Help with Cisco RV180 VPN

I have installed the Cisco RV180 VPN at a customer location.
Because this customer makes credit card transactions over the Internet, their merchant account requires a third-party to perform a security scan on the gateway.  When scanning, the third-party states they are not in compliance with this report:
THREAT REFERENCE
Summary:
TLS Protocol Session Renegotiation Security Vulnerability
Risk: High (3)
Port: 443
Protocol: TCP
Threat ID: misc_opensslrenegotiation
Details: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
06/11/12
CVE 2009-3555
Multiple vendors TLS protocol implementations are prone to a  security vulnerability related to the session-renegotiation process  which allows man-in-the-middle attackers to insert data into HTTPS  sessions, and possibly other types of sessions protected by TLS or SSL, by  sending an unauthenticated request that is processed retroactively by a  server in a post-renegotiation context.
Information From Target:
Service: 443:TCP
Session Renegotiation succeeded on 443:TCP
They are using the QuickVPN Client to connect and must be able to connect from anywhere in the world.  From my understanding, port 443 must be opened for the QuickVPN Client to function.  How do I block port 443 from everyone except the QuickVPN Client?  Or how do I configure the RV180 to satisfy the above threat?
Thanks in advance for any information you can provide.

Hi,
following config is for cisco VPN client access with dynamic allocation and split-tunnel.
Hope this helps, please rate post if it does!
aaa new-model
aaa authentication login userauthen local
aaa authorization network groupauthor local
username vpnc password 0 userpass
crypto isakmp client configuration group vpncg
key grouppass
dns 4.2.2.1
wins 10.59.2.10
domain domain.com
pool ip-pool
acl 108
crypto ipsec transform-set myset esp-aes esp-sha-hmac
crypto dynamic-map dynmap 10
set transform-set myset
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
interface FastEthernet0/0
ip nat outside
crypto map clientmap
interface vlan1
ip address 10.59.2.1 255.255.255.0
ip nat inside
ip local pool ip-pool 10.0.230.1 10.0.230.20
access-list 108 remark VPN client split tunnel
access-list 108 permit ip 10.59.2.0 0.0.0.255 10.0.230.0 0.0.0.255

Similar Messages

  • Help with cisco 837 VPN firewall configuration

    Hi guys,
    I attempted to configure remote access VPN using cisco 837.IPSEC and firewall features were added already.However, the VPN client keeps saying "remote peer no longer responding".
    Upon removing firewall and ACLs, VPN client works. Therefore, I believe these two parts went wrong. Could you please take a look on my config below and see what is going on. On the other hand, when i issue the same config to cisco 827, it does not work. My question is whether cisco 827 IOS 12.1(3)support IPSEC.
    Any help would be highly appreciated.

    This document demonstrates how to configure a connection between a router and the Cisco VPN Client 4.x using Remote Authentication Dial-In User Service (RADIUS) for user authentication. Cisco IOS? Software Releases 12.2(8)T and later support connections from Cisco VPN Client 3.x. The VPN Clients 3.x and 4.x use Diffie Hellman (DH) group 2 policy. The isakmp policy # group 2 command enables the VPN Clients to connect.
    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946b7.shtml

  • Need Help Setup Cisco RV042 vpn

    good day everyone, a month ago my boss purchase 4 pcs cisco rv042 vpn to be used in our small office and to our satelite office, with expectations of simple file sharing and remote troubleshooting and for better and safe data transfer. since the task is given to me as an IT staff it is difficult to me to setup this vpn router since i have a little  idea and many question are on my mind that need to be answered, i read the manual test the vpn router but still no good answered found. i know it is dufficult but with proper guide and step by step on how to use this one i can make it work. please anyone help me i need answers to this questions.
    i am using windows 7 pro sp1 64bit for my test unit, how can i make a vpn server? a client?
    in the past i connect the internet connection in the internet connection port in the back of the router, then another cable from vpn port 1-4 i select #4 port to connect to my pc, since the vpn give the ip on my pc i can easily connect to the firmware of the vpn using the deafault username and password. when i go to the firmware i dont know where to start, and i dont even have the internet connection for my pc.
    i feel sorry for myself beacuse i have no idea in this kind of thing, CISCO people and others out there i am calling for your help.
    thank you in advance
    mel

