I cannot route to remote subnets from cisco vpn client and pptp client

Similar Messages

• Cannot find deployed Remote Bean from external client

  I have a very simple Stateless Session bean running in the SAS PE 9, which from what I can see has been successfully deployed. The application is listed as enabled in the Admin Console. Likewise, when I look at the JNDI tree, I can see the following entries at the top:
  com.intecbilling.svConnectorHarness.TestRunnerRemote
  This is the name of the Remote Interface, that I have defined for the ejb TestRunnerBean. It does very little:
  package com.intecbilling.svConnectorHarness;
  import javax.ejb.Stateless;
  @Stateless
  public class TestRunnerBean implements TestRunnerRemote, TestRunnerLocal {
      public void runTest() {
          System.out.println("Running test!");
  }and the Remote Interface is
  package com.intecbilling.svConnectorHarness;
  import java.rmi.RemoteException;
  import javax.ejb.Remote;
  @Remote
  public interface TestRunnerRemote {
      void runTest() throws RemoteException;
  }Now, I'm trying to call this runTest() method from an external client. The client code looks like
      public void connectUsingJNDI(String paramName) throws NamingException {
          Properties env = new Properties();
          env.put("java.naming.factory.initial", initialFactory);
          env.put("java.naming.provider.url", providerUrl);
          String myJndi = jndiName;
          if (paramName != null) {
              myJndi = paramName;
          Context ctx = new InitialContext(env);
          System.out.println("looking for " + myJndi);
          Object returnedObject = ctx.lookup(myJndi);
          System.out.println("returnedObject=" + returnedObject);
      }I am using:
  - com.sun.jndi.cosnaming.CNCtxFactory as the initial factory
  - iiop://<machineName>:3700 as the url. I'm using 3700 because that is the port against which my appServer's orb-listener-1 is using
  I've tried to look for the JNDI name of
  com.intecbilling.svConnectoryHarness.TestRunnerRemote
  because that is what is displayed in the JNDI View. When I do this, I get the following error:
  /svjca-src> runMe.sh com.intecbilling.svConnectorHarness.TestRunnerRemote
  looking for com.intecbilling.svConnectorHarness.TestRunnerRemote
  javax.naming.NameNotFoundException [Root exception is org.omg.CosNaming.NamingContextPackage.NotFound: IDL:omg.org/CosNaming/NamingContext/NotFound:1.0]
       at com.sun.jndi.cosnaming.ExceptionMapper.mapException(ExceptionMapper.java:44)
       at com.sun.jndi.cosnaming.CNCtx.callResolve(CNCtx.java:484)
       at com.sun.jndi.cosnaming.CNCtx.lookup(CNCtx.java:523)
       at com.sun.jndi.cosnaming.CNCtx.lookup(CNCtx.java:501)
       at javax.naming.InitialContext.lookup(InitialContext.java:392)
       at com.intecbilling.svConnectorHarness.TestRunnerClient.connectUsingJNDI(TestRunnerClient.java:42)
       at com.intecbilling.svConnectorHarness.TestRunnerClient.main(TestRunnerClient.java:57)
  Caused by: org.omg.CosNaming.NamingContextPackage.NotFound: IDL:omg.org/CosNaming/NamingContext/NotFound:1.0
       at org.omg.CosNaming.NamingContextPackage.NotFoundHelper.read(NotFoundHelper.java:72)
       at org.omg.CosNaming._NamingContextExtStub.resolve(_NamingContextExtStub.java:406)
       at com.sun.jndi.cosnaming.CNCtx.callResolve(CNCtx.java:470)
       ... 5 more
  Now, no matter what I do, I get this. Running with the AS jars in the classpath or not. Running with the following system variables
  -Dorg.omg.CORBA.ORBClass=com.sun.corba.ee.impl.orb.ORBImpl -Dorg.omg.CORBA.ORBSingletonClass=com.sun.corba.ee.impl.orb.ORBSingleton -Djavax.rmi.CORBA.UtilClass=com.sun.corba.ee.impl.javax.rmi.CORBA.Util
  Also provide me no joy. I've also tried using the JNDI format with the corbaname embedded in it (looks like corbaname:iiop:machinename:3700#com.intecbilling.svConnectorHarness.TestRunnerRemote) and I get the exact same exception.
  From what I'm seeing, I'm finding the remote NamingContext, but it doesn't like the JNDI name. I've tried fully-qualified names (as it is displayed in the JNDI tree) and unqualified names with the exact same results. From all of the posts I've read, I've tried all the various combinations that I can see to no avail. Is there a security issue going on here? I haven't enabled any security at all. I'm running out of ideas, and if I can't get any joy, I'll probably have to use a different app server to play with.
  Thanks for any help,
  Ed

