Multiple vpn clients fail
When i try to run the vpn client on more than one computer to connect to a remote network, both connections fail. Everything works fine when i have a single computer connected with the vpn client, but as soon as i try to connect the other, both of them fail. any ideas?
Enable isakmp nat-traversal on the ASA on the client. It will open UDP port 4500 on the NAT device. so multiple clients can communicate.
Similar Messages
-
Multiple (but not all) VPN clients failing in Windows 8 and 8.1
Big question for VPN gurus, with a long story. I got a new machine with Windows 8 in late December 2012. I work remotely
for a bunch of different customers, so 100% of my work is done via VPNs. My customers use a wide variety of VPN types. These were all working fine up through early December 2013. Suddenly a bunch of them stopped working. I tried a ton
of stuff:
- Uninstalling all VPN clients and reinstalling them one at a time
- Reinstalling / updating network drivers
- Turning off and uninstalling antivirus and firewall software
- Verified problem was on my machine, not local network, both by testing other machines on local network and by testing this machine on other networks
The following VPN clients would not work:
Cisco VPN Client
FortiSSL
Microsoft built-in
The following VPN clients had no problems:
Cisco AnyConnect
ShrewSoft
Juniper web-based SSL VPN
Check Point web-based SSL VPN
As you can imagine, having to use a second (Windows XP) machine to connect to half my customers was a source of some serious headaches. After 3 weeks of beating my head against this, I finally upgraded my OS to Windows 8.1. The hail mary worked;
my VPN problems went away!
Two weeks later, the exact same symptoms resurfaced. I've gone back through a bunch of the steps that didn't help the first time around, with the same results. I expect a system refresh would probably do the trick, probably temporarily like the
OS upgrade, but I can't afford to spend a week reinstalling dozens of critical applications only to have the problem resurface after another couple of weeks.
At this point, the closest thing I have to a clue is that in both cases the problems started soon after installing an update to the Cisco AnyConnect client. After uninstalling the client, the problems do not go away.
Exactly what do I mean when I say the VPN clients don't work? That varies from one client to the next:
Microsoft built-in: Error 720
FortiSSL: variable - sometimes won't finish connecting, sometimes connects for about a second
Cisco: variable - sometimes won't finish connecting, sometimes "connects" but I can't access anything
Has anybody seen this sort of behavior before? Any suggestions for fixes I may not have tried yet? Thanks in advance.Hi.
I have been similar issues with VPN clients. In my case cause of this problems seems to be "Deterministic Network Enhancer". So turning this component on and off usually helps.
Actually I writed one script to fix this probleem for my clients.
<#
.Synopsis
This script is ment for a fixing of network problems which may occur when you use Windows 8/8.1 with Client Hyper-V
.DESCRIPTION
This script will disable and then enable again Deterministic Network Enhancer (dni_dne) component from network connections.
Parameter RegisterScheduledTask will register this script as a scheduled task which will be triggered at every time when computer starts.
.EXAMPLE
Fix-Network.ps1
.EXAMPLE
Fix-Network.ps1 -RegisterScheduledTask
#>
param
[switch]$RegisterScheduledTask
function Test-IsRunAsAdministrator
$currentUser = New-Object Security.Principal.WindowsPrincipal( [Security.Principal.WindowsIdentity]::GetCurrent())
$currentUser.IsInRole( [Security.Principal.WindowsBuiltInRole]::Administrator)
function Get-RunAsAdministrator
if(!(Test-IsRunAsAdministrator))
[string[]]$argumentList = @('-NoProfile' , '-File', $MyInvocation.ScriptName)
if($RegisterScheduledTask)
$argumentList += '-RegisterScheduledTask'
Start-Process PowerShell.exe -Verb Runas -WorkingDirectory $PWD.Path -ArgumentList $argumentList
break
Get-RunAsAdministrator
if($RegisterScheduledTask)
$actionArgument = '-ExecutionPolicy Bypass -File "' + $PSCommandPath + '"'
$action = New-ScheduledTaskAction -Execute "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Argument $actionArgument
$trigger = New-ScheduledTaskTrigger -AtStartup
$principal = New-ScheduledTaskPrincipal "SYSTEM" -LogonType ServiceAccount -RunLevel Highest
Register-ScheduledTask -TaskName Fix-Network -Trigger $trigger -Action $action -description "Fix network for Windows 6.X with Hyper-V" -Principal $principal
else
$bindings = Get-NetAdapterBinding | Where-Object { ($_.ComponentID -eq "dni_dne") -and ($_.Enabled)}
$bindings | Set-NetAdapterBinding -Enabled $false
$bindings | Set-NetAdapterBinding -Enabled $true
$date = Get-Date
"Done: $date" > $PSScriptRoot\Fix-Network.log
Hope that this will help.
