Native VPN tunnel kills wireless connection

Similar Messages

• Sure way to kill Wireless Connection

  Hello,
  while debugging my problems with loosing my wireless connection I found out a sure way to kill it: Just start a program like ethereal for the ethernet in promiscuous mode. Kills my wireless connection for sure and only a reboot helps.
  Has anyone seen this problem as well?
  -b

  You are talking nonsense
  http://en.wikipedia.org/wiki/WPS

• USB drive kills wireless connection?

  I have a MacBook Pro Late 2008 2.4ghz running OS X 10.6.4. When I plug in my LaCie portable HD via USB, it almost always kills the wireless connection. The LaCie is bus powered, and the connection is via a single USB port.
  The LaCie works fine. I never have a problem with it. But it not only has a tendency to disconnect my wireless connection (to a Linksys wrt-54g), but it prevents my MBP from reconnecting. The airport icon will keep searching, and pop up the wireless connection window, but when I try re-connecting to my wireless network with WAP password, it'll fail to connect. When I eject the usb drive, wireless will work fine again.
  This doesn't happen every time, but it's fairless consistent. Any ideas on what the problem is and how to fix it?

  Obviously, this isn't supposed to happen. Try resetting your computer's PRAM. If that doesn't do the trick, reset your computer's SMC.
  If that doesn't do the trick, it could be a software issue. You can search Apple's download website for the correct Combo Updater for your OS (10.5.8 for Leopard, 10.6.4 for Snow Leopard).
  If that doesn't do it, I would take the machine to an Apple Store or an Apple-Authorized Service Provider and have it looked at.
  Good luck!

• Using External monitor with DVI kills wireless connectivity

  I recently purchased a BenQ G2400WD 24" 1920x1200 monitor, for use with my May 2007 GMA 950 2.0Ghz. Macbook.
  Upon receiving the monitor, I immediately plugged it in to my Macbook, using the Mini-DV to VGA adaptor I already had, for use with projectors. The monitor was good, but a bit blurry and not too sharp, due to the analog signal. So I ordered a Mini-DVI to DVI adaptor. When it arrived, the improved picture quality was immediately apparent.
  However, as time went on, I noticed my wireless connectivity was getting terrible. Extremely slow Safari page load times, and upon going to Terminal and pinging my router, I would often get response times of 21000 milliseconds, or worse! I did a lot of research, on router firmware, on wireless connectivity, etc., but to no prevail. Then, on a whim, while continually pinging my router, I removed the DVI adaptor from my monitor. The ping instantly dropped from tens of full seconds to just a stable 0.4 milliseconds! Using my VGA connection resulted in no worse wireless connectivity than without it, but upon plugging in DVI and stressing the connection a bit (i.e. downloading a large file), the connection went bonkers. The pings also immediately jump from 0.4 milliseconds to a range of 1-4 milliseconds, regardless of any "stressing".
  I have done numerous research, including searching both here and on other discussion forums. It appears this problem with DVI connection is fairly common, but with no resolution so far. Any help would be great!
  A few important notes:
  -Both ends of both my VGA cable and my DVI cable are shielded.
  -I have tried numerous channel changes of my router, to no prevail.
  -While using DVI, EVERYTHING works well except the wireless. So the monitor isn't too demanding for my computer.
  And I hope my thorough post didn't scare you away!

  I have this same issue with the dvi and wireless disconnect. I am using a samsung 214T. I am glad to know i am not the only one seeing this, because it is kind of one of those things that is hard to believe. Anyway, I am also curious what kind of routers people have who are experiencing this issue. I am using a wrt54GL with tomato firmware.
  Also, In addition to the disconnect, my picture quality on my monitor gradually degrades over time...starting with what looks like snow flecks. After waking from screen saver, sometimes it is full static. Turning off and turning back on the monitor clears the static away.
  I can use another samsung 19in monitor with dvi without any problems.

• Palm Treo Pro Kills Wireless connection when connected via USB

  Everytime I connect my Treo Pro to my desktop via USB it kills my desktop's wirless Internet connection.  is there a setting that I need to correct?   
  Post relates to: Treo Pro T850U (Unlocked)

  does your wireless kit in the PC using a USB port or it's wireless card that is attached directly to the motherboard?
  if it is also a USB card, yes it can happen. probably USB conflict however if it's directly attached then it's very unlikely to happen.
  Post relates to: Treo 680 (Unlocked GSM)

• Which wireless router do I need for multiple VPN tunnels?

