Disconnect wi fi at vpn authorization
Hi everyone.
I have next problem:
If I connect to vpn server via wifi then authorization does not work
If I connect to vpn server via patch cord then the connection is established.
What could be the problem?
Please help me(
connection diagram:
I'm not VPN expert but lets check some things.
does the Wi-Fi provide the same LAN segment/IP Range as the cable?
is Wi-Fi working without VPN?
Is there any rule on the Server that prevents maybe Wi-Fi clients or the IP range used by Wi-Fi.
Any Client Policy that prevents that?
Br,
Sebastian
pls. rate if helpful
Similar Messages
-
Gmail in Mail app disconnects once connected to VPN in LION
hi ,
i am new to MAC . i have configured mac mail for all my email ids . I have configured my company email along with my personal email . I have to connect tthrough vpn to access my cpmpany emails . i am using built in cisco vpn in LION to connect . But once i connect to vpn all my remaing emails get disconnected in mail app . there will be no updation in any of my personal emails(gmail). But i am able to acces my personal email when i login through browser.
if my company is not allowing to access gmail when connected to vpn then it shouldn't be accessable through browser . i am able to access my mails through browsers. Even gmail in ichat disconnects once i connect to VPN i could see yahoo connected some times in ichat but never for gmail .
Once i disconnect from vpn all mails will be back to orginal state and my company mail shows disconnected . which is acceptable as i am not connected to vpn to access it .
Is it problem with mail app or vpn ?
thanks
somWhen you delete a POP account in Mail it deletes the messages in the Inbox. These should download again as All Mail. BTW, when you select Archive it will move messages out of the Inbox to the All Mail folder.
I suggest you start with a new Mail profile. This will not include any previous emails and accounts. We can discuss importing those later.
Quit Mail
Go to the User's Library folder. This folder is hidden by default. To unhide: Select the Finder in the Dock. Under Go in the Menu bar > hold down the Option key and you’ll see the Library.
Scroll to Containers. Drag the com.apple.mail folder to the Desktop
Rename Mail folder to MailXX (you can revert if needed)
Go to Preferences. If you find any com.apple.mail.plist files, delete these.
Log out under the Apple in the Menu bar
Log in
Open Mail
Before you add your Gmail account, I suggest you do a bit of clean up in your browser first.
See suggestions here.
Use Gmail with Mavericks Mail
http://www.needhelp4mac.com/2013/12/use-gmail-with-mavericks-mail/
It will take some time to download 19 GB. Note: some users have selected not to sync the All Mail folder. You might want to disable sync at first until you get your folders and new Inbox downloaded. After adding All Mail, I would let it sync overnight.
(Fair disclosure: Needhelp4Mac is my site. I may receive some form of compensation, financial or otherwise, from my recommendation or link.) -
I'm trying to authorize users on a vpn against MS active directory through an ACS. I can get RADIUS authentication to work, but I need to be able to limit access based on user, and so far all I'm getting is just authentication. Is there a way to map a vpn 3000 group to an ACS group?
The Cisco VPN 3000 Concentrator has the ability to lock users into a Concentrator group which overrides the group the user has configured in the Cisco VPN 3000 Client. In this way, access restrictions can be applied to various groups configured on the VPN Concentrator with the assurance that the users are locked into that group with the RADIUS server.
For configuration section refer to the following link:
http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800946a2.shtml -
Outlook is disconnected while connected over VPN
In our Beijing office a user's Outlook cannot connect to exchange server, however, when he connect to VPN his Outlook can normally send or receive email.
It is so funny, have you ever encountered a similar situation or maybe you can provide a useful suggestion?Hi Frank,
Which version of Exchange server are you using?
Does this issue only happen to the certain user?
Do you have Outlook Anywhere enabled?
Did you get any error message when it failed to connect?
Please provide more information about this issue so that we can fix it more efficiently.
Meanwhile, you may follow this link to troubleshoot the issue:
http://hosting.intermedia.net/support/kb/?id=1183
Please Note: Since the web site is not hosted by
Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Since this issue is also related to Exchange server, I'd recommend you post a same question in the Exchange forum to see if there is any good suggestions:
https://social.technet.microsoft.com/Forums/office/en-US/home?category=exchangeserver
Regards,
Steve Fan
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs. -
Network Location Awareness disconnecting Wi-Fi when VPN connected
Hi All,
We have VPN software which creates a virtual NIC. When it connects using the Wi-Fi bearer interface we often see that the Wi-Fi connection drops after exactly 60 seconds from the VPN establishing an IP address. We only get this problem when the VPN is used
on Windows 8. Windows 7 never has this issue. We have looked at NCSI, allowing packets through the Wi-Fi interface, and network profiles nut no success.
We found that when the "Network Location Awareness" service is disabled (which also stops the dependent services Network List, HomeGroup and Network Connected Devices Auto-Setup) then the Wi-Fi connection is reliable. This leads us to think that
NLA takes control of the Wireless interface to drop the connection. We cannot find any information on NLA changes in Windows 8, as we don't get the issue on Windows 7.