Br,
Heiki -
Multiple VPN Clients on same PC
Hi
Doing a s/w inventory on systems in our network and the result is showing multiple versions of VPN Cisco Client installed. Is this possible or are the older versions remnants left behind after an upgrade... Thanks
PHCCXXXXXXXX
Cisco VPN Client
4.8.1.0000
PHCCXXXXXXXX
Cisco VPN Client
5.0.0.0000
PHCCXXXXXXXX
Cisco VPN Client
5.0.3.0000
PHCCXXXXXXXX
Cisco VPN Client
5.0.3.0530
PHCCXXXXXXXX
Cisco VPN Client
5.0.3.0560I have acquired my daughter's Nano (she has the iTouch now), and we will use the same PC. How should I get the songs off of the Nano, and not disrupt her iTouch songs, and then download my own songs from iTunes? I would assume separate iTune accounts, but I need your input.
-
Hi All,
We have one laptop that keeps having VPN Issues. It is running Vista Business with VPN Client Version 5.0.04.0300.
This pc is constantly receiving the error message 422. Failed to initialise Virtual Adapter.
Restarts do not fix it.
Reinstalling the client has not fixed
it.
I have seen forums on the net saying to disable and re-enable the connection etc, however the user it is happening to only has USER permissions on the laptop so cannot modify anything when on the road.
Is there a fix for this?
Thanks in advanceThere are alot of issues running the VPN client on Vista.
My suggestion is to wait for a more reliable client for Vista, or downgrade to XP. Or you could look into the SSL Client.
HTH> -
Apple VPN Client fails after 10.4.7 update
I have three different remote computers that cannot connect over VPN remotely to our xServe running 10.3.9. After installing 10.4.7 update recently, all three remote computers fail to even hit the server logs (ie. no connection, no denial, no nothing on the server end). I had one machine that was running 10.4.6 tonight. VPN connection worked fine. Ran the software update, restarted, now that computer fails to make a connection.
It has nothing to do with the firewall on the xServe. I have turned that off with no success.
Any ideas? I appreciate the help.to uninstall the client:
http://docs.info.apple.com/article.html?artnum=108021
you can create a client installer with the admin
under File, Create Client Installer...
Thanks for this. I will look into it further. The document you refer to states that 10.4 Clients should only be stopped rather than uninstalled, this concerns me a little. As I have tried simply stopping the service I will escalate to uninstalling the client and then see if reinstalling resolves the issue. Many thanks for your response. -
Multiple WUA client fails if server delays in sending response.
Hi,
I have implemented my own minimal WSUS server which provides updates to wua client using MS-WUSP protocol. I have used Sqlite as back end database to store update metadata(size of metadata is apprx. 4-5 GB). I have implemented multi- threaded web service,
each thread handle a separate request from WUA client.
When I tried to scan with more than 20 clients at the same time, then some of them fails with error 0x80072ee2 -
ERROR_INTERNET_TIMEOUT The request has timed out.
Is there any solution to avoid this kind of failure? Can I change the WUA client's timeout period? How can I speed up my server application to handle multiple requests?
Thnaks in advance.
Vivek.Hi,
What are the operating systems of your clients? Please update the latest version of Windows Update agent:
https://support.microsoft.com/kb/949104?wa=wsignin1.0
In addition, please check if multiple un-declined/superseded updates in the WSUS server's catalog.If yes, you can declining superseded updates to eliminate such performance issues.