  I work at home and I connect to my office VPN (SSH Extranet Client) thru cable broadband. I need to have 2 VPN tunnels open as I frequently have my laptop & desktop connected to my work VPN. I've had a BEFSX41 for the past 3 years and it's worked good as it allowed for 2 VPN tunnels. It just died on me a few days ago and I would like to go wireless now. What wireless router(s) would meet my needs? Thanks in advance for any input.Message Edited by nolesworld on 11-27-200606:24 PM
  Message Edited by nolesworld on 11-27-200606:38 PM

  hi , the WRV200 will be a good choice....supports upto 50 tunnels and has wireless capabilities....

• Native VPN PPTP client won't stay connected

  Folks,
  I have setup my VPN using the Mac OSX native PPTP VPN client to connect to my client's work network. However, it appears that it won't stay connected.  I have been searching the net for answers.  I can't find a definitely one.  Does anyone have the same issue where you can share your solution with me please?
  To be more specific, I have a Windows XP laptop and a Mac.  I connect to the same VPN on both machines.  The Windows XP laptop will stay connected while the mac will drop the connection randomly.  This is particularly true when my Mac went to sleep and then wake up.
  In my PPTP VPN setup, I have already uncheck the option "Disconnect when user logs out" option in the Advance setting.
  Also, this appears to be Mac OSX issue because I have another client where I can use the Cisco AnyWhere VPN client to connect and the connection stays connected all the time including the time when my Mac went into sleep mode.
  My mac is the new MacBook Pro with Retina display running Mountain Lion (The original OS is Lion and then upgraded to Mountain Lion) and I am using the Thunderbolt to Ethernet adapter to connect to my wire network.  It doesn't make much difference even if I switch over to a Wireless connection.  In both cases, the VPN just won't stay connected.
  Can someone point me to the right direction as to where I can trouble shoot this please?  Thanks.

  Thanks sberman.  In the article, it mentions something about VPN on Demand, where in the setup do you see this setup?  I am in the Network setup area and I am not finding this.  Also, if I turn on the "Use verbose loggin", where is the log file?  Is it still the /var/log/ppp.log file
  Also, one more thing, my main ethernet connection setting does not include a proxy setting.  But my VPN setup includes a proxy setting.  Do you think that I may need to update the main ethernet setting to add the proxy setup to it as well? But I don't want to keep updating the main ethernet connection network setting to switch between proxy or not.  Any suggestion will be welcome.
  Thanks.

• ITunes 8.1 works great but killed wireless internet connection

  I installed version 8.1 on both my laptop( PowerBook g4/ OS 10.4.11) and desktop (imac intel / OS 10.5) and after restarting the computer, the wireless internet connection stopped working on both.
  I would open Safari and it would be a blank page and and the circle would keep spinning.
  So I tried my laptop at a different wireless hotspot and had the same result.
  I then tried repairing permissions and I got a list of problems with iTunes/Network Utilities, they repaired and now when I open Safari I get the message that it can not connect to the internet.
  I do get an internet connection using ethernet on both.
  Any ideas on how to fix this problem?

  Did you by any chance also update the firmware on your Apple Airport Extreme (if that's what you have)?
  I thought 8.1 killed my connection to my Apple TV, but it was the faulty firmware (see reports elsewhere in these forums).
  Now that I have rolled back from 7.4.1 on my Airport I plan to try iTunes again (with white knuckles).
  -dan

• VPN tunnel between 2 RRAS servers, both performing NAT with 2 network connections

  I have a need to configure an IPSEC policy between 2 networks.  Both servers are located at separate offices, are virtual, are 2008 R2 standard,  and only perform the function of NAT between a public IP and the LAN.  They each have 1 network
  adapter with a public address and 1 adapter with an internal LAN address.  I would like to setup an IPSEC policy between these 2 RRAS so that both LAN's can communicate.
  My question's; would this be the best method to get this accomplished?  If not, what are best practices?  Does anyone have documentation for this type of setup?
  I can create a policy between 2 servers, each behind each RRAS vm, but I'd like to keep domain controllers, AD, etc. out of this and not exposed - just have RRAS handle it.

  What you need to do is look for a guide to site to site VPN which you can follow. There are plenty out there of varying degrees of clarity and accuracy.
    The situation briefly is that each site operates normally using its router as a NAT device to provide Internet access for the LAN. In addition, each router is configured to provide a router to router VPN link. Each router has a static route to forward
  traffic for the subnet of the other site through the VPN tunnel.
  The net result is that a client wanting Internet access uses NAT to give it an Internet connection. If instead the client wants to access the other site, the request is sent through the VPN tunnel. There is no confusion because Internet addresses must be
  public and the site addresses are private. This is all transparent to the client because it is all handled by the routers. The client simply sends the packet to the default gateway. 
    The private traffic between sites is encrypted and encapsulated while it is crossing the Internet. The Internet routers see only the public address on the wrapper. The other site sees only the private IP of the packet after it has been unencapsulated
  and decrypted. The two sites behave as if they were linked by an IP router, but the operation is slow because of the delay in getting the packets from site to site.  
  Sorry about the link. http://www.youtube.com/watch?v=m-sakEbVDQ4
  Bill

