Entering Correct info for VPN connection
please suggest the correct configuration for entering information in order for my laptop to connect via VPN to my newly installed Leopard Server software. On my laptop, I have entered the following info on the System Preferences> network tab...
Configuration: Default
Server Address: 76.173.xx.xxx (my public IP address - do I need anything else?)
Account name: XXXXXX (same as the account name in Server)
under Authentication Settings, my password is fine and my shared secret is the same as on the Server.
Am I entering in everything correctly? i am most concerned as to how the server address is supposed to be written. thanks!!
Hi
If Appletalk is enabled server side and you simply enter the IP address afp is assumed as the protocol to be used. If you prefer the extra effort involved in typing afp:// followed by the IP address you can use that as well. If you want to use the smb service rather than afp simply type smb://followed by the IP address. The same thing applies to ftp services. The Finder supports reads only for ftp services.
If you are using VPN services you simply type in the private IP (LAN-side) address of the server rather than the public IP (WAN-side) address. Once a VPN connection has been established, the remote client behaves as if it is on the same LAN.
You can make a connection using the Public WAN address if you enable port forwarding to a single LAN IP address for services you are interested in. For example if you wanted to access your server remotely using afp you configure your router to forward requests for port 548 to the internal IP address of your server. You can use this method for as many services you like as well as how many your router supports. Most commercially available routers support 10-20. Depending on the router you may have to configure an appropriate firewall rule as well. When faced with that it makes more sense to use a single VPN connection.
I may be in danger of teaching granny to suck eggs but for what its worth for VPN connections to work successfully the remote client’s private IP address has to be different from the host site. For example if the remote site is on 192.168.1.x/24 as is the server then you won’t establish a connection. As far as the remote site is concerned its already connected to that network, why look elsewhere? 192.168.1.x/24 to 192.168.2.x/24 or 10.10.10.x/24 to 192.168.0.x/24 should result in successful VPN connections.
For a list or IP addresses reserved for private use:
http://www.iana.org/faqs/abuse-faq.htm#SpecialUseAddresses
Hope this helps, Tony
Similar Messages
-
My daughter has somehow figured out how to register for her own Apple ID but she is very underage. She is not giving me the correct info for me to get into her email. She has downloaded some apps that I would not allow. How can I recover her Apple ID info?
No it's not stealing. They have an allowance that you can share with so many computers/devices. You'll have to authorize her computer to play/use anything bought on your acct. You can do this under the Store menu at top when iTunes is open on her computer.
As far as getting it all on her computer....I think but I am not sure (because I don't use the feature) but I think if you turn on Home Sharing in iTunes it may copy the music to her computer. I don't know maybe it just streams it. If nothing else you can sign into your acct on her computer and download it all to her computer from the cloud. Not sure exactly how to go about that, I haven't had to do that yet. I wonder if once you authorize her computer and then set it up for automatic downloads (under Edit>Preferences>Store) if everything would download. Sorry I'm not much help on that. -
Just bought an ipad mini. Trying to set up internet connection. It recognizes my connection but will not load. There is a padlock shown. How do I get to where I need to enter the password for my connection?
On your router/modem, there will be a Wi-Fi password. If you enter that into your iPad for your connection, then your iPad will have permission to connect to that access point and then you will be able to use your internet.
-
Traffic only allowed one-way for VPN connected computers
Hello,
I currently have an ASA 5505. I have set it up as a remote access SSL VPN. My computers can connect to the VPN just fine. They just can't access the internal LAN (192.168.250.0). They can't ping the inside interface of the ASA, or any of the machines. It seems like all traffic is blocked for them. The strange thing is that when someone is connected to the VPN, I can ping that VPN-connect machine from the ASA and other machines inside the LAN. It seems the traffic only allows one way. I have messed with ACL's with no avail. Any suggestions please?