Furthermore, the performance depends on several factors. You can check the task manager to check if any process has a high usage of the CPU, memory or disk. Or you can use performance monitor to diagnose disk/network/memory/process/processor bottleneck on
the server and clients:
https://technet.microsoft.com/en-us/magazine/2008.08.pulse.aspx
Best regards,
Susie
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Cisco VPN client install fails with Error 1722 on Windows 7
Hi,
I am having issues with laptops upgraded from Vista to Windows 7.
Prior to the upgrade they are running Cisco VPN Client 5.0.05.0290. These laptops also have Juniper Network Connect 6.5 and Citrix web client installed. The windows upgrade advisor made no recommendations regarding uninstalling / reinstalling these apps.
I have done an inplace upgade to Windows 7 (Windows Vista Enterprise 32bit to Windows 7 Enterprise 32 bit) and after the install the Cisco client is not working. Uninstalled the client (the uninstall was successful) then reinstalled and the installation fails at Installing Cisco Systems Virtual Adapter - error 1722 there was a problem with the windows installer package.
I have followed the steps for a manual uninstall of the Cisco client and then tried the install again - still not successful. Interestingly (or not) the Juniper Network Connect also fails with the error The Network Connect Virtual adapter driver is not installed properly. This also fails to reinstall after being removed.
I tried removing the VPN clients on another laptop and then running the upgrade but the same errors occured when reinstalling the VPN Client. I have tried the Winfix and DNE patch from Citrix but these fail saying there is a corruption in the application.
On another laptop where only the Cisco VPN client was installed a reinstall was required after the upgrade, but it did install successfully.
On a clean image these applications all install fine, however I have a large number of laptops do upgrade and don't want to do a fresh install and settings migration on all of them.
What files / registry entrys are involved with the DNE adapter so I can manually clear it all out before reinstalling?
Anything else I can do to troubleshoot this issue?
Cheers,
JamesYou should be able to install the 64 bit version of the Cisco VPN software
Latest version is vpnclient-winx64-msi-5.0.07.0440-k9.exe
You should download and run MCPR.exe first, to clean out any traces of McAfee products that conflict with Cisco VPN.
http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
If there is a problem with vbscript registration on the system - there is a fixit tool from Microsoft for that:
MicrosoftFixit50842.msi
(Using Shrew VPN is a possible workaround.) -
Support IPSec VPN Client in ASA Multiple Context Mode
I've looked at under "Cisco ASA Series CLI Configuration Guide, 9.0" on "Configuring Multiple Context Mode", it says
"IPsec sessions—5 sessions. (The maximum per context.) ". Does it mean in ASA Multiple Contest Mode support IPSec VPN Client? I just want to confirm it because I can't seem find any doc that clearly spell it out. I'll appreciate anyone who can clarify it.
Thank Jason.
( Please direct me to the right group if I'm not for the first time I post it in the Cisco support forum)This is from the v9.3 config-guide:
Unsupported Features
Multiple context mode does not support the following features:
Remote access VPN. (Site-to-site VPN is supported.) -
Are VPN Clients supported in multiple context mode?
Hi,
Recently our company has bought two Cisco ASA 5515-X firewalls for at our datacenter. I am new on configuring a Cisco ASA but sofar things are looking good. I have configured them both with HA (active/active) in multiple context mode. Currently they host two security contexts.
I want to configure VPN Client functionallity for Remote Access. As far as I know they come with two user licenses. But there is no VPN Client wizard available and I can't find a way to enable it.
- Is VPN Client supported in Multiple Context mode?
- What is AnyWhere Essentials vs Premium Peers?
Boudewijn
Here is some additional output fromt he current configuration:
Cisco Adaptive Security Appliance Software Version 9.1(2) <context>
Device Manager Version 7.1(3)
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-T020
IPSec microcode : CNPx-MC-IPSEC-MAIN-0024
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA 5515 Security Plus license.Hi,
No form of VPN Client is supported when you are using an ASA in Multiple Context mode.
The only type of VPN supported in the newer 9.x softwares is L2L VPN / Site to Site VPN
This might answer the VPN Licensing related question
http://packetpushers.net/cisco-asa-licensing-explained/
I never seem to remember it exactly myself even.
- Jouni -
Vista, Cisco VPN Client 5.0.01.0600 "Failed to enable Virtual Adapter"
Four times out of five when trying to connect with the VPN client on Vista Business I get a message that the Virtual adapter cannot be enabled.
