Re: Can't remote into VPN

Similar Messages

• How can I remote into my home Mac from work windows PC?

  I have a Mac G5 at home and a XP pro computer at work. Is there any way I can remote in to my home computer so I can mess with it while at work? I have so much I want to learn to do on my computer at home, but no time. I spend a lot of time at work on the internet and would like to turn it into productive (for me anyway) time.
  thanks
  Jason

  You can install a VNC server on your Mac and a VNC client on your PC. Then you can log in to your Mac. You can see and control the Mac.
  If you Mac is connected to a router, you will need to configure the Mac to have a static (local) IP address. You will need to configure the router to forward/map the appropriate ports to the Mac.

• I have a new iPad but I can't go into VPN option after I uninstalled vpnoneclick app

  I have a new iPad and before I uninstall vpnoneclick app from AppStore I was able to set a VPN but now I can't even enter the VPN option please help me

  Are you saying the VPN option is gone from settings-general-network?

• Can you create a Remote Access VPN connection to tunnel DMZ LAN and Inside Networks simultaneously?

  I have a customer that has a ASA 5510 version 8.3 with IPSEC Client Access that includes some of their networks on the Inside interface.   The issue they are having is when their mobile users connect with the vpn client (which is using split tunneling), they can no longer access their web server applications that are running in the DMZ.   Without the client connected, they access the web servers via the external public IP.  Once they are connected via vpn, their default dns server becomes the internal AD DNS server, which resolves the DNS of the web servers to the private DMZ ip address. 
  Can a Remote Access VPN client connection be allowed to connect to both the DMZ interface and the Inside Interface? I had always only setup RA VPN clients to connect to networks on the Inside Interface.  
  I tried adding the DMZ network to the Split Tunnel list, but I could not access anything it while connected to vpn using the private IP addresses.

  Yes, you should be able to access DMZ subnets as well if they are added to the split tunnel ACL. You could check the NAT exemption configuration for the DMZ and also check if the ASA is forwarding the packet through DMZ interface by configuring captures on the DMZ interface. 
  Share the configuration if you want help with the NAT exemption part.

• Users can only connect to RD farm website and cannot remote into terminal server , when connected via VPN

  Hello,
  I have a RD farm using 3 Win 2012 servers (1 broker and 2 session host), for internal use only, have not
  configured gateway for internet access.
  Users are able to connect to RD farm website and remote into terminal server, within office
  but can only connect to RD farm website and cannot remote into terminal server , when connected via VPN
  Its takes long time at securing connection and fails.
  Thanks

  Hi,
  Thank you for your posting in Windows Server Forum.
  First of all I would suggest you to configure RD gateway role on your server and pass all the connection through it because it’s a best practice to use RD Gateway in RDS Farm. 
  Apart from this, if you are not using RD Gateway then you must check that you have successfully forwarded port 3389 for RDS to access via VPN. Also check that you have made configuration under IIS Manager to enable Forms Authentication. Please check
  this link.
  In addition, please refer beneath article for additional details.
  1. How to Access Windows Remote Desktop Over the Internet
  2. Remote Desktop Services in Windows 2008 R2 – Part 3 – RD Web Access & RemoteApp
  (For reference)
  Hope it helps! 
  Thanks,
  Dharmesh

• Can ASA5505 forward remote-access-VPN clients to LAN

  I currently have ASA-5505 and 2911-Router and I'm trying to configure VPN topology.
  Can ASA5505 forward remote-access-VPN clients to LAN operated by a different router?
  Are these two cases possible?:
  (1) ASA-5505 and 2911-Router are on separate WAN interfaces, each directly connected to ISP. But then can I connect one of other LAN interfaces of ASA-5505 into a switch managed by 2911-Router to inject remote-SSL-VPN clients into the LAN managed by the router?
  (2) ASA-5505 is behind 2911-Router. Can 2911 Router assign a public ip address or have public ip address VPN-access attempts directly be forwarded to ASA-5505 when there is only one public ip address available?
  Long put short, can ASA-5505 inject its remote-access-VPN clients as one of hosts on the LAN managed by 2911-router?
  Thanks.