DHCP Pool: 192.168.250.20-50 --> For LAN
VPN Pool: 192.168.250.100 and 192.168.250.101
Outside interface grabs DHCP from modem
Inside interface: 192.168.1.1
Current Running Config:
: Saved
ASA Version 8.2(5)
hostname HardmanASA
enable password ###### encrypted
passwd ####### encrypted
names
interface Ethernet0/0
switchport access vlan 20
interface Ethernet0/1
switchport access vlan 10
interface Ethernet0/2
switchport access vlan 10
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
switchport access vlan 10
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan10
nameif inside
security-level 100
ip address 192.168.250.1 255.255.255.0
interface Vlan20
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
pager lines 24
mtu inside 1500
mtu outside 1500
ip local pool VPN_Pool 192.168.250.100-192.168.250.101 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 10 192.168.250.0 255.255.255.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.250.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.250.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd dns 8.8.8.8
dhcpd address 192.168.250.20-192.168.250.50 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
svc image disk0:/anyconnect-linux-2.5.2014-k9.pkg 3
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 8.8.8.8
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
tunnel-group AnyConnect type remote-access
tunnel-group AnyConnect general-attributes
address-pool VPN_Pool
tunnel-group AnyConnect webvpn-attributes
group-alias AnyConnect enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:30fadff4b400e42e73e17167828e046f
: endHello,
I seem to be having the same kind of issue although I cannot ping from either end.
Ive set up a l2tp/ipsec vpn which I am able to connect to and get ip from my ip pool (radius authentication is working).
I tried running:
access-list NAT_0 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
nat (inside) 0 access-list NAT_0
but i get an error msg saying that the syntax of the nat command is deprecated. Im running ASA version 8.4.
Ive fiddled around abit to find the correct syntax but have been unsuccessfull so far.
Any help would be much appreciated
This is a part of my config:
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network AD1
host 192.168.1.31
description AD/RADIUS
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network vpn_hosts
subnet 192.168.2.0 255.255.255.0
access-list AD_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list split-acl standard permit 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.1.0 255.255.255.0
access-list inside_0_outbound extended permit ip object NETWORK_OBJ_192.168.1.0_24 object vpn_hosts
ip local pool POOL2 192.168.2.2-192.168.2.10 mask 255.255.255.0
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.1.0_25 NETWORK_OBJ_192.168.1.0_25 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.1.0_25 NETWORK_OBJ_192.168.1.0_25 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static vpn_hosts vpn_hosts
object network obj_any
nat (inside,outside) dynamic interface
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 ########## 1
no vpn-addr-assign aaa
no vpn-addr-assign dhcp -
after ios 6.0 upgrade i cannot retrive my emails it says " the mail server .................is not responding. Verify you have entered the correct account info in mail settings."
but they havnt changed.I get the same problem. My settings haven't changed, etc., all imported across from my old iPhone 3 that worked fine. I've double-checked everything. I've even deleted the account and re-established it. Still doesn't work. My e'mail provider says that it's not them as all my settings are correct, and I can connect ok via webmail on safari, so it's not them but Apple, which sounds believable. Can't find a solution.
-
Check for VPN Connection Exists
Hello
I am working on a windows store app for Enterprise. This app will require internet and VPN connection to get data. I have found a way to check for internet access. However, I am not sure how to check if there is a VPN tunnel available. If VPN is available
then I can make a call to a WebService and get data. If there is no VPN then the WebService call will fail [after about 10-15 seconds]. I can assume that if the WebService calls fails that means there is no VPN but there must be another way to find this out
before even calling a Service.
Please help.
Thanks
BevanWe're using Microsoft Direct Access rather than a VPN but I think this is worth sharing anyway.
Rather than calling a web service I'm just using the HttpClient's GetAsync() method to call a small file hosted on an internally hosted web server. This minimises the payload as much as possible which may be important if your users are connected using devices
with 3G/4G with data limit.
I'm wrapping the call in a Stopwatch to get a rough idea of the round robin request/response and visualising that for the users so they know how good their connection to the corporate network is. This info is far more useful than the WiFi/Mobile signal bars.