When checking the logs there are two entries that always is seen together with this failure:
123 09:21:36.026 12/27/07 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: unable CreateUnicastIpAddressEntry, error 0
129 09:21:55.709 12/27/07 Sev=Warning/3 CVPND/0xA340001A
Failed to find VA MAC Address
Anyone else who have seen this issue on Vista?Hi Magnus
Uninstall VPN client. Restart the PC
Donwload and run the following software, then restart the PC
http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
Reinstall VPN client
Regards -
64bit vpn client issue /error :reason -442:failed to enable virtual adapter.
Hi All of you ,
I m using vpn client for windows64bit - file name - vpnclient-winx64-msi-5.0.07.0290-k9.exe and installing it on windows 2003 server .
But while connecting via vpn client to f/w , Virtual Adapter is taking the ip address but not connecting .getting error message on screen -
reason -442:failed to enable virtual adapter.
Is it possible some configuration or image issue from ASA as its first time we are trying to use 64bit OS , vpn client for 32bit OS working fine .
Below are the logs from vpn clinet when i tried to connect to ASA5520 . Version 7.0(8) -
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.2.3790 Service Pack 2
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 15:38:03.921 01/27/11 Sev=Info/4 CM/0x63100002
Begin connection process
2 15:38:03.937 01/27/11 Sev=Info/4 CM/0x63100004
Establish secure connection
3 15:38:03.937 01/27/11 Sev=Info/4 CM/0x63100024
Attempt connection with server "203.199.30.190"
4 15:38:04.125 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
5 15:38:04.140 01/27/11 Sev=Info/4 CM/0x63100015
Launch xAuth application
6 15:38:09.515 01/27/11 Sev=Info/4 CM/0x63100017
xAuth application returned
7 15:38:09.515 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
8 15:38:10.562 01/27/11 Sev=Info/4 CM/0x63100019
Mode Config data received
9 15:38:10.781 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to enable the 64-bit VA after timeout
10 15:38:10.781 01/27/11 Sev=Warning/3 CVPND/0xE3400029
The Client failed to enable the Virtual Adapter on 64-bit Windows
11 15:38:10.781 01/27/11 Sev=Warning/2 CM/0xE310000A
The virtual adapter failed to enable
12 15:38:10.781 01/27/11 Sev=Info/6 CM/0x6310003A
Unable to restore route changes from file.
13 15:38:10.781 01/27/11 Sev=Info/6 CM/0x63100037
The routing table was returned to original state prior to Virtual Adapter
14 15:38:10.859 01/27/11 Sev=Info/4 CM/0x63100035
The Virtual Adapter was disabled
15 15:38:10.859 01/27/11 Sev=Warning/2 IKE/0xE300009B
Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
16 15:38:10.859 01/27/11 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263)
17 15:38:11.546 01/27/11 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
18 15:38:11.546 01/27/11 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
19 15:38:11.578 01/27/11 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
20 15:38:40.953 01/27/11 Sev=Info/4 CM/0x63100002
Begin connection process
21 15:38:40.953 01/27/11 Sev=Warning/2 CVPND/0xA3400019
Error binding socket: -21. (DRVIFACE:1234)
22 15:38:40.968 01/27/11 Sev=Info/4 CM/0x63100004
Establish secure connection
23 15:38:40.968 01/27/11 Sev=Info/4 CM/0x63100024
Attempt connection with server "203.199.30.190"
24 15:38:41.156 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
25 15:38:41.171 01/27/11 Sev=Info/4 CM/0x63100015
Launch xAuth application
26 15:39:08.031 01/27/11 Sev=Info/4 CM/0x63100017
xAuth application returned
27 15:39:08.046 01/27/11 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
28 15:39:09.093 01/27/11 Sev=Info/4 CM/0x63100019
Mode Config data received
29 15:39:09.312 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
30 15:39:09.312 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
31 15:39:19.937 01/27/11 Sev=Warning/3 CVPND/0xA340000D
The virtual adapter was not recognized by the operating system.
