Radius AAA and Windows VPN Client

Similar Messages

• How to configure router to use ip pool on the aaa server for vpn clients

  how to configure router to use ip pool on the aaa server for vpn clients . i want to use vpn clients to connect to the router. authenticate using the aaa server username databse and also use the ip pool cretaed on the aaa server. i am not able to find the command on the router pointing to use the pool created on the aaa server. can u some one help me with this command.
  sebastan

  Hello Sebastan,
  what do you use as AAA server (e.g. ACS with TACACS+ or RADIUS) ?
  Regards,
  GNT

• ASA 5505 as a SSL VPN Server and Easy VPN Client at the same time?

  Is it possible to configure and operate the ASA 5505 as a SSL VPN server and Easy VPN Client at the same time? We would like to configure a few of these without having to purchase additional ASA 5505 and use a 2 device method (1 SSL VPN Server and 1 Easy VPN Client). Thanks in advance.

  I don't think it is possible. Following links may help you
  http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008068dabe.html
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008071c428.shtml

• Since I upgraded to Lion, my RSA securid token and Cisco VPN client doesn't work any longer. Anyone have suggestions on how to fix that?

  Since upgrading to Lion, I can no longer use VPN because my RSA securid token and CIsco VPN Client won't load. Any suggestioins out there?

  .

• VPN -- different behavior between Mac and Windows XP clients.

  Hi,
  Background:
  I have a Mini server serving L2TP IPSEC vpn with both Mac and Windows (all XP, so far) clients.
  The mini sits behind a Netopia router/firewall/NAT box that port forwards L2TP traffic to the mini.
  The mini has a public but unrouted address (unrouted in the public Internet, that is.) The same Netopia serves as the router for outgoing public connections. DNS is served by other servers.
  The VPN clients are distributed addresses from the unrouted public address space.
  Client <-> NAT <-> Public Cloud <-> NAT <-> Private (with public addresses) <-> Mini (VPN)
  Mac clients work happily, accessing internal and external hosts.
  The XP clients have a registry value set to allow NAT traversal:
  under HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\IPSec, AssumeUDPEncapsulationContextOnSendRule is set to 2 to allow dual Nat traversal.
  The XP clients happily access internal hosts, but hang accessing some, but not all external hosts.
  For example, most Google services are quickly displayed, whereas www.comcast.net or www.llbean.net hang. It appears to be more frequent accessing third-party hosts while processing the initial page. Some Google web services, e.g. some Google Map plugins do eventually hang.
  An XP host internal to the network configured with the above registry key set to 0 (No NAT traversal)
  exhibits the same behavior when using a VPN connection
  Public Cloud <-> NAT <-> Private (with public addresses) <-> Mini (VPN) <-> Pvt. <-> Client
  Same host without VPN works fine.
  Clearing the XP checkbox that routes all traffic to the remote (VPN) router makes external hosts work
  as you would expect.
  So my questions are:
  a) What's XP doing?
  b) Can it be fixed? (besides routing public traffic away from the VPN.)
  Thanks Jonathan
  p.s. MrHoffman, I almost asked this in the HP Forum as well, till I noticed you were here. (Assuming you are Hoff.)

  Hi soccerdude21490-
  +Is this possible?+
  Theoretically yes. However, it would be up to the school to allow you access through their network.
  The first step would be to contact the school's IT department and ask them if they will allow such a connection, and if so, could they please provide you with the settings (ip address etc.).
  Luck-
  -DP

• Windows Vista RTM (Build 6000) and Cisco VPN Client 5.8.01.0590

  I've sucessfully installed the above client and can access one of my VPN connections on TCP/10000 but I am unable to access any of my UDP enabled profiles.
  Anyone have any ideas??