    Dear Emilio,
    Thank you for reaching Cisco Small Business Support Community.
    If you’d like to setup a Site to Site VPN on your RV042 here is a good step by step guide;
    http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=304
    If you are looking into a remote access VPN, QuickVPN, here is the step by step procedure;
    http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=452
    Just in case here is also a document with Windows operating systems tips;
    http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=2922
    Finally here is a link with the Admin Guide where starting on page 122 you can find everything related to VPN setup on this particular device model, beside info in how to setup your internal network (I suggest you to go through this admin guide so you know everything about the router);
    http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
    Please let me know if there is any further assistance we may assist you with.
    Kind regards,
    Jeffrey Rodriguez S. .:|:.:|:.
    Cisco Customer Support Engineer
    *Please rate the Post so other will know when an answer has been found.

  • Trouble with Cisco Anyconnect VPN Client

    Hello,
    our Cisco AnyConnect VPN Client has stopped working, we are a medical office and we are attempting to connect to "clientvpn.e-mds.com" however it will not connect, the username and password we input are irrelevant it doesnt come up with a "wrong credentials" window it just erases the password and at the bottom of the window it says "Please enter your username and password". our version is 2.5.0217 does anyone know anything to try? any help would be appreciated

    you may want to try the OS X networking forums:
    http://discussions.apple.com/forum.jspa?forumID=733

  • Will Nortel's Contivity VPN Client work with Cisco's VPN 3000 concentrator?

    Hi, need help. We have VPN 3000 concentrator and a number of VPN clients (these are using Cisco VPN client).
    We have one user that wants to use Nortel's Contivity VPN Client. Will this work with the Cisco COncentrator 3000?

    Tricky question - in theory yes, if the nortel client follows all the ISPEC RFC's.
    I did try to get the cisco VPN client working on a Nortel Contivity once - did not get it working - but did'nt have that much time to test and get it working.
    My advise - Configure, TEST DEBUG TEST DEBUG!

  • Setup Sunray 3G with Cisco 3005 VPN concentrator

    hi,
    I first explain the setup situation:
    Gobi8 (3G) => Cisco 3005 VPN Concentrator => Sunray Server (4 09/07)
    Do i need to setup a sunray segment for not-directly connected networks or do i need to setup one for directly connected networks?
    can the Sunray server gives IP-addresses to the Gobi8 trough a VPN-tunnel or do i need to let the Cisco handle the IP-address management?
    Is there some info about what IKE proposal i need to select in the Cisco 3005?
    Any help would be appreciated
    Thx

    I have not used the Gobi 8 but this is how I configure my SR 2, SR 2FS, and SR 270 for VPN, I believe the Gobi can do similiar things. You will need to setup your SR server as part of a shared network, NOT a dedicated network. Configure your concentrator as an Easy VPN server and the Gobi as an Easy VPN client. Using the Easy VPN setup automatically handles IKE though you will have to setup groups etc. Since my DTUs move around I use DHCP so the initial IP address comes from the local network, as part of connecting to the remote network the concentrator will issue an IP address for SR server network. This has worked for me on wired and WiFi LANs, I do not know if it will work with 3G wireless but I do not see why it should not. Hope this helps and good luck.

  • Help with Cisco Output Interpreter tool!!

    Hi All,
    I am experiencing a problem with Cisco Output Interpreter tool.
    While the tool is working fine and displaying the "CONFIGURATION COMMAND REFERENCE  NOTIFICATIONS (if any)" very effectively but I am unable to use the hyperlink to get an understanding about a particular command.
    When I click on a particular command(hyperlink) it pops up another window and the below error is displayed.
    Not Found
    The requested URL /cgi-bin/Support/Cmdlookup/ios-command-lookup.pl was not found on this server.
    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
    Anyone else had/have this particular error. Could you please help me with this.
    Apologies if  this topic does not belong to this group.
    Thanks in advance
    Sam

    Noone to help me on this?

