RRAS Remote Access AAARRGGHH
Hi can someone please help me please!!!!
I have a Linksys WRT54GS v6 model of router connected to a Cable/DSL modem. I also have a PC running Win2k3 which connects to the router by cat5 ethernet cables.
What I am trying to do is configure in Win2k3 the RRAS aspect so that I can VPN onto it from another location via the router. Now when I didnt have the router it was no problem, I just configured the RRAS console as a VPN server, with my 2 NIC cards, 1 connected to a public address, (issued by my ISP, via DHCP) the other to my LAN and it was all hunky dory.
The VPN server then allocated an IP address to my remote client from a static pool I had set up.
So when I got this router, I first of all gave it a different static local address within my LAN for security 192.168.12.1, turned it off as a DHCP server (instead of 192.168.1.1), my Win2k3 machine has a static address also (192.168.12.2)
2 things, occured, from my WIn2k3 machine I cannot access the internet via the router now.(but i can directly via the modem), and secondly, I cannot establish a VPN connection from a remote location, even though I have set up in the port forward facility all of the relevant ports to go to my RRAS at IP address 192.168.12.2 .
Does anyone have any ideas? Is this even possible? I know that when I just had Win2k3 configured I had NAT configured, which I believe the box is taking care of now, but I would have thought as seeing as thought I had port forwarding set up and also the options of IPSEC, PPTP passthrough allowed, it should work as well as NAT turned off within RRAS, it should still work.
Please help as Im stuck!!!!!
Thanks in advance for any offers of advice
well...the VPN connection is not working as u do not have the router configured for the internet connection.....
so, if u have a cable connection , go to the router ui and go to the "mac address clone" subtab , enable it and click "clone"..save the settings and do a power cycle
go to the "status" tab and check whether u have any internet ip address....if u have a valid one,try out the internet connection....
if u have a dsl connection, bridge the modem and set up a PPPoE connection on the router....
Similar Messages
-
Routing and Remote Access Logs (Windows Server 2008 R2)
Hi,
I have a Windows 2008 R2 server running Routing and Remote access and users are using PPTP VPN's to connect to our network.
I have been asked to find logs for the following for connections in to our server
Username used for connection
Computer Name
IP Address used by computer connecting
Start/End time of VPN session
Date
Encryption used
I found an article stating to enable RRAS logs you need to run the following command
To enable RAS logs run command “netsh ras set tracing * enabled” and found a series of logs created in this location C:\Windows\tracing
None appear to contain the information I am looking for and was wondering if I was doing this correctly and if not how I am meant to extract this information?
If you require any more details just let me know.
Kind Regards
DavidHi,
I can’t sure which article you have read, but fur the 2008R2 the RAS to enable the log and the debug log in the KB is descried like this, I recommend you to try the KB
mentioned method.
To configure RRAS to enable logging
1. Start Server Manager. Click Start, click Administrative Tools, and then click Server Manager.
2. In the navigation tree, expand Roles, and then expand Network Policy and Access Services.
3. Right-click Routing and Remote Access, and then click Properties.
4. On the Logging tab, select Log errors only, Log errors and warnings, or Log all events, depending on how much information you want to capture.
5. Click OK to save your changes.
The related KB:
RRAS: Logging should be enabled on the RRAS server
http://technet.microsoft.com/zh-cn/library/ee922651(v=ws.10).aspx
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
I install "routing and remote access" into Window Server and make it work as a firewall.
When connections are accepted or denied at firewall, would you tell me if the firewall can output the logs ?
If that function can, would you tell me how to configure ?
Thanks.Hi Kohenro31,
I'm a little confused about configuring RRAS to work as firewall, cause we usually deploy RRAS as VPN connection, router etc, would you please post more information in detail?
Routing and Remote Access Service:
http://technet.microsoft.com/en-us/library/cc754634(v=ws.10).aspx
In addition, to view firewall event logs please check this article:
Viewing Firewall and IPsec Events in Event Viewer:
http://technet.microsoft.com/en-us/library/ff428140(v=WS.10).aspx
To enable RRAS logs, please check this article:
Enabling logs for RRAS:
http://blogs.technet.com/b/rrasblog/archive/2005/12/22/enabling-logs-for-rras.aspx
If I have any misunderstanding, please let me know.