• 7942s randomly lose connection to CUCM Thru VPN Tunnel

  One of my remote branches has 7 7942s plugged into a 2960 POE and then to a 2901.  The computer are connected to the telephone tandum.
  1.All the phones dont drop at the same time (maybe 2 or 3 together)
  2.The VPN Tunnel never drops when the phones lose the CUCM.(Computers are still online and able to see the network on other side of tunnel)
  3.The computer that is connected to the dropped phone does not lose connectivity to the inside network or thru the vpn tunnel (whether in fallback mode or connected or in transit)
  4. when a couple of phones are down, I can reach both CUCMs. (Publisher and Subscriber)
  Any help would be appreciated.

  Hi Earl,
  Try to do wire shark and see if you can capture anything.
  Its looks like keep live message dropping some where before they reaching phones. Is there high utilization on site?
  Check if any firewall filtering packets.
  Phone reboots itself and tries to register again. Check interface if there is any watchdog timers error.
  Please do rate if the given information helps
  Thanks

• When VPN tunnel connected, how is packet stream processed?

  Here is a beginner questions.
  When a VPN tunnel is connected, where exactly does its packet stream enter the router's processing? i.e.:
  Are packets from the tunnel processed by the firewall on the inbound interface, or does they effectively bypass the firewall?
  Are packets from the tunnel subject to NAT, or do they bypass NAT?

  The packets are enter in to the exit tunnel interface of the router and then process the access list, NAT on which applied on that interface. After that it checks for the routing to route the packet.