  Hi Ed,
  We have an EJB FAQ entry that describes how to access Remote EJBs from a stand-alone (non Java EE) client. In a nutshell, put appserv-rt.jar in your classpath and instantiate the 0-arg InitialContext constructor. You can find more details here :
  https://glassfish.dev.java.net/javaee5/ejb/EJB_FAQ.html

• Cisco VPN Software and Remote Desktop Problem

  Hello-
  Please have patience as I just got my first mac and I'm really just learning how everything works.
  Anyway, I'm trying to connect to my office network from my iMac (OS X 10.5.3) using the Cisco VPN client ver. 4.9.01 (0030) and the Remote Desktop Connection v2.0.0 Beta 3. I'm able to connect via the VPN but I cannot connect to the remote machine using either the machine's hostname or IP address.
  In order to troubleshoot the issue, I tried to ping the remote machine after connecting via VPN and it fails. The name is resolving but ping fails with a "No route to host" and then "Host is down error." However, I know the host is up since when I connect via VPN from my PC I can ping the remote machine without a problem.
  Anyone have any ideas? Does the Cisco VPN client for Mac not work well? Is there some simple configuration setting I'm missing somewhere? BTW, I'm connecting to the Internet via WiFi and am using a Linksys WRT54G router.
  thx,
  ian

  Hello Ian:
  Welcome to Apple discussions (and to the wonderful world of Macs). I think you will find these forums represent the best on-line community anywhere - and everyone is a volunteer!
  I am no help with your problem as I have not used a Cisco VPN. However, in my previous business life I did connect my home Mac to my business VPN. I found that our IT people were most helpful in smoothing connection issues.
  This forum addresses connection issues if you want to post there:
  http://discussions.apple.com/forum.jspa?forumID=1222
  Barry

• Best solution for managing 50 remote sites via cisco vpn

  At the moment my support organisation use the cisco vpn client on their windows pc's to provide remote support to our customers. I want to know if there is a solution from cisco that would support nialing up the 30 connections all the time without having to use clients on individual pc's. I know there will be issues because some of the sites will have conflicting lan ip address ranges. We would like to offer improved support to our customers for example using nagios to monitor their servers but this is not possible if vpn connection if not nialled up.
  Please help with the best solution.

  L2L vpns solution is suitable for your scenario, depending on your traffic load for each site u would have to do assesment on that, any asa5510 or higher in an active/standby architecture with stateful failover sure can do the job. As for conflicting LAN ips there is ways to work around that by using NAT or Policy NAT.
  ASA product line
  http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
  Perhaps for monitoring/managing Ipsec tunels CSM Cisco Security manager
  http://www.cisco.com/en/US/products/ps6498/index.html

• Loading remote EJB from servlet using jakarta and openejb

  I am trying to create an environment where I use
  openejb as my EJB container, and JAKARTA Tomcat
  as my
  Servlet/JSP container. However,
  i'm having a problem in lookingup my remote EJB from my
  jakarta application.
  That exact code works perfectly if I run it standalone. I
  am using the same JRE. Jakarta has also loaded the
  openejb-0.8.3.jar and openejb_client-0.8.3.jar
  What I dont understand is why jakarta
  would behave differently than command-line java when I
  am
  running in the same JRE on a single machine.
  Any help would be much appreciated.

  Several fairly major improvements have been maid in OpenEJB specifically for the Tomcat people. For one, the whole way you integrate them has completely been rewritten. Now all you have to do is copy a openejb_loader-0.9.1.war into the Tomcat webapps directory and change an init-param in it. Pretty straight forward. OpenEJB 0.8.3 won't work with Tomcat in the same VM, however OpenEJB 0.9.0 and up have been totally revamped in all things related to classloading so that it can co-exist with Tomcats unique classloading architecture.
  O'Reilly just published an article detailing the ins and outs of the integration, it's a pretty good read:
  http://www.onjava.com/pub/a/onjava/2003/02/12/ejb_tomcat.html

• No longer using Linksys router. Should I uninstall Cisco LEAP, PEAP, and EAP?

