Help with Cisco RV180 VPN
I have installed the Cisco RV180 VPN at a customer location.
Because this customer makes credit card transactions over the Internet, their merchant account requires a third-party to perform a security scan on the gateway. When scanning, the third-party states they are not in compliance with this report:
THREAT REFERENCE
Summary:
TLS Protocol Session Renegotiation Security Vulnerability
Risk: High (3)
Port: 443
Protocol: TCP
Threat ID: misc_opensslrenegotiation
Details: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
06/11/12
CVE 2009-3555
Multiple vendors TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context.
Information From Target:
Service: 443:TCP
Session Renegotiation succeeded on 443:TCP
They are using the QuickVPN Client to connect and must be able to connect from anywhere in the world. From my understanding, port 443 must be opened for the QuickVPN Client to function. How do I block port 443 from everyone except the QuickVPN Client? Or how do I configure the RV180 to satisfy the above threat?
Thanks in advance for any information you can provide.
Hi,
following config is for cisco VPN client access with dynamic allocation and split-tunnel.
Hope this helps, please rate post if it does!
aaa new-model
aaa authentication login userauthen local
aaa authorization network groupauthor local
username vpnc password 0 userpass
crypto isakmp client configuration group vpncg
key grouppass
dns 4.2.2.1
wins 10.59.2.10
domain domain.com
pool ip-pool
acl 108
crypto ipsec transform-set myset esp-aes esp-sha-hmac
crypto dynamic-map dynmap 10
set transform-set myset
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
interface FastEthernet0/0
ip nat outside
crypto map clientmap
interface vlan1
ip address 10.59.2.1 255.255.255.0
ip nat inside
ip local pool ip-pool 10.0.230.1 10.0.230.20
access-list 108 remark VPN client split tunnel
access-list 108 permit ip 10.59.2.0 0.0.0.255 10.0.230.0 0.0.0.255
Similar Messages
-
Help with cisco 837 VPN firewall configuration
Hi guys,
I attempted to configure remote access VPN using cisco 837.IPSEC and firewall features were added already.However, the VPN client keeps saying "remote peer no longer responding".
Upon removing firewall and ACLs, VPN client works. Therefore, I believe these two parts went wrong. Could you please take a look on my config below and see what is going on. On the other hand, when i issue the same config to cisco 827, it does not work. My question is whether cisco 827 IOS 12.1(3)support IPSEC.
Any help would be highly appreciated.This document demonstrates how to configure a connection between a router and the Cisco VPN Client 4.x using Remote Authentication Dial-In User Service (RADIUS) for user authentication. Cisco IOS? Software Releases 12.2(8)T and later support connections from Cisco VPN Client 3.x. The VPN Clients 3.x and 4.x use Diffie Hellman (DH) group 2 policy. The isakmp policy # group 2 command enables the VPN Clients to connect.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946b7.shtml -
Need Help Setup Cisco RV042 vpn
good day everyone, a month ago my boss purchase 4 pcs cisco rv042 vpn to be used in our small office and to our satelite office, with expectations of simple file sharing and remote troubleshooting and for better and safe data transfer. since the task is given to me as an IT staff it is difficult to me to setup this vpn router since i have a little idea and many question are on my mind that need to be answered, i read the manual test the vpn router but still no good answered found. i know it is dufficult but with proper guide and step by step on how to use this one i can make it work. please anyone help me i need answers to this questions.
i am using windows 7 pro sp1 64bit for my test unit, how can i make a vpn server? a client?
in the past i connect the internet connection in the internet connection port in the back of the router, then another cable from vpn port 1-4 i select #4 port to connect to my pc, since the vpn give the ip on my pc i can easily connect to the firmware of the vpn using the deafault username and password. when i go to the firmware i dont know where to start, and i dont even have the internet connection for my pc.
i feel sorry for myself beacuse i have no idea in this kind of thing, CISCO people and others out there i am calling for your help.
thank you in advance
melDear Emilio,
Thank you for reaching Cisco Small Business Support Community.