  I could help you more if you can explain the purpose of this setup and the connectivity between the ASA and router.
  You can enable reverse-route on the Dynamic map on the ASA. The ASA will install a static route for the client on the routing table. You can use a Routing protocol to redistribute the static routes to your switch on the LAN side of the ASA.

• Upgraded to Yosemite and can no longer remote into my work iMac through screen sharing- it is turned on in settings?

  My screen sharing functionality did not show up in the dock with an updated icon.  It had a question mark- shows my connections but nothing works, I did make sure screen sharing is on and also connected to VPN.  Once I tried to launch screen sharing nothing happens.  Such an elegant solution in Mavericks not does not work. Ugh. Help!

  This is the post that got me set up- I too am running an older version at work vs. Yosemite. As soon as I followed is advice everything worked.
  Upgraded to Yosemite and can no longer remote into my work iMac through screen sharing- it is turned on in settings?
  I believe the location of the "Screen Sharing" app has changed, which explains why if you had it in the dock it has been replaced by a ?
  Don't forget you can launch screen sharing (once your VPN connection is up) by typing in the Safari destination slot vnc://remotemachinename:portnumber  (omit the :port number if you are using the default VNC port, 5900).  This should launch Screen Sharing and put its icon in the dock.  You can drag the Screen Sharing icon to the left of your dock and it will hopefully remain there after you exit Screen Sharing, or you can right-click on the icon when it's running and select Options->Show in Finder to find out its new location and drag its icon to the permanent entries in your dock.
  Hope this helps; worked for me.

• Can i use same address pool for different remote access VPN tunnel groups and policy

  Hi all,
  i want to create a different remote access VPN profile in ASA. ihave one RA vpn already configured for some purpose.
  can i use the same ip address pool used for the existing one for the new tunnel-group (to avoid add rotuing on internal devices for new pool) and its a temporary requirement)
  thanks in advance
  Shnail

  Thanks Karsten..
  but still i can have filtering right? iam planning to create a new group policy and tunnelgroup and use the existing pool for new RA  and i have to do some filetring also. for the new RA i have to restrict access to a particualr server ,my existing RA have full access.
  so iam planning to create new local usernames for the new RA and new group policy with vpn-filter value access-list to apply for that user as below,  this will achive waht i need right??
  access-list 15 extended permit tcp any host 192.168.205.134 eq 80
  username test password password test
  username test attributes
  vpn-group-policy TEST
  vpn-filter value 15
  group-policy TEST internal
  group-policy TEST attributes
  dns-server value 192.168.200.16
  vpn-filter value 15
  vpn-tunnel-protocol IPSec
  address-pools value existing-pool
  tunnel-group RAVPN type ipsec-ra
  tunnel-group RAVPN general-attributes
  address-pool existing-pool
  default-group-policy TEST
  tunnel-group Payroll ipsec-attributes
  pre-shared-key xxx

• Remote access VPN with Cisco Router - Can not get the Internal Lan .

