outlook. I have been able to connect to our Cisco VPN and access internal webpages, etc. Is there anyway I can use this VPN connection to retrieve my Outlook email?
Or is there anyway I can identify the server name I need to allow the iphone to connect to my Outlook?
Any help would be much appreciated.

Yes, it is possible to connect via VPN. However,if IT hasn't set up ActiveSync on the internal Exchange server, this won't work anyway.
The server name for your Exchange server is in the configuration of Outlook, so you can find it and use that to connect. But that doesn't mean that things are set up correctly to have this work.
To find your server name, (this is for Outlook 2007), Tools->Options and double-click on the account under the Email tab. The server name is next to "Microsoft Exchange server" on that screen.

ASA 5510 Anyconnect VPN question-"Hairpin" vpn connection on same external interface

I have a Cisco ASA 5510, I want to allow a VPN connection to be established by a client on one of the inside interfaces(10.20.x.x) to be able to go out the single External interface and get authenticated by the ASA to create a VPN tunnel to the other inside interface (10.0.X.X) and access resources on that subnet.
Basically want clients on a WLAN to be able to VPN back in to the LAN with the ASA in the middle to get to company resources,
Is this possible?
Thanks,
Tommy

When we connect any VPN on a device then it is always a TO THE DEVICE connection and I am afraid we can connect only to the local / nearest interface where user is connected in a network with respect to ASA.
I have seen this scenario working though earlier with one of my clients wherein he has configured his DNS server accordingly so that depending upon the source of the DNS request an appropriate IP address was provided for same DNS name. For example if user from IP address range 192.168.0.0 range connects to abc.com then it will get IP address 192.168.1.1 and if a user from range IP address10.0.0.0 connects then it will get 10.1.1.1.
If we configure the same scenario as well then your requirement will be fulfiled with same name however VPN has to be enabled on wireless interface again. If not, then as you have described configuring a new domain name for VPN connection only for wireless users should do the deal.
Regards,
Anuj

How to configure VPN with Cisco ASA 5505 behind Actiontec MI424WR

I'm trying to test my Cisco VPN client from my workplace to my home where I have a Cisco ASA 5505 (VPN server) behind the Actiontec MI424WR. I'm able to Ping the Actiontec external IP. I also have Port Forwarding for IKE and IPSec configured on the Actiontec, but I cannot establish the VPN connection.
What do I need to configure on the Actiontec to make this work?
Also, when I test this at home, the MI424WR acts as the DHCP server for my laptop and the Cisco outside interface. At home, I'm able to establish the VPN connection from my laptop to the ASA, allowing me to see a shared drive behind the ASA. However, at home, I cannot go to the Internet while using the VPN client.
Thanks for any help.
Steve
Solved!
Go to Solution.

http://www.dslreports.com/faq/verizonfios/3.0_Networking
those are the best sample config's and resources on how to set the FiOS network
Bridging is possible but difficult. That link will give you great info on it.
Are you a FiOS customer that has phone/internet/tv
or no tv? or no phone? You have to be careful on your configuration or you might lose some TV features and functionality, like the Interactive Program Guide, or the VOD or the Widgets.
Sorry the Portforwarding wasn't enough to resolve your issue, I am not sure that it's a Actiontec config you are looking for, from my understanding of Cisco's and FiOS it may be something behind the cisco that is causing an issue. You may want to reach out to the Cisco admin that manages that, and find out if there are additional ports that are required and then you can come back and configure those ports too.

Dual Remote VPN Connection

Hello Guys
i created three different Remote VPN connections with three different networks . i can make them one but for some reasons i don't mix all.
and iam using Cisco asa 5505 with Shrew Soft VPN software , so my problem is
- i connected Shrew soft remote vpn , if i try to connected another remote vpn connection this will not accept the second connection , so please can any one give me a remote vpn connection software that accepts more than one connection

Hi,
Since you mention the ASA and the VPN I presume you are trying to connect by VPN Client to the same ASA?
Why would you want to have several VPN client connections at the same time? (Though I think that isnt even possible)
What are you trying to accomplish by these 3 different VPN Client configurations configured on the same ASA?
Isnt it just possible to configure one VPN Client connection to the ASA that would handle all the traffic of these 3 VPN Client connections?
- Jouni

Multiple VPN connection question

I want to connect two on-premise locations to azure. The hardware in these locations only support static routing so per the documentation I can only connect on site to site tunnel to the vpn connection in azure.
Im curious what my options are, can I add two vpn's in azure and make it all work that way? Also if I wanted could I simply run a VM (windows rras, linux, etc) inside my VNET and make it a VPN server that can accept two tunnels?
thanks

Hi Chris,
Please be advised that for a Multi-Site VPN, you need to have a VPN Device that is compatible with Dynamic Routing.
You could refer the following link for details about Multi-Site VPN:
http://msdn.microsoft.com/en-us/library/azure/dn690124.aspx
And the following link for the list of Azure Compatible VPN Devices and the Routing Configurations they support:
http://msdn.microsoft.com/en-us/library/azure/jj156075.aspx#bkmk_VPN_Devics
Also, please be advised Microsoft Azure Virtual Machines do not support Remote Access and Routing Roles.
You could refer the following link for details:
http://support.microsoft.com/kb/2721672
Regards,Malar.