Best Regards,
Anna Wang -
Routing and remote access logging to SQL server
Hi!
I am in the process of trying to set up SQL logging from routing and remote access on a windows server 2003 to another windows server 2003 which is running microsoft SQL server 2005.
What i did was i created a database named RRAS in the sql server and in routing and remote access i went under remote access logging and configured it, when i press "test connection" it says its successful. and when i check the local logfile i successfully
configured i can see my connection attempts towards the RRAS. but in the sql database there's nothing, no tables or anything.
I am sure i have the right permissions going on since i have only been using one account for everything so far(created the rras and the sql database), the SQL server is operational(it has a myriad of other databases that are used on a dailybasis).
So i am wondering what component is missing? do i need to create the tables manually, is there a guide that tells me how to do that?
Hi Plindgren,
Thanks for posting here.
May in know which fields we’ve created for this table ?
Please take look the link below and recheck the database settings:
Key concepts for IAS SQL Server logging
http://technet.microsoft.com/en-us/library/cc778830(WS.10).aspx
For more information please also refer to the link below:
Deploying SQL Server Logging with Windows Server 2003 Internet Authentication Service (IAS)
http://technet.microsoft.com/en-us/library/cc776712(WS.10).aspx
Thanks.
Tiger Li
Tiger Li
TechNet Community Support -
Routing and Remote Access Server 2012 r2 Help
Hi all, I just setup a new 2012 R2 server with DHCP, DNS and Routing and Remote Access. When a user logs in to the VPN the DHCP is assigning the wrong IP address. My DHCP Scope is 10.0.10.100 to 10.0.10.199 but it's setting it to 169.254.X.X.
How do I fix this.169.254.x.x are APIPA addresses which are allocated when the guest cannot see the DHCP server/allocator. Basically there is something wrong with your RRAS setup.
You should never run a remote access server on a DC. It will give you all sorts of name resolution problems. As soon as a client connects, the server acquires an additional IP for the VPN connection and the DC is multihomed. That has been a problem
since NT days and still is.
Bill -
Routing and Remote access can cause cluster network issues?
After enabling routing and remote access on the servers, we found lots of cluster issues on our server like<o:p></o:p>
Cluster Service stopped
Communication was lost and reestablished between cluster nodes
Unable to access witness resource
Cluster resource failed
can RRAS enabling causes cluster network issues?
RahulHi TwoR,
Please offer more information about your current cluster and RRAS configuration, such as are you installed the RRAS role on any cluster node? Are your cluster in Hyper-V environment?
Or if you want to create the RRAS cluster you can refer the following KB:
Deploy Remote Access in a Cluster
http://technet.microsoft.com/en-us/library/jj134175.aspx
How to configure Network Load Balancing (NLB) based cluster of VPN Servers
http://blogs.technet.com/b/rrasblog/archive/2009/07/02/configuring-network-load-balancing-nlb-cluster-of-vpn-servers.aspx
I’m glad to be of help to you!
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Routing and Remote Access VPN DHCP error
I have a strange problem.
I have a client that is using Server 2012 Standard.
On this server they have Routing and Remote Access configured for VPN client access. Their users that are working outside the office connect to the VPN to access the internal network.
The VPN works fine for the most part. Recently however, it has started having issues.
Periodically (about once every 8 days) I will hear from them that they cannot connect and that they get error 720. I will check the server and the server will have the following errors in the event log:
Warning: No IP address is available to hand out to the dial-in client.
If you check DHCP the server is running fine and will hand out local addresses but it will not hand out addresses to VPN clients. Also the addresses that it HAS previously handed out to VPN clients will not show in the address leases.
The solution strangly enough is to disconnect and reconnect a the VPN client connection that the server has connecting it to a offsite server that it does a SQL sync with.
Any ideas as to what might be causing this? If need be I can post more detailed logs but I am not sure what logs even to post or what data to collect.
Any help is greatly appreciated.I am experiencing the same issue on a Windows 2008R2 SP1 RAS server. The above statement About increasing the lease time on DHCP does not resolve the problem.
I am also Searching for a Solutions to this issue.