  Should I uninstall the Cisco LEAP, PEAP, and EAP programs if I am no longer using a Linksys router?  I am replacing with an Asus router.
  thanks,
  KG

  Hi! It's best to uninstall them all if you are not going to use them for the sake of freeing some memory on your computer. Should you change your mind and get a new Linksys router one of these days, I am sure it will come with its own installation software anyway.

• ASA500: migrate from Cisco VPN Client to native Windows VPN connection

  We have a need at this time for only one of our computers to allow 2 Windows users to connect to our network thru VPN (it's a work share situation, they will not both be logged on the same day). We happily use the old Cisco VPN client for everyone else. But the old client will not install twice on the same machine, nor is there the option to "install for any user".
  Thinking to KISS and not invest at this point, trying to get Windows native VPN to work ?
  What combination of settings will work in its properties->security tab to do the same IKE IPsec over UDP(NAT) and with group auth along with the individual's login?
  ... (so no reconfiguration is needed in the ASA?)
  Or are one of the other "type of VPN" will need minimal change on the ASA ?

  Thank you.
  I found this: http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/l2tp_ips.html#wp1041306
  Will this have any effect on the rest of the users?
  Step 1 Specify IPSec to use transport mode rather than tunnel mode with the mode keyword of the crypto ipsec transform-set command:
  hostname(config)# crypto ipsec transform-set trans_name mode transport

• Cisco ASA 5505 and DHCP Client Problems

  Hi, i have a problem. I've connected my ASA appliance to an ADSL modem, and i dont get an DHCP address on the outside interface (e0/0). I use the asa-722-19.bin firmware.
  I turned on the debugging for the DHCP client and could see that the ASA device was sending out broadcasts but a reply never came. Instead I connected the device to my internal network where the ASA got an address instantly.
  I read somewhere that if I was to use ?ip address dhcp client-id fastethernet 0″, then I got an address from the ISP.
  I tried looking for a similar command on the ASA5505 but I couldn?t find anything. I did however find a page on the Cisco site confirming my suspicions. It said some ISP?s require the client-id field of the DHCPDISCOVER request to be filled.
  I've also read that this issue has beed fixed since a few weeks, now they have released version 7.2(2).22 where you can define ?dhcp-client client-id interface outside? in global configuration mode. Im running 7.2(2).19 and i cannot find any command like that in my appaiance. How do i fix my problem ? Or how do i get about recieving the 7.2(2).22 firmware update.
  Regards !
  Leif

  Hi again! I thought I should share the solution that worked for me. I use software version 7.2(2) on this device. ASDM 5.2(2). In ASDM open configuration / Interfaces. Click in outside (my case 0/0) and press Edit. Then open the tab Advanced and set the correct Active Mac address. Fore some reason its empty by default and the ISP/modem don't like that. You will find the correct MAC address under the help menu / "About ASA". Im sure there is some another way to do this but this is a simple "how-to" that works with Swedens biggest ISP and their standard DSL modem.
  When I used a Linksys DSL modem in bridge mode without the MAC address set I got an inside IP adress (192.168.x.x) from the modem to the ASA. After setting the MAC address I just had to do a renew and got the outside address right away. /Bjorn
  (future users searchwords: no ip from isp, ASA 5505 and cable modem).

• HT1430 i cannot see my e mails from my hotmail account and send e mails.

