Disconnect wi fi at vpn authorization

Hi everyone.
I have next problem:
If I connect to vpn server via wifi then authorization does not work
If I connect to vpn server via patch cord then the connection is established.
What could be the problem?
Please help me(
connection diagram:

I'm not VPN expert but lets check some things.
does the Wi-Fi provide the same LAN segment/IP Range as the cable?
is Wi-Fi working without VPN?
Is there any rule on the Server that prevents maybe Wi-Fi clients or the IP range used by Wi-Fi.
Any Client Policy that prevents that?
Br,
Sebastian
pls. rate if helpful

Similar Messages

  • Gmail in Mail app disconnects once connected to VPN in LION

    hi ,
        i am new to MAC . i have configured mac mail for all my email ids . I have configured my company email along with my personal email . I have to connect tthrough vpn to access my cpmpany emails  . i am using built in cisco vpn in LION to connect . But once i connect to vpn all my remaing emails get disconnected in mail app . there will be no updation in any of my personal emails(gmail). But i am able to acces my personal email when i login through browser.
          if my company is not allowing to access gmail when connected to vpn then it shouldn't  be accessable through browser . i am able to access my mails through browsers. Even gmail in ichat disconnects once i connect to VPN  i could see yahoo connected some times in ichat but never for gmail .
        Once i disconnect from vpn all mails will be back to orginal state and my company mail shows disconnected . which is acceptable as i am not connected to vpn to access it .
         Is it problem with mail app or vpn ?
    thanks
    som

    When you delete a POP account in Mail it deletes the messages in the Inbox. These should download again as All Mail. BTW, when you select Archive it will move messages out of the Inbox to the All Mail folder.
    I suggest you start with a new Mail profile. This will not include any previous emails and accounts. We can discuss importing those later.
    Quit Mail
    Go to the User's Library folder. This folder is hidden by default. To unhide: Select the Finder in the Dock. Under Go in the Menu bar > hold down the Option key and you’ll see the Library.
    Scroll to Containers.  Drag the com.apple.mail folder to the Desktop
    Rename Mail folder to MailXX (you can revert if needed)
    Go to Preferences. If you find any com.apple.mail.plist files, delete these.
    Log out under the Apple in the Menu bar
    Log in
    Open Mail
    Before you add your Gmail account, I suggest you do a bit of clean up in your browser first.
    See suggestions here.
    Use Gmail with Mavericks Mail
    http://www.needhelp4mac.com/2013/12/use-gmail-with-mavericks-mail/
    It will take some time to download 19 GB. Note: some users have selected not to sync the All Mail folder. You might want to disable sync at first until you get your folders and new Inbox downloaded. After adding All Mail, I would let it sync overnight.
    (Fair disclosure: Needhelp4Mac is my site. I may receive some form of compensation, financial or otherwise, from my recommendation or link.)

  • Acs vpn authorization

    I'm trying to authorize users on a vpn against MS active directory through an ACS. I can get RADIUS authentication to work, but I need to be able to limit access based on user, and so far all I'm getting is just authentication. Is there a way to map a vpn 3000 group to an ACS group?

    The Cisco VPN 3000 Concentrator has the ability to lock users into a Concentrator group which overrides the group the user has configured in the Cisco VPN 3000 Client. In this way, access restrictions can be applied to various groups configured on the VPN Concentrator with the assurance that the users are locked into that group with the RADIUS server.
    For configuration section refer to the following link:
    http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800946a2.shtml

  • Outlook is disconnected while connected over VPN

    In our Beijing office a user's Outlook cannot connect to exchange server, however, when he connect to VPN his Outlook can normally send or receive email.
    It is so funny, have you ever encountered a similar situation or maybe you can provide a useful suggestion?

    Hi Frank,
    Which version of Exchange server are you using?
    Does this issue only happen to the certain user?
    Do you have Outlook Anywhere enabled?
    Did you get any error message when it failed to connect?
    Please provide more information about this issue so that we can fix it more efficiently.
    Meanwhile, you may follow this link to troubleshoot the issue:
    http://hosting.intermedia.net/support/kb/?id=1183
    Please Note: Since the web site is not hosted by
    Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
    Since this issue is also related to Exchange server, I'd recommend you post a same question in the Exchange forum to see if there is any good suggestions:
    https://social.technet.microsoft.com/Forums/office/en-US/home?category=exchangeserver
    Regards,
    Steve Fan
    TechNet Community Support
    It's recommended to download and install
    Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
    programs.

  • Network Location Awareness disconnecting Wi-Fi when VPN connected

    Hi All,
    We have VPN software which creates a virtual NIC. When it connects using the Wi-Fi bearer interface we often see that the Wi-Fi connection drops after exactly 60 seconds from the VPN establishing an IP address. We only get this problem when the VPN is used
    on Windows 8. Windows 7 never has this issue. We have looked at NCSI, allowing packets through the Wi-Fi interface, and network profiles nut no success.
    We found that when the "Network Location Awareness" service is disabled (which also stops the dependent services Network List, HomeGroup and Network Connected Devices Auto-Setup) then the Wi-Fi connection is reliable. This leads us to think that
    NLA takes control of the Wireless interface to drop the connection. We cannot find any information on NLA changes in Windows 8, as we don't get the issue on Windows 7.
    Any insight appreciated.
    Alan