  • Trouble with Cisco AnyConnect VPN after getting new Airport Extreme

    So I had a previous version Time Capsule that I used for years, and it started having issues where it would start spontaneously rebooting. I decided to get a new Airport Extreme (the new taller one) and went in without a hitch. Problem it, though, I work from home sometimes with my company provided Windows 7 laptop and I'm experiencing issues around the VPN hanging for 15-20 seconds then coming back, maybe 1x or 2x per hour. Especially noticeable when I'm on higher bandwidth applications like Lync meetings or Remote Desktop sessions. Never had the issue on the old Time Capsule, it was always solid (until the device itself started dying), and I don't have the issue when I'm in my office using the same VPN software. Never an issue with any of the computers in the house on the regular internet, non-VPN connection. Is there a setting I missed somewhere in my setup of the new Airport that can help to stabilize that VPN connection? Seems in newer versions, some of the options have been taken away or harder to find.
    Running version 7.7.3 on the Airport Extreme.
    Andy Martin

    Hi Geo,
      fnfErr                   
    = -43,  /*File not found*/
    Bootup holding CMD+r, or the Option/alt key to boot from the Restore partition & use Disk Utility from there to Repair the Disk, then Repair Permissions.
    Any change on reboot?

  • Problem using SunRay with Cisco AnyConnect VPN Client

    I am using Cisco AnyConnect VPN Client Version 2.5.3046
    I  have a PC and a SunRay connected to my router. I use VPN to connect my  SunRay and my PC to my work computer. My PC works fine, I am able to  connect to the internet and also run cisco VPN to connect to my work  computer. But when I try to use my SunRay, I get a window on the screen  with the message:
        VPN IKE Phase 1 agg I msg1This window  keeps moving around on the screen. I am not able to connect my SunRay  through VPN to my work computer. Any idea what could be wrong and how I  can fix this?

    2.2 is definitely better.
    On one PC, I'm fine. On another -- very similar -- it tells me it can't start the VPN even after uninstalling and re-installing and everything else I can think of, with plenty of re-boots inbetween.
    Aaaaarrrrrrggggggghhhh.

  • Need help with Cisco Interface Cards???/

    Hi, I purchased 4 WIC-1AM cards for my cisco 1760 gateway to use with cisco call manager server. I'm trying to figure out if I can even use these cards for voice cards to make calls inbound and outbound. I'm seing that the cards that CM gives me are all VIC cards listed and i don't see any WIC cards listed in the endpoint list on the CM for the gatway. So can I even use these cards for what I'm trying to do??? Please help???
    Thanks

    If i got the vontage sip account how would i hook it up to my CM Sever?
    I'm using a 1760 gatway, what is a DSP resource?
    When i do show diag I get this from my router:
    show diag
    Slot 0:
    C1760 1FE VE 4SLOT DV Mainboard Port adapter, 3 ports
    Port adapter is analyzed
    Port adapter insertion time unknown
    EEPROM contents at hardware discovery:
    Hardware Revision : 5.0
    PCB Serial Number : FOC08077JDP
    Part Number : 73-7167-05
    Board Revision : B0
    Fab Version : 04
    Product (FRU) Number : CISCO1760
    EEPROM format version 4
    EEPROM contents (hex):
    0x00: 04 FF 40 03 16 41 05 00 C1 8B 46 4F 43 30 38 30
    0x10: 37 37 4A 44 50 82 49 1B FF 05 42 42 30 02 04 FF
    0x20: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
    0x30: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
    0x40: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
    0x50: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
    0x60: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
    0x70: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
    Packet Voice DSP Module Slot 0:
    Not populated
    Packet Voice DSP Module Slot 1:
    Not populated
    WIC/VIC Slot 0:
    One Port Modem WIC
    Hardware revision 1.0 Board revision H0
    Serial number 0034764142 Part number 800-08823-01
    FRU Part Number WIC-1AM=
    Test history 0x00 RMA number 00-00-00
    Connector type WAN Module
    EEPROM format version 1
    EEPROM contents (hex):
    0x20: 01 38 01 00 02 12 75 6E 50 22 77 01 00 00 00 00
    0x30: 88 00 00 00 06 02 10 01 FF FF FF FF FF FF FF FF
    WIC/VIC Slot 1:
    One Port Modem WIC
    Hardware revision 1.0 Board revision H0
    Serial number 0034764050 Part number 800-08823-01
    FRU Part Number WIC-1AM=
    Test history 0x00 RMA number 00-00-00
    Connector type WAN Module
    EEPROM format version 1
    EEPROM contents (hex):
    0x20: 01 38 01 00 02 12 75 12 50 22 77 01 00 00 00 00
    0x30: 88 00 00 00 06 02 10 01 FF FF FF FF FF FF FF FF
    What do you think?