Slow transfer speed over VPN connection

Hello,
Recently I setup an SSL VPN to connect to my parent's home network. I have some computers there, and want to try to transfer files between my computer and the one at my parent's. Over the VPN connection, I only get 128kb/s. On both ends, they are 15Mbps connections, and can support internal copies of 4 megs/s. I feel like I should get a better speed than that. I looked around, and people suggested changing the MTU. I have changed the MTU around, and not noticed any increase in the network speed over the VPN. Currently the MTU is at 1500. Below is a copy of my running config. Any thing I'm overlooking, or is this speed normal? Sorry, still relatively new to the ASA 5505.
ASA Version 8.2(5)
hostname HardmanASA
enable password #####
passwd ###### encrypted
names
interface Ethernet0/0
switchport access vlan 20
interface Ethernet0/1
switchport access vlan 10
interface Ethernet0/2
switchport access vlan 10
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
switchport access vlan 10
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan10
nameif inside
security-level 100
ip address 192.168.250.1 255.255.255.0
interface Vlan20
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
access-list nat_0 extended permit ip 192.168.250.0 255.255.255.0 192.168.251.0 255.255.255.0
access-list split_tunnel standard permit 192.168.250.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
ip local pool VPN_Pool 192.168.251.100-192.168.251.101 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list nat_0
nat (inside) 10 192.168.250.0 255.255.255.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.250.0 255.255.255.0 inside
http 192.168.251.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.250.0 255.255.255.0 inside
ssh 192.168.251.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
management-access inside
dhcpd dns 8.8.8.8
dhcpd address 192.168.250.20-192.168.250.50 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
svc image disk0:/anyconnect-linux-2.5.2014-k9.pkg 3
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 8.8.8.8
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel
username ###### password ###### encrypted
tunnel-group AnyConnect type remote-access
tunnel-group AnyConnect general-attributes
address-pool VPN_Pool
tunnel-group AnyConnect webvpn-attributes
group-alias AnyConnect enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:74fc2287573841a837e97887840a2d91
: end

Hi,
Another option is the use of the compression command, this is usually enabled by default but maybe you can enter it due to is not showed in the running config, the command is compression svc.
Note: The command helps when we have low bandwitdh connections, the command reduces the size if the packets, for broadband connections this can decrease regular performance
Regards,
Sent from Cisco Technical Support iPhone App

Branch Office DC Demand Dial VPN connection keeps failing

here is me issue
Our Branch Office DC is connected to Main Office DC with a Demand Dial Connection in RRAS Everything is connected fine for a little bit then its like the connection just gives out, it stays connected but i cannot ping the branch office DC with the local
IP from the Main Office or access any network shares on it. When this happens i have to disconnect the server at the remote office and wait for it to reconnect im currently baffled as there are no Error LOGS to help me along and there doesnt seem to be anything
that would be causing the issue for now until i get some answers as to what is going on i opened a command prompt on the DC here at the main office and i typed "ping 10.141.70.25 -t100" to monitor the connection more or less and when i see it timeout
i reconnect it, i also have the networking tab open in task manager to monitor the LAN and RAS (Dial-In) Interface the LAN doesnt seem too active but the RAS Interface does its got a constant network utilization of 0.28% and the Demand Dial interface
on the remote office DC has a Utilization of 0.38% (Server Just disconnected as i was typing this and the utilization on the VPN connections on both servers went through the roof) heres the troubleshooting i have tried so far
1. Rebooted both office DC`s at the same time
2. Rebooted the branch office DC alone (this helped a little because the connection is staying active longer without fail)
3. looked through all RRAS configuration on both servers to see if theres any mistakes by any other administrators (None Were Found)
4. Used wireshark to see if there was anything interfering or that would cause this to happen (Nothing found)
5. manually connected to the server in multiple ways like accessing network shares and remote management via MMC and manually making the servers replicate to see if any of that was causing issues and it wasnt
My thoughts: im starting to think it may be a switch or something causing the connection issue at the branch office because the main office has all new routers and switches and just recently got a 100.00MBPS connection but nothing was affected for a good
month so im not thinking it is the new connection or anything at the main office if theres something im overlooking here please let me know if some ipconfig /all results are needed i can provide them
Viper Technologies Computer Repair Putting The Venomus Bite Back In Your Computer We Are Located In Antigonish ,NS Canada Check Us Out HTTP://WWW.VIPERTECHNOLOGIES.TK

