Linksys WRT400N and Remote Access for VPN

Similar Messages

• Vpn site to site and remote access , access lists

  Hi all, we run remote access and site to site vpn on my asa, my question is Can I create an access list for the site to site tunnel, but still leave the remote access vpn to bypass the access list via the sysopt command, or if I turn this off will it affect both site to site and remote access vpn ?

  If you turn off sysopt conn permit-vpn it will apply to both your site to site and remote access vpn...all ipsec traffic. You would have to use a vpn-filter for the site to site tunnel if you wanted to leave the sysopt in there.

• Exchange Server 2013 and Remote Access VPN on a single server running Windows Server 2012?

  Just by way of background, I have been installing and administering network servers, e-mail systems, VPN servers, and the like for many years.  However, my involvement with Exchange and Windows Server has been mostly on the forensics and data recovery
  level, or as a (sophisticated) user.  I have never tried to deploy either from scratch before.  My deployment experiences have been mostly with Linux in recent years, and with small private or personal "servers" running such cutting edge
  software as Windows XP back when it was new.  And even NetWare once.
  When a client asked me if I could set up a server for his business, running Exchange Server (since they really want Outlook with all of its bells and whistles to work, particularly calendars) and providing VPN access for a shared file store, I figured it
  could not be too difficult given that its a small business, with only a few users, and nothing sophisticated in the way of requirements.  For reasons that don't bear explaining here, he was not willing to use a vendor hosting Exchange services or cloud
  storage.  There is no internal network behind the server; it is intended to be a stand-alone server, hanging off a static IP address on the Internet, providing the entirely mobile work-force of about 10 people with Exchange-hosted e-mail for their computers
  and phones, a secure file store, and not much else.  If Exchange didn't need it, I would not need to install Active Directory, for example.  We have no direct need for its services.
  So I did the research and it appears, more by implication than outright assertion, that I should be able to run Windows Server 2012 with Exchange Server 2013 on a server that also hosts Remote Access (VPN only) and does nothing else.  And it appears
  I ought to be able to do it without virtualizing any of it.  However, I have spent the last three or four days fighting one mysterious issue after another.  I had Remote Access VPN working and fairly stable very quickly (although it takes a very
  long time to become available after the server boots), and it has mostly remained reliable throughout although at times while installing Exchange it seems to have dropped out on me.  But I've always been able to get it back after scrounging through the
  logs to find out what is bothering it.  I have occasionally, for a few minutes at a time, had Exchange Server willing to do everything it should do (although not always everything at the same time).  At one point I even received a number of e-mails
  on my BlackBerry that had been sent to my test account on the Exchange Server, and was able to send an e-mail from my BlackBerry to an outside account.
  But then Exchange Server just stopped.  There are messages stuck in the queues, among other issues, but the Exchange Administration Center refuses now to display anything (after I enter my Administrator password, I just get a blank screen, whether on
  the server or remotely).
  So, I am trying to avoid bothering all of you any more than I have to, but let me just begin with the basic question posed in the title: Can I run Exchange Server (and therefore Active Directory and all of its components) and Remote Access (VPN only) on
  a single Windows Server 2012 server?  And if so, do I have to run virtual machines (which will require adding more memory to the server, since I did not plan for it when I purchased it)?  If it can be done, can anyone provide any pointers on what
  the pitfalls are that may be causing my problems?  I am happy to provide whatever additional information anyone might like to help figure it out.
  Thanks!

  An old thread but I ran into this issue and thought I share my solution since I ran into the same issue. Configuring VPN removes the HTTPS 443 binding on the Default Site in IIS for some strange reason; just go and editing the bindings, add HTTPS and things
  should be back to normal.

• Server 2003 routing and remote access not passing VPN traffic

  I've inherited a network that has two IP scopes that are routed through a Windows 2003 server with Routing and Remote Access.  I can ping both sides (we'll call them HQ and Plant) internally.  My firewall has an IP from the HQ IP scope and when
  I connect via VPN, I can see all the devices on the HQ network including the network card that is in the routing server for that "side".  However, if I'm connected via VPN, I cannot get to any of the IPs on the Plant side, not even the card
  in the routing server.  The buck stops on the server.
  I should mention, that the firewall assigns IP addresses that are on the HQ scope, so all VPN connections will have an address from that side.
  I'm lost on how to get this set up so my VPN traffic coming in from the HQ side can be routed to the Plant devices. 

  Hi,
  To be honest, your statement confused me a bit.
  VPN is used for external client get access to internal resource. When we setup VPN server, we usually have two NICs. We need choose a NIC that will be used when client initiate
  a connection request. I prefer to call it external NIC card. The internal one will work as DHCP relay agent. So this is a single way connection. You cannot dial from internal to external.
  If I misunderstood you, please elaborate what you are trying to do.
  Hope this helps.