Up to now I have done the Following :
1. Increased the scope/ cleared IP's in DHCP.
2. Ensure that the DHCP server is accessable.
3. Created a Manual Scope on RRAS configurations settings (then clients can connect but cannot access resources on the network). Changing Back to DHCP, you recieve the same 720 Error.
4. Stop and started the DHCP services on the DHCP Server.
5. Stop and Started RRAS Services on RRAS server.
The Only Indication is, that DHCP for some reason does not lease out Addresses to the RRAS server.. -
Windows 2012 routing and remote access service with same subnet
I have internal server IP range -192.168.1.0/24
Windows routing and remote access service with vpn client IP -192.168.11../22
client side IP subnet is -192.168.1.0/24
So we wan routing \ NATING between 192.168.1.0/24 to 192.168.11.0/22 so if vpn user try to ping 192.168.11.5 it should internally forward all request to 192.168.1.5
<p>Don't forget to mark helpful or answer</p> <p>connect me :-</p> <p>http://in.linkedin.com/in/satya11</p> <p>http://facebook.com/satya.1000</p>Hi,
According to your description, my understanding is that VPN client and internal network has the same IP range -192.168.1.0/24. And you want to transfer internal network from IP address 192.168.1.0/24 to 192.168.11.0/22.
Agree with Charles David’s point of view. The easiest way to fix routing confusion would be to either change the VPN subnet or the VPN client subnet.
Or, if you configure Windows Server(RRAS) as VPN server, you may enable NAT to transfer internal IP address:
1. Open RRAS, add NAT.
2. New interface to NAT and configure it as public interface.
3. Open Address Pool tab, add IP address range 192.168.11.0/22.
4. Click Reservations, add reserved IP(192.168.11.0/22) and corresponding internal IP(192.168.1.0/24) one by one.
This would be a lot of workload. Besides, you may use 3rd party devices to transfer subnet IP addresses.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Remote Access VPN Clients Cannot Access inside LAN
I have been asked to set up remote access VPN on an ASA 5505 that I previously had no invlovement with. I have set it up the VPN using the wizard, they way I normally do, but the clients have no access to anything in the inside subnet, not even the inside interface IP address of the ASA. Thay can ping each other. The remote access policy below that I am working on is labeled VPNPHONE, address pool 172.16.20.1-10. I do not need split tunneling to be enabled. The active WAN interface is the one labeled outside_cable.
: Saved
ASA Version 8.2(1)
hostname ASA5505
domain-name default.domain.invalid
enable password eelnBRz68aYSzHyz encrypted
passwd eelnBRz68aYSzHyz encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group dataDSL
ip address 76.244.75.57 255.255.255.255 pppoe
interface Vlan3
nameif dmz
security-level 50
ip address 192.168.9.1 255.255.255.0
interface Vlan10
nameif outside_cable
security-level 0
ip address 50.84.96.178 255.255.255.240
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 10
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit intra-interface
object-group service Netbios udp
port-object eq 139
port-object eq 445
port-object eq netbios-ns
object-group service Netbios_TCP tcp
port-object eq 445
port-object eq netbios-ssn
object-group network DM_INLINE_NETWORK_1
network-object host 192.168.100.177
network-object host 192.168.100.249
object-group service Web_Services tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
object-group network DM_INLINE_NETWORK_10
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_11
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_2
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_3
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_4
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_5
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_6
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_7
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_8
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_9
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network VPN
network-object 192.168.255.0 255.255.255.0
access-list outside_access_in extended permit icmp any host 76.244.75.61
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp-data
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq https
access-list dmz_access_in remark Quickbooks
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_6 host 192.168.100.5 eq 56719
access-list dmz_access_in remark Quickbooks range
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_7 host 192.168.100.5 range 55333 55337
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_8 host 192.168.100.5 eq 1434
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_9 host 192.168.100.5 eq 49398
access-list dmz_access_in remark QB
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_10 host 192.168.100.5 eq 8019
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_2 host 192.168.100.5 eq 2638
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_11 host 192.168.100.5 object-group Netbios
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 host 192.168.100.5 object-group Netbios_TCP
access-list dmz_access_in extended deny ip host 192.168.9.4 host 192.168.100.5 inactive
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_4 any
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_5 any
access-list dmz_access_in remark Printer
access-list dmz_access_in extended permit ip 192.168.9.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list dmz_access_in extended permit tcp 192.168.9.0 255.255.255.0 any object-group Web_Services
access-list dmz_access_in extended permit udp 192.168.9.0 255.255.255.0 any eq domain