If you’d like to setup a Site to Site VPN on your RV042 here is a good step by step guide;
http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=304
If you are looking into a remote access VPN, QuickVPN, here is the step by step procedure;
http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=452
Just in case here is also a document with Windows operating systems tips;
http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=2922
Finally here is a link with the Admin Guide where starting on page 122 you can find everything related to VPN setup on this particular device model, beside info in how to setup your internal network (I suggest you to go through this admin guide so you know everything about the router);
http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
Please let me know if there is any further assistance we may assist you with.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found. -
Trouble with Cisco Anyconnect VPN Client
Hello,
our Cisco AnyConnect VPN Client has stopped working, we are a medical office and we are attempting to connect to "clientvpn.e-mds.com" however it will not connect, the username and password we input are irrelevant it doesnt come up with a "wrong credentials" window it just erases the password and at the bottom of the window it says "Please enter your username and password". our version is 2.5.0217 does anyone know anything to try? any help would be appreciatedyou may want to try the OS X networking forums:
http://discussions.apple.com/forum.jspa?forumID=733 -
Will Nortel's Contivity VPN Client work with Cisco's VPN 3000 concentrator?
Hi, need help. We have VPN 3000 concentrator and a number of VPN clients (these are using Cisco VPN client).
We have one user that wants to use Nortel's Contivity VPN Client. Will this work with the Cisco COncentrator 3000?Tricky question - in theory yes, if the nortel client follows all the ISPEC RFC's.
I did try to get the cisco VPN client working on a Nortel Contivity once - did not get it working - but did'nt have that much time to test and get it working.
My advise - Configure, TEST DEBUG TEST DEBUG! -
Setup Sunray 3G with Cisco 3005 VPN concentrator
hi,
I first explain the setup situation:
Gobi8 (3G) => Cisco 3005 VPN Concentrator => Sunray Server (4 09/07)
Do i need to setup a sunray segment for not-directly connected networks or do i need to setup one for directly connected networks?
can the Sunray server gives IP-addresses to the Gobi8 trough a VPN-tunnel or do i need to let the Cisco handle the IP-address management?
Is there some info about what IKE proposal i need to select in the Cisco 3005?
Any help would be appreciated
ThxI have not used the Gobi 8 but this is how I configure my SR 2, SR 2FS, and SR 270 for VPN, I believe the Gobi can do similiar things. You will need to setup your SR server as part of a shared network, NOT a dedicated network. Configure your concentrator as an Easy VPN server and the Gobi as an Easy VPN client. Using the Easy VPN setup automatically handles IKE though you will have to setup groups etc. Since my DTUs move around I use DHCP so the initial IP address comes from the local network, as part of connecting to the remote network the concentrator will issue an IP address for SR server network. This has worked for me on wired and WiFi LANs, I do not know if it will work with 3G wireless but I do not see why it should not. Hope this helps and good luck.
-
Help with Cisco Output Interpreter tool!!
Hi All,
I am experiencing a problem with Cisco Output Interpreter tool.
While the tool is working fine and displaying the "CONFIGURATION COMMAND REFERENCE NOTIFICATIONS (if any)" very effectively but I am unable to use the hyperlink to get an understanding about a particular command.
When I click on a particular command(hyperlink) it pops up another window and the below error is displayed.
Not Found
The requested URL /cgi-bin/Support/Cmdlookup/ios-command-lookup.pl was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Anyone else had/have this particular error. Could you please help me with this.
Apologies if this topic does not belong to this group.
Thanks in advance
SamNoone to help me on this?
-
Trouble with Cisco AnyConnect VPN after getting new Airport Extreme
So I had a previous version Time Capsule that I used for years, and it started having issues where it would start spontaneously rebooting. I decided to get a new Airport Extreme (the new taller one) and went in without a hitch. Problem it, though, I work from home sometimes with my company provided Windows 7 laptop and I'm experiencing issues around the VPN hanging for 15-20 seconds then coming back, maybe 1x or 2x per hour. Especially noticeable when I'm on higher bandwidth applications like Lync meetings or Remote Desktop sessions. Never had the issue on the old Time Capsule, it was always solid (until the device itself started dying), and I don't have the issue when I'm in my office using the same VPN software. Never an issue with any of the computers in the house on the regular internet, non-VPN connection. Is there a setting I missed somewhere in my setup of the new Airport that can help to stabilize that VPN connection? Seems in newer versions, some of the options have been taken away or harder to find.
Running version 7.7.3 on the Airport Extreme.
Andy MartinHi Geo,
fnfErr
= -43, /*File not found*/
Bootup holding CMD+r, or the Option/alt key to boot from the Restore partition & use Disk Utility from there to Repair the Disk, then Repair Permissions.