• Asa 5505 vpn from internet native vpn client, tcp discarted 1723

  Hello to all,
  I'm configuring this asa for to connect home users to my network using the native microsoft vpn clients with windows xp over internet.
  This asa have on the outside interface one public intenet ip and in the inside inferface have configured in the the network 192.168.0.x and i want to acces to this network from internet users using native vpn clients.
  I tested with one pc connected directly to the outside interface and works well, but when i connect this interface to internet and tried to connect on user to the vpn i can see in the logs this, and can't connect with error 800.
  TCP request discarded from "public_ip_client/61648" to outside:publicip_outside_interface/1723"
  Can help me please?, Very thanks in advance !
  (running configuration)
  : Saved
  ASA Version 8.4(3)
  hostname ciscoasa
  enable password *** encrypted
  passwd *** encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.0.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address publicinternetaddress 255.255.255.0
  ftp mode passive
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network gatewayono
  host gatewayofinternetprovideraccess
  description salida gateway ono
  object service remotointerno
  service tcp destination eq 3389
  description remoto
  object network pb_clienteing_2
  host 192.168.0.15
  description Pebble cliente ingesta 2
  object service remotoexternopebble
  service tcp destination eq 5353
  description remotoexterno
  object network actusmon
  host 192.168.0.174
  description Actus monitor web
  object service Web
  service tcp destination eq www
  description 80
  object network irdeto
  host 192.168.0.31
  description Irdeto
  object network nmx_mc_p
  host 192.168.0.60
  description NMX Multicanal Principal
  object network nmx_mc_r
  host 192.168.0.61
  description NMX multicanal reserva
  object network tarsys
  host 192.168.0.10
  description Tarsys
  object network nmx_teuve
  host 192.168.0.30
  description nmx cabecera teuve
  object network tektronix
  host 192.168.0.20
  description tektronix vnc
  object service vnc
  service tcp destination eq 5900
  description Acceso vnc
  object service exvncnmxmcr
  service tcp destination eq 5757
  description Acceso vnc externo nmx mc ppal
  object service exvncirdeto
  service tcp destination eq 6531
  description Acceso vnc externo irdeto
  object service exvncnmxmcp
  service tcp destination eq 5656
  object service exvnctektronix
  service tcp destination eq 6565
  object service exvncnmxteuve
  service tcp destination eq 6530
  object service ssh
  service tcp destination eq ssh
  object service sshtedialexterno
  service tcp destination eq 5454
  object-group service puertosabiertos tcp
  description remotedesktop
  port-object eq 3389
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group network DM_INLINE_NETWORK_1
  network-object object irdeto
  network-object object nmx_mc_p
  network-object object nmx_mc_r
  network-object object nmx_teuve
  network-object object tektronix
  object-group service vpn udp
  port-object eq 1723
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq https
  port-object eq pptp
  object-group network DM_INLINE_NETWORK_2
  network-object object actusmon
  network-object object tarsys
  access-list inside_access_in extended permit object remotointerno any any
  access-list inside_access_in extended permit object ssh any any
  access-list inside_access_in extended permit object-group TCPUDP any any eq www
  access-list inside_access_in extended permit icmp any any
  access-list inside_access_in extended permit object vnc any any
  access-list inside_access_in extended permit ip any any
  access-list outside_access_in extended permit object remotointerno any object pb_clienteing_2
  access-list outside_access_in extended permit object-group TCPUDP any object actusmon eq www
  access-list outside_access_in remark Acceso tedial ssh
  access-list outside_access_in extended permit tcp any object tarsys eq ssh
  access-list outside_access_in extended permit object vnc any object-group DM_INLINE_NETWORK_1
  access-list outside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1
  access-list outside_access_in extended deny icmp any any
  access-list corporativa standard permit 192.168.0.0 255.255.255.0
  access-list Split-Tunnel-ACL standard permit 192.168.0.0 255.255.255.0
  pager lines 24
  logging enable
  logging monitor debugging
  logging asdm debugging
  logging debug-trace
  mtu inside 1500
  mtu outside 1500
  ip local pool clientesvpn 192.168.0.100-192.168.0.110 mask 255.255.255.0
  ip local pool clientesvpn2 192.168.1.120-192.168.1.130 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  icmp permit any outside
  no asdm history enable
  arp timeout 14400
  nat (outside,inside) source static any interface destination static interface actusmon service Web Web unidirectional
  nat (outside,inside) source static any interface destination static interface tarsys service sshtedialexterno ssh unidirectional
  nat (outside,inside) source static any interface destination static interface pb_clienteing_2 service remotoexternopebble remotointerno unidirectional
  nat (outside,inside) source static any interface destination static interface irdeto service exvncirdeto vnc unidirectional
  nat (outside,inside) source static any interface destination static interface nmx_mc_p service exvncnmxmcp vnc unidirectional
  nat (outside,inside) source static any interface destination static interface nmx_mc_r service exvncnmxmcr vnc unidirectional
  nat (outside,inside) source static any interface destination static interface nmx_teuve service exvncnmxteuve vnc unidirectional
  nat (outside,inside) source static any interface destination static interface tektronix service exvnctektronix vnc unidirectional
  nat (any,outside) source dynamic DM_INLINE_NETWORK_2 interface
  access-group inside_access_in in interface inside
  access-group outside_access_in in interface outside per-user-override
  route outside 0.0.0.0 0.0.0.0 gatewayinternetprovideracces 1
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  eou allow none
  aaa local authentication attempts max-fail 10
  http server enable
  http 192.168.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  no sysopt connection permit-vpn
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec ikev1 transform-set clientewindowsxp esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set clientewindowsxp mode transport
  crypto ipsec ikev1 transform-set L2TP-IKE1-Transform-Set esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set L2TP-IKE1-Transform-Set mode transport
  crypto ipsec ikev2 ipsec-proposal DES
  protocol esp encryption des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal 3DES
  protocol esp encryption 3des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES
  protocol esp encryption aes
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES192
  protocol esp encryption aes-192
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES256
  protocol esp encryption aes-256
  protocol esp integrity sha-1 md5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set ikev1 transform-set clientewindowsxp
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
  crypto dynamic-map L2TP-MAP 10 set ikev1 transform-set L2TP-IKE1-Transform-Set
  crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map inside_map interface inside
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map L2TP-VPN-MAP 20 ipsec-isakmp dynamic L2TP-MAP
  crypto map L2TP-VPN-MAP interface outside
  crypto ca trustpoint _SmartCallHome_ServerCA
  crl configure
  crypto ikev2 policy 1
  encryption aes-256
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 10
  encryption aes-192
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 20
  encryption aes
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 30
  encryption 3des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 40
  encryption des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 enable outside client-services port 443
  crypto ikev2 remote-access trustpoint Ingenieria
  crypto ikev1 enable inside
  crypto ikev1 enable outside
  crypto ikev1 policy 5
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 10
  authentication crack
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet 192.168.0.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd dns 8.8.8.8
  dhcpd auto_config outside
  dhcpd address 192.168.0.5-192.168.0.36 inside
  dhcpd dns 8.8.8.8 8.8.4.4 interface inside
  dhcpd auto_config outside interface inside
  dhcpd enable inside
  no threat-detection basic-threat
  no threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl trust-point Ingenieria outside
  webvpn
  tunnel-group-list enable
  group-policy DefaultRAGroup internal
  group-policy DefaultRAGroup attributes
  wins-server none
  dns-server value 192.168.0.1
  vpn-tunnel-protocol l2tp-ipsec
  default-domain none
  group-policy DfltGrpPolicy attributes
  dns-server value 8.8.8.8
  vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
  group-policy ingenieria internal
  group-policy ingenieria attributes
  vpn-tunnel-protocol l2tp-ipsec
  default-domain none
  group-policy L2TP-Policy internal
  group-policy L2TP-Policy attributes
  dns-server value 8.8.8.8
  vpn-tunnel-protocol l2tp-ipsec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value Split-Tunnel-ACL
  intercept-dhcp enable
  username ingenieria password 4fD/5xY/6BwlkjGqMZbnKw== nt-encrypted privilege 0
  username ingenieria attributes
  vpn-group-policy ingenieria
  username rjuve password SjBNOLNgSkUi5KWk/TUsTQ== nt-encrypted
  tunnel-group DefaultRAGroup general-attributes
  address-pool clientesvpn
  address-pool clientesvpn2
  authentication-server-group (outside) LOCAL
  authorization-server-group LOCAL
  default-group-policy L2TP-Policy
  authorization-required
  tunnel-group DefaultRAGroup ipsec-attributes
  ikev1 pre-shared-key *****
  tunnel-group DefaultRAGroup ppp-attributes
  no authentication chap
  authentication ms-chap-v2
  class-map inspection_default
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  prompt hostname context
  call-home reporting anonymous
  Cryptochecksum:59b54f1d10fe829aeb47bafee57ba95e
  : end
  no asdm history enable