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.255.0 255.255.255.0 echo-reply
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.100.0 255.255.255.0 echo-reply log disable
access-list dmz_access_in remark QB probably does not need any udp
access-list dmz_access_in extended permit udp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark QB included in other rule range
access-list dmz_access_in extended permit tcp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark May be required for Quickbooks
access-list dmz_access_in extended permit icmp host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.100.5 host 192.168.9.4
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.10.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.20.0 255.255.255.240
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.9.0 255.255.255.0
access-list dmz_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list outside_cable_access_in extended permit icmp any host 50.84.96.182
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp-data
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq https
access-list Local_LAN_Access standard permit host 0.0.0.0
access-list vpnusers_spitTunnelACL extended permit ip 192.168.100.0 255.255.255.0 any
access-list nonat-in extended permit ip 192.168.100.0 255.255.255.0 172.16.20.0 255.255.255.0
pager lines 24
logging enable
logging buffered informational
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu outside_cable 1500
ip local pool VPN_IP_range 192.168.255.1-192.168.255.10 mask 255.255.255.0
ip local pool VPN_Phone 172.16.20.1-172.16.20.10 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (outside) 10 interface
global (outside_cable) 10 interface
nat (inside) 0 access-list nonat-in
nat (inside) 10 0.0.0.0 0.0.0.0
nat (dmz) 0 access-list dmz_nat0_outbound
nat (dmz) 10 0.0.0.0 0.0.0.0
static (inside,outside) 76.244.75.62 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.61 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.59 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.58 192.168.9.4 netmask 255.255.255.255 dns
static (inside,dmz) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
static (dmz,outside) 76.244.75.60 192.168.9.10 netmask 255.255.255.255 dns
static (inside,outside_cable) 50.84.96.183 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.182 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.180 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.179 192.168.9.4 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.181 192.168.9.10 netmask 255.255.255.255 dns
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz
access-group outside_cable_access_in in interface outside_cable
route outside_cable 0.0.0.0 0.0.0.0 50.84.96.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.100.0 255.255.255.0 inside
http 204.107.173.0 255.255.255.0 outside
http 204.107.173.0 255.255.255.0 outside_cable
http 0.0.0.0 0.0.0.0 outside_cable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_cable_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_cable_map interface outside_cable
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp enable outside_cable
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 192.168.100.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh 204.107.173.0 255.255.255.0 outside
ssh 204.107.173.0 255.255.255.0 outside_cable
ssh 0.0.0.0 0.0.0.0 outside_cable
ssh timeout 15
console timeout 0
vpdn group dataDSL request dialout pppoe
vpdn group dataDSL localname [email protected]
vpdn group dataDSL ppp authentication pap
vpdn username [email protected] password *********
dhcpd address 192.168.100.30-192.168.100.99 inside
dhcpd dns 192.168.100.5 68.94.156.1 interface inside
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy cad_supplies_RAVPN internal
group-policy cad_supplies_RAVPN attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value cad_supplies_RAVPN_splitTunnelAcl
group-policy VPNPHONE internal
group-policy VPNPHONE attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec
split-tunnel-policy excludespecified
split-tunnel-network-list value Local_LAN_Access
client-firewall none
client-access-rule none
username swinc password BlhBNWfh7XoeHcQC encrypted
username swinc attributes
vpn-group-policy cad_supplies_RAVPN
username meredithp password L3lRjzwb7TnwOyZ1 encrypted
username meredithp attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username ipphone1 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone1 attributes
vpn-group-policy VPNPHONE
username ipphone2 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone2 attributes
vpn-group-policy VPNPHONE
username ipphone3 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone3 attributes
vpn-group-policy VPNPHONE
username oethera password WKJxJq7L6wmktFNt encrypted
username oethera attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username markh password nqH+bk6vj0fR83ai0SAxkg== nt-encrypted
username markh attributes
vpn-group-policy cad_supplies_RAVPN
tunnel-group DefaultRAGroup general-attributes
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group cad_supplies_RAVPN type remote-access
tunnel-group cad_supplies_RAVPN general-attributes
address-pool VPN_IP_range
default-group-policy cad_supplies_RAVPN
tunnel-group cad_supplies_RAVPN ipsec-attributes
pre-shared-key *
tunnel-group VPNPHONE type remote-access
tunnel-group VPNPHONE general-attributes
address-pool VPN_Phone
default-group-policy VPNPHONE
tunnel-group VPNPHONE ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 1500
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:8b25ecc61861a2baa6d2556a3679cc7c
: endHi,
You have your "group-policy" set so that you have excluding some networks from being tunneled.