Any insight appreciated.
AlanHi,
Have you tried to establish a VPN connection with windows integrated VPN client? If it works, it means that the software VPN client affects the WIFI connection.
If it still doesn’t work, you may check this,
Try to connect to other Aps.
Install latest WIFI NIC driver.
It could be the security software issue. Try clean boot for a test.
Besides, is there any error or warning related to WIFI or VPN in the event viewer? It is helpful for further troubleshooting.
Hope this helps.
Steven Lee
TechNet Community Support -
Android phone constantly disconnects and reconnects to vpn
When using verizon 4G the android anyconnect constantly disconnects and reconnects. When it is connected for about 10 seconds it is working normally. This does not happen on the phone when the user is connected to wifi. It is only on 4G.
5|Oct 30 2014|10:42:45|722028|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> Stale SVC connection closed.
5|Oct 30 2014|10:42:45|722028|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> Stale SVC connection closed.
6|Oct 30 2014|10:42:45|725007|70.199.141.46|11874|||SSL session with client outside:70.199.141.46/11874 terminated.
6|Oct 30 2014|10:42:45|725007|70.199.141.46|11874|||SSL session with client outside:70.199.141.46/11874 terminated.
5|Oct 30 2014|10:42:44|722028|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> Stale SVC connection closed.
5|Oct 30 2014|10:42:44|722028|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> Stale SVC connection closed.
6|Oct 30 2014|10:42:44|725007|70.199.141.46|11872|||SSL session with client outside:70.199.141.46/11872 terminated.
6|Oct 30 2014|10:42:44|725007|70.199.141.46|11872|||SSL session with client outside:70.199.141.46/11872 terminated.
6|Oct 30 2014|10:42:22|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> UDP SVC connection established without compression
6|Oct 30 2014|10:42:22|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> UDP SVC connection established without compression
5|Oct 30 2014|10:42:22|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New UDP SVC connection replacing old connection.
5|Oct 30 2014|10:42:22|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New UDP SVC connection replacing old connection.
6|Oct 30 2014|10:42:22|725002|70.199.141.46|11874|||Device completed SSL handshake with client outside:70.199.141.46/11874
6|Oct 30 2014|10:42:22|725002|70.199.141.46|11874|||Device completed SSL handshake with client outside:70.199.141.46/11874
6|Oct 30 2014|10:42:21|725003|70.199.141.46|11874|||SSL client outside:70.199.141.46/11874 request to resume previous session.
6|Oct 30 2014|10:42:21|725003|70.199.141.46|11874|||SSL client outside:70.199.141.46/11874 request to resume previous session.
6|Oct 30 2014|10:42:21|725001|70.199.141.46|11874|||Starting SSL handshake with client outside:70.199.141.46/11874 for DTLS session.
6|Oct 30 2014|10:42:21|725001|70.199.141.46|11874|||Starting SSL handshake with client outside:70.199.141.46/11874 for DTLS session.
6|Oct 30 2014|10:42:21|725001|70.199.141.46|11874|||Starting SSL handshake with client outside:70.199.141.46/11874 for DTLS session.
6|Oct 30 2014|10:42:21|725001|70.199.141.46|11874|||Starting SSL handshake with client outside:70.199.141.46/11874 for DTLS session.
4|Oct 30 2014|10:42:21|722051|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> IPv4 Address <192.168.75.101> IPv6 address <::> assigned to session
4|Oct 30 2014|10:42:21|722051|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> IPv4 Address <192.168.75.101> IPv6 address <::> assigned to session
6|Oct 30 2014|10:42:21|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> TCP SVC connection established without compression
6|Oct 30 2014|10:42:21|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> TCP SVC connection established without compression
5|Oct 30 2014|10:42:21|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New TCP SVC connection replacing old connection.
5|Oct 30 2014|10:42:21|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New TCP SVC connection replacing old connection.
6|Oct 30 2014|10:42:21|725002|70.199.141.46|11872|||Device completed SSL handshake with client outside:70.199.141.46/11872
6|Oct 30 2014|10:42:21|725002|70.199.141.46|11872|||Device completed SSL handshake with client outside:70.199.141.46/11872
6|Oct 30 2014|10:42:20|725001|70.199.141.46|11872|||Starting SSL handshake with client outside:70.199.141.46/11872 for TLS session.
6|Oct 30 2014|10:42:20|725001|70.199.141.46|11872|||Starting SSL handshake with client outside:70.199.141.46/11872 for TLS session.
5|Oct 30 2014|10:41:48|722028|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> Stale SVC connection closed.
6|Oct 30 2014|10:41:48|725007|70.199.141.46|8787|||SSL session with client outside:70.199.141.46/8787 terminated.
5|Oct 30 2014|10:41:48|722028|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> Stale SVC connection closed.