    Hi,
    Have you tried to establish a VPN connection with windows integrated VPN client? If it works, it means that the software VPN client affects the WIFI connection.
    If it still doesn’t work, you may check this,
    Try to connect to other Aps.
    Install latest WIFI NIC driver.
    It could be the security software issue. Try clean boot for a test.
    Besides, is there any error or warning related to WIFI or VPN in the event viewer? It is helpful for further troubleshooting.
    Hope this helps.
    Steven Lee
    TechNet Community Support

  • Android phone constantly disconnects and reconnects to vpn

    When using verizon 4G the android anyconnect constantly disconnects and reconnects. When it is connected for about 10 seconds it is working normally. This does not happen on the phone when the user is connected to wifi. It is only on 4G. 
    5|Oct 30 2014|10:42:45|722028|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> Stale SVC connection closed.
    5|Oct 30 2014|10:42:45|722028|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> Stale SVC connection closed.
    6|Oct 30 2014|10:42:45|725007|70.199.141.46|11874|||SSL session with client outside:70.199.141.46/11874 terminated.
    6|Oct 30 2014|10:42:45|725007|70.199.141.46|11874|||SSL session with client outside:70.199.141.46/11874 terminated.
    5|Oct 30 2014|10:42:44|722028|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> Stale SVC connection closed.
    5|Oct 30 2014|10:42:44|722028|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> Stale SVC connection closed.
    6|Oct 30 2014|10:42:44|725007|70.199.141.46|11872|||SSL session with client outside:70.199.141.46/11872 terminated.
    6|Oct 30 2014|10:42:44|725007|70.199.141.46|11872|||SSL session with client outside:70.199.141.46/11872 terminated.
    6|Oct 30 2014|10:42:22|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> UDP SVC connection established without compression
    6|Oct 30 2014|10:42:22|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> UDP SVC connection established without compression
    5|Oct 30 2014|10:42:22|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New UDP SVC connection replacing old connection.
    5|Oct 30 2014|10:42:22|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New UDP SVC connection replacing old connection.
    6|Oct 30 2014|10:42:22|725002|70.199.141.46|11874|||Device completed SSL handshake with client outside:70.199.141.46/11874
    6|Oct 30 2014|10:42:22|725002|70.199.141.46|11874|||Device completed SSL handshake with client outside:70.199.141.46/11874
    6|Oct 30 2014|10:42:21|725003|70.199.141.46|11874|||SSL client outside:70.199.141.46/11874 request to resume previous session.
    6|Oct 30 2014|10:42:21|725003|70.199.141.46|11874|||SSL client outside:70.199.141.46/11874 request to resume previous session.
    6|Oct 30 2014|10:42:21|725001|70.199.141.46|11874|||Starting SSL handshake with client outside:70.199.141.46/11874 for DTLS session.
    6|Oct 30 2014|10:42:21|725001|70.199.141.46|11874|||Starting SSL handshake with client outside:70.199.141.46/11874 for DTLS session.
    6|Oct 30 2014|10:42:21|725001|70.199.141.46|11874|||Starting SSL handshake with client outside:70.199.141.46/11874 for DTLS session.
    6|Oct 30 2014|10:42:21|725001|70.199.141.46|11874|||Starting SSL handshake with client outside:70.199.141.46/11874 for DTLS session.
    4|Oct 30 2014|10:42:21|722051|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> IPv4 Address <192.168.75.101> IPv6 address <::> assigned to session
    4|Oct 30 2014|10:42:21|722051|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> IPv4 Address <192.168.75.101> IPv6 address <::> assigned to session
    6|Oct 30 2014|10:42:21|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> TCP SVC connection established without compression
    6|Oct 30 2014|10:42:21|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> TCP SVC connection established without compression
    5|Oct 30 2014|10:42:21|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New TCP SVC connection replacing old connection.
    5|Oct 30 2014|10:42:21|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New TCP SVC connection replacing old connection.
    6|Oct 30 2014|10:42:21|725002|70.199.141.46|11872|||Device completed SSL handshake with client outside:70.199.141.46/11872
    6|Oct 30 2014|10:42:21|725002|70.199.141.46|11872|||Device completed SSL handshake with client outside:70.199.141.46/11872
    6|Oct 30 2014|10:42:20|725001|70.199.141.46|11872|||Starting SSL handshake with client outside:70.199.141.46/11872 for TLS session.
    6|Oct 30 2014|10:42:20|725001|70.199.141.46|11872|||Starting SSL handshake with client outside:70.199.141.46/11872 for TLS session.
    5|Oct 30 2014|10:41:48|722028|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> Stale SVC connection closed.
    6|Oct 30 2014|10:41:48|725007|70.199.141.46|8787|||SSL session with client outside:70.199.141.46/8787 terminated.
    5|Oct 30 2014|10:41:48|722028|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> Stale SVC connection closed.
    6|Oct 30 2014|10:41:48|725007|70.199.141.46|8799|||SSL session with client outside:70.199.141.46/8799 terminated.
    6|Oct 30 2014|10:41:21|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> UDP SVC connection established without compression
    5|Oct 30 2014|10:41:21|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New UDP SVC connection replacing old connection.
    6|Oct 30 2014|10:41:21|725002|70.199.141.46|8787|||Device completed SSL handshake with client outside:70.199.141.46/8787
    6|Oct 30 2014|10:41:21|725003|70.199.141.46|8787|||SSL client outside:70.199.141.46/8787 request to resume previous session.
    6|Oct 30 2014|10:41:21|725001|70.199.141.46|8787|||Starting SSL handshake with client outside:70.199.141.46/8787 for DTLS session.
    6|Oct 30 2014|10:41:21|725001|70.199.141.46|8787|||Starting SSL handshake with client outside:70.199.141.46/8787 for DTLS session.
    4|Oct 30 2014|10:41:20|722051|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> IPv4 Address <192.168.75.101> IPv6 address <::> assigned to session
    6|Oct 30 2014|10:41:20|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> TCP SVC connection established without compression
    5|Oct 30 2014|10:41:20|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New TCP SVC connection replacing old connection.
    6|Oct 30 2014|10:41:20|725002|70.199.141.46|8799|||Device completed SSL handshake with client outside:70.199.141.46/8799
    6|Oct 30 2014|10:41:19|725001|70.199.141.46|8799|||Starting SSL handshake with client outside:70.199.141.46/8799 for TLS session.
    6|Oct 30 2014|10:31:19|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> UDP SVC connection established without compression
    5|Oct 30 2014|10:31:19|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New UDP SVC connection replacing old connection.
    6|Oct 30 2014|10:31:19|725002|70.199.141.46|8529|||Device completed SSL handshake with client outside:70.199.141.46/8529
    6|Oct 30 2014|10:31:19|725003|70.199.141.46|8529|||SSL client outside:70.199.141.46/8529 request to resume previous session.
    6|Oct 30 2014|10:31:19|725001|70.199.141.46|8529|||Starting SSL handshake with client outside:70.199.141.46/8529 for DTLS session.
    6|Oct 30 2014|10:31:19|725001|70.199.141.46|8529|||Starting SSL handshake with client outside:70.199.141.46/8529 for DTLS session.
    4|Oct 30 2014|10:31:18|722051|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> IPv4 Address <192.168.75.101> IPv6 address <::> assigned to session
    6|Oct 30 2014|10:31:18|722022|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> TCP SVC connection established without compression
    5|Oct 30 2014|10:31:18|722032|||||Group <GroupPolicy_ANY_SPLIT> User <user> IP <70.199.141.46> New TCP SVC connection replacing old connection.
    6|Oct 30 2014|10:31:18|725002|70.199.141.46|8540|||Device completed SSL handshake with client outside:70.199.141.46/8540
    6|Oct 30 2014|10:31:18|725001|70.199.141.46|8540|||Starting SSL handshake with client outside:70.199.141.46/8540 for TLS session.