  I cannot see my emails from my hotmail account also cannot send e mails

  Make sure you have correctly set up your Hotmail on your iPhone. Follow these Microsoft-privided directions:
  http://windows.microsoft.com/en-us/hotmail/mobile?t1=t3

• 2 ISPs with addresses /32 and PPtP Server onboard of Cisco 3825

  First of all, excuse me for my bad English, it's not my native language.
  A couple of years ago our company changed our central router Cisco 1841 with more powerfull 3825 ISR.
  Here is show ver
  Cisco IOS Software, 3800 Software (C3825-ADVENTERPRISEK9-M), Version 12.4(24)T7
  This Cisco 3825 contains 2 DIMMs - 256Mb and 512 Mb of RAM onboard.
  Now it works with 2 ISPs (take a glance on pdf picture http://www.intelcom-ug.ru/scheme.pdf or in the attached file). We're using the failover scheme, the ISP1 with statically assigned IP address 85.20.20.20/32 (Dialer 1)  is used as Backup link. The ISP2 L2TP link is main.
  Now our authorities organize the remote office with Cisco 1841. And we face with the problem, we cannot connect via PPtP from anywhere to the  85.20.20.20/32 (Dialer 1). And we need some help or advise. The config of Cisco 3825 is like this:
  version 12.4
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime localtime
  service password-encryption
  hostname CENTRAL-OFFICE
  boot-start-marker
  warm-reboot
  boot-end-marker
  security authentication failure rate 3 log
  logging message-counter syslog
  logging buffered 64000
  enable secret 5 HEREISTHESECRETPASSWORD
  aaa new-model
  aaa local authentication attempts max-fail 3
  aaa authentication login default local
  aaa authentication ppp default local
  aaa authentication ppp vpn-users local
  aaa authorization exec default local 
  aaa authorization exec vpn-users local 
  aaa authorization network vpn-users local 
  aaa session-id common
  clock timezone MSK 4
  ip source-route
  no ip gratuitous-arps
  ip cef
  no ip domain lookup
  ip domain name somewhere.net
  ip name-server 8.8.8.8
  no ipv6 cef
  multilink bundle-name authenticated
  vpdn enable
  vpdn-group 239
   accept-dialin
    protocol pptp
    virtual-template 100
  vpdn-group global
  ! Default L2TP VPDN group
  ! Default PPTP VPDN group
   accept-dialin
    protocol any
  password encryption aes
  voice-card 0
  username administrator privilege 15 password 7 737364645252414571
  username vpnuser password 7 85956353413120384645373930
  archive
   log config
    hidekeys
  ip tcp selective-ack
  ip tcp timestamp
  ip tcp synwait-time 5
  ip tcp path-mtu-discovery
  ip ssh version 2
  l2tp-class beeline
  pseudowire-class pw-beeline
   encapsulation l2tpv2
   protocol l2tpv2 beeline
  buffers tune automatic
  interface Loopback0
   ip address 10.111.111.111 255.255.255.255
  interface GigabitEthernet0/0
  descrition --Our Local Network--
   ip address 192.168.7.2 255.255.255.0
   ip nat inside
   ip virtual-reassembly
   duplex auto
   speed auto
   media-type rj45
  interface GigabitEthernet0/1
   description --Trunk Connection--
   no ip address
   duplex auto
   speed auto
   media-type rj45
  interface GigabitEthernet0/1.10
  description --Connection to ISP1 through vlan on our managed switch--
   encapsulation dot1Q 10
   pppoe enable group global
   pppoe-client dial-pool-number 2
  interface GigabitEthernet0/1.20
  description --Connection to ISP2 through vlan on our managed switch--
   encapsulation dot1Q 20
   ip address dhcp
   ip virtual-reassembly
  interface Virtual-PPP5
  description --Interface for ISP2--
   ip address negotiated
   no ip proxy-arp
   ip nat outside
   ip virtual-reassembly
   ip tcp adjust-mss 1380
   no peer neighbor-route
   no cdp enable
   ppp authentication chap callin
   ppp chap hostname 8282828282828
   ppp chap password 7 theSecretForISP2
   pseudowire 10.255.255.242 10 pw-class pw-beeline
  interface Virtual-Template100
  description --TEMPLATE for incoming PPtP connections of our users--
   ip unnumbered Dialer1
   autodetect encapsulation ppp
   peer default ip address pool for-vpn
   no keepalive
   ppp authentication ms-chap ms-chap-v2 vpn-users
   ppp authorization vpn-users
  interface Dialer1
  description --Interface for ISP1. PPPoE--
   bandwidth 10240
   ip address negotiated
   ip accounting output-packets
   ip nbar protocol-discovery
   ip nat outside
   ip virtual-reassembly
   encapsulation ppp
   ip tcp adjust-mss 1400
   load-interval 30
   dialer pool 2
   dialer-group 2
   no fair-queue
   ppp authentication chap callin
   ppp pap sent-username reteretere password 7 PasswordForISP1
  ip local policy route-map External_VPN
  ip local pool for-vpn 172.16.135.1 172.16.135.10
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 Dialer1 100 track 1
  ip route 0.0.0.0 0.0.0.0 Virtual-PPP5 track 2
  ip route 192.168.239.0 255.255.255.0 172.16.135.1 name C1841-Rossiyskaya70
  ip route 194.87.0.8 255.255.255.255 Dialer1
  ip route 194.87.0.9 255.255.255.255 Virtual-PPP5
  ip route 10.255.255.242 255.255.255.255 dhcp
  ip route 10.255.255.247 255.255.255.255 dhcp
  no ip http server
  no ip http secure-server
  ip nat inside source route-map Beeline interface Virtual-PPP5 overload
  ip nat inside source route-map UTK interface Dialer1 overload
  ! This access-list is for local Network proxy
  ip access-list standard fwd-squid
   permit 192.168.7.100
   permit 192.168.7.0 0.0.0.255
  ! This access-list is for ip local policy
  ip access-list extended External_VPN_access
   permit tcp host 85.20.20.20 eq 1723 any
   permit tcp host 85.20.20.20 eq 22 any
   permit tcp host 85.20.20.20 eq telnet any
   permit icmp host 85.20.20.20 any echo-reply
  track 1 ip sla 1 reachability
  ip sla 1
   icmp-echo 194.87.0.8 source-interface Dialer1
   timeout 7000
   threshold 100
   frequency 15
  ip sla schedule 1 life forever start-time now
  ip sla reaction-configuration 1 react timeout threshold-type immediate action-type triggerOnly
  track 2 ip sla 2 reachability
  ip sla 2
   icmp-echo 194.87.0.9 source-interface Virtual-PPP5
   timeout 7000
   threshold 400
   frequency 15
  ip sla schedule 2 life forever start-time now
  ip sla reaction-configuration 2 react timeout threshold-type immediate action-type triggerOnly
  access-list 1 remark --SNMP Watching--
  access-list 1 permit 192.168.7.0 0.0.0.255
  access-list 100 permit ip 192.168.7.0 0.0.0.255 any
  dialer-list 1 protocol ip permit
  dialer-list 2 protocol ip permit
  dialer-list 3 protocol ip permit
  route-map External_VPN permit 10
   match ip address External_VPN_access
   set default interface Dialer1
  route-map UTK permit 10
   match ip address 100
   match interface Dialer1
  route-map Beeline permit 10
   match ip address 100
   match interface Virtual-PPP5
  snmp-server community public RO 1
  control-plane
  line con 0
  line aux 0
  line vty 0 4
   exec-timeout 30 0
  line vty 5 15
  exception memory ignore overflow processor
  exception memory ignore overflow io
  scheduler allocate 20000 1000
  ntp update-calendar
  ntp peer 194.33.84.1
  event manager applet nat_clear_isp1 
   event track 1 state any
   action 1 wait 5
   action 2 cli command "enable"
   action 3 cli command "clear ip nat translation *"
  event manager applet nat_clear_isp2 
   event track 2 state any
   action 1 wait 5
   action 2 cli command "enable"
   action 3 cli command "clear ip nat translation *"
  end