Any change on reboot? -
Problem using SunRay with Cisco AnyConnect VPN Client
I am using Cisco AnyConnect VPN Client Version 2.5.3046
I have a PC and a SunRay connected to my router. I use VPN to connect my SunRay and my PC to my work computer. My PC works fine, I am able to connect to the internet and also run cisco VPN to connect to my work computer. But when I try to use my SunRay, I get a window on the screen with the message:
VPN IKE Phase 1 agg I msg1This window keeps moving around on the screen. I am not able to connect my SunRay through VPN to my work computer. Any idea what could be wrong and how I can fix this?2.2 is definitely better.
On one PC, I'm fine. On another -- very similar -- it tells me it can't start the VPN even after uninstalling and re-installing and everything else I can think of, with plenty of re-boots inbetween.
Aaaaarrrrrrggggggghhhh. -
Need help with Cisco Interface Cards???/
Hi, I purchased 4 WIC-1AM cards for my cisco 1760 gateway to use with cisco call manager server. I'm trying to figure out if I can even use these cards for voice cards to make calls inbound and outbound. I'm seing that the cards that CM gives me are all VIC cards listed and i don't see any WIC cards listed in the endpoint list on the CM for the gatway. So can I even use these cards for what I'm trying to do??? Please help???
ThanksIf i got the vontage sip account how would i hook it up to my CM Sever?
I'm using a 1760 gatway, what is a DSP resource?
When i do show diag I get this from my router:
show diag
Slot 0:
C1760 1FE VE 4SLOT DV Mainboard Port adapter, 3 ports
Port adapter is analyzed
Port adapter insertion time unknown
EEPROM contents at hardware discovery:
Hardware Revision : 5.0
PCB Serial Number : FOC08077JDP
Part Number : 73-7167-05
Board Revision : B0
Fab Version : 04
Product (FRU) Number : CISCO1760
EEPROM format version 4
EEPROM contents (hex):
0x00: 04 FF 40 03 16 41 05 00 C1 8B 46 4F 43 30 38 30
0x10: 37 37 4A 44 50 82 49 1B FF 05 42 42 30 02 04 FF
0x20: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0x30: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0x40: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0x50: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0x60: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0x70: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Packet Voice DSP Module Slot 0:
Not populated
Packet Voice DSP Module Slot 1:
Not populated
WIC/VIC Slot 0:
One Port Modem WIC
Hardware revision 1.0 Board revision H0
Serial number 0034764142 Part number 800-08823-01
FRU Part Number WIC-1AM=
Test history 0x00 RMA number 00-00-00
Connector type WAN Module
EEPROM format version 1
EEPROM contents (hex):
0x20: 01 38 01 00 02 12 75 6E 50 22 77 01 00 00 00 00
0x30: 88 00 00 00 06 02 10 01 FF FF FF FF FF FF FF FF
WIC/VIC Slot 1:
One Port Modem WIC
Hardware revision 1.0 Board revision H0
Serial number 0034764050 Part number 800-08823-01
FRU Part Number WIC-1AM=
Test history 0x00 RMA number 00-00-00
Connector type WAN Module
EEPROM format version 1
EEPROM contents (hex):
0x20: 01 38 01 00 02 12 75 12 50 22 77 01 00 00 00 00
0x30: 88 00 00 00 06 02 10 01 FF FF FF FF FF FF FF FF
What do you think? -
Help with Remote access VPN on Cisco router 3925 via Dialer Interface
Hi Everybody,
I need help for my work now, I appreciate if someone can fix my problem.I have a Cisco router 3925 and access Internet via PPPoE link. I want config VPN Remote Access and using software Cisco VPN client. But it doesn't work.. Here my config router :
HUNRE#show running-config
Building configuration...