    I experienced the same problem with my Lumia 800 and the MyWay audio/navi/BT telephone system in my previous and current Citroën C5 (both latest model (PhIII)): http://discussions.nokia.com/t5/Nokia-with-Windows-Phone/Bluetooth-and-3G/td-p/1288591 .
    I first thought it had something to do with switching from G to 3G and back. But in the end I discovered that BT on the Lumia 800 just disabled itself, while connected to my cars BT system. I have started the procedure to send my Lumia tot Nokia Care. Keep You informed.

  • T500 Windows 7 blue screen on VPN disconnect

    Brand new T500 came with Win7 preinstalled. Machine is connected to a Windows domain at work, and I VPN into various clients' networks. Often (not always) when I disconnect the standard Microsoft VPN, the screen goes black, and I see the disk active for less than one minute, and then the system is hung - no response to mouse, ctl-alt-del, etc.. I power down by holding down the power button, then power up. Windows reports recovering from a bluescreen. I have already used ThinkVantage System Update to load the latest drivers for everything.
    Any ideas?

    The same problem to me T500 Win7 64 bits 4GB RAM. 2 or 3 time weekly the laptop is accidently stop working with black screen, strange noise and for a while hard drive activity. If somebody knows the solution of this problem will be very good I updated the BIOS and every kind of driver updates but no changes. There still persist the problem.

  • Azure VPN and Disconnects

    Hi,
    I have several L2L VPN's to the Microsoft Azure cloud and I am see these randon disconnects once very hours or so, an dfrom the logs it looks like a what is a delete message that is sent from the other side. we dont have any timouts on our side, has anyone seen this type of issue, we have other L2L to other places and no issue there.
    Thanks

    We are experiencing the exact same issue you are describing.    If we keep an RDP session open, about every 57 minutes it disconnects briefly, then the VPN comes back online.   
    In the case we have open with Microsoft, they said to look at whats called Quick mode security association lifetime.    For Azure, its hard coded at an hour.      3600 seconds is what it needs to be on the Cisco side.   Apparently if it is set to more than this, Azure will disconnect.
    Here are our settings, however, which seem to indicate we have things set up as they suggest.
    crypto map External_map4 13 match address External_cryptomap_12
    crypto map External_map4 13 set peer [ip address removed for security of this post]
    crypto map External_map4 13 set ikev1 transform-set ESP-AES-256-SHA
    crypto map External_map4 13 set security-association lifetime seconds 3600
    crypto ikev1 policy 3
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 28800
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