6|Oct 30 2014|10:41:48|725007|70.199.141.46|8799|||SSL session with client outside:70.199.141.46/8799 terminated.
6|Oct 30 2014|10:41:21|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> UDP SVC connection established without compression
5|Oct 30 2014|10:41:21|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New UDP SVC connection replacing old connection.
6|Oct 30 2014|10:41:21|725002|70.199.141.46|8787|||Device completed SSL handshake with client outside:70.199.141.46/8787
6|Oct 30 2014|10:41:21|725003|70.199.141.46|8787|||SSL client outside:70.199.141.46/8787 request to resume previous session.
6|Oct 30 2014|10:41:21|725001|70.199.141.46|8787|||Starting SSL handshake with client outside:70.199.141.46/8787 for DTLS session.
6|Oct 30 2014|10:41:21|725001|70.199.141.46|8787|||Starting SSL handshake with client outside:70.199.141.46/8787 for DTLS session.
4|Oct 30 2014|10:41:20|722051|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> IPv4 Address <192.168.75.101> IPv6 address <::> assigned to session
6|Oct 30 2014|10:41:20|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> TCP SVC connection established without compression
5|Oct 30 2014|10:41:20|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New TCP SVC connection replacing old connection.
6|Oct 30 2014|10:41:20|725002|70.199.141.46|8799|||Device completed SSL handshake with client outside:70.199.141.46/8799
6|Oct 30 2014|10:41:19|725001|70.199.141.46|8799|||Starting SSL handshake with client outside:70.199.141.46/8799 for TLS session.
6|Oct 30 2014|10:31:19|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> UDP SVC connection established without compression
5|Oct 30 2014|10:31:19|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New UDP SVC connection replacing old connection.
6|Oct 30 2014|10:31:19|725002|70.199.141.46|8529|||Device completed SSL handshake with client outside:70.199.141.46/8529
6|Oct 30 2014|10:31:19|725003|70.199.141.46|8529|||SSL client outside:70.199.141.46/8529 request to resume previous session.
6|Oct 30 2014|10:31:19|725001|70.199.141.46|8529|||Starting SSL handshake with client outside:70.199.141.46/8529 for DTLS session.
6|Oct 30 2014|10:31:19|725001|70.199.141.46|8529|||Starting SSL handshake with client outside:70.199.141.46/8529 for DTLS session.
4|Oct 30 2014|10:31:18|722051|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> IPv4 Address <192.168.75.101> IPv6 address <::> assigned to session
6|Oct 30 2014|10:31:18|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> TCP SVC connection established without compression
5|Oct 30 2014|10:31:18|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New TCP SVC connection replacing old connection.
6|Oct 30 2014|10:31:18|725002|70.199.141.46|8540|||Device completed SSL handshake with client outside:70.199.141.46/8540
6|Oct 30 2014|10:31:18|725001|70.199.141.46|8540|||Starting SSL handshake with client outside:70.199.141.46/8540 for TLS session.I experienced the same problem with my Lumia 800 and the MyWay audio/navi/BT telephone system in my previous and current Citroën C5 (both latest model (PhIII)): http://discussions.nokia.com/t5/Nokia-with-Windows-Phone/Bluetooth-and-3G/td-p/1288591 .
I first thought it had something to do with switching from G to 3G and back. But in the end I discovered that BT on the Lumia 800 just disabled itself, while connected to my cars BT system. I have started the procedure to send my Lumia tot Nokia Care. Keep You informed. -
T500 Windows 7 blue screen on VPN disconnect
Brand new T500 came with Win7 preinstalled. Machine is connected to a Windows domain at work, and I VPN into various clients' networks. Often (not always) when I disconnect the standard Microsoft VPN, the screen goes black, and I see the disk active for less than one minute, and then the system is hung - no response to mouse, ctl-alt-del, etc.. I power down by holding down the power button, then power up. Windows reports recovering from a bluescreen. I have already used ThinkVantage System Update to load the latest drivers for everything.
Any ideas?The same problem to me T500 Win7 64 bits 4GB RAM. 2 or 3 time weekly the laptop is accidently stop working with black screen, strange noise and for a while hard drive activity. If somebody knows the solution of this problem will be very good I updated the BIOS and every kind of driver updates but no changes. There still persist the problem.
-
Hi,
I have several L2L VPN's to the Microsoft Azure cloud and I am see these randon disconnects once very hours or so, an dfrom the logs it looks like a what is a delete message that is sent from the other side. we dont have any timouts on our side, has anyone seen this type of issue, we have other L2L to other places and no issue there.
ThanksWe are experiencing the exact same issue you are describing. If we keep an RDP session open, about every 57 minutes it disconnects briefly, then the VPN comes back online.
In the case we have open with Microsoft, they said to look at whats called Quick mode security association lifetime. For Azure, its hard coded at an hour. 3600 seconds is what it needs to be on the Cisco side. Apparently if it is set to more than this, Azure will disconnect.