In this access-list named Local_LAN_Access you specify "0.0.0.0"
Doesnt this mean you are excluding all networks from being tunneled? In other words no traffic goes to your tunnel.
This access-list should only contain your local LAN network from where you are connecting with the VPN Client. If you dont need to access anything on your local LAN while having the VPN on, you don't even need this setting on. You could just tunnel all traffic instead of excluding some networks.
- Jouni -
Is there a way of remote accessing 'Games and More' on a mobile?
I am new to the forum, please excuse me if I am in the wrong space!
Is there a way of remotely accessing/executing Java applications that are residing in the 'Games and More.' folder on a mobile device?
e.g. Java application is downloaded into 'Games and More' and there is a requirement to execute the program from an ODP (On-Device-Portal). The ODP is external to the 'Games and More' folder but within the same mobile device.
Many thanks
IanIVM wrote:
Is there a way of remotely accessing/executing Java applications that are residing in the 'Games and More.' folder on a mobile device? No.
db -
How to set up my elderly parent with Mac so that I can use remote access to help her?
I want to set my elderly mother up with a new Mac mini so that I can use remote access to show her how use email, browse the internet, share photos. (She lives in KY, I live in OR)
She has had an iPhone and an iPad for about 6 months and she can barely use them without becoming frustrated. I want to be able to see her screen with her and show her how to do things.
My plan is to set her up with a Mac mini and I'll use my MacBookAir to remote into her system. I'm buying the mini to configure and then I'll mail it to her.
My question is whether to try to use Back to My Mac or Teamviewer for remote access
I have broadband with comcast and she has broadband with Access Cable. Each have their company modem/routers--neither of us have Airport Express.
I have my own iCloud account and she has her own. If I use Back to My Mac, it seems that I would need to set up a separate account on my Mac that would sync to her iCloud account.
Teamviewer seems easier because I don't have to use a separate account. Any advice? Anything that I'm not thinking about?As Linc says, you can establish a Screen Sharing session via iMessage and Facetime. The advantage of these 2 approaches is that once your Mom gets used to using them, she will be more comfortable using them to communicate with you. I've talked to my Mom via iChat (aka iMessage) more since she learned to use them, then in all the years before that (including when I was a child ). And just being able to see your Mom via Facetime can be useful when you want to gage how she is doing.
However, if you are any distance from your Mom, they you want backup methods incase something goes wrong.
So beside iMessage/Facetime, the next best would be Back-to-My-Mac via iCloud, however, you will want to establish her Mac as using your account so that you have the right to take control remotely.
An alternative that does not mix up your iCloud acounts would be to use TeamViewer.com (which has an unattended mode so you can do off-hour maintenance when your Mom is not around; or check up on her to find out if she is dating - Turns out if I had been paying attention, I would not have been blind-sided by my Mom getting Married again last Summer - she is in her 80's! ).
LogMeIn.com, as dwb says, can be used the same was as TeamViewer.com
Both LogMeIn.com and TeamViewer.com are very good at making it easy to get through the home router and if you are having any problems connecting using other Methods, TeamViewer.com or LogMeIn.com will most likely not have any issues.
Back-to-My-Mac allows screen sharing and file sharing so you can transfer files as well as control the screen.
Screen Sharing via Messages allows cooperative file transfer. That is to say, you can try pushing a file to your Mom, but she has to accept each transfer.
TeamViewer.com has an unattended file transfer mode.
LogMeIn.com requires the paid version to transfer files. However, there are other ways to transfer files, such as downloading them from the original source on your Mom's system while using screen sharing, using Dropbox (or similar), emailing them, etc...
Of course if you are really network savvy, you can roll your own via ssh tunnels, port forwarding routers, getting dynamic DNS names, transferring files via scp, or tunneling AFP file sharing, tunneling your screen sharing sessions. Lots of fun and excitement playing with terminal commands -
Remote Access Question...