  Okay, you are not going to be able to do this using the interconnect between the switch and the router. The issue is -
  1) if you make the interconnect a L2 trunk then you would have subinterfaces on the router interface connecting to the switch. But you cannot have multiple interfaces on the router configured from the same IP range so it won't work ie. you would need a subinterface using the same IP range as one of the other interfaces
  2) if you make the interconnect L3 as you have then you cannot route to the same subnet ie. think of it as two separate devices, a L3 switch and a router. You connect the L3 switch to the router using a L3 connection.
  On the switch you then configure a client with a public IP and on another interface on the router ie. not the interface used to connect to the switch, you use the same public IP range.
  You cannot then route from the client to that other interface because you don't route to the same IP subnet and the client and the other interface are separated by a different IP subnet.
  So neither will work. The L3 switch is usually used where you have multiple vlans/IP subnets and you create L3 vlan interfaces for these on the switch and then you route to other subnets that are reachable from the router, whether these are directly connected subnets or remote networks.
  But you aren't doing that.
  The only way i could see you doing what you need is to not configure the interconnect at all and instead run cables from the relevant router interfaces to the switch. Then you could configure vlans on the switch and have them route via the physical router interface.
  The switch is then only acting as a L2 switch and all L3 is done on the router.
  One thing i should say is i have never used the switch module this way so i can't guarantee it will work although i can't see why it wouldn't.
  Jon