  • Help with Remote access VPN on Cisco router 3925 via Dialer Interface

    Hi Everybody,
    I need help for my work now, I appreciate if someone can fix my problem.I have a Cisco router 3925 and access Internet via PPPoE link.  I want config VPN Remote Access and using software Cisco VPN client. But it doesn't  work.. Here my config router :
    HUNRE#show running-config
    Building configuration...
    Current configuration : 5515 bytes
    ! No configuration change since last restart
    version 15.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname HUNRE
    boot-start-marker
    boot-end-marker
    enable secret 5 $1$vEFw$rLfvLglzUgddCVwXDx03K.
    enable password cisco
    aaa new-model
    aaa session-id common
    crypto pki trustpoint TP-self-signed-1050416327
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-1050416327
     revocation-check none
     rsakeypair TP-self-signed-1050416327
    crypto pki certificate chain TP-self-signed-1050416327
     certificate self-signed 01
      3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 31303530 34313633 3237301E 170D3134 30393235 31313534
      31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30353034
      31363332 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
      8100CC79 74FCFABE 81183B70 5A9F4A53 EB609754 7D5F8587 9150B76E 3207A86E
      5B65F9E9 6CDAC21A 6D69221D 1FF61632 14763308 43B2A1CC 8EE5ABAC EF07530E
      3F0D35FE F08C955B 60B52B92 F8F54D53 DD6DD623 01F83493 02F9C49A F0C3483D
      3B48A008 8D96700E 88924BFE DE00201B DE5965DE 32898CAD 9012AB55 76B6F39B
      2D470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
      551D2304 18301680 14C3418C BC35F3D9 B26B2475 2BB5F826 060525AB B3301D06
      03551D0E 04160414 C3418CBC 35F3D9B2 6B24752B B5F82606 0525ABB3 300D0609
      2A864886 F70D0101 05050003 81810070 AC7C26C6 4606A551 1A3FD6C5 2A5AEAE8
      35DAC86E F8885E26 51F6EEAE 7565D3AA D532C8F3 55F6656F D103F38C 8FBDE7F1
      83E77143 76469040 7FEA41E8 14963DB3 F7F28EA0 C5F2F42C B186B75C AAB04900
      15F9CB38 A16964F5 4E7B4378 35041AA8 AE8EC181 D58D6A62 676E286A 7B9D80E6
      35A0B9FB FB76E976 3D2A19D7 006078
            quit
    ip name-server 210.245.1.253
    ip name-server 210.245.1.254
    ip cef    
    no ipv6 cef
    multilink bundle-name authenticated
    vpdn enable
    vpdn-group 1
    vpdn-group 2
    license udi pid C3900-SPE100/K9 sn FOC1823839B
    license boot module c3900 technology-package securityk9
    username cisco privilege 15 secret 5 $1$aAjB$D3iLyPFTE7O1bHPnKSJcH0
    username kdhong privilege 15 secret 5 $1$nfyX$FO1BPTabCUaE6uKQwpLT.1
    redundancy
    track 1 ip sla 1 reachability
    track 2 ip sla 2 reachability
    crypto isakmp policy 1
     encr 3des
     authentication pre-share
     group 2
    crypto isakmp client configuration group VPN-HUNRE
     key hunre
     dns 8.8.8.8
     domain hunre
     pool IP-VPN
     acl 199
     max-users 100
    crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
     mode tunnel
    crypto dynamic-map DYNMAP 1
     set transform-set encrypt-method-1
    crypto map VPN client configuration address respond
    crypto map VPN 65535 ipsec-isakmp dynamic DYNMAP
    interface Embedded-Service-Engine0/0
     no ip address
     shutdown
    interface GigabitEthernet0/0
     ip address 192.168.1.1 255.255.255.0
     ip mtu 1492
     ip nat inside
     ip virtual-reassembly in
     ip tcp adjust-mss 1412
     duplex auto
     speed auto
    interface GigabitEthernet0/1
     description FPT
     no ip address
     ip tcp adjust-mss 1412
     duplex auto
     speed auto
     pppoe enable group global
     pppoe-client dial-pool-number 1
    interface GigabitEthernet0/2
     description Connect to CMC
     no ip address
     ip mtu 1442
     ip nat outside
     ip virtual-reassembly in
     ip tcp adjust-mss 1412
     duplex auto
     speed auto
     pppoe enable group global
     pppoe-client dial-pool-number 2
     no cdp enable
    interface Dialer1
     ip address negotiated
     ip mtu 1452
     ip nat outside
     ip virtual-reassembly in
     encapsulation ppp
     dialer pool 1
     dialer-group 1
     ppp authentication chap pap callin
     ppp chap hostname [USERNAME]
     ppp chap password 0 [PASSWORD]
     ppp pap sent-username [USERNAME] password 0 [PASSWORD]
     ppp ipcp dns request
     crypto map VPN
    interface Dialer2
     description Logical ADSL Interface 2
     ip address negotiated
     ip mtu 1442
     ip nat outside
     ip virtual-reassembly in
     encapsulation ppp
     ip tcp adjust-mss 1344
     dialer pool 2
     dialer-group 2
     ppp authentication chap pap callin
     ppp chap hostname [USERNAME]
     ppp chap password 0 [PASSWORD]
     ppp pap sent-username [USERNAME] password 0 [PASSWORD]
     ppp ipcp address accept
     no cdp enable
    ip local pool IP-VPN 10.252.252.2 10.252.252.245
    ip forward-protocol nd
    ip http server
    ip http authentication local
    ip http secure-server
    ip nat inside source list 10 interface Dialer1 overload
    ip nat inside source list 11 interface Dialer2 overload
    ip nat inside source static 10.159.217.10 interface Dialer1
    ip nat inside source list 199 interface Dialer1 overload
    ip nat inside source static tcp 10.159.217.10 80 210.245.54.49 80 extendable
    ip nat inside source static tcp 10.159.217.10 3389 210.245.54.49 3389 extendable
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip route 10.159.217.0 255.255.255.0 192.168.1.8
    ip sla auto discovery
    ip sla responder
    dialer-list 1 protocol ip permit
    dialer-list 2 protocol ip permit
    access-list 10 permit any
    access-list 11 permit any
    access-list 101 permit icmp any any
    access-list 199 permit ip any any
    control-plane
    line con 0
    line aux 0
    line 2
     no activation-character
     no exec
     transport preferred none
     transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
     stopbits 1
    line vty 0 4
     password cisco
     transport input all
    line vty 5 15
     password cisco
     transport input all
    scheduler allocate 20000 1000
    ntp master
    end
    However, I cannot ping interfac Dialer 1. I using Cisco vpn client software ver 5.0.07.0290.
    Hopeful for your answers !
    Thanks