  In the VPN client click on Under transport tab see if the IPsec over UDP is enabled.For more information refer URL
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml#vpnclient

• Windows VPN clients can't use network servers after 10.5.1 upgrade

  We have two Xserves, both formerly running 10.4.11. One is the OD master, the other a replica. The replica is also the VPN server, and is a DHCP server for the small number of IP addresses reserved for VPN clients.
  The OD master upgrade went fine. I completely reinstalled the OD replica, set the replica up again, and set up the VPN server. It supports L2TP/IPsec connections only.
  After the upgrade, Mac users running Tiger or Leopard can connect to the VPN server and connect to network services without any problems. Windows users can connect, but cannot actually USE anything on my office network. For example, if you try to connect to a web server either by fully qualified domain name or by hostname, the connection from the browser simply times out.
  In the Windows command line I can verify that I have an active connection by pinging and using the tracert command (equivalent of traceroute on UNIX). Hostname resolution works, too. But nothing happens when you try to open a web browser, which is mostly what my users need to do.
  It doesn't matter whether you're logging in with an OD user account or a local account defined solely on the VPN server. Same behavior in Windows.
  I had to take an older XServe running 10.4.11 out of our data center, move it to the office, and set it up on the same external network connection. 10.4.11 server works, 10.5.1 doesn't, from the same Windows client, set up exactly the same way.
  I've been through the hoops with Apple Enterprise support, who now tell me that Engineering kicked it back to them and told them they'd charge me $695 to get it fixed, because it's ostensibly custom configuration work. If that's true, why is Windows XP listed under L2TP/IPSec support on page 127 of the Leopard Network Services Admin guide? I don't want a custom fix, I just want it to work the way it's supposed to work. Or I want Apple to retract the claim that OS X Server is the best workgroup server solution for Macs and Windows.
  Anyone else encounter this problem or know of a fix?

  Had the same problems, started after i tried out the firewall in Leopard server.
  Seems that not all settings are reset even after turning the firewall off.
  To reset the firewall to its default setting:
  1 Disconnect the server from the Internet.
  2 Restart the server in single-user mode by holding down the Command-s keys during
  startup.
  3 Remove or rename the address groups file found at /etc/ipfilter/
  ipaddressgroups.plist.
  4 Remove or rename the ipfw configuration file found at /etc/ipfilter/ipfw.conf.
  5 Force-flush the firewall rules by entering the following in Terminal:
  $ ipfw -f flush
  6 Edit the /etc/hostconfig file and set IPFILTER=-YES-.
  7 Complete the startup sequence in the login window by entering exit:
  The computer starts up with the default firewall rules and firewall enabled. Use Server
  Admin to refine the firewall configuration.
  8 Log in to your server’s local administrator account to confirm that the firewall is
  restored to its default configuration.
  9 Reconnect your host to the Internet.
  This solved the problem for me...

• AFP Freeze and Cisco VPN Client w/ new Macbook Pro

  I have an Intel Core Duo Macbook Pro with all software updates installed and running Cisco VPN client v4.9.01 (0030). If I try to connect to one of my clients via VPN and then connect to one of the server shares, afp basically freezes. I have added a snip of the log below. BUT - I take the same laptop onsite and try to connect to the same server, it works like a champ. I have tried the VPN connection from multiple source points (ie, different ISPs and routers/firewalls) and wired and wireless and all result in the same. I am frustrated and running out of options. Note that the same problem occurred with the previous Cisco VPN client and I thought the newer version would fix it - id didn't. Any help would be much appreciated.
  tia,
  Bill
  Oct 27 16:05:01 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: doing reconnect on /Volumes/ADVSERV
  Oct 27 16:05:01 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: connect to the server /Volumes/ADVSERV
  Oct 27 16:05:01 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: Opening session /Volumes/ADVSERV
  Oct 27 16:05:01 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: Logging in with uam 10 /Volumes/ADVSERV
  Oct 27 16:05:01 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: Restoring session /Volumes/ADVSERV
  Oct 27 16:05:01 my-computer KernelEventAgent[59]: tid 00000000 received VQ_NOTRESP event (1)
  Oct 27 16:06:02 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: doing reconnect on /Volumes/ADVSERV
  Oct 27 16:06:02 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: connect to the server /Volumes/ADVSERV
  Oct 27 16:06:02 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: Opening session /Volumes/ADVSERV
  Oct 27 16:06:02 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: Logging in with uam 10 /Volumes/ADVSERV
  Oct 27 16:06:03 my-computer kernel[0]: AFP_VFS afpfs_Reconnect: Restoring session /Volumes/ADVSERV
  Oct 27 16:06:03 my-computer KernelEventAgent[59]: tid 00000000 received VQ_NOTRESP event (1)