Here are our settings, however, which seem to indicate we have things set up as they suggest.
crypto map External_map4 13 match address External_cryptomap_12
crypto map External_map4 13 set peer [ip address removed for security of this post]
crypto map External_map4 13 set ikev1 transform-set ESP-AES-256-SHA
crypto map External_map4 13 set security-association lifetime seconds 3600
crypto ikev1 policy 3
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac -
ASA and ACS 5 multiple VPN profiles for one user
Hi there
I have a question about ACS 5.3 and ASA VPN profile authorization. I am not sure if it is possible to allow one single user for a set of VPN profiles on ASA, let's make an example:
ACS 5.3 group hierarchy:
- VPN users global
-- VPN users A
-- VPN users B
ASA VPN profiles:
- VPN profile A
- VPN profile B
- VPN profile Z
VPN authorizations:
1. VPN users global should have access to VPN profiles A, B and Z (here we create an authorization profile with no class an no lock attributes, so the group is allowed for all VPN profiles)
2. VPN users A should have access to VPN profile A (here we create a authorization profile with class and lock attributes for profile A)
3. VPN users B should have access to VPN profiles B and Z (is this possible and how does the authorization profile have to look like?)
Thanks a lot in advance and best regards
DominicHi Dominic,
first of all, let's clarify that on the ASA you have tunnel-groups (named connection profiles in ASDM) and group-policies. These often, but not always, have a one-to-one mapping.
The Tunnel-Group (TG) is either selected by the user (either from a drop down list or by entering a specifiv group-url), or automatically selected by a certificate map (i.e. based on a certain field in the user cert, the user is mapped to one TG or another). The TG mainly specifies what kind of authentication is used.
The Group-Policy (GP) by default is the one specified in the TG, but it can be overridden by e.g. Radius.
So from the ASA's standpoint itself your posibilities are rather limited: the ASA will just apply whatever group-policy you push from Radius (in IETF attribute 25 aka "Class"), and in addition it will deny access to a user if the TG he selected does not match the value of the group-lock attribute. Group-lock can only contain one TG name, so you cannot do something like "allow both B and Z".
In other words you can not achieve your goal if the Radius server has a "static" set of attributes per user.
However, as of ASA 8.4.3 the ASA now sends 2 vendor-specific attributes in the Access-Request:
vendor ID = 3076, attribute 146 is "Tunnel Group Name" (string).
vendor ID = 3076, attribute 150 is "Client Type" (integer)
0 = No Client specified 1 = Cisco VPN Client (IKEv1) 2 = AnyConnect Client SSL VPN 3 = Clientless SSL VPN 4 = Cut-Through-Proxy 5 = L2TP/IPsec SSL VPN 6 = AnyConnect Client IPsec VPN (IKEv2)
So if you can configure the Radius server to "dynamically" permit/deny access based on the TG attribute I suppose you could achieve what you want.
If/how ACS can do this, I personally don't know; I suggest you ask in the AAA forum if you need help with that part.
hth
Herbert -
When I set up my iPhone with our local VPN network it works without problem. However, once the the iPhone locks itself it takes about 1,5 minutes until it also closes down the VPN connection.
From what I can tell, this seems to be a power setting as this only happens when the iPhone is not plugged into my machine.
Does anyone know how tor prevent this.Check VPN disconnection settings on your VPN router. In our case our ASA 5520 had a default setting of disconnecting VPN wireless client each 30 minutes. After removing that it improved. Now it drops only when Rogers service is dropping. Still looking into those settings.
-
VPN issues after updating to Cisco AnyConnect 3.1.04072?
Even after downloading the most recent version of Cisco Client 3.1.04072 (see below) I'm still getting a periodic disconnect and reconnect from my VPN client. Issue only seems to occur when I'm connecting from outside my company's wi-fi network. Happens on both my personal and on public wi-fi. Is anyone else experiencing a similar issue?
Changes in AnyConnect 3.1.04072 (and 3.1.04074)
The Mac OS X versions of AnyConnect were updated to 3.1.04074 to resolve the problem of frequent disconnects of the AnyConnect VPN on systems running Mac OS X 10.9 (Mavericks). Apple is aware of this issue and you can reference Apple Bug Report ID 15261749 if you want to open your own case with them. AnyConnect 3.1.0474 also supports Mac OS X 10.8, 10.7 and 10.6.
Once Apple provides a fix for OS X 10.9, we may choose to retract this workaround. At that time, both versions 3.1.04074 and 3.1.04072 of AnyConnect will work reliably with Mac OS X 10.9.
Defect CSCui69769 was fixed by version 3.1.0704.
AnyConnect 3.1.04072 is a maintenance release that resolves the defects described in Caveats Resolved by AnyConnect 3.1.04072 and is compatible with Host Scan Engine Update, 3.1.04075.Pete is right, I apparently don't know how to read version numbers! I downloaded the 3.1.05152 version of Cisco AnyConnect, and I no longer experience the reconnect issue on Mavericks. Yea!