    Hi David Castro,
    Thanks for your answer,
    I configed following your guide, but it have not worked yet. I saw that I cannot ping IP gateway Internet . I using ADSL Internet and config PPPoE  and my router receive IP from ISP. Here show ip int brief :
    GigabitEthernet0/0         192.168.1.1     YES NVRAM  up                    up      
    GigabitEthernet0/1         unassigned      YES NVRAM  up                    up      
    GigabitEthernet0/2         unassigned      YES NVRAM  up                    up      
    Dialer1                    210.245.54.49   YES IPCP   up                    up      
    Dialer2                    101.99.7.73     YES IPCP   up                    up      
    NVI0                       192.168.1.1     YES unset  up                    up      
    Virtual-Access1            unassigned      YES unset  up                    up      
    Virtual-Access2            unassigned      YES unset  up                    up      
    Virtual-Access3            unassigned      YES unset  up                    up 
    But I cannot ping Interface Dialer 1, so may be VPN is does not worked. Do you have some ideal ?
    Thanks very much !

  • Need help with setting up VPN on a Cisco EPC3925 Modem

    Hi everyone,
    I need help setting VPN on Cisco EPC3925 modem (I tried using Help and I have read the entire section in the manual but the manual is not the same as the window I get in my settings. For example in the manual they say I can choose "all" under Remote Secure Gateway but there is no option like that).
    When I go to the VPN section this is what I get:
    1. Does this mean that I can connect to my modem via VPN from some other location? I would like to be able to connect to this modem when I am not at home from some remote location from my computer in order to be able to use NAS-Storage.
    2. If the answer on the first question is yes, what settings I need to enter for the:
    Local Secure Group
    Remote Secure Group
    Remote Secure Gateway
    My ISP is using dynamic IP but I have DDNS.
    My router local IP is 192.168.0.1
    Subnet: 255.255.255.0
    Starting IP Address: 192.168.0.10
    Here is how the advanced settings looks like:
    Thanks in advance for your help!

    My problem similar too this. I create a tunnel between two epc3925 but impossible to send data between them.
    The status is connected.  What can I do? UPC tell me this router has only vpn client so i will doesn't work.