  • ASA and ACS 5 multiple VPN profiles for one user

    Hi there
    I have a question about ACS 5.3 and ASA VPN profile authorization. I am not sure if it is possible to allow one single user for a set of VPN profiles on ASA, let's make an example:
    ACS 5.3 group hierarchy:
    - VPN users global
    -- VPN users A
    -- VPN users B
    ASA VPN profiles:
    - VPN profile A
    - VPN profile B
    - VPN profile Z
    VPN authorizations:
    1. VPN users global should have access to VPN profiles A, B and Z (here we create an authorization profile with no class an no lock attributes, so the group is allowed for all VPN profiles)
    2. VPN users A should have access to VPN profile A (here we create a authorization profile with class and lock attributes for profile A)
    3. VPN users B should have access to VPN profiles B and Z (is this possible and how does the authorization profile have to look like?)
    Thanks a lot in advance and best regards
    Dominic

    Hi Dominic,
    first of all, let's clarify that on the ASA you have tunnel-groups (named connection profiles in ASDM) and group-policies. These often, but not always, have a one-to-one mapping.
    The Tunnel-Group (TG) is either selected by the user (either from a drop down list or by entering a specifiv group-url), or automatically selected by a certificate map (i.e. based on a certain field in the user cert, the user is mapped to one TG or another). The TG mainly specifies what kind of authentication is used.
    The Group-Policy (GP) by default is the one specified in the TG, but it can be overridden by e.g. Radius.
    So from the ASA's standpoint itself your posibilities are rather limited: the ASA will just apply whatever group-policy you push from Radius (in IETF attribute 25 aka "Class"), and in addition it will deny access to a user if the TG he selected does not match the value of the group-lock attribute. Group-lock can only contain one TG name, so you cannot do something like "allow both B and Z".
    In other words you can not achieve your goal if the Radius server has a "static" set of attributes per user.
    However, as of ASA 8.4.3 the ASA now sends 2 vendor-specific attributes in the Access-Request:
    vendor ID = 3076, attribute 146 is "Tunnel Group Name" (string).
    vendor ID = 3076, attribute 150 is "Client Type" (integer)
    0 = No Client specified  1 = Cisco VPN Client (IKEv1)  2 = AnyConnect Client SSL VPN  3 = Clientless SSL VPN  4 = Cut-Through-Proxy  5 = L2TP/IPsec SSL VPN  6 = AnyConnect Client IPsec VPN (IKEv2)
    So if you can configure the Radius server to "dynamically" permit/deny access based on the TG attribute I suppose you could achieve what you want.
    If/how ACS can do this, I personally don't know; I suggest you ask in the AAA forum if you need help with that part.
    hth
    Herbert

  • VPN closes automatically

    When I set up my iPhone with our local VPN network it works without problem. However, once the the iPhone locks itself it takes about 1,5 minutes until it also closes down the VPN connection.
    From what I can tell, this seems to be a power setting as this only happens when the iPhone is not plugged into my machine.
    Does anyone know how tor prevent this.

    Check VPN disconnection settings on your VPN router. In our case our ASA 5520 had a default setting of disconnecting VPN wireless client each 30 minutes. After removing that it improved. Now it drops only when Rogers service is dropping. Still looking into those settings.

  • VPN issues after updating to Cisco AnyConnect 3.1.04072?

    Even after downloading the most recent version of Cisco Client 3.1.04072 (see below) I'm still getting a periodic disconnect and reconnect from my VPN client.  Issue only seems to occur when I'm connecting from outside my company's wi-fi network.  Happens on both my personal and on public wi-fi.  Is anyone else experiencing a similar issue?
    Changes in AnyConnect 3.1.04072 (and 3.1.04074)
    The Mac OS X versions of AnyConnect were updated to 3.1.04074 to resolve the problem of frequent disconnects of the AnyConnect VPN on systems running Mac OS X 10.9 (Mavericks). Apple is aware of this issue and you can reference Apple Bug Report ID 15261749 if you want to open your own case with them. AnyConnect 3.1.0474 also supports Mac OS X 10.8, 10.7 and 10.6.
    Once Apple provides a fix for OS X 10.9, we may choose to retract this workaround. At that time, both versions 3.1.04074 and 3.1.04072 of AnyConnect will work reliably with Mac OS X 10.9.
    Defect CSCui69769 was fixed by version 3.1.0704.
    AnyConnect 3.1.04072 is a maintenance release that resolves the defects described in Caveats Resolved by AnyConnect 3.1.04072 and is compatible with Host Scan Engine Update, 3.1.04075.

    Pete is right, I apparently don't know how to read version numbers!  I downloaded the 3.1.05152 version of Cisco AnyConnect, and I no longer experience the reconnect issue on Mavericks.  Yea!
    In my defense, there is no such version 3.1.04074 listed on the download page:
    http://software.cisco.com/portal/pub/download/portal/select.html?&mdfid=28300018 5&flowid=17001&softwareid=282364313
    So I mistakenly downloaded 3.1.04072 in a moment of dyslexia.  I suspect I'm not the first person to come along and do this!
    PS:  You need a service contract with Cisco to download this file.  If you don't have one, and/or your IT administrator isn't able to provide you with one, you might try doing a google search for the actual filename:  anyconnect-macosx-i386-3.1.05152-k9.dmg.  If you go this route, at least compare the md5 checksum with the one listed on Cisco's website (it shows up if you hover your cursor over the file) to ensure you're not running a hacked VPN client.  For example, running "md5 anyconnect-macosx-i386-3.1.05152-k9.dmg" should produce a884f2092d08f006b2dc3a5054988f1c.  If it does not, it's not the same binary as on Cisco's downloads page so you probably don't want to run it.