• Routing and Remote Access VPN DHCP error

  I have a strange problem.
  I have a client that is using Server 2012 Standard.
  On this server they have Routing and Remote Access configured for VPN client access. Their users that are working outside the office connect to the VPN to access the internal network.
  The VPN works fine for the most part. Recently however, it has started having issues.
  Periodically (about once every 8 days) I will hear from them that they cannot connect and that they get error 720. I will check the server and the server will have the following errors in the event log:
  Warning: No IP address is available to hand out to the dial-in client.
  If you check DHCP the server is running fine and will hand out local addresses but it will not hand out addresses to VPN clients. Also the addresses that it HAS previously handed out to VPN clients will not show in the address leases.
  The solution strangly enough is to disconnect and reconnect a the VPN client connection that the server has connecting it to a offsite server that it does a SQL sync with.
  Any ideas as to what might be causing this? If need be I can post more detailed logs but I am not sure what logs even to post or what data to collect.
  Any help is greatly appreciated.

  I am experiencing the same issue on a Windows 2008R2 SP1 RAS server. The above statement About increasing the lease time on DHCP does not resolve the problem.
  I am also Searching for a Solutions to this issue.
  Up to now I have done the Following :
  1. Increased the scope/ cleared IP's in DHCP.
  2. Ensure that the DHCP server is accessable.
  3. Created a Manual Scope on RRAS configurations settings (then clients can connect but cannot access resources on the network). Changing Back to DHCP, you recieve the same 720 Error.
  4. Stop and started the DHCP services on the DHCP Server.
  5. Stop and Started RRAS Services on RRAS server.
  The Only Indication is, that DHCP for some reason does not lease out Addresses to the RRAS server..

• Site to Site and Remote Access VPN

  Hi All,
      Is it possible to configure Site to Site and Remote Access VPN on same interface of Cisco ASA 5505 ?
  Regards
  Abhishek
  This topic first appeared in the Spiceworks Community

  A document exists where PIX/ASA maintains LAN-ti-LAN IPsec tunnel at two end points and there is overlapping networks at ther inside interface of both the asa. Probably, the basic configuration for both asa and IOS routers are nat config. So, this particular document might be useful for your requirement
  PIX/ASA 7.x and later: Site to Site (L2L) IPsec VPN with Policy NAT (Overlapping Private Networks) Configuration Example
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

• Cannot login to Cisco Jabber 10.5.1 over Mobile and Remote Access

  Hi,
  We have deployed sucessfully VCS Expressway-C and VCS Expressway-E with only 1 zone which is "Unified Communication Traversal" and is for Mobile and Remote Access only. VCS-C and VCS-E are communicating and in statuses everything is active and working. Also VCS-C can communicate with CUCM and CUP (both version 10.5).
  Problem is when I deploy Cisco Jabber 10.5.1 on computer outside of LAN and without VPN it start communicating with VCS-E, ask me for accepting certificate (we have certificate only intenally generated on Windows CA) and after that it is trying to connect and after few seconds it will tell me that it can't communicate with server.
  Did any of you had same problem or can you advice how to troubleshoot? In Jabber logs there is only something like "Cannot authenticate" error message, but when I startup VPN I can authenticate without any problems.
  Thanks

  On Expressway-C are your HTTP Allow Lists setup properly?  By default, and auto discovered CUCM and IMP should be listed via IP and Hostname, but if not, you'll need to insert manually.
  Also, you can look at the config file your Expressway-E would be handing out to Jabber via this method.
  From the internet, browse to:
  https://vcse.yourdomain.com:8443/Y29sbGFiLmNvbQ/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin
  Where:
  vcse is your Expressway-E hostname (or CNAME/A record)
  yourdomain.com is your own domain
  The first directory is your Base64 encoded domain name, remove and trailing equal signs (=)
  The XML returned is basically the DNS SRV record information available as if internal for _cisco-uds and _cuplogin
  TFTP DNS SRV is optional if you configured TFTP in IMP for your Legacy Clients.