In my defense, there is no such version 3.1.04074 listed on the download page:
http://software.cisco.com/portal/pub/download/portal/select.html?&mdfid=28300018 5&flowid=17001&softwareid=282364313
So I mistakenly downloaded 3.1.04072 in a moment of dyslexia. I suspect I'm not the first person to come along and do this!
PS: You need a service contract with Cisco to download this file. If you don't have one, and/or your IT administrator isn't able to provide you with one, you might try doing a google search for the actual filename: anyconnect-macosx-i386-3.1.05152-k9.dmg. If you go this route, at least compare the md5 checksum with the one listed on Cisco's website (it shows up if you hover your cursor over the file) to ensure you're not running a hacked VPN client. For example, running "md5 anyconnect-macosx-i386-3.1.05152-k9.dmg" should produce a884f2092d08f006b2dc3a5054988f1c. If it does not, it's not the same binary as on Cisco's downloads page so you probably don't want to run it. -
WLC 5508 7.0.98.0 has vpn client connection issues
Hi
my guest ssid is set to L2 security none and L3 Web policy and authentication local. clients that need to connect to some vpn server (internet) are reporting disconnection issues with the vpn session but not the wireless network. as soon as they get connected via another wireless internet connection the vpn connection gets stable. that makes me thing is in deed the my wireless network the one causing issues. is there a know issues with the web authentication WLAN and vpn clients? no firewall in the middle.
Exclusionlist.................................... Disabled
Session Timeout.................................. Infinity
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ xxxxxxxxxxxxxxxx
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
--More or (q)uit current module or <ctrl-z> to abort
Quality of Service............................... Bronze (background)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
ACL............................................. Unconfigured
Web Authentication server precedence:
1............................................... local
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
Band Select...................................... Disabled
Load Balancing................................... DisabledThanks Scott,
We have two controllers and all the APs (50) are associated with the primary Controller,what is the best path to follow for the upgrade.
we don't have Field recoversy image installed on our controller, do we have to do the FSU upgrade?
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.98.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... N/A
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS
System Name...................................... Airespace_01
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 10.0.0.201
Last Reset....................................... Power on reset
System Up Time................................... 9 days 2 hrs 57 mins 21 secs
System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... Multiple Countries:US,CN,DE,TW,HK
Is the below Upgrade Path make sense ?
1. Upgrade the Primary controller and reboot- wait till all APs associate with primary controller and download the new image
2. Upgrade the secondary controller and reboot
3. Failover the APs to secondary controller and test
Siddhartha -
RRAS - VPN Server and Client have same subnet
Hello,
We have a VPN server setup in RRAS on our 2008 R2 server. The VPN works fine. Clients can connect and get to resources on our server fine.
The issue is that one client has a subnet of 192.168.1.0/24 and the subnet our server uses is also 192.168.1.0/24.
When the client connects, he can get to resources on our server. However, he needs to be able to get to an IP address of 192.168.1.4 using Remote Desktop that is on his local network. He also needs to get on IP 192.168.1.3 via Remote Desktop on the remote
network.
Is there a way we can accomplish this without changing subnets?For anyone else who needs an answer to this, this is the batch file I created using these links:
http://pastebin.com/HV2GmDAk
http://superuser.com/questions/788924/is-it-possible-to-automatically-run-a-batch-file-as-administrator
Here is the content of it:
REM --add the following to the top of your bat file--
@echo off
:: BatchGotAdmin
REM --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
echo Requesting administrative privileges...
goto UACPrompt
) else ( goto gotAdmin )
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params = %*:"=""
echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /B
:gotAdmin
pushd "%CD%"
CD /D "%~dp0"
rem You need to replace:
rem <VPN> with the Name of the VPN connection you created
rem <USER> with the vpn user
rem <PASS> with the vpn pass
rem @echo off
@echo make sure to be disconnected!
rasdial "Your VPN" /d
@echo start to connect to vpn
rasdial "Your VPN" username password
netsh interface ip show config name="Your VPN" | findstr "IP" > ip.dat
set /p ip= < ip.dat
del ip.dat
set ip=%ip:~-13%
@echo VPN IP is %ip%
@echo Delete 192.168.1.0 route
route delete 192.168.1.0
set target=192.168.1.3
@echo Add route for %target%
route add %target% mask 255.255.255.255 %ip%
timeout /T 3 > nul -
Tiger VPN (PPTP) connection issues
Hello everyone.
I'm having major issues trying to connect to office VPN from home; hoping someone can point me in the right direction. (And my profound apologies in advance for the long post -- just trying make sure to include enough detail to debug whatever might be happening)
At the office we have a 3Com OfficeConnect VPN Firewall sitting in front of a Microsoft 2003 Exchange server. (3Com product page for this VPN box is http://www.3com.com/products/en_US/detail.jsp?tab=features&sku=3CR870-95&pathtyp e=purchase). Home connection is a Linksys WRT54GL wireless router in front of a broadband cable modem. PPTP pass-through is enabled in the router config.