  Yes with this command creates this
  policy-map global_policy
      class inspection_default
       inspect pptp
  But don't work. I also tried to add the pptp and gre in the outside access rules but nothing...
  I don't understand why if a connect directly to the outside interface with the same outside network works well.
  ej: the pc have 89.120.145.14 ip and the outside asa have 89.120.145.140 and if I create one vpn in this pc the outside ip 89.120.145.140 with the correct parameters the asa don't discart 1723 and connect ok but if this ip is not of this range discards 1723...

• Unable to access wireless connection with linksys rooter WRT54GS

  Hi,
  I just installed a wireless rooter Linksys WRT54GS on my connection, The problem I have is being able to access it with my wireless on my laptop.
  I kept getting a message stating "connection unindentified" "access limited". I've done most of what is already suggested on your forum such has turning the power off of my rooter, my modem and such and still nothing. I'm able to access the wireless with my girlfriend Mac Notebook, my playstation 3 and my desktop computer which uses Windows X. First I thought that it my be a problem with my security but even when the connection is unprotected I still get that error. I try to disable the IpV6but that didn'tdo anything either.
  My laptop is a Toshiba Qosmio X300 PQX32C-033019 with Vista and my rooter is a Linksys WRT54GS vers. 6
  Here's my connection log, sorry if it's in French:
  Informations sur l'ordinateur 
  Vendor:TOSHIBA
  Machine Name:Qosmio X300
  VersionQX32C-033019
  CPU Maker:GenuineIntel
  CPU Name:Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
  CPU Clock:2267
  CPU Base Clock:2267
  OS:Microsoft® Windows Vista™ Édition Familiale Premium
  OS Build:6001
  OS SPervice Pack 1
  Ram:4188120
  Début de la page
  Informations IP 
  ipconfig /all
  Configuration IP de Windows
  Nom de l'h“te . . . . . . . . . . : PC-de-ThomasMur
  Suffixe DNS principal . . . . . . :
  Type de noeud. . . . . . . . . . : Mixte
  Routage IP activ‚ . . . . . . . . : Non
  Proxy WINS activ‚ . . . . . . . . : Non
  Liste de recherche du suffixe DNS.: phub.net.cable.rogers.com
  Carte r‚seau sans fil Connexion r‚seau sans filÿ:
  Suffixe DNS propre … la connexion. . . :
  Description. . . . . . . . . . . . . . : Intel(R) Wireless WiFi Link 5100
  Adresse physique . . . . . . . . . . . : 00-21-5D-3D-9C-08
  DHCP activ‚. . . . . . . . . . . . . . : Oui
  Configuration automatique activ‚e. . . : Oui
  Adresse IPv6 de liaison locale. . : fe80::a9d9:4618:2ae4:d7e5%11(pr‚f‚r‚)
  Adresse d'autoconfiguration IPv4 . . . : 169.254.215.229(pr‚f‚r‚)
  Masque de sous-r‚seau. . . .ÿ. . . . . : 255.255.0.0
  Passerelle par d‚faut. . . .ÿ. . . . . :
  Serveurs DNS. . . . . . . . . . . . . : fec0:0:0:ffff::1%1
  fec0:0:0:ffff::2%1
  fec0:0:0:ffff::3%1
  NetBIOS sur Tcpip. . . . . . . . . . . : Activ‚
  Carte Ethernet Connexion au r‚seau local :
  Suffixe DNS propre … la connexion. . . : phub.net.cable.rogers.com
  Description. . . . . . . . . . . . . . : Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  Adresse physique . . . . . . . . . . . : 00-1E-EC-3F-7B-CF
  DHCP activ‚. . . . . . . . . . . . . . : Oui
  Configuration automatique activ‚e. . . : Oui
  Adresse IPv6 de liaison locale. . : fe80::4da:b21b:843c:7bfd%10(pr‚f‚r‚)
  Adresse IPv4. . . . . . . . . . . : 192.168.1.100(pr‚f‚r‚)
  Masque de sous-r‚seau. . . .ÿ. . . . . : 255.255.255.0
  Bail obtenu. . . . . . . . .ÿ. . . . . : 8 juin 2009 18:11:58
  Bail expirant. . . . . . . . .ÿ. . . . : 9 juin 2009 18:11:58
  Passerelle par d‚faut. . . .ÿ. . . . . : 192.168.1.1
  Serveur DHCP . . . . . . . . . . . . . : 192.168.1.1
  Serveurs DNS. . . . . . . . . . . . . : 64.71.255.198
  NetBIOS sur Tcpip. . . . . . . . . . . : Activ‚
  Carte Tunnel Connexion au r‚seau local* :
  Statut du m‚dia. . . . . . . . . . . . : M‚dia d‚connect‚
  Suffixe DNS propre … la connexion. . . : phub.net.cable.rogers.com
  Description. . . . . . . . . . . . . . : isatap.phub.net.cable.rogers.com
  Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP activ‚. . . . . . . . . . . . . . : Non
  Configuration automatique activ‚e. . . : Oui
  Carte Tunnel Connexion au r‚seau local* 6 :
  Statut du m‚dia. . . . . . . . . . . . : M‚dia d‚connect‚
  Suffixe DNS propre … la connexion. . . :
  Description. . . . . . . . . . . . . . : Carte Microsoft ISATAP #2
  Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP activ‚. . . . . . . . . . . . . . : Non
  Configuration automatique activ‚e. . . : Oui
  Début de la page Informations de routage 
  route print
  ===========================================================================
  Liste d'Interfaces
  11 ...00 21 5d 3d 9c 08 ...... Intel(R) Wireless WiFi Link 5100
  10 ...00 1e ec 3f 7b cf ...... Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
  13 ...00 00 00 00 00 00 00 e0 isatap.phub.net.cable.rogers.com
  12 ...00 00 00 00 00 00 00 e0 Carte Microsoft ISATAP #2
  ===========================================================================
  IPv4 Table de routage