32 15:39:19.937 01/27/11 Sev=Warning/2 CM/0xE310000A
The virtual adapter failed to enable
33 15:39:19.937 01/27/11 Sev=Info/6 CM/0x6310003A
Unable to restore route changes from file.
34 15:39:19.937 01/27/11 Sev=Info/6 CM/0x63100037
The routing table was returned to original state prior to Virtual Adapter
35 15:39:20.109 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
36 15:39:20.109 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
37 15:39:20.281 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
38 15:39:20.281 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
39 15:39:20.578 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
40 15:39:20.578 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
41 15:39:20.953 01/27/11 Sev=Warning/2 CVPND/0xE340002C
Unable to disable the 64-bit VA after timeout
42 15:39:20.953 01/27/11 Sev=Warning/3 CVPND/0xE340002A
The Client failed to disable the Virtual Adapter on 64-bit Windows
43 15:39:21.437 01/27/11 Sev=Info/4 CM/0x63100035
The Virtual Adapter was disabled
44 15:39:21.437 01/27/11 Sev=Warning/2 IKE/0xE300009B
Failed to active IPSec SA: Unable to enable Virtual Adapter (NavigatorQM:936)
45 15:39:21.437 01/27/11 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Quick Mode negotiator:(Navigator:2263)
46 15:39:22.046 01/27/11 Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "Unknown". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
47 15:39:22.046 01/27/11 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
48 15:39:22.062 01/27/11 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
release notes for vpn client 64bit -
http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537Hi Anisha ,
Exact version of OS is "Microsoft Windows Server 2003 x64" .
I need supported cisco vpn client for this OS .
=========
Thanx 4 reply .
Raj -
VPN Client - Pings of 1500 bytes fail?
I have a VPN client setup into a 1700 router. My customer is complaining that they can ping devices on the office LAN however, as they increase the ping size it starts to fail.
Any thoughts?Andrew
For TCP based traffic I have found a very effective solution with the ip tcp adjust-mss command which is configured on the LAN interface(s) of the router. This command will cause the end stations to negotiate a mss that is small enough that fragmentation will not be needed. It may take some experimentation to find the optimum value to set to eliminate fragmentation. (The amound of overhead will vary depending on some options within IPSec and whether you are doing GRE with IPSec or IPSec without GRE. I frequently use 1375 in environments using both GRE and IPSec and find that works for us.)
For non-TCP traffic I have seen a solution which uses a route map to identify the IPSec traffic and to turn off the DF bit. This allows the packet to be fragmented as it passes through the IPSec tunnel. I have not used this solution so I can not speak to details of how it works.
HTH
Rick -
VPN (VPN Client or AnyConnect) fails to work after reboot
I have both an IPSec and an SSL VPN setup on my UC560. A user on the network is having issues establishing a VPN connection after rebooting their system.
This issue is only happening for one user on the network. Everyone else can connect perfectly fine after rebooting.
If I reinstall the VPN Client, it will work perfectly but I can't establish a connection once the computer is rebooted.
Any help is greatly appreciated.
Regards,
SamI have both an IPSec and an SSL VPN setup on my UC560. A user on the network is having issues establishing a VPN connection after rebooting their system.
This issue is only happening for one user on the network. Everyone else can connect perfectly fine after rebooting.
If I reinstall the VPN Client, it will work perfectly but I can't establish a connection once the computer is rebooted.
Any help is greatly appreciated.