Stopwatch stopWatch = new Stopwatch();
stopWatch.Start();
HttpClient httpClient = new HttpClient();
HttpResponseMessage response = await httpClient.GetAsync(nslUri);
response.EnsureSuccessStatusCode(); // -- throw exception if not a success code
stopWatch.Stop();
TimeSpan ts = stopWatch.Elapsed;
This might also be of interest...
https://msdn.microsoft.com/en-us/library/windows/apps/xaml/windows.networking.vpn.aspx -
Unable to set manual IP address for VPN connection
Recently a VPN connection with a client stopped working. They changed phone companies and changed some of the IP addresses.
After alerting them I could no longer log in, I received the new server address which I can log in with it,
BUT my computer is assigned a dynamic address that is already in use on their network. This causes my computer to *not* be connected to their network, even though I am inside their firewall; therefore I cannot adjust the database files I need to.
I have tried to set the VPN (PPTP) connection TCP/IP address IPv4 manually, using the static address they just gave me. But each time I connect, [I believe] their router assigns me an address that is already in use.
They do not use IPv6.
Can anyone give me direction on how to make the manual IP address *stick*?
The tech person at the site keeps telling me it is a problem with my "Mac, because with Windows.... blah, blah, blah".
I am pretty sure this is not the case and in fact I was the one who let her know I was receiving a duplicate address.
Your VPN expertise is really appreciated.
Thanks in advance,
MicheleHi,
Please make sure the Ad hoc connection IP adress is at the same range with your local connection. In addition, how about recreate the ad hoc connection for test, please have a try.
If problem persists, please use Network troubleshooter in Action Center to fix this problem for test.
Roger Lu
TechNet Community Support -
Zone Base Forewall for VPN connections does not work after IOS upgrade
Hi all,
We use cisco router 2911 as corporate gateway - there is Zone Based Firewall implemented - I upgraded IOS to last version (15.2(2)T1) - originaly version 15.1(4)M1 - to solve issue with Anyconnect connections (bug CSCtx38806) but I found that after upgrade the VPN users are not able to communicate with sources in other zones.
More specific
WebVPN use this virtual template interface
interface Virtual-Template100
description Template for SSLVPN
ip unnumbered GigabitEthernet0/1.100
zone-member security INSIDE
There are other zones VOICE, LAB, ...
In the policy any connection is allowed (used inspection of icmp, tcp and udp) from INSIDE zone to VOICE or LAB zone
After VPN connection I am able to reach resources in INSIDE zone (which is the most important), but not in other zones. Before upgrade it worked.
Once I changed zone in Virtual-Template interface to VOICE, I was able to reach sources in VOICE zone but not in any other. I searched more and found the stateful firewall is not working for connections from VPN as ping is blocked by policy on returning way - it means by policy VOICE->INSIDE, once I allowed communication from "destination" zone to INSIDE zone - the connections started to work, but of cause it is not something I want to setup.
Does anybody has the same experiance?
Regards
PavelIt seems to me I should add one importatant note - if client is connected directly in INSIDE zone, he can reach resources in other zones without any issue - so the problem is only when the client is connected by VPN - not in ZBF policy setup.
Pavel -
Trying to set a delay in an Applescript for VPN connection
I need to be able to set some routes upon opening a particular VPN connection so I did some searching and found a really simple Applescript that does the job. Problem is it tries to set the routes before the VPN actually connects so the routes don't go in.
I added in a 10 second delay which does the trick, but I'm thinking there has to be a way to do this that waits until the VPN actually connects before continuing - so if it takes 5 seconds or 10 or whatever, it waits.
The other thing I'm doing that I think is bad is I'm sending a route delete command before sending the add command. Why? Because if I don't and for some reason the route is partially in the table, it doesn't give an error and ends up not routing. Again, probably a better way to do this.