At home I have a WinXP-SP2 laptop and my G4 Powerbook (OS 10.4.7) sitting side-by-side. From the XP laptop, I can get into the VPN using XP's built-in client without any problems. The DNS lookup and authentication steps take about 2-3 seconds combined. Once the connection is established, both external sites (cnn.com) and internal sites (intranet.companyname.local) load in a browser window without any appreciable delay. I can also access Windows shared drives on the internal network without problems, including large (10's of MB or more) file copies to/from the XP laptop's HD.
On the Powerbook, using Tiger's built-in VPN client, I can connect OK (though the authentication step takes a bit longer, about 4-5 seconds), but after that, almost nothing works. I can ping the internal DNS server, but after a few pings with reasonable delays (~15 millisecond range), the round-trip times suddenly jump to handfuls of seconds. In the browser, trying to load an internal webpage (http://intranet.companyname.local) times out before anything shows up on screen. In Finder, using Go>Connect to Server... very slowly establishes the connection (~10-15 seconds or longer), and sometimes opens a Finder window... but then invariably times out. I have never once had the connection remain stable enough to transfer so much as a single file from the shared volume onto the Powerbook's Desktop before it times out and disconnects.
On the XP machine, relevant(?) VPN config settings are:
require secured password
require data encryption (disconnect if none)
PPTP VPN
LCP extensions enabled
software compression enabled
multi-link negotiation for single link connections DISABLED
server type = PPP
transports = TCP/IP
authentication = MS CHAP
encryption = MPPE 128
compression = none
PPP multilink framing = off
and, once the VPN connection is established, parameters are (from "ipcofig /all"):
Windows IP Configuration
Host Name . . . . . . . . . . . . : (companyname)-hj2
Primary Dns Suffix . . . . . . . : (companyname).local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : (companyname).local
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2915ABG Network Connection
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.104
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
PPP adapter (ConnectionName):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.70
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 172.16.0.70
DNS Servers . . . . . . . . . . . : 172.16.0.11
finally, results of "ping -n 10 (InternalServer)":
Pinging (InternalServer).(companyname).local [172.16.0.5] with 32 bytes of data:
Reply from 172.16.0.5: bytes=32 time=4ms TTL=128
Reply from 172.16.0.5: bytes=32 time=10ms TTL=128
Reply from 172.16.0.5: bytes=32 time=10ms TTL=128
Ping statistics for 172.16.0.5:
Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 10ms, Average = 9ms
On the Powerbook, I have a VPN (PPTP) connection set up with "Send all traffic over VPN connection" unchecked. In the Network panel of System Preferences, I have tried manually adding (and removing) "local, (companyname).local" in the Search Domains line, and manually adding (and removing) the IPs of our internal DNS servers (172.16.0.5, 172.16.0.11) under the TCP/IP tab. Proxies are turned off in all cases.
With those settings, the relevant(?) parts of running "ifconfig" from a Terminal window after starting the VPN are as follows:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::XXX:XXXX:XXXX:XXXX%en1 prefixlen 64 scopeid 0x5
inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
ether XX:XX:XX:XX:XX:XX
media: autoselect status: active
supported media: autoselect
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr XX:XX:XX:XX:XX:XX:XX:XX
media: autoselect <full-duplex> status: inactive
supported media: autoselect <full-duplex>
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1444
inet 172.16.0.69 --> 172.16.0.11 netmask 0xffff0000
The associated connection log from Internet Connect is:
Tue Jul 18 08:50:57 2006 : PPTP connecting to server 'vpn.(companyname).com' (XXX.XXX.XXX.XXX)...
Tue Jul 18 08:50:57 2006 : PPTP connection established.
Tue Jul 18 08:50:58 2006 : using link 0
Tue Jul 18 08:50:58 2006 : Using interface ppp0
Tue Jul 18 08:50:58 2006 : Connect: ppp0 <--> socket[34:17]
Tue Jul 18 08:50:58 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xb851f701> <pcomp> <accomp>]
Tue Jul 18 08:50:58 2006 : rcvd [LCP ConfReq id=0x1 <mru 1492> <auth chap MS> <magic 0x80697000>]
Tue Jul 18 08:50:58 2006 : lcp_reqci: returning CONFACK.