• Cisco ASA 5505, Cisco VPN Client and Novell Netware

  Hi,
  Our ISP have installed Cisco ASA 5505 firewall. We are trying to connect to our Novell 5.1 server using VPN client.
  I installed VPN client on a laptop that is using wireless connection. I connect using wireless signal from near by hotel and I am able to connect to my firewall usinging vpn client and also able to login in using Novell client for XP.
  When I use same vpn client and Novell client at home that is not using wireless connection, but DSL connection amd not able to login or find the tree.
  The only difference in two machine is laptop using wireless connection and my home machine is using wired connection using DSL.

  If your remote end of the services in question support IPsec IKEv1 as the VPN type then, yes - the 5505 can be a client for that service. At that point it looks like a regular LAN-LAN VPN which is documented in many Cisco and 3rd party how-to documents.

• Please Help - CISCO VPN client disconnecting over wireless adapter

  Hi,
  I connect to my work network when at home using the CISCO VPN client. I have a wireless connection at home. My vpn conection had no problem until my laptop once dropped hitting the wireless card reader side on the floor. since then, my vpn disconnects after some time. And this also disconnects my wireless connection at home. When I am not connected to work through th eVPN, we have no problems with my wireless connection. But, when I need to work from home, my vpn keeps getting disconnected and throws me off my wireless conenction too everytime. Can someone please tell me how to check if anything is wrong with the laptop? 

  Ok lets see if we can clear somethings up.
  Using wireless and VPN before the "Drop" was ok?
  Using Wireless and no VPN after the "Drop" is fine?
  Using Wireless and VPN after the "Drop" causes the wireless adapter to disconnect?
  If this is correct probally the best thing to do is to remove the cisco VPN software and reinstall it.
  It can't be anything to do with the "Drop" as using normal wireless is working fine you say.
  and the Cisco VPN Adapter is Virtual.
  Let me know how you get on.

• Help to connect Microoft Remote Dextop (win7) with Iphone 5 using RD client

  Help to connect Microoft Remote Dextop (win7) with Iphone 5 using RD client Hello, I can connect my iphone 5 to my laptop(windows7 OS) with RD client while My iphone is also connected with my laptop's wifi hotspot. And i can remotely control my laptop with the iphone nicely while I am in the laptop's wifi range. Is it possible to control my laptop from iphone while my phone is not connected  to laptop's wifi hotspot???? I use 3G internet in my phone while I go out of home.

  I have no issue using cellular data when I remote in from my iphone with the RD client.
  Have you tried using cellular data to remote in?

• Airport Express not showing in iTunes with Cisco VPN Client Service Running

  As soon as I stop my VPN Client Service in Services... the AX instanly appears in iTunes... If I restart the service AX can't be found. Does anyone know a workaround so they can co-exist on an XP machine?

  Yes, that is called "split tunneling" and is a feature, if you will, of the Cisco VPN (hardware and your VPN client). Unless "split tunneling" is enabled AT THE SERVER, all of your traffic will flow through the VPN, including that meant for your local AX.
  If you had an ethernet printer, as I do, you'd also find you couldn't print while on the VPN.
  The intent is to protect your company's internal network from anything that might be on your computer (say, malware trying to phone home or do other nefarious stuff).
  Really, there is not much you can do, other than ask your IT folks to enable local LAN access for you.

• Using Cisco VPN client certificate for built in IPSec?

  Hi,
  Does anybody know if it is possible to "convert" a certificate exported from Cisco VPN client and import it into the Keychain for using it with built-in IPSec in Snow Leopard?
  Thanks,
  Oli

  I too am having trouble importing the Cisco certificate. It would be nice for some clear documentation. We've been successful converting the x.509 cer to KPCS#7 using openssl which will import into the keychain. However, the VPN (Cisco IPSec) sill doesn't see it.