Regards,
Sam -
Remote access VPN client gets connected fails on hosts in LAN
Hi,
VPN client gets connected fine, I have a inter VLAN routing happening on the switch in the LAN so all the LAN hosts have gateway IP on the switch, I have the defult route pointing to ASA inside interface on the switch, the switch I can reach after Remote Access VPN is connected how ever I cannot ping/connect to other hosts in the LAN and if I make the gateway point to the ASA then that host is accessible, any suggestions? I really want to have gateway to be the Switch as I have other networks reachable through the Switch (Intranet routing)Hi Mashal,
Thanks for your time,
VPN Pool(Client) 192.168.100.0/24
Internal Subnets 192.9.200.0/24(VLAN 4000) and 192.168.2.0/24 (VLAN 1000)
=============
On the Switch
=============
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.2.5 to network 0.0.0.0
172.32.0.0/24 is subnetted, 1 subnets
C 172.32.0.0 is directly connected, Vlan101
C 192.168.200.0/24 is directly connected, Vlan2000
C 192.9.200.0/24 is directly connected, Vlan4000
S 192.168.250.0/24 [1/0] via 192.9.200.125
S 192.168.1.0/24 [1/0] via 192.9.200.125
C 192.168.2.0/24 is directly connected, Vlan1000
S 192.168.252.0/24 [1/0] via 192.9.200.125
S* 0.0.0.0/0 [1/0] via 192.168.2.5
===============
On ASA
===============
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 172.32.0.2 to network 0.0.0.0
C 172.32.0.0 255.255.255.0 is directly connected, outside
C 192.9.200.0 255.255.255.0 is directly connected, inside
C 192.168.168.0 255.255.255.0 is directly connected, failover
C 192.168.2.0 255.255.255.0 is directly connected, MGMT
S 192.168.100.2 255.255.255.255 [1/0] via 172.32.0.2, outside
S 192.168.100.3 255.255.255.255 [1/0] via 172.32.0.2, outside
S* 0.0.0.0 0.0.0.0 [1/0] via 172.32.0.2, outside
We don't need route print on the PC for now as I can explain what is happening I can get complete access to the 192.168.2.0/24 (VLAN 1000) but for 192.9.200.0/24 (VLAN 4000) above from the switch I can only ping IP's on the switches/pair but cannot have any tcp connections, which explains the default route being pointed on the switch is on VLAN 1000, now my issue is How do I get access to VLAN 4000 as you can see these two are on different Interfaces/zones on the ASA and please note with default gateway pointing to ASA I will have access to both the VLAN's it is only when I move the gateway pointing to Switch I loose tcp connections to one VLAN depending on the default route on the being pointing to on the switch.
So we are left to do with how to on the switch with default route. -
How to configure Multiple PPTP VPN Clients on cisco 3g supported Router
I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
here is the config for the one that works:
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip xxx.xxx.xxx.xxx
interface Dialer0
mtu 1450
ip address negotiated
ip pim dense-mode
ip nat outside
ip virtual-reassembly
zone-member security private
encapsulation ppp
ip igmp query-interval 125
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
no peer neighbor-route
no cdp enable
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap-v2 ms-chap eap chap pap callin
ppp eap refuse
ppp chap hostname xxx@xxx
ppp chap password 7 xxxpassword
But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available.I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
here is the config for the one that works:
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip xxx.xxx.xxx.xxx
interface Dialer0
mtu 1450
ip address negotiated
ip pim dense-mode
ip nat outside
ip virtual-reassembly
zone-member security private
encapsulation ppp
ip igmp query-interval 125
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
no peer neighbor-route
no cdp enable
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap-v2 ms-chap eap chap pap callin
ppp eap refuse
ppp chap hostname xxx@xxx
ppp chap password 7 xxxpassword
But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available.
Maybe you are looking for
-
Created a java program to read a .csv file but receiving an error when I try to run it. Here is program: import java.io.*; class TestRead { public static void main(File file) throws FileNotFoundException {try {FileReader fr = new FileReader(file
-
Disputer suddenly stop after copy SQL data
i had a problem doing a R3 copy from an old server to a new server. The old server currently running on 4.7x200 sr1 and sql 2000(SP3) on window 2000 server and the new server are using window 2003 server with the same SAP version (i want the new serv
-
C:\jdk11\java\bin>javac IndexOfMethodThree.java IndexOfMethodThree.java:9: cannot resolve symbol symbol : constructor BufferedReader (java.io.InputStream) location: class java.io.BufferedReader BufferedReader br = (new BufferedReader(System.in)); ^ 1
-
Iclouds is supposed to work from my PC but doesn't. Loaded the program several times. I have all the corrected software. I keep getting the error message: ApplePhotoStreams.exe has stopped working. Anybody out there that uses icloud with a PC???
-
Hi All, I have this requirement in WAD. The column having the figures for USD Red should be displayed completely RED in color, Similarly with USD Orange and USD Yellow. Plant USD Red USD Orange USD Yellow Total Any Help...!! Thanks