Tue Jul 18 08:50:58 2006 : sent [LCP ConfAck id=0x1 <mru 1492> <auth chap MS> <magic 0x80697000>]
Tue Jul 18 08:50:58 2006 : rcvd [LCP ConfRej id=0x1 <asyncmap 0x0> <pcomp> <accomp>]
Tue Jul 18 08:50:58 2006 : sent [LCP ConfReq id=0x2 <magic 0xb851f701>]
Tue Jul 18 08:50:58 2006 : rcvd [LCP ConfAck id=0x2 <magic 0xb851f701>]
Tue Jul 18 08:50:58 2006 : sent [LCP EchoReq id=0x0 magic=0xb851f701]
Tue Jul 18 08:50:58 2006 : rcvd [CHAP Challenge id=0x1 <4f0656add65818c2>, name = "Guest"]
Tue Jul 18 08:50:58 2006 : sent [CHAP Response id=0x1 <0000000000000000000000000000000000000000000000004c86e5ccf08b95431034ef14706021 d358dc21b96a59157301>, name = "(UserName)"]
Tue Jul 18 08:50:58 2006 : rcvd [LCP EchoRep id=0x0 magic=0x80697000]
Tue Jul 18 08:50:58 2006 : rcvd [CHAP Success id=0x1 "Authentication succeeded, welcome!"]
Tue Jul 18 08:50:58 2006 : CHAP authentication succeeded: Authentication succeeded, welcome!
Tue Jul 18 08:50:58 2006 : Disabling 40-bit MPPE; MS-CHAP LM not supported
Tue Jul 18 08:50:58 2006 : sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Tue Jul 18 08:50:58 2006 : rcvd [IPCP ConfReq id=0x1 <addr 172.16.0.11> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
Tue Jul 18 08:50:58 2006 : sent [IPCP TermAck id=0x1]
Tue Jul 18 08:50:58 2006 : rcvd [CCP ConfReq id=0x1 <mppe +H +M +S +L -D -C>]
Tue Jul 18 08:50:58 2006 : sent [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
Tue Jul 18 08:50:58 2006 : rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Tue Jul 18 08:50:58 2006 : rcvd [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
Tue Jul 18 08:50:58 2006 : sent [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
Tue Jul 18 08:50:58 2006 : MPPE 128-bit stateless compression enabled
Tue Jul 18 08:50:58 2006 : sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Tue Jul 18 08:50:58 2006 : sent [IPV6CP ConfReq id=0x1 <addr fe80::020a:95ff:fea5:564c>]
Tue Jul 18 08:50:58 2006 : sent [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Jul 18 08:50:58 2006 : rcvd [LCP ProtRej id=0x1 80 57 01 01 00 0e 01 0a 02 0a 95 ff fe a5 56 4c]
Tue Jul 18 08:50:58 2006 : rcvd [LCP ProtRej id=0x2 82 35 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01]
Tue Jul 18 08:50:58 2006 : rcvd [IPCP ConfRej id=0x1 <ms-dns3 0.0.0.0>]
Tue Jul 18 08:50:58 2006 : sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0>]
Tue Jul 18 08:50:58 2006 : rcvd [IPCP ConfNak id=0x2 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
Tue Jul 18 08:50:58 2006 : sent [IPCP ConfReq id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
Tue Jul 18 08:50:58 2006 : rcvd [IPCP ConfAck id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
Tue Jul 18 08:51:01 2006 : sent [IPCP ConfReq id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
Tue Jul 18 08:51:01 2006 : rcvd [IPCP ConfAck id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
Tue Jul 18 08:51:04 2006 : sent [IPCP ConfReq id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
Tue Jul 18 08:51:04 2006 : rcvd [IPCP ConfAck id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
Tue Jul 18 08:51:07 2006 : sent [IPCP ConfReq id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
Tue Jul 18 08:51:07 2006 : rcvd [IPCP ConfAck id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
Tue Jul 18 08:51:08 2006 : rcvd [IPCP ConfReq id=0x1 <addr 172.16.0.11> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
Tue Jul 18 08:51:08 2006 : ipcp: returning Configure-REJ
Tue Jul 18 08:51:08 2006 : sent [IPCP ConfRej id=0x1 <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
Tue Jul 18 08:51:08 2006 : rcvd [IPCP ConfReq id=0x2 <addr 172.16.0.11>]
Tue Jul 18 08:51:08 2006 : ipcp: returning Configure-ACK
Tue Jul 18 08:51:08 2006 : sent [IPCP ConfAck id=0x2 <addr 172.16.0.11>]
Tue Jul 18 08:51:08 2006 : ipcp: up
Tue Jul 18 08:51:08 2006 : local IP address 172.16.0.69
Tue Jul 18 08:51:08 2006 : remote IP address 172.16.0.11
Tue Jul 18 08:51:08 2006 : primary DNS address 172.16.0.11
The problem is that despite this apparently successful negotiation, the VPN connection doesn't really work. If I type "intranet" into the browser URL bar, it doesn't pick it up as "intranet.companyname.local" and instead treats this as a search query, which it passes to google... which times out. If I type "intranet.companyname.local" into the URL bar instead, it appears to do the DNS lookup correctly... but then times out again.