  ===========================================================================
  Itin‚raires actifsÿ:
  Destination r‚seau Masque r‚seau Adr. passerelle Adr. interface M‚trique
  0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
  127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
  127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
  127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
  169.254.0.0 255.255.0.0 On-link 169.254.215.229 281
  169.254.215.229 255.255.255.255 On-link 169.254.215.229 281
  169.254.255.255 255.255.255.255 On-link 169.254.215.229 281
  192.168.1.0 255.255.255.0 On-link 192.168.1.100 276
  192.168.1.100 255.255.255.255 On-link 192.168.1.100 276
  192.168.1.255 255.255.255.255 On-link 192.168.1.100 276
  224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
  224.0.0.0 240.0.0.0 On-link 192.168.1.100 276
  224.0.0.0 240.0.0.0 On-link 169.254.215.229 281
  255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
  255.255.255.255 255.255.255.255 On-link 192.168.1.100 276
  255.255.255.255 255.255.255.255 On-link 169.254.215.229 281
  ===========================================================================
  Itin‚raires persistantsÿ:
  Aucun
  IPv6 Table de routage
  ===========================================================================
  Itin‚raires actifsÿ:
  If Metric Network Destination Gateway
  1 306 ::1/128 On-link
  10 276 fe80::/64 On-link
  11 281 fe80::/64 On-link
  10 276 fe80::4da:b21b:843c:7bfd/128
  On-link
  11 281 fe80::a9d9:4618:2ae4:d7e5/128
  On-link
  1 306 ff00::/8 On-link
  10 276 ff00::/8 On-link
  11 281 ff00::/8 On-link
  ===========================================================================
  Itin‚raires persistantsÿ:
  Aucun
  Début de la page Informations de protocole 
  Protocol Bind Information
  SSTP based VPN
  Microsoft TCP/IP version 6 - Tunnels
  isatap.{DF6498ED-F5F7-4E96-9496-10C8BB95FA20}
  isatap.phub.net.cable.rogers.com
  Internet Protocol (TCP/IP) - Tunnels
  Microsoft NetbiosSmb
  Internet Protocol Version 4 (TCP/IPv4)
  Intel(R) Wireless WiFi Link 5100
  Internet Protocol Version 4 (TCP/IPv4)
  Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  Internet Protocol Version 6 (TCP/IPv6)
  isatap.{DF6498ED-F5F7-4E96-9496-10C8BB95FA20}
  Internet Protocol Version 6 (TCP/IPv6)
  isatap.phub.net.cable.rogers.com
  Internet Protocol Version 6 (TCP/IPv6)
  Intel(R) Wireless WiFi Link 5100
  Internet Protocol Version 6 (TCP/IPv6)
  Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  Remote Access IP ARP Driver
  Miniport WAN (IP)
  Message-oriented TCP/IP Protocol (SMB session)
  WINS Client(TCP/IP) Protocol
  Internet Protocol Version 4 (TCP/IPv4)
  Intel(R) Wireless WiFi Link 5100
  Internet Protocol Version 4 (TCP/IPv4)
  Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  Internet Protocol Version 6 (TCP/IPv6)
  isatap.{DF6498ED-F5F7-4E96-9496-10C8BB95FA20}
  Internet Protocol Version 6 (TCP/IPv6)
  isatap.phub.net.cable.rogers.com
  Internet Protocol Version 6 (TCP/IPv6)
  Intel(R) Wireless WiFi Link 5100
  Internet Protocol Version 6 (TCP/IPv6)
  Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  Internet Protocol Version 6 (TCP/IPv6)
  isatap.{DF6498ED-F5F7-4E96-9496-10C8BB95FA20}
  isatap.phub.net.cable.rogers.com
  Intel(R) Wireless WiFi Link 5100
  Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  Internet Protocol Version 4 (TCP/IPv4)
  Intel(R) Wireless WiFi Link 5100
  Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  Remote Access IPv6 ARP Driver
  Miniport réseau étendu WAN (IPv6)
  Point to Point Protocol Over Ethernet
  Intel(R) Wireless WiFi Link 5100
  Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  Point to Point Tunneling Protocol
  Layer 2 Tunneling Protocol
  Remote Access NDIS WAN Driver
  WAN Miniport (SSTP)
  Carte asynchrone RAS
  Miniport WAN (PPPOE)
  Miniport réseau étendu WAN (PPTP)
  Miniport réseau étendu WAN (L2TP)
  Link-Layer Topology Discovery Mapper I/O Driver
  Intel(R) Wireless WiFi Link 5100
  Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  Link-Layer Topology Discovery Responder
  Intel(R) Wireless WiFi Link 5100
  Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  NDIS Usermode I/O Protocol
  Intel(R) Wireless WiFi Link 5100
  Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  Début de la page Informations sur les équipements 
  Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  Device ID : PCI\VEN_10EC&DEV_8168&SUBSYS_FF001179&REV_02\4&492937F&0&00E2
  Status : Enable
  Driver Vender : Realtek
  Driver Version : 6.205.403.2008
  Driver Date : 4-3-2008
  Intel(R) Wireless WiFi Link 5100
  Device ID : PCI\VEN_8086&DEV_4232&SUBSYS_12018086&REV_00\4&3905AE0C&0&00E3
  Status : Enable
  Driver Vender : Intel
  Driver Version : 12.0.0.73
  Driver Date : 4-27-2008
  Bluetooth
  Device ID : ACPI\TOS6205\5&F592293&0
  Status : Disable
  Bluetooth Version : v6.10.07.2(T)
  Début de la page Statut du commutateur de communications sans fil et de la touche d'accès direct pour réseau sans fil 
  Wireless Communication Switch : On
  Wireless Hotkey (Fn + F8)
  Wireless LAN : On
  Solved!
  Go to Solution.