  Hi Bill,
  Do you have any comparison data on services that DO work? I don't connect remotely to any Apple services so can't vouch for AFP always working, but have no issues with RDP services for Windows servers. Running 4.9.00 (0050). I have however just quickly VPN'd to a client and successfully opened an AFP share and browsed around over VPN - didn't even hesitate in establishing the connection.
  When you mention taking the machine onsite i am assuming that you directly access the AFP shares and not via VPN, hence confirming that the VPN software is potentially the issue?
  Are you running IPSEC over UDP or TCP? My transport is over UDP.
  Good luck,
  Justin

• Windows 2008 Server and Windows 8 clients

  Hey Guys,
  I have had this problem for sometime now and really need a solution. I have Windows 2008 Enterprise Server running about 200+ terminal services clients. All Windows XP clients are fine, Windows 7 clients have issues when they get an updated version of
  remote desktop client(to solve the issue we simply rollback the update), Windows 8 clients cannot connect and use out remote app. The issue stems from the newer version of remote desktop client (on windows 7 and embedded in windows 8) cannot connect to our
  terminal server and generates an error and immediately disconnects. The error says "
  Your computer can't connect to the remote computer because an error occurred on the remote computer that you want
  to connect to
  So my questions are, how can i update my Windows 2008 Terminal server version to support these clients, or do u have migrate to Windows 2012? Or is there a solution to my current problem which will allow my client to connect and use the remoteapps?

  Hi,
  Thank you for posting in Windows Server Forum.
  Please follow the below steps and verify result.
  LAN manager authentication level settings (Local security policy->Local Policies->Security Options->Network Security: LAN Manager Authentication level). 
  Try to change it to "Send NTLMv2 response only" 
  Snap:
  If still face the issue please install this Hotfix.
  RDS client computer cannot connect to the RDS server by using a remote desktop connection in Windows
  http://support.microsoft.com/kb/2752618/
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Mac Lion and Cisco VPN client problems

  I just installed Lion 10.7 on my iMac and can no longer use the downloaded Cisco VPN client to connect to Microsoft Remote Desktop and access the PC in my company's office. When I try to launch the VPN client I get Error 51. I used to be able to enter a command in the Terminal as a workaround to use the VPN client when that happened, but that no longer works. I have tried booting into 32-bit mode; doesn't work. I tried to use the Cisco client built into Lion using settings provided by my company. When I try to connect I get the following message: "The negotiation with the VPN server failed. Verify the server address and try reconnecting."
  I have searched the web looking for a solution. My company's tech department is stumped; the Apple Geniuses haven't been able to help. Does anyone have any ideas how I can use either the downloaded Cisco VPN client or the client built into Lion?
  Sent from Cisco Technical Support iPad App

  Here is the link which you can use to configure the inbuilt VPN client in MAC Lion.
  http://glazenbakje.wordpress.com/2011/07/28/how-to-create-a-cisco-vpn-connection-in-apple-mac-os-x-lion/
  Make sure you configure the attributes correctly.
  Secondly the inbuilt VPN client code of Lion is made in collaboration with Cisco so there will not be any issues of compatibility.
  Cheers,
  Rohan