Ping times look like this at first:
PING (InternalServer).(companyname).local (172.16.0.5): 56 data bytes
64 bytes from 172.16.0.5: icmp_seq=0 ttl=128 time=16.605 ms
64 bytes from 172.16.0.5: icmp_seq=1 ttl=128 time=15.920 ms
64 bytes from 172.16.0.5: icmp_seq=2 ttl=128 time=16.154 ms
^C
--- (InternalServer).(companyname).local ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 15.920/16.226/16.605/0.284 ms
... but then if I try it again two seconds later:
PING (InternalServer).(companyname).local (172.16.0.5): 56 data bytes
64 bytes from 172.16.0.5: icmp_seq=0 ttl=128 time=727.144 ms
64 bytes from 172.16.0.5: icmp_seq=1 ttl=128 time=1727.030 ms
64 bytes from 172.16.0.5: icmp_seq=2 ttl=128 time=2727.260 ms
64 bytes from 172.16.0.5: icmp_seq=3 ttl=128 time=3726.747 ms
64 bytes from 172.16.0.5: icmp_seq=4 ttl=128 time=5723.986 ms
64 bytes from 172.16.0.5: icmp_seq=5 ttl=128 time=5719.810 ms
64 bytes from 172.16.0.5: icmp_seq=6 ttl=128 time=6720.334 ms
64 bytes from 172.16.0.5: icmp_seq=7 ttl=128 time=6719.848 ms
^C
--- (InternalServer).(companyname).local ping statistics ---
15 packets transmitted, 8 packets received, 46% packet loss
round-trip min/avg/max/stddev = 727.144/4224.020/6720.334/2176.543 ms
OK, enough for now. Can anyone spot what I might be doing wrong, and/or suggest something to try to remedy this? If there is any additional logging/debug info that would be useful, please ask and I will track it down.
Thanks very much in advance!!! /HJProblem not entirely solved, but mostly working now. It turns out the issue was with the 3Com OfficeConnect VPN box. It was causing all sorts of headaches and had to be manually power cycled at least once a week, so we ditched it and got a Linux-based Firewall/VPN appliance (http://www.ingate.com/ingate_vpn.php).
Now I can connect and mount Windows drives via SMB (both the command line and the Finder's "Connect to Server" approach seem to work). Performance still exhibits annoying lags at random times, and occasionally the VPN connection disconnects for no good reason, but at least I can get at my files from home. The other issues -- such as being able to resolve "xxx.yyy.local" addresses in the browser by making sure I hit the internal DNS server before any external ones -- all seem to be network configuration issues on my end.
In short, my guess is that the 3Com box was causing issues with some low-level timing parameters or other related settings in how the VPN connection was being established. I was just starting to teach myself about ARP tables, NTLMv2 authentication, and the like when we replaced it with the new firewall.
Hope this helps.
/Heywood -
All mail accounts offline when disconnecting from HMA pro
Im using Airport Extremes WLAN for internet access.
Every time I disconnect from HMA! VPN Pro , secure internet encryption application, all my mac mail accounts go offline. All available SMTP servers including gmail smtp server which according HMA Helpline is whitelisted , are all off-line. No way to bring them back alive again.Cant send or receive any email. Quitting HMA and reloading mail doesn't work. It drives me nuts. Support from HMA is poor. They say to use gmail smtp servers instead any others because they are "whitelisted". but even gmail is steadily offline. Tried to change ports as suggested in their troubleshooting section- without success.
Only thing that does the trick is to switch to my iPhone's personal hotspot. But switching back to WLAN again sets all accounts offline again.
Another workaround is to restart the complete system 10.8.5 and not log on to HMA which is quiet a nuisance. AS soon as I log in I can't send email again through mac mail program (which according HMA's support section "is normal"-). Logging on to HMA must doe some nasty thing to the WLAN settings in the background which I can't figure out. So far I have not received any solution to this nuisance from HMA.
Anybody out there having similar problems and possible solutions?
Help is very much appreciated!!Here's what i did, I had the same problem. Go to the finder/go/computer/yourname/library/preferences. move the file com.apple.mail.plist to the trash bin. But before you do this copy all the info on your account for your isp. Such as user name,password , incomming server, and outgoing server info. This worked for me. Good luck
John
Maybe you are looking for
-
ICal Bug: "Show in Mail" link is broken
When creating a new calendar item from within mail (Yosemite 10.10.1 (14B25)) (Mail Version 8.1 (1993)) the "Show in Maill..." link opens the incorrect email. In fact, every "Show in Mail..." link from every calendar event points to the exact same em
-
Error while reading PO in backend system Inform system adiministrator
Hi All, I am working on extended classic scenario and the problem is that after the PO ís ordered it gives the message " Error while reading PO in backend system Inform system administrator" and this is happening only for a particular local PO. When
-
How can I set font size of a column of Multicolumn Listbox at one time in edit mode?
HI, I want to creat a Multicolumn Listbox with different font size in diffrent columns. But I can only modify all cells or one cell font size at one time! How can I do? THANKS!
-
I cannot download purchased music on iPad 2. Error It is not a storage issue
-
when I am check out with version control (SVN) loosing the bindings of the page (views, entities bind with datacontrols). we are using jdevloper 11.1.1.0.1 and SVN. kindly give a solution