Hi,
Are there any error messages on the event log ?
Meanwhile, it is more network issue, i think you may ask in network forums:
http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverNIS
Regards.
Vivian Wang

Configuring network connectivity for VM's on Hyper-V 2012 R2 Server

Hi,
We have installed Hyper-V server 2012 R2 on a server and trying to configure 10 VM's.
on the host machine we have 4 ethernet adpaters available ,for now we have enabled only one.
Questions :
1)Can we use only one adapter and configure all the VM's ?
-- if we use only one adapter for connecting all the VM's will there be any performance or connectivity issues ?
2) Do we need to configure virtual switches ?
Note :Users will access VM's using VPN connectivity .
What is the recommended one .Please suggest
Thanks

Thanks Bill for your replies.
Everything is working fine now. all the VM's are getting the IP addresses.
The "Allow management operating system to share this network adapter" was unchecked. We checked that and restarted the hyper-v server.
By default it is checked ,accidentally it might have been unchecked.
Everything is working fine now.
Thanks again for your inputs.

UNABLE TO ACCESS THE INTERNET FROM LOCAL PROVIDER ON A SITE-TO-SITE VPN CONNECTION

Dear All,
I have a site-to-site connection from point A to point B. From point B i am unable to access the internet from local internet provider.
I am trying to ping from 192.168.20.1 the dns 8.8.8.8 but i receive the message "destination net unreachable".
When i run "show ip nat translation" i receive nothing.
The vpn connection is working properly, i can ping the other side 192.168.10/24
Below is the configuration of the cisco router on point B.
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.21.254
ip dhcp pool voice
network 192.168.21.0 255.255.255.0
default-router 192.168.21.254
option 150 ip 192.168.5.10
ip cef
ip domain name neocleous.ru
ip inspect name IOS_FIREWALL tcp
ip inspect name IOS_FIREWALL udp
ip inspect name IOS_FIREWALL icmp
ip inspect name IOS_FIREWALL h323
ip inspect name IOS_FIREWALL http
ip inspect name IOS_FIREWALL https
ip inspect name IOS_FIREWALL skinny
ip inspect name IOS_FIREWALL sip
no ipv6 cef
multilink bundle-name authenticated
vty-async
isdn switch-type primary-net5
redundancy
crypto isakmp policy 5
hash md5
authentication pre-share
group 2
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
lifetime 28800
crypto isakmp policy 50
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key Pb85heuvMde9Wdac5Qohha7lziIf142u address [ip address]
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10
crypto ipsec transform-set TRANSET esp-aes esp-sha-hmac
crypto ipsec transform-set TRANSET2 esp-des esp-md5-hmac
crypto ipsec df-bit clear
crypto map CryptoMAP1 ipsec-isakmp
set peer [ip address]
set transform-set TRANSET
match address CryptoACL
interface FastEthernet0/0
description Primary Provider
ip address [PUBLIC IP MAIN PROVIDER] 255.255.255.252
ip access-group outside_acl in
ip mtu 1390
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map CryptoCY
crypto ipsec df-bit clear
interface FastEthernet0/1
description TO LAN
no ip address
load-interval 30
speed 100
full-duplex
interface FastEthernet0/1.1
description DATA VLAN
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip access-group inside_acl in
ip nat inside
ip inspect IOS_FIREWALL in
ip virtual-reassembly in
ip tcp adjust-mss 1379
interface FastEthernet0/1.2
description VOICE VLAN
encapsulation dot1Q 21
ip address 192.168.21.254 255.255.255.0
interface Serial0/2/0:15
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn incoming-voice voice
no cdp enable
interface FastEthernet0/3/0
no ip address
ip access-group outside_acl in
ip nat outside
ip virtual-reassembly in
shutdown
duplex auto
speed auto
crypto map CryptoCY
ip local pool VPNPool 192.168.23.2 192.168.23.10
ip forward-protocol nd
ip http server
no ip http secure-server
ip nat inside source list nat_list interface FastEthernet0/3/0 overload
ip route 0.0.0.0 0.0.0.0 [default gateway ip]
ip access-list standard VTY
permit 192.168.20.0 0.0.0.255
ip access-list extended CryptoACL
permit ip 192.168.20.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.21.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.21.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.21.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.21.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip host 192.168.22.1 192.168.5.0 0.0.0.255
permit ip host 192.168.20.1 192.168.5.0 0.0.0.255
permit ip host 192.168.22.1 192.168.6.0 0.0.0.255
ip access-list extended DFBIT_acl
permit tcp any any
ip access-list extended inside_acl
permit ip 192.168.20.0 0.0.0.255 host 192.168.3.35
permit ip 192.168.20.0 0.0.0.255 host 192.168.3.39
permit ip 192.168.20.0 0.0.0.255 host 192.168.3.23
permit ip 192.168.20.0 0.0.0.255 host 192.168.3.18
permit ip 192.168.20.0 0.0.0.255 host 192.168.3.55
permit ip 192.168.20.0 0.0.0.255 host 192.168.10.144
permit ip 192.168.20.0 0.0.0.255 host 192.168.10.146
permit ip 192.168.20.0 0.0.0.255 host 192.168.10.141
permit ip host 192.168.20.253 host 192.168.3.21
permit ip host 192.168.20.254 host 192.168.3.21
permit ip 192.168.20.0 0.0.0.255 host 192.168.3.10
permit ip 192.168.20.0 0.0.0.255 host 192.168.20.254
ip access-list extended nat_list
deny ip host 192.168.20.254 192.168.10.0 0.0.0.255
deny ip host 192.168.20.254 192.168.3.0 0.0.0.255
deny ip host 192.168.20.1 192.168.3.0 0.0.0.255
deny ip host 192.168.20.1 192.168.10.0 0.0.0.255
deny ip host 192.168.20.2 192.168.3.0 0.0.0.255
deny ip host 192.168.20.2 192.168.10.0 0.0.0.255
permit ip host 192.168.20.1 any
permit ip host 192.168.20.2 any
permit ip host 192.168.20.254 any
ip access-list extended outside_acl
permit gre any host [ip address]
permit esp any host [ip address]
deny ip any any
ip sla 2
icmp-echo 192.168.10.254 source-interface FastEthernet0/1.1
frequency 180
timeout 500
ip sla schedule 2 life forever start-time now
logging 192.168.3.21
route-map DFBIT_routemap permit 10
match ip address DFBIT_acl
set ip df 0
route-map ISP2 permit 10
match ip address nat_list
match interface FastEthernet0/3/0
route-map nonat permit 10
match ip address nonat_acl
route-map ISP1 permit 10
match ip address nat_list
match interface FastEthernet0/0