• Server 2012R2 -- RDS Farm with XP and Windows Vista Clients

  Hi There,
  My team has been having some fun in getting our Server 2012R2 farm operational, annoyingly MS documentation is severely lacking on how to correctly configure a 2012R2 Farm correctly.
  We have an RDG1-TCC server, which is the RDGateway, RDConnection Broker and RDWeb Server. We have two session host servers RDS1-TCC and RDS2-TCC.
  It took us some time and much online research to figure out exactly how we needed to configure the RDS server as a lot of information online for 2012R2 was apparently incorrect(was based on 2008R2 practices). We started off with using a DNS Round Robin for
  the RDS Session hosts servers and after a number of certificate issues, we later found this was incorrect. We're now using RDWeb exclusively, which appears to be the correct way to have the Connection Broker working?
  We've ran into a number of issues with certificates too, we have an external certificate for remote.domain.com. Installing this on all 4 options in the certificate manager has made internally work correctly via RDWeb, however externally we are getting a
  certificate mismatch as it's trying to connected to RDG1-TCC with a certificate for remote.domain.com. I'm pretty sure I can resolve this with a replacement remote.domain.com certificate that includes a SAN for *.domain.internal. Testing with a self signed
  certificate seemed to resolve this issue.
  Now providing i've configured everything the correct way, we have an issue where RDWEb RDP files do not work internally or externally for XP, Vista or Windows 7 (With RDP7.1). Windows 8/8.1 and Windows 7 with RDP 8/8.1 updates work perfectly fine. Unfortunately
  this new client has a few XP machines that they are not willing to update just yet.
  Is there a known fix/workaround to get these older clients working correctly?
  Sorry for the extremely long post, but I'm sick of banging my head against the wall trying to get something that we assumed would have been fairly simple to get up and running.
  Cheers,
  Ben

  Thanks for the assistance so fat, now I have all clients connecting, I need to tackle the certificate issues.
  The UC SAN certificate is going to cost much more than the current certificate, currently that idea is on the back burner as the client does not wish to pay a few hundred extra.
  To quickly sum things up:
  AD DNS(internal DNS) override in place for remote.domain.com.au pointing it to the internal IP of the gateway/connection broker/RDWeb server.
  Connecting Internally its working perfectly fine under all circumstances (I'm guessing this is because of Kerberos Auth)
  When users connect externally via RDWeb they get a certificate missmatch as the cert is for remote.domain.com.au and the server is RDG1-TCC.domain.com.net
  When users connect externally via MSTSC using the Gateway option, they get a certificate missmatch as per the above, however they also receive a second "certificate is not trusted" error for whatever RDS server they hit.
  I have tried the below previously and they broke other things:
  "Change published FQDN for Server 2012 or 2012 R2 RDS Deployment."
  This resolved the external certificate issue. However then internal connections stopped working. When connecting via RDWeb, you would get asked for credentials instantly and no matter what you entered, it just asked for credentials again.
  There did not seem to be ANY event logs for this connection.
  "Changing RDP-Tcp listener on RDSH to use external certificate."
  I can't recall the exact error we had when we did this, but I know we had to roll back the change. I have a feeling we then started getting certificate missmatch errors on the Session Hosts.
  I'm half thinking that when the farm is free(Currently being used for application UAT), I'm going to try and reconfigure the RDP-Tcp listener on the RDSH servers again and see if that resolves one or more of our issues.
  Do you have any suggestions on how I can use the correct published FQDN name without breaking internal access? Or any other ideas on getting this entire thing working both internally and externally?
  Also, Dharmesh, I've tried clearing out the certificate cache as suggested, but to no avail.

• Back To My Mac and Cisco VPN client

  I've used back to my mac for a while and love it. Recently I've had to start using the Cisco VPN client and every time I use it it says "Because Back to My Mac is turned on, your VPN connection cannot be established with the server. Would you like to turn off Back to My Mac?". Is there any way to run them both without having to keep starting and stopping back to my mac?

  I too have this issue.
  Every time I have to connect via VPN, I have to disable my Back to My Mac.
  Kinda *****.
  Any solution?

• Issue with Mac OS 10.8.3 and Anyconnect VPN Client 3.1.02026

  Hi all,
    I am running Anyconnect VPN Client 3.1.02026 on Mac OS X 10.8.3.  I am unable to connect to my corporate network as the connection fails with following error :
  The VPN client was unable to successfully verify the IP forwarding table modifications.  A VPN connection will not be established.
  Can anyone suggest remedies. I am completely stuck. I had an older AnyConnect client and it was working until  a few days back when it stopped working. I then upgraded to 3.1.02026.
  As suggested in some of the pots on the web, i  have disabled the following  AirPort, Bonjour, Bluetooth, Adium, restarted after these changes and yet i am seeing this.
  My company has corporate license for Cisco AnyConnect VPN.
  TIA
  kumar