  Dear Sir ,
  I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .Please see the attachment for Scenario, Configuration and Ping status.
  I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
  Below is the IP address of the device.
  Local PC connect with Router -2 (Through MS Loopback) Router -2 Router-1 PC -01
  IP Address :10.10.10.2 Mask : 255.255.255.0 F0/01
  IP address:10.10.10.1
  Mask:255.255.255.0 F0/0
  IP Address :20.20.20.1
  Mask :255.255.255.0
  F0/1
  IP address :192.168.1.3
  Mask:255.255.255.0
  F0/0
  IP address :20.20.20.2
  Mask :255.255.255.0
  F0/1
  IP address :192.168.1.1
  Mask:255.255.255.0
  I can ping from local PC to the network 10.10.10.0 and 20.20.20.0 .Please find the attach file for ping status .So connectivity is ok from my local PC to Remote Router 1 and 2.
  Through Cisco remote vpn client, I can get connected with the VPN Router R1 (Please see the VPN Client pic.)But cannot ping the network 192.168.1.0
  Need your help to fix the problem.
  Router R2 Configuration :!
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname R2
  boot-start-marker
  boot-end-marker
  no aaa new-model
  memory-size iomem 5
  no ip icmp rate-limit unreachable
  ip cef
  no ip domain lookup
  ip auth-proxy max-nodata-conns 3
  ip admission max-nodata-conns 3
  ip tcp synwait-time 5
  interface FastEthernet0/0
  ip address 20.20.20.2 255.255.255.0
  duplex auto
  speed auto
  interface FastEthernet0/1
  ip address 10.10.10.1 255.255.255.0
  duplex auto
  speed auto
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  control-plane
  line con 0
  exec-timeout 0 0
  privilege level 15
  logging synchronous
  line aux 0
  exec-timeout 0 0
  privilege level 15
  logging synchronous
  line vty 0 4
  login
  end
  Router R1 Configuration :
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname R1
  boot-start-marker
  boot-end-marker
  aaa new-model
  aaa authentication login USERAUTH local
  aaa authorization network NETAUTHORIZE local
  aaa session-id common
  memory-size iomem 5
  no ip icmp rate-limit unreachable
  ip cef
  no ip domain lookup
  ip auth-proxy max-nodata-conns 3
  ip admission max-nodata-conns 3
  username vpnuser password 0 strongpassword
  ip tcp synwait-time 5
  crypto keyring vpnclientskey
  pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
  crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
  crypto isakmp client configuration group remotevpn
  key cisco123
  dns 192.168.1.2
  wins 192.168.1.2
  domain mycompany.com
  pool vpnpool
  acl VPN-ACL
  crypto isakmp profile remoteclients
  description remote access vpn clients
  keyring vpnclientskey
  match identity group remotevpn
  client authentication list USERAUTH
  isakmp authorization list NETAUTHORIZE
  client configuration address respond
  crypto ipsec transform-set TRSET esp-3des esp-md5-hmac
  crypto dynamic-map DYNMAP 10
  set transform-set TRSET
  set isakmp-profile remoteclients
  crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP
  interface FastEthernet0/0
  ip address 20.20.20.1 255.255.255.0
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  crypto map VPNMAP
  interface FastEthernet0/1
  ip address 192.168.1.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  ip local pool vpnpool 192.168.50.1 192.168.50.10
  ip forward-protocol nd
  ip route 10.10.10.0 255.255.255.0 FastEthernet0/0
  no ip http server
  no ip http secure-server
  ip nat inside source list NAT-ACL interface FastEthernet0/0 overload
  ip access-list extended NAT-ACL
  deny ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
  permit ip 192.168.1.0 0.0.0.255 any
  ip access-list extended VPN-ACL
  permit ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
  control-plane
  line con 0
  exec-timeout 0 0
  privilege level 15
  logging synchronous
  line aux 0
  exec-timeout 0 0
  privilege level 15
  logging synchronous
  line vty 0 4
  end

  Dear All,
  I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .
  Please see the attachment for Scenario, Configuration and Ping status. I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
  Waiting for your responce .
  --Milon

• Can ARD 3 be used for users who want to remote into a windows based server?

  I have a couple users at the company I work at who will need to be able to remote into our Windows Server. These users all have Macs and will have to go about remoting in differently. I have done some research on Apple Remote Desktop but i am unsure if it fits my users needs. If I have someone download and install this software on a mac, will they then be able to remote into a windows based server using an IP address? that is my goal in mind  could get some help on this one I'd appreciate it.
  Thanks,
  - Rich

  I'm referring to what windows can do via Remote Desktop connection.
  You open up the RDC dialog box, enter an external IP address (if working remotely) or a server name if working internally and connect right to the machine. Ideally i want my users to be able to log into our terminal server and be able to use a program remotely. they will have to log on to this server with company credentials. Basically from a mac, connecting up to a Windows Server and remotely logging into it to perform tasks.
  I'm really just trying to find an easy way to do this for my user's with MAC's since it is not as straightforward as in windows. I cannot test anything out at home since i do not own a mac so i come to the community to see if you guys have had the same kind of situation before.
  ARD was the first peice of software that looked like it might fit my needs but if it doesn't is there anything out there? is it for free or for a cost? any help is greatly appreciated. Thanks.
  - Rich

• Inside lan is not reachable even after cisco Remote access vpn client connected to router C1841 But can ping to the router inside interface and loop back interface but not able to ping even to the directly connected inside device..??