  • WLC 5508 7.0.98.0 has vpn client connection issues

    Hi
    my guest ssid is set to L2 security none and L3 Web policy and authentication local. clients that need to connect to some vpn server (internet) are reporting disconnection issues with the vpn session but not the wireless network. as soon as they get connected via another wireless internet connection the vpn connection gets stable. that makes me thing is in deed the my wireless network the one causing issues.  is there a know issues with the web authentication WLAN and vpn clients?  no firewall in the middle.
    Exclusionlist.................................... Disabled
    Session Timeout.................................. Infinity
    CHD per WLAN..................................... Enabled
    Webauth DHCP exclusion........................... Disabled
    Interface........................................ xxxxxxxxxxxxxxxx
    WLAN ACL......................................... unconfigured
    DHCP Server...................................... Default
    DHCP Address Assignment Required................. Disabled
    --More or (q)uit current module or <ctrl-z> to abort
    Quality of Service............................... Bronze (background)
    Scan Defer Priority.............................. 4,5,6
    Scan Defer Time.................................. 100 milliseconds
    WMM.............................................. Allowed
    Media Stream Multicast-direct.................... Disabled
    CCX - AironetIe Support.......................... Enabled
    CCX - Gratuitous ProbeResponse (GPR)............. Disabled
    CCX - Diagnostics Channel Capability............. Disabled
    Dot11-Phone Mode (7920).......................... Disabled
    Wired Protocol................................... None
    IPv6 Support..................................... Disabled
    Passive Client Feature........................... Disabled
    Peer-to-Peer Blocking Action..................... Disabled
    Radio Policy..................................... All
    DTIM period for 802.11a radio.................... 1
    DTIM period for 802.11b radio.................... 1
    Radius Servers
       Authentication................................ Disabled
       Accounting.................................... Disabled
       Dynamic Interface............................. Disabled
    Local EAP Authentication......................... Disabled
    Security
       802.11 Authentication:........................ Open System
       Static WEP Keys............................... Disabled
       802.1X........................................ Disabled
       Wi-Fi Protected Access (WPA/WPA2)............. Disabled
       CKIP ......................................... Disabled
       Web Based Authentication...................... Enabled
            ACL............................................. Unconfigured
            Web Authentication server precedence:
            1............................................... local
       Web-Passthrough............................... Disabled
       Conditional Web Redirect...................... Disabled
       Splash-Page Web Redirect...................... Disabled
       Auto Anchor................................... Disabled
       H-REAP Local Switching........................ Disabled
       H-REAP Learn IP Address....................... Enabled
       Client MFP.................................... Optional but inactive (WPA2 not configured)
       Tkip MIC Countermeasure Hold-down Timer....... 60
    Call Snooping.................................... Disabled
    Roamed Call Re-Anchor Policy..................... Disabled
    Band Select...................................... Disabled
    Load Balancing................................... Disabled

    Thanks Scott,
    We have two controllers and all the APs (50) are associated with the primary Controller,what is the best path to follow for the upgrade.
    we don't have Field recoversy image installed on our controller, do we have to do the FSU upgrade?
    (Cisco Controller) >show sysinfo
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.0.98.0
    Bootloader Version............................... 1.0.1
    Field Recovery Image Version..................... N/A
    Firmware Version................................. FPGA 1.3, Env 1.6, USB console                                                        1.27
    Build Type....................................... DATA + WPS
    System Name...................................... Airespace_01
    System Location..................................
    System Contact...................................
    System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
    IP Address....................................... 10.0.0.201
    Last Reset....................................... Power on reset
    System Up Time................................... 9 days 2 hrs 57 mins 21 secs
    System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
    Current Boot License Level....................... base
    Current Boot License Type........................ Permanent
    Next Boot License Level.......................... base
    Next Boot License Type........................... Permanent
    Configured Country............................... Multiple Countries:US,CN,DE,TW,HK
    Is the below Upgrade Path make sense ?
    1. Upgrade the Primary controller and reboot- wait till all APs associate with primary controller and download the new image
    2. Upgrade the secondary controller and reboot
    3. Failover the APs to secondary controller and test
    Siddhartha

  • RRAS - VPN Server and Client have same subnet

    Hello,
    We have a VPN server setup in RRAS on our 2008 R2 server. The VPN works fine. Clients can connect and get to resources on our server fine. 
    The issue is that one client has a subnet of 192.168.1.0/24 and the subnet our server uses is also 192.168.1.0/24.
    When the client connects, he can get to resources on our server. However, he needs to be able to get to an IP address of 192.168.1.4 using Remote Desktop that is on his local network. He also needs to get on IP 192.168.1.3 via Remote Desktop on the remote
    network. 
    Is there a way we can accomplish this without changing subnets? 