Here is my current script"
-- Connect Work VPN
tell application "System Events"
tell current location of network preferences
set VPNservice to service "Work" -- name of the VPN service
if exists VPNservice then connect VPNservice
end tell
end tell
delay 10
set gateway to "x.x.x.x" -- omitted here for security
do shell script "route delete 192.168.25.0/24 " & gateway with administrator privileges
do shell script "route delete 192.168.20.0/24 " & gateway with administrator privileges
do shell script "route add 192.168.25.0/24 " & gateway with administrator privileges
do shell script "route add 192.168.20.0/24 " & gateway with administrator privileges
Any suggestions??
Thanks.you might want to try asking in the Applescript forum under OS X technologies.
I don't have any VPN connections so can't test anything but applescript dictionary for system events indicates that configuration property of a service has a boolean property "connected". so just run a loop with, say, 1 second delay until this porperty becomes true. presumably it would be something along the lines
<pre style="
font-family: Monaco, 'Courier New', Courier, monospace;
font-size: 10px;
margin: 0px;
padding: 5px;
border: 1px solid #000000;
width: 720px;
color: #000000;
background-color: #ADD8E6;
overflow: auto;"
title="this text can be pasted into the Script Editor">
tell application "System Events"
tell current location of network preferences
set VPNservice to service "Work" -- name of the VPN service
if exists VPNservice then connect VPNservice
repeat until (connected of current configuration of VPNservice)
delay 1
end repeat
end tell
end tell
set gateway to "x.x.x.x" -- omitted here for security
do shell script "route delete 192.168.25.0/24 " & gateway with administrator privileges
do shell script "route delete 192.168.20.0/24 " & gateway with administrator privileges
do shell script "route add 192.168.25.0/24 " & gateway with administrator privileges
do shell script "route add 192.168.20.0/24 " & gateway with administrator privileges</pre> -
How do I re-enter login info for web sites into the auto fill feature?
When I first got my iPhone 4 I was asked if I wanted to save the login info for the sites I need to visit. This was very convenient. But Inhad to change some passwords and clear cookies and now I have to manually re-enter the info again and again. How can I set it up so when I go to the 3 or 4 sites that I need to constantly visit already has he login info entered? When I go to Autofill it has a switch for passwords but no way to set them up. Help. I am spending half my day reentering login info again and again.
You could try going into settings, Safari, auto fill then turn on names and passwords.
-
Making Application deployment working for VPN connection
Hi Guys,
Am trying to deploy application to users machines which are connected to VPN.
I dont have any idea, is that any https connection my SCCM will support. If it is failing, what all the series of steps i need to follow to enable deployment via VPN connection.
Please suggest.If clients are connected through VPN, they will work exactly as any other client you have on your LAN.
Just make sure that you also specify a boundary for you VPN clients, like you do with you LAN clients.
Ronni Pedersen | Microsoft MVP - ConfigMgr | Blogs:
www.ronnipedersen.com/ and www.SCUG.dk/ | Twitter
@ronnipedersen -
Advice needed for VPN connections
OK to first describe what I'm looking at .We have a bookmobile that goes to 13 different locations within our county. At each stop we are using the service provider's DSL modem to connect to their network, we have two different providers and staff changes the modem at each stop, and a Cisco831 router to make a VPN connection to our PIX. We are using the router to make the VPN connection so that we can have two staff computers use internal network resources i.e. Library database, network drives, e-mail. We tried using Cisco VPN client on the local machine but when we have two clients going on two machines at the same time neither would work. So we let the router make that connection.
We are going to have two bookmobiles operating and I need to purchase another router to make the connection and I am wondering which router would be a better solution for us.
So for me the question is
1) should I keep things as they are and buy a 871 and have staff change modems as needed
2) Should I get an 877, 878 router and make configuration changes daily as needed. Staff have not been able to do this in past. I've enough to do without this!
3) Up for any suggestions Maybe SDM with a pretty GUI for staff to use. It seems Cisco's CLI was too much for them.
Thanks to all for any help
Systems ANo Nat-traversal is enabled.