  • Help with OSPF RA VPN

    Hello everyone!
    I'm trying to use Cisco ASA 5510 with IOS 9.1(2) and I faced with one big problem: when any client connect to Remote Access VPN and receive IP address my ASA thinks that IP packets from this client should go via it's default gateway, For example, if OSPF neighbour and default gateway is 10.1.2.2/30 and IP of my cisco is 10.1.2.1/30 and client's IP is 172.16.15.223 I see this route in my routing table:
    S 172.16.15.223 255.255.255.255 [1/0] via 10.1.2.2
    I switched on reverse route injection, I include VPN network to OSPF advirtismets. But when I set up route summarization - I get route:
    O EX 172.168.15.0 255.255.255.0 [110/30] via 10.2.2.1 xx:xx:xx vlan X
    on my router, but ASA made the same route as I wrote above.
    Does anybody can Help what the problem is?
    My configuration is:
    access-list redistribute standard permit 172.16.15.0 255.255.255.0
    access-list filter-default-static-route remark filter static default route from OSPF Redistribution
    access-list filter-default-static-route standard deny host 0.0.0.0
    access-list filter-default-static-route standard permit 172.16.15.0 255.255.255.0
    route-map vpn-routes permit 10
    match ip address filter-default-static-route
    route-map vpn-routes permit 20
    match interface outside
    set metric-type type-2
    route-map redistribute-map permit 1
    match ip address redistribute
    router ospf 1
    network 172.16.15.0 255.255.255.0 area 5
    network 82.179.131.116 255.255.255.252 area 5
    area 5 range 172.16.15.0 255.255.255.0
    log-adj-changes
    redistribute connected
    redistribute static subnets route-map vpn-routes
    summary-address172.16.15.0 255.255.255.0
    crypto dynamic-map TEST_DYN_MAP 7 set ikev1 transform-set ESP-3DES-SHA
    crypto dynamic-map TEST_DYN_MAP 7 set ikev2 ipsec-proposal 3DES
    crypto dynamic-map TEST_DYN_MAP 7 set nat-t-disable
    crypto dynamic-map TEST_DYN_MAP 7 set reverse-route
    crypto map outside_map 65535 ipsec-isakmp dynamic TEST_DYN_MAP
    crypto map outside_map interface outside

    hello,
    I expect to see THIS on my router:
         O EX 172.168.15.0 255.255.255.0 [110/30] via 10.2.2.1 xx:xx:xx vlan X
    or something like this, and THIS on my ASA:
         S 172.16.15.223 255.255.255.255 [1/0] via 10.1.2.1
    I just realised that I wrote wrong config in ospf configuration. it should be like
        router ospf 1
         network 172.16.15.0 255.255.255.0 area 5
         network 10.1.2.0 255.255.255.252 area 5
         area 5 range 172.16.15.0 255.255.255.0
         log-adj-changes
         redistribute connected
         redistribute static subnets route-map vpn-routes
         summary-address172.16.15.0 255.255.255.0
    and 10.1.2.1/30 - my cisco ASA, 10.1.2.2/30 - my cisco router
    172.16.15.0/24 - network to assign addresses to users.
    I don't understand why ASA tries to forward packets from/to connected clients via its default gateway but not via itself.

  • Help with Cisco ASA 5500 and NAS drives

    Hello:
    I have 2 My Book World Edition II NAS drives. They both are configured to use a static IP address and both are on the same workgroup.
    One of them is supposed to be replaced with a newer one that I just installed yesterday.
    What I am trying to do is to transfer all the information from NAS1 to NAS2.
    Both are connected to a Cisco VPN router.
    I created a batch file that was basically several xcopy commands to copy all the information from NAS1 to NAS2.
    As this process was going to take like 8 hours I ran the batch file yesterday at 4:00PM when everyone was logged off the NAS drives.
    To my surprise this morning I found out that only a portion of the files were copied from the NAS1 to the NAS2.
    After reading the system logs of the NAS1 drive I found a lot of errors.For example:
    getpeername failed. Error was Transport endpoint is not connected
    Error writing 4 bytes to client. -1. (Connection reset by peer)
    write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
    Error writing 4 bytes to client. -1. (Connection reset by peer)
    write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
    Error writing 4 bytes to client. -1. (Connection reset by peer)
    write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
    Error writing 4 bytes to client. -1. (Connection reset by peer)
    write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
    writing 4 bytes to client. -1. (Connection reset by peer)
    write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
    getpeername failed. Error was Transport endpoint is not connected
    Someone suggested that the problem has to do with the network configuration.
    The suggestion was to change from "auto-negotiate" to  Full Duplex 100 on the Cisco VPN router configuration.
    What do you think? Could this be the problem?
    Thanks and help is greatly appreciated.