Current configuration : 5515 bytes
! No configuration change since last restart
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname HUNRE
boot-start-marker
boot-end-marker
enable secret 5 $1$vEFw$rLfvLglzUgddCVwXDx03K.
enable password cisco
aaa new-model
aaa session-id common
crypto pki trustpoint TP-self-signed-1050416327
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1050416327
revocation-check none
rsakeypair TP-self-signed-1050416327
crypto pki certificate chain TP-self-signed-1050416327
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303530 34313633 3237301E 170D3134 30393235 31313534
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30353034
31363332 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CC79 74FCFABE 81183B70 5A9F4A53 EB609754 7D5F8587 9150B76E 3207A86E
5B65F9E9 6CDAC21A 6D69221D 1FF61632 14763308 43B2A1CC 8EE5ABAC EF07530E
3F0D35FE F08C955B 60B52B92 F8F54D53 DD6DD623 01F83493 02F9C49A F0C3483D
3B48A008 8D96700E 88924BFE DE00201B DE5965DE 32898CAD 9012AB55 76B6F39B
2D470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14C3418C BC35F3D9 B26B2475 2BB5F826 060525AB B3301D06
03551D0E 04160414 C3418CBC 35F3D9B2 6B24752B B5F82606 0525ABB3 300D0609
2A864886 F70D0101 05050003 81810070 AC7C26C6 4606A551 1A3FD6C5 2A5AEAE8
35DAC86E F8885E26 51F6EEAE 7565D3AA D532C8F3 55F6656F D103F38C 8FBDE7F1
83E77143 76469040 7FEA41E8 14963DB3 F7F28EA0 C5F2F42C B186B75C AAB04900
15F9CB38 A16964F5 4E7B4378 35041AA8 AE8EC181 D58D6A62 676E286A 7B9D80E6
35A0B9FB FB76E976 3D2A19D7 006078
quit
ip name-server 210.245.1.253
ip name-server 210.245.1.254
ip cef
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
vpdn-group 1
vpdn-group 2
license udi pid C3900-SPE100/K9 sn FOC1823839B
license boot module c3900 technology-package securityk9
username cisco privilege 15 secret 5 $1$aAjB$D3iLyPFTE7O1bHPnKSJcH0
username kdhong privilege 15 secret 5 $1$nfyX$FO1BPTabCUaE6uKQwpLT.1
redundancy
track 1 ip sla 1 reachability
track 2 ip sla 2 reachability
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group VPN-HUNRE
key hunre
dns 8.8.8.8
domain hunre
pool IP-VPN
acl 199
max-users 100
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
mode tunnel
crypto dynamic-map DYNMAP 1
set transform-set encrypt-method-1
crypto map VPN client configuration address respond
crypto map VPN 65535 ipsec-isakmp dynamic DYNMAP
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip mtu 1492
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
interface GigabitEthernet0/1
description FPT
no ip address
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface GigabitEthernet0/2
description Connect to CMC
no ip address
ip mtu 1442
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
no cdp enable
interface Dialer1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp dns request
crypto map VPN
interface Dialer2
description Logical ADSL Interface 2
ip address negotiated
ip mtu 1442
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1344
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp address accept
no cdp enable
ip local pool IP-VPN 10.252.252.2 10.252.252.245
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source list 11 interface Dialer2 overload
ip nat inside source static 10.159.217.10 interface Dialer1
ip nat inside source list 199 interface Dialer1 overload
ip nat inside source static tcp 10.159.217.10 80 210.245.54.49 80 extendable
ip nat inside source static tcp 10.159.217.10 3389 210.245.54.49 3389 extendable
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.159.217.0 255.255.255.0 192.168.1.8
ip sla auto discovery
ip sla responder
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
access-list 10 permit any
access-list 11 permit any
access-list 101 permit icmp any any
access-list 199 permit ip any any
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
transport input all
line vty 5 15
password cisco
transport input all
scheduler allocate 20000 1000
ntp master
end
However, I cannot ping interfac Dialer 1. I using Cisco vpn client software ver 5.0.07.0290.
Hopeful for your answers !
ThanksHi David Castro,
Thanks for your answer,
I configed following your guide, but it have not worked yet. I saw that I cannot ping IP gateway Internet . I using ADSL Internet and config PPPoE and my router receive IP from ISP. Here show ip int brief :
GigabitEthernet0/0 192.168.1.1 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM up up
GigabitEthernet0/2 unassigned YES NVRAM up up
Dialer1 210.245.54.49 YES IPCP up up
Dialer2 101.99.7.73 YES IPCP up up
NVI0 192.168.1.1 YES unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Virtual-Access3 unassigned YES unset up up
But I cannot ping Interface Dialer 1, so may be VPN is does not worked. Do you have some ideal ?