Is there a remote access app with which I can open media on a computer or laptop in the apps that support said media or files on my iPad, email these files as a link, email compatable sizes as an attachment, save compatable types to camera roll, Print, view, play, listen to, and read?
You can use email to send files to your iPad. But the best way to transfer photos, music, documents etc. is to use iTunes on your computer. See page 40 of the iPad User's Manual for information on syncing your iPad using iTunes. The manual is here
http://support.apple.com/manuals/#ipad -
Remote access to Time Capsule won't work
Over the past couple of months I've been doing lots of research and planning into replacing my Mac Pro and old MacBook Pro with a new Mac setup. I was looking for efficiency, productivity and ultimate portability so the Macbook Pro Retina and Time Capsule grabbed my attention.
I was interested in the MacBook Pro Retina for work (travel) and home leisure use. Due to having so much music and video iTunes content, I was interested in purchasing a Time Capsule and a secondary external hard drive, placing all my iTunes content on the Time Capsule which I would then back up to the external hard drive when I was at home. I would then setup Time Capsule to be accessible over the internet so that I could view my media content through iTunes wherever in the world I was (internet speeds permitting of course). By doing this I could carry only my work files with me on the 512GB SSD Macbook Pro Retina, but could access the Time Capsule media files remotely, either via wi-fi or by tethering my iPhone 5.
So I purchased a Time Capsule to test my theory. I followed online guidance on how to achieve such a setup and using my 2008 MacBook Pro (which runs Snow Leopard) and a friends internet connection I got the system to work. I was able to remotely contact Time Capsule and watch High Def video content via wireless internet and even tethered to my iPhone. So I went and purchased a Macbook Pro Retina (running Mountain Lion) and set about setting up the system in the same way. But this is where something's gone wrong. I can't connect to the Time Capsule over the internet at all.
The Air Port utility has been updated to version 6 which is lacking the ability to instruct the Time Capsule to "Allow access over WAN". I thought I'd make sure it still connected via the internet using my old MacBook Pro, which had definitely worked perfectly just a couple weeks earlier, and that won't work either. I can't find the option to "Allow access over WAN" within Airport Utility 5.6.1 either? And the simple apple script application that I wrote (following an online guide) to open the remote connection to Time Capsule with the double left click on an icon has stopped working too.
I don't pretend to be a network engineer and I'm no I.T. expert, though I usually manage to teach myself what I need to know to sort issues like this out, but this has gotten me really stumped! I tried downloading an old version of Airport Utility to see if that had the "Allow access over WAN" feature (within the 'Disks' > 'File Sharing' area of Airport Utility) but my Mac OS won't allow the old versions to run.
Perhaps the version of Airport Utility I used on my Macbook Pro a couple of weeks ago didn't have the "Allow access over WAN" check box either and I just didn't notice - which is likely unless Airport Utility updates itself in the background without any prompts etc. I certainly didn't notice a software update for it any time over the past few days. Either way, I don't understand how it could have been working a few days back and now it's suddenly not.
I used this guides to gain remote access to Time Capsule successfully just a couple of weeks ago:
http://www.youtube.com/watch?v=SIQ7SzA1cK4
Can anyone shed any light on the issue and point me toward a fix please? I'd appreciate the help.Thanks LaPastenague. I'm not sure if I have a static IP but I can confirm it hasn't changed in the past month.
I've pretty much come to the conclusion that what I want to do isn't really possible using Time Capsule. Like I mentioned, I had remote access working a couple of weeks ago but it seems like apple have updated the firmware or airport software to remove something that was necessary to remotely connect in the same way. And even if I did get it working I think it would still be so restrictive, requiring a fast wifi or mobile phone tethered connection to view my media files over the internet.
I got connected via iCloud and B.T.M.M. but the connection was very slow and video wouldn't stream well at all (painful). It seems that the speed constraints would make it very frustrating each time I simply wanted to look through my vast iTunes music collection or movie library. Album covers won't appear either.
Even if it were possible to connect via a static IP I just don't think that the WAN connection would be stable or fast enough to offer an efficint solution(?), so I'll probably have to by an external portable HD and use Time Capsule for Time Machine and Printer Sharing.