  MartyP wrote:
  Or is there a problem with both OS's writing stuff to the
  ~/Home/Library folder that may be incompatible?
  Yes, big time.  Mail, for sure, has a different file/folder structure, and would not be happy.
  Plus, a number of apps (Apple and 3rd-party) are "Sandboxed."  That's a security feature, to prevent malware or bad coding from affecting things it shouldn't.  Some of their files, including the preferences files, aren't even stored in the same places!
  Or to other places I'm not aware of?
  Probably.  If you have two versions of the same app, they may or may not expect the same data setup.
  To have one User folder for both OS's would save a lot of drive space
  Not if you use some or all of woodmeister50's suggestions. 
  But I'm also not sure how I'd use Time machine with such a set up.
  Just as you do now.  By default, Time Machine backs-up everything (except things like system work files, most caches and logs, trash) for all users and all internal drives & partitions.  By default, it excludes external drives.
  You can change those defaults, of course, via TM Preferences > Options.
  See Time Machine - Frequently Asked Question #32 for details and considerations of multiple drives.
  Presently I backup with . . . clones to other HD's
  Good.   Yes, clones are different.  You need multiple "tasks" to back up multiple drives/partitions.  But once set up, that shouldn't be a big deal.

• Problems with Solaris 10 Secure Desktop server and Windows XP Client

  Solaris 10 Secure Desktop server - Windows XP Client - I've tried to open the Solaris Machine's desktop using the browser based http://MysolarisServerName/sdg and the windows native client
  http://MySolarisServerName/tarantella.
  I log in ok to the Solaris Server.
  I can open a VT420 session with the solaris machine, and this works OK, but whenever I try anything else e.g. smc, or full screen desktop it doesn't. I get various error messages e.g. can't open display, and Session Failed - X Session timeout.
  I've also installed Cgywin X Server on the Win XP machine to see if this makes a difference, but it doesn't.
  Any clues anyone?

  Being able to run the VT420 session, but not any X-Window sessions is the clue; it's an X-specific problem. Most likely, ssh isn't configured correctly, see: http://docs.sun.com/source/819-4309-10/en-us/base/indepth/ssh.html
  Pasting in the (most) relevant bit:
  Adding support for X applications
  To support X applications through OpenSSH, enable X11 forwarding in the OpenSSH configuration file. On each Secure Global Desktop host:
  1. Edit the sshd_config file and include the following:
  X11Forwarding yes
  2. Edit the ssh_config file and include the following:
  ForwardAgent yes
  ForwardX11 yes
  3. Restart the SSH daemon.
  Using SSH and X authorization
  If SSH connections fail, when X authorization is enabled, you may have to run the SSH daemon in ipv4-only mode because Secure Global Desktop may not support the xsecurity extension used on your server. You enable ipv4-only mode by editing your system SSH configuration file. For example:
  * On SUSE Linux, edit the /etc/sysconfig/ssh file and add a SSHD_OPTS="-4" line.
  * On Red Hat Enterprise Linux, edit the /etc/sysconfig/sshd file and add a OPTIONS="-4" line.
  Note If the SSH configuration file does not exist on your system, you can create it.
  You must restart the SSH daemon after making this change.

• IPhone OS 3.0 - internet tethering and Cisco VPN Client

  Hello,
  The latest OS for the iPhone allows users to tether their iPhone to a Mac/PC so that the user can browse the internet through the carriers mobile 3G network.
  I can confirm that internet tethering works on my Macbook Pro, but the following error is displayed when i load the CiscoVPN Client (version 4.9.01 (0100))
  "Error 51: Unable to communicate with the VPN subsystem.
  Please make sure that you have at least one network interface that is cuurently active and has an ip address and start this application again."
  Does this mean that the Cisco VPN client cannot see the internet connection supplied by the iPhone even though i can browse the internet while this error is being displayed??
  Regards,
  Eddie S

  Same problem here and I'm wondering the same. I also noticed that the same error comes also when my ethernet connection and iPhone tethering are active at the same time. Then there really should be a connection.
  Despite that, I have the same problem and using bluetooth tethering doesn't solve this. Still the same error even though Internet connection works otherwise fine.
  Any suggestions? Have Cisco tested this?
  I'm using MacBook Pro 13" OS X 10.5.8, iPhone 3GS 3.0.1 with official finnish carrier Sonera, Cisco Systems VPN Client 4.9.01 (0100)