Thanks very much ! -
Need help with setting up VPN on a Cisco EPC3925 Modem
Hi everyone,
I need help setting VPN on Cisco EPC3925 modem (I tried using Help and I have read the entire section in the manual but the manual is not the same as the window I get in my settings. For example in the manual they say I can choose "all" under Remote Secure Gateway but there is no option like that).
When I go to the VPN section this is what I get:
1. Does this mean that I can connect to my modem via VPN from some other location? I would like to be able to connect to this modem when I am not at home from some remote location from my computer in order to be able to use NAS-Storage.
2. If the answer on the first question is yes, what settings I need to enter for the:
Local Secure Group
Remote Secure Group
Remote Secure Gateway
My ISP is using dynamic IP but I have DDNS.
My router local IP is 192.168.0.1
Subnet: 255.255.255.0
Starting IP Address: 192.168.0.10
Here is how the advanced settings looks like:
Thanks in advance for your help!My problem similar too this. I create a tunnel between two epc3925 but impossible to send data between them.
The status is connected. What can I do? UPC tell me this router has only vpn client so i will doesn't work. -
Hello everyone!
I'm trying to use Cisco ASA 5510 with IOS 9.1(2) and I faced with one big problem: when any client connect to Remote Access VPN and receive IP address my ASA thinks that IP packets from this client should go via it's default gateway, For example, if OSPF neighbour and default gateway is 10.1.2.2/30 and IP of my cisco is 10.1.2.1/30 and client's IP is 172.16.15.223 I see this route in my routing table:
S 172.16.15.223 255.255.255.255 [1/0] via 10.1.2.2
I switched on reverse route injection, I include VPN network to OSPF advirtismets. But when I set up route summarization - I get route:
O EX 172.168.15.0 255.255.255.0 [110/30] via 10.2.2.1 xx:xx:xx vlan X
on my router, but ASA made the same route as I wrote above.
Does anybody can Help what the problem is?
My configuration is:
access-list redistribute standard permit 172.16.15.0 255.255.255.0
access-list filter-default-static-route remark filter static default route from OSPF Redistribution
access-list filter-default-static-route standard deny host 0.0.0.0
access-list filter-default-static-route standard permit 172.16.15.0 255.255.255.0
route-map vpn-routes permit 10
match ip address filter-default-static-route
route-map vpn-routes permit 20
match interface outside
set metric-type type-2
route-map redistribute-map permit 1
match ip address redistribute
router ospf 1
network 172.16.15.0 255.255.255.0 area 5
network 82.179.131.116 255.255.255.252 area 5
area 5 range 172.16.15.0 255.255.255.0
log-adj-changes
redistribute connected
redistribute static subnets route-map vpn-routes
summary-address172.16.15.0 255.255.255.0
crypto dynamic-map TEST_DYN_MAP 7 set ikev1 transform-set ESP-3DES-SHA
crypto dynamic-map TEST_DYN_MAP 7 set ikev2 ipsec-proposal 3DES
crypto dynamic-map TEST_DYN_MAP 7 set nat-t-disable
crypto dynamic-map TEST_DYN_MAP 7 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic TEST_DYN_MAP
crypto map outside_map interface outsidehello,
I expect to see THIS on my router:
O EX 172.168.15.0 255.255.255.0 [110/30] via 10.2.2.1 xx:xx:xx vlan X
or something like this, and THIS on my ASA:
S 172.16.15.223 255.255.255.255 [1/0] via 10.1.2.1
I just realised that I wrote wrong config in ospf configuration. it should be like
router ospf 1
network 172.16.15.0 255.255.255.0 area 5
network 10.1.2.0 255.255.255.252 area 5
area 5 range 172.16.15.0 255.255.255.0
log-adj-changes
redistribute connected
redistribute static subnets route-map vpn-routes
summary-address172.16.15.0 255.255.255.0
and 10.1.2.1/30 - my cisco ASA, 10.1.2.2/30 - my cisco router
172.16.15.0/24 - network to assign addresses to users.
I don't understand why ASA tries to forward packets from/to connected clients via its default gateway but not via itself. -
Help with Cisco ASA 5500 and NAS drives
Hello:
I have 2 My Book World Edition II NAS drives. They both are configured to use a static IP address and both are on the same workgroup.
One of them is supposed to be replaced with a newer one that I just installed yesterday.
What I am trying to do is to transfer all the information from NAS1 to NAS2.