    For anyone else who needs an answer to this, this is the batch file I created using these links:
    http://pastebin.com/HV2GmDAk
    http://superuser.com/questions/788924/is-it-possible-to-automatically-run-a-batch-file-as-administrator
    Here is the content of it:
    REM --add the following to the top of your bat file--
    @echo off
    :: BatchGotAdmin
    REM  --> Check for permissions
    >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
    REM --> If error flag set, we do not have admin.
    if '%errorlevel%' NEQ '0' (
        echo Requesting administrative privileges...
        goto UACPrompt
    ) else ( goto gotAdmin )
    :UACPrompt
        echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
        set params = %*:"=""
        echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"
        "%temp%\getadmin.vbs"
        del "%temp%\getadmin.vbs"
        exit /B
    :gotAdmin
        pushd "%CD%"
        CD /D "%~dp0"
    rem You need to replace:
    rem <VPN> with the Name of the VPN connection you created
    rem <USER> with the vpn user
    rem <PASS> with the vpn pass
    rem @echo off
    @echo make sure to be disconnected!
    rasdial "Your VPN" /d
    @echo start to connect to vpn
    rasdial "Your VPN" username password
    netsh interface ip show config name="Your VPN" | findstr "IP" > ip.dat
    set /p ip= < ip.dat
    del ip.dat
    set ip=%ip:~-13%
    @echo VPN IP is %ip%
    @echo Delete 192.168.1.0 route
    route delete 192.168.1.0
    set target=192.168.1.3
    @echo Add route for %target%
    route add %target% mask 255.255.255.255 %ip%
    timeout /T 3 > nul