• Win 7 Pro 64 occasionally fails to connect using IKEV2 to Win2008R2 Routing and Remote Access server

  I'm a networking guy and having this troubling VPM issue that I can't find.
  I have a number of VPN connections from my Win7Pro 64 PC to various customers.  Their end points are all Windows Routing and Remote Access on Windows 2008R2 STD servers.
  Every once and a while I will hang at Verifying User ID and Password and eventually get  ERROR 809. Change the security type on my VPN connection from IKEV2 to PPTP - never an issue, connects in right away.
  I can also try from another PC (at the same or alternate location) to get into that same server using the same credentials and access - no issue using either IKEV2 or PPTP.
  This has happened at various times to various customers. Here is what I know it is not:
  - Not the local or remote routers or Firewalls since I can always get in from other PC's going through the same network. Even so, tried rebooting all several times
  - Not an ISP issue at either end since I can always get into other IKEV2 servers from the same PC and from other PC's to the server I can't from my PC.
  This leads to the only logical conclusion.  It is something to do with my Win7Pro 64 PC but for the life of my I can not find it.
  I have obviously tried rebooting the Win7Pro PC. I have also tried recreating the VPN connection several times. Nothing.
  Help!

  Hi,
  I know that you've mentioned that it is not a issue about firewall or router settings, but this error usually comes when some firewall between client and server is blocking the ports used by VPN tunnel.
  so to allow IKEv2 traffic, please make sure to configure the network firewall to open UDP ports 500 and 4500, and to allow IP protocol 50.
  If that is not possible, deploy SSTP based VPN tunnel on both VPN server and VPN client – that allows VPN connection across firewalls, web proxies and NAT
  You can refer to this blog
  http://blogs.technet.com/b/rrasblog/archive/2006/06/14/which-ports-to-unblock-for-vpn-traffic-to-pass-through.aspx
  Regards
  Yolanda
  TechNet Community Support

• Routing and Remote Access Logs (Windows Server 2008 R2)

  Hi,
  I have a Windows 2008 R2 server running Routing and Remote access and users are using PPTP VPN's to connect to our network.
  I have been asked to find logs for the following for connections in to our server
  Username used for connection
  Computer Name
  IP Address used by computer connecting
  Start/End time of VPN session
  Date
  Encryption used
  I found an article stating to enable RRAS logs you need to run the following command
  To enable RAS logs run command “netsh ras set tracing * enabled” and found a series of logs created in this location C:\Windows\tracing
  None appear to contain the information I am looking for and was wondering if I was doing this correctly and if not how I am meant to extract this information?
  If you require any more details just let me know.
  Kind Regards
  David

  Hi,
  I can’t sure which article you have read, but fur the 2008R2 the RAS to enable the log and the debug log in the KB is descried like this, I recommend you to try the KB
  mentioned method.
  To configure RRAS to enable logging
  1. Start Server Manager. Click Start, click Administrative Tools, and then click Server Manager.
  2. In the navigation tree, expand Roles, and then expand Network Policy and Access Services.
  3. Right-click Routing and Remote Access, and then click Properties.
  4. On the Logging tab, select Log errors only, Log errors and warnings, or Log all events, depending on how much information you want to capture.
  5. Click OK to save your changes.
  The related KB:
  RRAS: Logging should be enabled on the RRAS server
  http://technet.microsoft.com/zh-cn/library/ee922651(v=ws.10).aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Would you tell me If window server installed with "routing and remote access" can output firewall logs.

  I install "routing and remote access" into Window Server and make it work as a firewall.
  When connections are accepted or denied at firewall, would you tell me if the firewall can output the logs ?
  If that function can, would you tell me how to configure ?
  Thanks.

  Hi Kohenro31,
  I'm a little confused about configuring RRAS to work as firewall, cause we usually deploy RRAS as VPN connection, router etc, would you please post more information in detail?
  Routing and Remote Access Service：
  http://technet.microsoft.com/en-us/library/cc754634(v=ws.10).aspx
  In addition, to view firewall event logs please check this article:
  Viewing Firewall and IPsec Events in Event Viewer:
  http://technet.microsoft.com/en-us/library/ff428140(v=WS.10).aspx
  To enable RRAS logs, please check this article:
  Enabling logs for RRAS:
  http://blogs.technet.com/b/rrasblog/archive/2005/12/22/enabling-logs-for-rras.aspx
  If I have any misunderstanding, please let me know.
  Best Regards,
  Anna Wang

• Routing and Remote Access Server 2012 r2 Help

  Hi all, I just setup a new 2012 R2 server with DHCP, DNS and Routing and Remote Access. When a user logs in to the VPN the DHCP is assigning the wrong IP address. My DHCP Scope is 10.0.10.100 to 10.0.10.199 but it's setting it to 169.254.X.X.
  How do I fix this.

  169.254.x.x are APIPA addresses which are allocated when the guest cannot see the DHCP server/allocator. Basically there is something wrong with your RRAS setup.
    You should never run a remote access server on a DC. It will give you all sorts of name resolution problems. As soon as a client connects, the server acquires an additional IP for the VPN connection and the DC is multihomed. That has been a problem
  since NT days and still is.
  Bill

• Routing and Remote access can cause cluster network issues?