You cannot access internet, because all traffic is tunneled for VPN !!!!
Please see cisco tech documentation and bypass traffic for internet.
eg. if lan traffic is going from site a to site b then through vpn
else
lan traffic to internet (any) should be out thorugh the vpn .

Unable to access local resources or RDP over VPN Connection

Dear Tech People.
I have a Windows 7 computer that I have created a VPN service through Windows on. I am able to connect to the VPN from outside of my network with my Macbook Air. However, I am unable to connect to the computer via RDP, nor can I ping my PC that
I am VPN'd into (192.168.1.252). When I am connected, the IP address that I am assigned, is 192.168.1.150. When I run ipconfig /all, I can see the "RAS < Dial In> Interface for VPN, and it is setup with an ip address of 192.168.1.151
with a /32 subnet mask. There is no default gateway listed, which is why I believe that this is not working. I cannot determine any way to make this change.
Basically, I have a VPN connection that I can do nothing with. I cannot access shared resources, nor can I start a remote desktop session. The pass through is setup for PPTP with my router, which I believe is working, as I couldn't even connect
prior to this. Below is the full results of my ipconfig /all command on my Windows PC:
C:\Users\Zach>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Serenity
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : att.net
PPP adapter RAS (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : RAS (Dial In) Interface
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.151(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : att.net
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : BC-5F-F4-85-5E-A8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2602:306:ce94:2570:3144:306c:cdae:d615(Pr
eferred)
Temporary IPv6 Address. . . . . . : 2602:306:ce94:2570:bd83:220:80a0:eb1e(Pre
ferred)
Link-local IPv6 Address . . . . . : fe80::3144:306c:cdae:d615%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.252(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, October 26, 2013 7:27:27 PM
Lease Expires . . . . . . . . . . : Thursday, October 31, 2013 7:28:28 AM
Default Gateway . . . . . . . . . : fe80::22e5:64ff:fe0c:5640%11
192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 247226356
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-2E-8E-B2-BC-5F-F4-85-5E-A8
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d906:32d3:7108:1227%15(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.18.39(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 335564886
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-2E-8E-B2-BC-5F-F4-85-5E-A8
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fc76:1de8:a7c3:27dd%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.135.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 352342102
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-2E-8E-B2-BC-5F-F4-85-5E-A8
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.att.net:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : att.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{20B8F51C-F852-41EF-9F9B-1D0107550D1E}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{8CCEC9EC-0685-4C6A-A87A-CED27B6C93E5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Any thoughts or help would be greatly appreciated.

Hi,
I'm so glad you have solved the issue in this way.
And thanks for your sharing, your solution shared here will provie other people in this forum with a great help!
Regards,
Ada Liu
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Configure vpn connection

Similar Messages

Maybe you are looking for