Both are connected to a Cisco VPN router.
I created a batch file that was basically several xcopy commands to copy all the information from NAS1 to NAS2.
As this process was going to take like 8 hours I ran the batch file yesterday at 4:00PM when everyone was logged off the NAS drives.
To my surprise this morning I found out that only a portion of the files were copied from the NAS1 to the NAS2.
After reading the system logs of the NAS1 drive I found a lot of errors.For example:
getpeername failed. Error was Transport endpoint is not connected
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
getpeername failed. Error was Transport endpoint is not connected
Someone suggested that the problem has to do with the network configuration.
The suggestion was to change from "auto-negotiate" to Full Duplex 100 on the Cisco VPN router configuration.
What do you think? Could this be the problem?
Thanks and help is greatly appreciated.Hello:
I have 2 My Book World Edition II NAS drives. They both are configured to use a static IP address and both are on the same workgroup.
One of them is supposed to be replaced with a newer one that I just installed yesterday.
What I am trying to do is to transfer all the information from NAS1 to NAS2.
Both are connected to a Cisco VPN router.
I created a batch file that was basically several xcopy commands to copy all the information from NAS1 to NAS2.
As this process was going to take like 8 hours I ran the batch file yesterday at 4:00PM when everyone was logged off the NAS drives.
To my surprise this morning I found out that only a portion of the files were copied from the NAS1 to the NAS2.
After reading the system logs of the NAS1 drive I found a lot of errors.For example:
getpeername failed. Error was Transport endpoint is not connected
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
getpeername failed. Error was Transport endpoint is not connected
Someone suggested that the problem has to do with the network configuration.
The suggestion was to change from "auto-negotiate" to Full Duplex 100 on the Cisco VPN router configuration.
What do you think? Could this be the problem?
Thanks and help is greatly appreciated. -
Confused how to set-up a PC & laptop with Cisco WRVS4400N VPN for home use
Just bought a new PC and laptop and was recommended by (CDW) to use a Cisco WRVS4400N to set up the VPN.
For home use, only the PC and laptop, both running Windows 7. I use Comcast as my ISP.
The mountains of docs confuses me to no end, can anyone simplify this for me. I look at all the details and do not know where to start.
In short,
(1) configure router to recognize my PC and Comcast, and I guess the laptop.
(2) configure laptop to go wireless and communicate with PC.
Any assistance would be much appreciated.
Thanks,
TerryFor a very small office and a minimum of admin and tech know how, one approach i'd suggest is to not worry about user id collisions at all. any time anyone wants to use a mac you just set them up as a user, using consistent names/passwords.
Have a "Work" volume on each mac that has "ignore ownership on this volume" ticked. that way UID collisions aren't important.
You can make a Desktop folder on the Work volume and make a SYMBOLIC LINK from every user's home that replaces their desktop with the desktop folder on the Work volume.
Make it known that the user's home is for personal stuff ONLY, and the Work volume (inc the desktop) is where work in progress lives.
At a later date with some confidence in your network and your admin skills you could impose consistent UIDs using an OD master
Maybe you are looking for
-
Help with dashboard on a mac mini
I have 7 mac minis running os 10.4.10 and a few I have upgraded to 10.4.11. The problem is I have created a user and have turned parental controls on and locked down the computer. Now when you launch dashboard none of the widgets show up. You place t
-
Upgrade process for SQL server 2005 service pack4 on stand alone and cluster servers
Hi All, We have iniated a process of upgarding sp4 for all sql 2005 stand alone and clusters servers. Please provide me the step by step process for installing sp4 and roll back paln for sql 2005 servers.And before proceeding with sp installation wha
-
Hi Gurus, Need to configure new payment term as described below if a supplier ships on 10 May, that payment will only be due on 10 July. But also if they ship on 29 May, the payment will also still be 10 July. This is my first time so plz guide how t
-
Hi, I have uploaded transaction and master data and activated the masterdata but in Infocube it is showing the data upto 06.2006 but in the queries it is showing upto 04.2006 only. timechar in query is last 12 months including current month. ( This
-
Re: Camileo S10 - very slow when SD card is in.
My Camileo S10 was working fine for months with my 8GB ScanDisk Ultra II memory card. Now, when I start the camera it is very slow to start and to operate (a few seconds delay for each operations). When I remove the SD card and trun on the camera, it