  Hii frnds,
  here is the configuration in my router C1841..for the cisco ipsec remote access vpn..i was able to establish a vpn session properly...but there after i can only reach up to the inside interfaces of the router..but not to the lan devices...
  Below is the out put from the router
  r1#sh run
  Building configuration...
  Current configuration : 3488 bytes
  ! Last configuration change at 20:07:20 UTC Tue Apr 23 2013 by ramana
  ! NVRAM config last updated at 11:53:16 UTC Sun Apr 21 2013 by ramana
  version 15.1
  service config
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname r1
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$6RzF$L6.zOaswedwOESNpkY0Gb.
  aaa new-model
  aaa authentication login local-console local
  aaa authentication login userauth local
  aaa authorization network groupauth local
  aaa session-id common
  dot11 syslog
  ip source-route
  ip cef
  ip domain name r1.com
  multilink bundle-name authenticated
  license udi pid CISCO1841 sn FHK145171DM
  username ramana privilege 15 secret 5 $1$UE7J$u9nuCPGaAasL/k7CxtNMj.
  username giet privilege 15 secret 5 $1$esE5$FD9vbBwTgHERdRSRod7oD.
  redundancy
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group ra-vpn
  key xxxxxx
  domain r1.com
  pool vpn-pool
  acl 150
  save-password
    include-local-lan
  max-users 10
  crypto ipsec transform-set my-vpn esp-3des esp-md5-hmac
  crypto dynamic-map RA 1
  set transform-set my-vpn
  reverse-route
  crypto map ra-vpn client authentication list userauth
  crypto map ra-vpn isakmp authorization list groupauth
  crypto map ra-vpn client configuration address respond
  crypto map ra-vpn 1 ipsec-isakmp dynamic RA
  interface Loopback0
  ip address 10.2.2.2 255.255.255.255
  interface FastEthernet0/0
  bandwidth 8000000
  ip address 117.239.xx.xx 255.255.255.240
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  crypto map ra-vpn
  interface FastEthernet0/1
  description $ES_LAN$
  ip address 192.168.10.252 255.255.255.0 secondary
  ip address 10.10.10.1 255.255.252.0 secondary
  ip address 172.16.0.1 255.255.252.0 secondary
  ip address 10.10.7.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  ip local pool vpn-pool 172.18.1.1   172.18.1.100
  ip forward-protocol nd
  ip http server
  ip http authentication local
  no ip http secure-server
  ip dns server
  ip nat pool INTERNETPOOL 117.239.xx.xx 117.239.xx.xx netmask 255.255.255.240
  ip nat inside source list 100 pool INTERNETPOOL overload
  ip route 0.0.0.0 0.0.0.0 117.239.xx.xx
  access-list 100 permit ip 10.10.7.0 0.0.0.255 any
  access-list 100 permit ip 10.10.10.0 0.0.1.255 any
  access-list 100 permit ip 172.16.0.0 0.0.3.255 any
  access-list 100 permit ip 192.168.10.0 0.0.0.255 any
  access-list 150 permit ip 10.10.7.0 0.0.0.255 172.18.0.0 0.0.255.255
  access-list 150 permit ip host 10.2.2.2 172.18.1.0 0.0.0.255
  access-list 150 permit ip 192.168.10.0 0.0.0.255 172.18.1.0 0.0.0.255
  control-plane
  line con 0
  login authentication local-console
  line aux 0
  line vty 0 4
  login authentication local-console
  transport input telnet ssh
  scheduler allocate 20000 1000
  end
  r1>sh ip route
  Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route, + - replicated route
  Gateway of last resort is 117.239.xx.xx to network 0.0.0.0
  S*    0.0.0.0/0 [1/0] via 117.239.xx.xx
        10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
  C        10.2.2.2/32 is directly connected, Loopback0
  C        10.10.7.0/24 is directly connected, FastEthernet0/1
  L        10.10.7.1/32 is directly connected, FastEthernet0/1
  C        10.10.8.0/22 is directly connected, FastEthernet0/1
  L        10.10.10.1/32 is directly connected, FastEthernet0/1
        117.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  C        117.239.xx.xx/28 is directly connected, FastEthernet0/0
  L        117.239.xx.xx/32 is directly connected, FastEthernet0/0
        172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
  C        172.16.0.0/22 is directly connected, FastEthernet0/1
  L        172.16.0.1/32 is directly connected, FastEthernet0/1
        172.18.0.0/32 is subnetted, 1 subnets
  S        172.18.1.39 [1/0] via 49.206.59.86, FastEthernet0/0
        192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
  C        192.168.10.0/24 is directly connected, FastEthernet0/1
  L        192.168.10.252/32 is directly connected, FastEthernet0/1
  r1#sh crypto isakmp sa
  IPv4 Crypto ISAKMP SA
  dst             src             state          conn-id status
  117.239.xx.xx   49.206.59.86    QM_IDLE           1043 ACTIVE
  IPv6 Crypto ISAKMP SA
  r1 #sh crypto ipsec sa
  interface: FastEthernet0/0
      Crypto map tag: giet-vpn, local addr 117.239.xx.xx
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
     remote ident (addr/mask/prot/port): (172.18.1.39/255.255.255.255/0/0)
     current_peer 49.206.59.86 port 50083
       PERMIT, flags={}
      #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
      #pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 2
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 0, #recv errors 0
       local crypto endpt.: 117.239.xx.xx, remote crypto endpt.: 49.206.xx.xx
       path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
       current outbound spi: 0x550E70F9(1427009785)
       PFS (Y/N): N, DH group: none
       inbound esp sas:
        spi: 0x5668C75(90606709)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel UDP-Encaps, }
          conn id: 2089, flow_id: FPGA:89, sibling_flags 80000046, crypto map: ra-vpn
          sa timing: remaining key lifetime (k/sec): (4550169/3437)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0x550E70F9(1427009785)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel UDP-Encaps, }
          conn id: 2090, flow_id: FPGA:90, sibling_flags 80000046, crypto map: ra-vpn
          sa timing: remaining key lifetime (k/sec): (4550170/3437)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       outbound ah sas:
       outbound pcp sas:

  hi  Maximilian Schojohann..
  First i would like to Thank you for showing  interest in solving my issue...After some research i found that desabling the " IP CEF" will solve the issue...when i desable i was able to communicate success fully with the router lan..But when i desable " IP CEF "  Router cpu processer goes to 99% and hangs...
  In the output of " sh process cpu" it shows 65% of utilization from "IP INPUT"
  so plz give me an alternate solution ....thanks in advance....

• 4150L - Works on web, but can not connect via VPN or Remote Desktop

  Recently purchased a 4150L and installed the latest firmware.  We have been able to access all public websites without any problems.  But, when we try and access our customers computers via VPN (various types) or Remote Desktop, we can't connect.  We can sign-in to VPN, but when we try and access the computer, it says "can't connect".  Exact same message with Remote Desktop.   We are able to connet when use a Verizon phone as a hotspot and from every other internet service that we have tried (i.e. hotels, starbucks, etc.)   It appears it is an issue with the 4150L.
  Verizon Tech Support has been no help!
  All ideas are appreciated!
  Thanks,
  Skip

  Skip,
  VPN traffic should be allowed through on the MiFi 4510L by default.  I know I do not have any issues with mine on either the Cisco IPSec or Cisco SSL VPN Clients.
  If Verizon DNS is interferring then perhaps you could try to connect to your VPN via a direct IP Address instead of a URL.  Not sure what VPN client you have but there should be a No DNS option to connect if you know the correct IP.  You could also try switching your DNS to one of the free ones such as the one offered by Google or any of the others.
  VPN's carry alot of overhead on existing connections in my experience.  Its not untypical to have a 3G connection cut in half when a VPN is applied.  Try running a speed test to make sure your connection is atleast 1 MB on download before initiating a connection.  If the performance of the MiFi is too poor in that area it may never be stable enough to support a connection.  Feel free to post some Speedtest.net averages so we can see what you are working with.
  Something to note about the MiFi 4510L is that it is on the SIM card network.  That means that NAT is always going to be an issue and block your users from providing a truely public IP Address.  Directly remoting to them through any means will be nearly impossible.