    Hello:
    I have 2 My Book World Edition II NAS drives. They both are configured to use a static IP address and both are on the same workgroup.
    One of them is supposed to be replaced with a newer one that I just installed yesterday.
    What I am trying to do is to transfer all the information from NAS1 to NAS2.
    Both are connected to a Cisco VPN router.
    I created a batch file that was basically several xcopy commands to copy all the information from NAS1 to NAS2.
    As this process was going to take like 8 hours I ran the batch file yesterday at 4:00PM when everyone was logged off the NAS drives.
    To my surprise this morning I found out that only a portion of the files were copied from the NAS1 to the NAS2.
    After reading the system logs of the NAS1 drive I found a lot of errors.For example:
    getpeername failed. Error was Transport endpoint is not connected
    Error writing 4 bytes to client. -1. (Connection reset by peer)
    write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
    Error writing 4 bytes to client. -1. (Connection reset by peer)
    write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
    Error writing 4 bytes to client. -1. (Connection reset by peer)
    write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
    Error writing 4 bytes to client. -1. (Connection reset by peer)
    write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
    writing 4 bytes to client. -1. (Connection reset by peer)
    write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
    getpeername failed. Error was Transport endpoint is not connected
    Someone suggested that the problem has to do with the network configuration.
    The suggestion was to change from "auto-negotiate" to  Full Duplex 100 on the Cisco VPN router configuration.
    What do you think? Could this be the problem?
    Thanks and help is greatly appreciated.

  • Confused how to set-up a PC & laptop with Cisco WRVS4400N VPN for home use

    Just bought a new PC and laptop and was recommended by (CDW) to use a Cisco WRVS4400N to set up the VPN.
    For home use, only the PC and laptop, both running Windows 7.  I use Comcast as my ISP.
    The mountains of docs confuses me to no end, can anyone simplify this for me.  I look at all the details and do not know where to start.
    In short,
    (1) configure router to recognize my PC and Comcast, and I guess the laptop.
    (2) configure laptop to go wireless and communicate with PC.
    Any assistance would be much appreciated.
    Thanks,
    Terry

    For a very small office and a minimum of admin and tech know how, one approach i'd suggest is to not worry about user id collisions at all. any time anyone wants to use a mac you just set them up as a user, using consistent names/passwords.
    Have a "Work" volume on each mac that has "ignore ownership on this volume" ticked. that way UID collisions aren't important.
    You can make a Desktop folder on the Work volume and make a SYMBOLIC LINK from every user's home that replaces their desktop with the desktop folder on the Work volume.
    Make it known that the user's home is for personal stuff ONLY, and the Work volume (inc the desktop) is where work in progress lives.
    At a later date with some confidence in your network and your admin skills you could impose consistent UIDs using an OD master

Maybe you are looking for

  • Help with dashboard on a mac mini

    I have 7 mac minis running os 10.4.10 and a few I have upgraded to 10.4.11. The problem is I have created a user and have turned parental controls on and locked down the computer. Now when you launch dashboard none of the widgets show up. You place t

  • Upgrade process for SQL server 2005 service pack4 on stand alone and cluster servers

    Hi All, We have iniated a process of upgarding sp4 for all sql 2005 stand alone and clusters servers. Please provide me the step by step process for installing sp4 and roll back paln for sql 2005 servers.And before proceeding with sp installation wha

  • How to configure payment term

    Hi Gurus, Need to configure new payment term as described below if a supplier ships on 10 May, that payment will only be due on 10 July. But also if they ship on 29 May, the payment will also still be 10 July. This is my first time so plz guide how t

  • Problem with the data

    Hi,   I have uploaded transaction and master data and activated the masterdata but in Infocube it is showing the data upto 06.2006 but in the queries it is showing upto 04.2006 only. timechar in query is last 12 months including current month. ( This

  • Re: Camileo S10 - very slow when SD card is in.

    My Camileo S10 was working fine for months with my 8GB ScanDisk Ultra II memory card. Now, when I start the camera it is very slow to start and to operate (a few seconds delay for each operations). When I remove the SD card and trun on the camera, it