  After enabling routing and remote access on the servers, we found lots of cluster issues on our server like<o:p></o:p>
  Cluster Service stopped
  Communication was lost and reestablished between cluster nodes
  Unable to access witness resource
  Cluster resource failed
  can RRAS enabling causes cluster network issues?
  Rahul

  Hi TwoR,
  Please offer more information about your current cluster and RRAS configuration, such as are you installed the RRAS role on any cluster node? Are your cluster in Hyper-V environment?
  Or if you want to create the RRAS cluster you can refer the following KB:
  Deploy Remote Access in a Cluster
  http://technet.microsoft.com/en-us/library/jj134175.aspx
  How to configure Network Load Balancing (NLB) based cluster of VPN Servers
  http://blogs.technet.com/b/rrasblog/archive/2009/07/02/configuring-network-load-balancing-nlb-cluster-of-vpn-servers.aspx
  I’m glad to be of help to you!
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Lync Desktop sharing is not working via Remote Access Server / VPN

  Sometimes, few users using RAS (Remote Access Server) / VPN are not able to share desktop.
  It is irrespective of other user (from other end) is using VPN or Office wired network.
  Note - we have enabled VPN split tunnelling for our environment and the issue is happening after that only.
  Also, it is happening with few users not all.
  laptop is : HP elitebook 2570p
  any resolution ?

  Hi,
  Did these issued users also meet the issue internal the corporation?
  1.  Please double check if the split tunnel VPN setting configure correctly with the help of the link below:
  http://blogs.technet.com/b/nexthop/archive/2011/11/15/enabling-lync-media-to-bypass-a-vpn-tunnel.aspx
  2.  As the issue only happen for a few users who using VPN, please try to delete Lync user profile and then test again.
  3. Please also try to change another computer with the issued Lync account using VPN to test the issue.
  4. Please also try to test the issue with Internet network instead of VPN to test the issue again.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Windows 2012 routing and remote access service with same subnet

  I have internal server IP range -192.168.1.0/24
  Windows routing and remote access service  with vpn client IP -192.168.11../22
  client side IP subnet is -192.168.1.0/24
  So we wan routing \ NATING between  192.168.1.0/24 to 192.168.11.0/22 so if vpn user try to ping 192.168.11.5 it should internally forward all request to 192.168.1.5 
  <p>Don't forget to mark helpful or answer</p> <p>connect me :-</p> <p>http://in.linkedin.com/in/satya11</p> <p>http://facebook.com/satya.1000</p>

  Hi,
  According to your description, my understanding is that VPN client and internal network has the same IP range -192.168.1.0/24. And you want to transfer internal network from IP address 192.168.1.0/24 to 192.168.11.0/22.
  Agree with Charles David’s point of view. The easiest way to fix routing confusion would be to either change the VPN subnet or the VPN client subnet.
  Or, if you configure Windows Server(RRAS) as VPN server, you may enable NAT to transfer internal IP address:
  1. Open RRAS, add NAT.
  2. New interface to NAT and configure it as public interface.
  3. Open Address Pool tab, add IP address range 192.168.11.0/22.
  4. Click Reservations, add reserved IP(192.168.11.0/22) and corresponding internal IP(192.168.1.0/24) one by one.
  This would be a lot of workload. Besides, you may use 3rd party devices to transfer subnet IP addresses.
  Best Regards,
  Eve Wang 
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Active directory domain services stopped after removing routing and remote access role

  Hello everyone;;
  I am in deep trouble.. I did install routing and remote access and then  lost connection to the server remotely. Then I connected a monitor to the server and removed the role... then it asked me to restart the server . After logging back in I found
  all my active directory service has gone... I can see red cross on active directory domain services.. Also I am able to ping other pcs but other pcs cannot ping my server..
  However when I go into the active directory services, it shows all services are running except file replication service. I have tried to start that service but it give error 1053 error..
  My server in  between loses LAN connection... I dont know what is going on.. Please help!!!
  My  server is win 2008 R2 ser pack 1
  Only one DC....
  Has fixed ip, 
  no DNS server running..

  Hi,
  The File Replication Service Start Error 1053 error can be caused by damaged Windows system files. Corrupted system files entries can threaten the well-being of your computer. Many events can result in creating system file errors.
  Please refer to the articles below to troubleshoot the issue:
  File Replication Service Start Error 1053
  http://repairerrors.net/file-replication-service-start-error-1053.html
  Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Regards,
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.