  • Tiger VPN (PPTP) connection issues

    Hello everyone.
    I'm having major issues trying to connect to office VPN from home; hoping someone can point me in the right direction. (And my profound apologies in advance for the long post -- just trying make sure to include enough detail to debug whatever might be happening)
    At the office we have a 3Com OfficeConnect VPN Firewall sitting in front of a Microsoft 2003 Exchange server. (3Com product page for this VPN box is http://www.3com.com/products/en_US/detail.jsp?tab=features&sku=3CR870-95&pathtyp e=purchase). Home connection is a Linksys WRT54GL wireless router in front of a broadband cable modem. PPTP pass-through is enabled in the router config.
    At home I have a WinXP-SP2 laptop and my G4 Powerbook (OS 10.4.7) sitting side-by-side. From the XP laptop, I can get into the VPN using XP's built-in client without any problems. The DNS lookup and authentication steps take about 2-3 seconds combined. Once the connection is established, both external sites (cnn.com) and internal sites (intranet.companyname.local) load in a browser window without any appreciable delay. I can also access Windows shared drives on the internal network without problems, including large (10's of MB or more) file copies to/from the XP laptop's HD.
    On the Powerbook, using Tiger's built-in VPN client, I can connect OK (though the authentication step takes a bit longer, about 4-5 seconds), but after that, almost nothing works. I can ping the internal DNS server, but after a few pings with reasonable delays (~15 millisecond range), the round-trip times suddenly jump to handfuls of seconds. In the browser, trying to load an internal webpage (http://intranet.companyname.local) times out before anything shows up on screen. In Finder, using Go>Connect to Server... very slowly establishes the connection (~10-15 seconds or longer), and sometimes opens a Finder window... but then invariably times out. I have never once had the connection remain stable enough to transfer so much as a single file from the shared volume onto the Powerbook's Desktop before it times out and disconnects.
    On the XP machine, relevant(?) VPN config settings are:
    require secured password
    require data encryption (disconnect if none)
    PPTP VPN
    LCP extensions enabled
    software compression enabled
    multi-link negotiation for single link connections DISABLED
    server type = PPP
    transports = TCP/IP
    authentication = MS CHAP
    encryption = MPPE 128
    compression = none
    PPP multilink framing = off
    and, once the VPN connection is established, parameters are (from "ipcofig /all"):
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : (companyname)-hj2
    Primary Dns Suffix . . . . . . . : (companyname).local
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : (companyname).local
    Ethernet adapter Wireless Network Connection:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2915ABG Network Connection
    Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.1.104
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 192.168.1.1
    PPP adapter (ConnectionName):
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
    Dhcp Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 172.16.0.70
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . : 172.16.0.70
    DNS Servers . . . . . . . . . . . : 172.16.0.11
    finally, results of "ping -n 10 (InternalServer)":
    Pinging (InternalServer).(companyname).local [172.16.0.5] with 32 bytes of data:
    Reply from 172.16.0.5: bytes=32 time=4ms TTL=128
    Reply from 172.16.0.5: bytes=32 time=10ms TTL=128
    Reply from 172.16.0.5: bytes=32 time=10ms TTL=128
    Ping statistics for 172.16.0.5:
    Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 10ms, Average = 9ms
    On the Powerbook, I have a VPN (PPTP) connection set up with "Send all traffic over VPN connection" unchecked. In the Network panel of System Preferences, I have tried manually adding (and removing) "local, (companyname).local" in the Search Domains line, and manually adding (and removing) the IPs of our internal DNS servers (172.16.0.5, 172.16.0.11) under the TCP/IP tab. Proxies are turned off in all cases.
    With those settings, the relevant(?) parts of running "ifconfig" from a Terminal window after starting the VPN are as follows:
    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
    inet 127.0.0.1 netmask 0xff000000
    en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    inet6 fe80::XXX:XXXX:XXXX:XXXX%en1 prefixlen 64 scopeid 0x5
    inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
    ether XX:XX:XX:XX:XX:XX
    media: autoselect status: active
    supported media: autoselect
    fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
    lladdr XX:XX:XX:XX:XX:XX:XX:XX
    media: autoselect <full-duplex> status: inactive
    supported media: autoselect <full-duplex>
    ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1444
    inet 172.16.0.69 --> 172.16.0.11 netmask 0xffff0000
    The associated connection log from Internet Connect is:
    Tue Jul 18 08:50:57 2006 : PPTP connecting to server 'vpn.(companyname).com' (XXX.XXX.XXX.XXX)...
    Tue Jul 18 08:50:57 2006 : PPTP connection established.
    Tue Jul 18 08:50:58 2006 : using link 0
    Tue Jul 18 08:50:58 2006 : Using interface ppp0
    Tue Jul 18 08:50:58 2006 : Connect: ppp0 <--> socket[34:17]
    Tue Jul 18 08:50:58 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xb851f701> <pcomp> <accomp>]
    Tue Jul 18 08:50:58 2006 : rcvd [LCP ConfReq id=0x1 <mru 1492> <auth chap MS> <magic 0x80697000>]
    Tue Jul 18 08:50:58 2006 : lcp_reqci: returning CONFACK.
    Tue Jul 18 08:50:58 2006 : sent [LCP ConfAck id=0x1 <mru 1492> <auth chap MS> <magic 0x80697000>]
    Tue Jul 18 08:50:58 2006 : rcvd [LCP ConfRej id=0x1 <asyncmap 0x0> <pcomp> <accomp>]
    Tue Jul 18 08:50:58 2006 : sent [LCP ConfReq id=0x2 <magic 0xb851f701>]
    Tue Jul 18 08:50:58 2006 : rcvd [LCP ConfAck id=0x2 <magic 0xb851f701>]
    Tue Jul 18 08:50:58 2006 : sent [LCP EchoReq id=0x0 magic=0xb851f701]
    Tue Jul 18 08:50:58 2006 : rcvd [CHAP Challenge id=0x1 <4f0656add65818c2>, name = "Guest"]
    Tue Jul 18 08:50:58 2006 : sent [CHAP Response id=0x1 <0000000000000000000000000000000000000000000000004c86e5ccf08b95431034ef14706021 d358dc21b96a59157301>, name = "(UserName)"]
    Tue Jul 18 08:50:58 2006 : rcvd [LCP EchoRep id=0x0 magic=0x80697000]
    Tue Jul 18 08:50:58 2006 : rcvd [CHAP Success id=0x1 "Authentication succeeded, welcome!"]
    Tue Jul 18 08:50:58 2006 : CHAP authentication succeeded: Authentication succeeded, welcome!
    Tue Jul 18 08:50:58 2006 : Disabling 40-bit MPPE; MS-CHAP LM not supported
    Tue Jul 18 08:50:58 2006 : sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
    Tue Jul 18 08:50:58 2006 : rcvd [IPCP ConfReq id=0x1 <addr 172.16.0.11> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
    Tue Jul 18 08:50:58 2006 : sent [IPCP TermAck id=0x1]
    Tue Jul 18 08:50:58 2006 : rcvd [CCP ConfReq id=0x1 <mppe +H +M +S +L -D -C>]
    Tue Jul 18 08:50:58 2006 : sent [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
    Tue Jul 18 08:50:58 2006 : rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
    Tue Jul 18 08:50:58 2006 : rcvd [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
    Tue Jul 18 08:50:58 2006 : sent [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
    Tue Jul 18 08:50:58 2006 : MPPE 128-bit stateless compression enabled
    Tue Jul 18 08:50:58 2006 : sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
    Tue Jul 18 08:50:58 2006 : sent [IPV6CP ConfReq id=0x1 <addr fe80::020a:95ff:fea5:564c>]
    Tue Jul 18 08:50:58 2006 : sent [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
    Tue Jul 18 08:50:58 2006 : rcvd [LCP ProtRej id=0x1 80 57 01 01 00 0e 01 0a 02 0a 95 ff fe a5 56 4c]
    Tue Jul 18 08:50:58 2006 : rcvd [LCP ProtRej id=0x2 82 35 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01]
    Tue Jul 18 08:50:58 2006 : rcvd [IPCP ConfRej id=0x1 <ms-dns3 0.0.0.0>]
    Tue Jul 18 08:50:58 2006 : sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0>]
    Tue Jul 18 08:50:58 2006 : rcvd [IPCP ConfNak id=0x2 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:50:58 2006 : sent [IPCP ConfReq id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:50:58 2006 : rcvd [IPCP ConfAck id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:01 2006 : sent [IPCP ConfReq id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:01 2006 : rcvd [IPCP ConfAck id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:04 2006 : sent [IPCP ConfReq id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:04 2006 : rcvd [IPCP ConfAck id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:07 2006 : sent [IPCP ConfReq id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:07 2006 : rcvd [IPCP ConfAck id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:08 2006 : rcvd [IPCP ConfReq id=0x1 <addr 172.16.0.11> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
    Tue Jul 18 08:51:08 2006 : ipcp: returning Configure-REJ
    Tue Jul 18 08:51:08 2006 : sent [IPCP ConfRej id=0x1 <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
    Tue Jul 18 08:51:08 2006 : rcvd [IPCP ConfReq id=0x2 <addr 172.16.0.11>]
    Tue Jul 18 08:51:08 2006 : ipcp: returning Configure-ACK
    Tue Jul 18 08:51:08 2006 : sent [IPCP ConfAck id=0x2 <addr 172.16.0.11>]
    Tue Jul 18 08:51:08 2006 : ipcp: up
    Tue Jul 18 08:51:08 2006 : local IP address 172.16.0.69
    Tue Jul 18 08:51:08 2006 : remote IP address 172.16.0.11
    Tue Jul 18 08:51:08 2006 : primary DNS address 172.16.0.11
    The problem is that despite this apparently successful negotiation, the VPN connection doesn't really work. If I type "intranet" into the browser URL bar, it doesn't pick it up as "intranet.companyname.local" and instead treats this as a search query, which it passes to google... which times out. If I type "intranet.companyname.local" into the URL bar instead, it appears to do the DNS lookup correctly... but then times out again.
    Ping times look like this at first:
    PING (InternalServer).(companyname).local (172.16.0.5): 56 data bytes
    64 bytes from 172.16.0.5: icmp_seq=0 ttl=128 time=16.605 ms
    64 bytes from 172.16.0.5: icmp_seq=1 ttl=128 time=15.920 ms
    64 bytes from 172.16.0.5: icmp_seq=2 ttl=128 time=16.154 ms
    ^C
    --- (InternalServer).(companyname).local ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 15.920/16.226/16.605/0.284 ms
    ... but then if I try it again two seconds later:
    PING (InternalServer).(companyname).local (172.16.0.5): 56 data bytes
    64 bytes from 172.16.0.5: icmp_seq=0 ttl=128 time=727.144 ms
    64 bytes from 172.16.0.5: icmp_seq=1 ttl=128 time=1727.030 ms
    64 bytes from 172.16.0.5: icmp_seq=2 ttl=128 time=2727.260 ms
    64 bytes from 172.16.0.5: icmp_seq=3 ttl=128 time=3726.747 ms
    64 bytes from 172.16.0.5: icmp_seq=4 ttl=128 time=5723.986 ms
    64 bytes from 172.16.0.5: icmp_seq=5 ttl=128 time=5719.810 ms
    64 bytes from 172.16.0.5: icmp_seq=6 ttl=128 time=6720.334 ms
    64 bytes from 172.16.0.5: icmp_seq=7 ttl=128 time=6719.848 ms
    ^C
    --- (InternalServer).(companyname).local ping statistics ---
    15 packets transmitted, 8 packets received, 46% packet loss
    round-trip min/avg/max/stddev = 727.144/4224.020/6720.334/2176.543 ms
    OK, enough for now. Can anyone spot what I might be doing wrong, and/or suggest something to try to remedy this? If there is any additional logging/debug info that would be useful, please ask and I will track it down.
    Thanks very much in advance!!! /HJ