  Try this -
  Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1 and press Enter...
  Leave username blank & in password use admin in lower case...
  For Wireless Settings, please do the following : -
  Click on the Wireless tab
  - Here select manual configuration...Wireless Network mode should be mixed...
  - Provide a unique name in the Wireless Network Name (SSID) box in order to differentiate your network from your neighbours network...
  - Set the Radio Band to Standard-20MHz and change the Standard channel to 11-2.462GHz...Wireless SSID broadcast should be Enabled and then click on Save Settings...
  Please make a note of Wireless Network Name (SSID) as this is the Network Identifier...
  For Wireless Security : -
  Click on the Sub tab under Wireless > Wireless Security...
  Change the Wireless security mode to WEP, Encryption should be 64 bit.Leave the passphrase blank, don't type in anything...
  Under WEP Key 1 type in any 10 numbers please(numbers only and no letters eg: your 10 digit phone number) and click on save settings...
  Please make a note of WEP Key 1 as this is the Security Key for the Wireless Network...
  Click on Advanced Wireless Settings
  Change the Beacon Interval to 75 >>Change the Fragmentation Threshold to 2304, Change the RTS Threshold to 2304 >>Click on "Save Settings"...
  On your Vista Laptop, first disable the Wireless Network Connection and restart the Laptop, then Enable the Wireless Connection...
  Then Click on Start >> Control Panel >> Network and Sharing Center >> Manage Wireless Network and click on Add, select Manually Create a Network Profile and click Next, enter your Network SSID/Network Name, select WEP for Security type and enter your 10 digit Network Key and click on Next, it should say "Successfully Connected to ____" close all the Windows and restart the Laptop, now see if you can connect to Internet Wirelessly...