When we tried multiple VPN connections it was through a DSL modem/router. This is why we went to a Cisco831 router and having it make the secure connection to our PIX.
Thanks for you help -
Hi all, Can anyone tell me the normal way of setting up a vpn connection, here we have a router terminating the internet link, and a cisco pix behind it ?
you can try a very simple Easy VPN configuration in this document.
http://www.cisco.com/application/pdf/en/us/guest/products/ps6659/c1650/cdccont_0900aecd80313bdf.pdf
hope this helps.
rate this post. -
Can't enter/change info for songs...
I can change the info for some of my songs but not for most of them. Why is this?
Check that the problem files are not read only.
If they are MP3s, there can sometime be problems with tag versions. Try selecting a track and right click on it. Select Convert ID3 tags. Try converting to none. It might be as well to experiment with a copy.
Otherwise check the permissions on your music folder, but if this was a problem I would expect everything to be affected.
Your account needs full control of any music folder. -
Entering CDDB info for untitled tracks
I have been working with a local band to make some demo CD's. All of the tracks on the CD are listed as: track1, track2, etc... Can I use iTunes to encode track information such as song title, album, etc... Or will I need a 3rd party solution?
ThanksUmm... I don't think Linux Grip going to help. On any other software, either.
If I understand the situation correctly, you want to burn an AUDIO CD that can be played in any CD player, including car and home stereo players, right?
And you want anyone who gets one of your demo CDs to be able to put it into a computer and see the title tracks, artist, etc, right?
I'm no expert, so I'm not 100% positive, but I believe the problem that is going to prevent you from doing that is this: The specifications for Standard audio CDs does not have any mechanism to encode that information on the CD - not allowed - no can do. It's got nothing to do with what hardware or software you use to make the audio CD, but rather with the accepted definition of "audio CD" (as described by the "Red Book" specifications). As far as I know, there are only two ways to get around this limitation of audio CDs:
1. Burn a non-standard CD. If you burn the music on a DATA CD (CD-ROM) or MP3 CD, then computer users can easily see your track titles/artist/etc; however there will be many home stereo and car stereo CD players that will not be able to play the music at all.
2. Upload the information to an online data base like Gracenote CDDB so internet connected computers can retrieve the track titles, artist, etc.
There is also something called CD Text which does encode some track title/artist information on the disc, but I believe that info is displayed only by certain hardware - usually car CD players and DVD players, but not computers. I don't know if you can add CD Text to home-burned CDs, but services which make commercial discs can do this for you.
Maybe you are looking for
-
I have just installed the xcode before I resync with iTunes. I got this problem after sync with iTunes. My mac running 10.8.2 and latest iTunes 10.7 (21) 64bit. I tried some advices from web but I have no luck: 1. Use sudo to remove the iTunes and
-
How to generate a html file from a xml file with the default Firefox look and feel
Hello Any xml or xsd file are pretty printed with Mozilla firefox. I would like to generate the equivalent html file, in order to introduce it later in a Word document. Do you use a xslt file ? How can I do this ? Best regards
-
Lightroom no longer starts on Windows 8.1 PC
Creative cloud user on Win8.1 PC. Photoshop, AE, PP and Audition all work great on the same PC. Lightroom pre 5.4 ran just fine. Since 5.4, it hangs when it starts. The user interface loads, but the splash screen never goes away, and Windows eventual
-
How to compare Sale data with Previous data
Hi Guys, Any one tell me how we will compare Sales data with Last year Sale data. Is there any T.Code or any kind of Report in the SAP. If available please suggest the same. Thanks & regards, Naveen Bhatia
-
Faulty Motherboard K8N SLI or GPU's 6600Gts??? Pls Help
Dear All, I've been running with the spec below for about a month, my SLI MSI 6600GTs ran perfectly well Half Life 2 never crashed and 3dMark 2005 gave me 6800Ultra like scores... all was good until this morning I turned on my PC and was greeted w