• Macbook pro retina display doesn't work occasionally. Random restarts. I can remote into the computer when display isn't working correctly

  I have some issue with my 2012 Macbook Pro Retina. The screen intermittently decides to just not work. Sometimes on startup i hear the start up noise but the screen doesn't turn on. I am able to remote into the computer when the screen doesn't work. I can't seem to find any rhyme or reason as to when it works and when it doesn't. I've reset the PRAM and SMC sometimes that will bring the screen back sometimes not.
  Any ideas?

  You can try the Apple Hardware test, not definitive by any means, especially intermittent problems, but it is a start.
  AHT  http://support.apple.com/kb/HT1509
  I think i would take it in for a free  'Apple Service Diagnostics' test
  Genius reservation http://www.apple.com/retail/geniusbar/
  on-line https://getsupport.apple.com/GetproductgroupList.action
  check warranty https://selfsolve.apple.com/agreementWarrantyDynamic.do

• Can i remote from my windows desktop into my ios 7

  Am I able to use a remote application, such as Teamview from my windows 8 OS to IOS 7 macbook pro?  Thank you.

  Gail thank you so much.  First to the gentleman who corrected me inappropriately.  I am a newbie to the Apple Family/ World.  I am a newbie senior adult to the technical terms. 
  I own a 15" MacBook Pro my operating system is Lion  Vs 7.
  I am familiar with remoting into my Windows 8 desktop ( utilizing TeamViewer free remote program).  I have a friend who purchased  a MacBookPro and wanted to remote from my Windows desktop into their Mac for tech support.  I.e. setting up the Apple Setting Preferences.
  SInce I am unfamiliar with remoting Mac-to-Mac ....I reached out to this forum.   I sincerely appreciate the quick feedback.
  Again ......Thx Gail from Maine...., I'm interested in any and all tutorials!

• Remote Access VPN authentication through RADIUS

  Hi,
  I have configured remote access VPN (IPsec) in my Cisco ASA . Before there was only single username & password to for VPN client. Now I am planning to give access through RADIUS server. I have configured RADIUS server in WIN 2003 server.
  Server configuration:
  1) Administrative Tools > Internet Authentication Service and right-click on RADIUS Client to add a new RADIUS client with ip address of CISCO ASA (inside interface).
  2) Remote Access Policies, right-click on Connections to Other Access Servers, and select Properties.
  3) check Grant Remote Access Permissions is selected.Click Edit Profile and check these settings:On the Authentication tab, check Unencrypted authentication (PAP, SPAP), MS-CHAP,and MS-CHAP-v2.On the Encryption tab, ensure that the option for No Encryption is selected.Click OK when you are finished.
  4.Select Administrative Tools > Computer Management > System Tools > Local Users and Groups, right-click on Users and select New Users to add a user into the local computer account.Add a user and check this profile information:On the General tab, ensure that the option for Password Never Expired is selected instead ofthe option for User Must Change Password.
  On the Dial-in tab, select the option for Allow access
  ASA configuration:
  aaa-server vpn protocol radius
  aaa-server vpn host 10.155.20.25 (RADIUS server IP )
  key cisco321
  tunnel-group vpnacc type ipsec-ra
  tunnel-group vpnacc general-attributes
  authentication-server-group vpn
  but it is not working. Please guide to resolve this issue.
  Regards,
  som

  Also, take a look at your logs on the windows server, and try debugging the asa. Try running wireshark or network monitor on the windows server to see if the requests are coming in. You should be able to figure out pretty quickly what is going on by debugging aaa on the asa and/or checking the logs on the server. Make sure the service is running on the windows box. Make sure that something stupid like windows firewall isnt blocking the connection. You can turn on debugging by typing "debug aaa" and type "logging console debugging" and "term mon". You can test aaa by typing "test aaa-server authentication vpn host x.x.x.x username someusername password somepassword"
  Hopefully this will lead you in the right direction. Oh, one more thing, when you are done, don't forget to turn off the debug by typing "undebug all". Another word of warning, running debugs on a production firewall should be done at your own risk, it is very easy to overwhelm a device to the point it stops responding by running debugs.