    Problem not entirely solved, but mostly working now. It turns out the issue was with the 3Com OfficeConnect VPN box. It was causing all sorts of headaches and had to be manually power cycled at least once a week, so we ditched it and got a Linux-based Firewall/VPN appliance (http://www.ingate.com/ingate_vpn.php).
    Now I can connect and mount Windows drives via SMB (both the command line and the Finder's "Connect to Server" approach seem to work). Performance still exhibits annoying lags at random times, and occasionally the VPN connection disconnects for no good reason, but at least I can get at my files from home. The other issues -- such as being able to resolve "xxx.yyy.local" addresses in the browser by making sure I hit the internal DNS server before any external ones -- all seem to be network configuration issues on my end.
    In short, my guess is that the 3Com box was causing issues with some low-level timing parameters or other related settings in how the VPN connection was being established. I was just starting to teach myself about ARP tables, NTLMv2 authentication, and the like when we replaced it with the new firewall.
    Hope this helps.
    /Heywood

  • All mail accounts offline when disconnecting from HMA pro

    Im using Airport Extremes WLAN  for internet access.
    Every time I disconnect from HMA! VPN Pro , secure internet encryption application, all my mac mail accounts go offline. All available SMTP servers including gmail smtp server which according HMA Helpline is whitelisted , are  all off-line. No way to bring them back alive again.Cant send or receive any email. Quitting HMA and reloading  mail doesn't work. It drives me nuts. Support from HMA is poor. They say to use gmail smtp servers instead any others because they are "whitelisted". but even gmail is steadily offline. Tried to change ports as suggested in their troubleshooting section- without success.
    Only thing that does the trick is to switch to my iPhone's personal  hotspot. But switching back to WLAN again sets all accounts offline again.
    Another workaround is to restart the complete system 10.8.5 and not log on to HMA which is quiet a nuisance. AS soon as I log in I can't send email again through mac mail program (which according HMA's support section "is normal"-). Logging on to HMA  must doe some nasty thing to the WLAN settings in the background which I can't figure out. So far I have  not received any solution to this nuisance from HMA.
    Anybody out there having similar problems and possible solutions?
    Help is very much appreciated!!

    Here's what i did, I had the same problem. Go to the finder/go/computer/yourname/library/preferences. move the file com.apple.mail.plist to the trash bin. But before you do this copy all the info on your account for your isp. Such as user name,password , incomming server, and outgoing server info. This worked for me. Good luck
    John

Maybe you are looking for