• "Discoverying Proxy" across a IPSEC Tunnel over wireless

  Bear with me here, there are lot of moving parts in this puzzle, and I'm unsure where to look.
  Users are using IE7 (some IE8's), group policy has "Automatically Detect Settings", and we have published a WPAD DNS entry, and are hosting the PAC file on the S370 box.  We're very early in our deployment, so we're still functioning in "Monitor mode", till management has some information, and will direct us on what traffic they will allow .
  The majority of users are located at our main site, the same site our Proxy is at, these users are having zero problems.  For all intents and purposes, they don't even know the proxy is there.
  about 30% of our users are located at remote sites.  They are connected via an IPSEC L2L VPN tunnel  (ASA5505 at remote site, connecting to an ASA5550 at main site)
  The users using a wired connection work fine
  Wireless users, connecting via LWAPP accesspoints (Wireless LAN controller version 4.2.176.0) at the remote sites, experience a delay connecting to the proxy, usually a few minutes.  I actually believe that they are bypassing the proxy, since it takes two minutes.  Unfortually, most of my users at the remote sites are wireless.
  Thing's I'm immediately going to try are upgrading to the latest version of WLAN controller software, and then open a TAC case on the wireless LAN controller, but before I do this,  has anyone run across something similar to this before?  (Proxy discovery having issues across an IPSEC tunnel)
  Mike

  Hi Javier,
  Please explain to me how I should explain this technically elaborate issue to either ISP tech support? :-P
  Well, I tried my best and ended up on the phone for 5 hours with 6 different techs between Verizon and TWC BC. I should get paid for explaining them the basics of networking.
  Anyhow, my last desperate attempt was to ask the tech to reboot my ONT so I'd get a new IP. Maybe some traffic balancer or filter didn't like my source and destination IP combination. Maybe it was cursed.
  Ring. Ring. I finally got an awesome tech (John) from Verizon who actually knew what he was talking about. I connected my Verizon supplied router again and asked if he could log into it or run pings from it remotely (to show him that I'm not crazy). Though other techs told me that was not possible, he did in just a few seconds without much pain. He saw the pings failing as well. Then he said pings from the Verizon ONT gateway were successful, so I assumed it must have been an issue somewhere in Verizon's neck of the (network) woods where the problem persisted.
  Long story short: The new IP address worked like a charm and no more packet drops.

• WRV54G drops VPN tunnels several times a day.

  Help I have a WRV54G with 6 VPN tunnels all going across DSL. Each 1 of the tunnels will just drop and reconnect for no reason at some point maybe not at the same time but constantly. The other side of the tunnels are also WRV54G's. All 6 tunnels are connected together at each location and only their tunnels to me drop and not to anyone else. Any help would be appreciated. Tech support sent me a so called beta load of 2.39.12 but that did not help at all. I also loaded that same load to one of the routers and that tunnel still drops as well as the others.

  I've had this wrv54g for several years now and it's never worked properly.
  As a router and wireless access point it's ok but using it to connect to my vpn at the
  server (befvp41) it's useless. I bought it to test for a company I work for but because of the problem with maintaining a vpn connection I cannot recommend it.
  I can establish the tunnel and it will work for a while but if I leave it alone for a while
  the tunnel stops working. Both ends show connected but you cannot pass anything thru the tunnel. I have to reset the client end in order to get it to work again. The one thing I haven't tried is getting a static ip at the client end.
   I use befvp41's and befsx41's and they work fine... A bit slow but they stay connected.
   I've ended up using it on my network because I hate to waste money but it really is a PITA. whenever I have to use the vpn to check the server I have to log on to the router and disconnect and then reconnect the vpn before I can work.
  The internet connection doesn't drop out just the vpn stops working.
  The Linksys tech support was no help whatsoever.