I wish I could stream my iTunes movies and music successfully over the internet, but right now it just doesn't seem possible. -
Cannot login to Cisco Jabber 10.5.1 over Mobile and Remote Access
Hi,
We have deployed sucessfully VCS Expressway-C and VCS Expressway-E with only 1 zone which is "Unified Communication Traversal" and is for Mobile and Remote Access only. VCS-C and VCS-E are communicating and in statuses everything is active and working. Also VCS-C can communicate with CUCM and CUP (both version 10.5).
Problem is when I deploy Cisco Jabber 10.5.1 on computer outside of LAN and without VPN it start communicating with VCS-E, ask me for accepting certificate (we have certificate only intenally generated on Windows CA) and after that it is trying to connect and after few seconds it will tell me that it can't communicate with server.
Did any of you had same problem or can you advice how to troubleshoot? In Jabber logs there is only something like "Cannot authenticate" error message, but when I startup VPN I can authenticate without any problems.
ThanksOn Expressway-C are your HTTP Allow Lists setup properly? By default, and auto discovered CUCM and IMP should be listed via IP and Hostname, but if not, you'll need to insert manually.
Also, you can look at the config file your Expressway-E would be handing out to Jabber via this method.
From the internet, browse to:
https://vcse.yourdomain.com:8443/Y29sbGFiLmNvbQ/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin
Where:
vcse is your Expressway-E hostname (or CNAME/A record)
yourdomain.com is your own domain
The first directory is your Base64 encoded domain name, remove and trailing equal signs (=)
The XML returned is basically the DNS SRV record information available as if internal for _cisco-uds and _cuplogin
TFTP DNS SRV is optional if you configured TFTP in IMP for your Legacy Clients. -
Remote access vpn connects to 5505 but cannot ping any servers
I have a cisco 5505 and am trying to configure it with ASDM 6.4.
My vpn client connects ok to the network but I am unable to reach any of the servers.
I'm sure its a simple configuration issue as I don't have much experience with Cisco configuation.
Any suggestions on where to look would be much appreciated.
Thanks in advance
GrahamThanks Jennifer.
Running config:
Cryptochecksum: 21ec6d8c 73515258 ed808b45 e154b1c6
: Saved
: Written by admin at 17:42:19.318 GMT/IDT Thu Sep 20 2012
ASA Version 8.2(5)
hostname IS-18241
enable password p2SKmVPuBXX32cE encrypted
passwd 2KFnbXXKXX encrypted
names
name 78.129.xxx.xx IS-18223_External
name 192.168.100.2 IS-18223_Internal
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
nameif Inside
security-level 100
ip address 192.168.100.1 255.255.255.0
interface Vlan2
nameif Outside
security-level 0
ip address 78.129.xxx.xx 255.255.255.0
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone GMT/IST 0
clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list basic extended permit tcp any any eq 3389
access-list basic extended permit tcp any any eq ssh
access-list basic extended permit tcp any any eq www
access-list basic extended permit tcp any any eq 902
access-list basic extended permit tcp any any eq https
access-list basic extended permit icmp any any
access-list allow extended permit ip any any
access-list Inside_nat0_outbound extended permit ip any host IS-18223_Internal
access-list SplitTunnel standard permit 192.168.100.0 255.255.255.0
access-list Inside_nat_outbound extended permit ip 192.168.100.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
mtu Inside 1500
mtu Outside 1500
ip local pool RemoteAddressPool 192.168.100.100-192.168.100.150 mask 255.255.255.128
icmp unreachable rate-limit 1 burst-size 1
asdm location IS-18223_External 255.255.255.255 Inside
asdm location IS-18223_Internal 255.255.255.255 Inside
no asdm history enable
arp timeout 14400
global (Inside) 1 interface
global (Outside) 1 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 1 access-list Inside_nat_outbound
static (Inside,Outside) IS-18223_External IS-18223_Internal netmask 255.255.255.255
access-group allow in interface Inside
access-group allow out interface Inside
access-group basic in interface Outside
access-group allow out interface Outside
route Outside 0.0.0.0 0.0.0.0 78.129.xxx.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 Outside
no snmp-server location
no snmp-server contact
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Outside
ssh timeout 60
ssh version 2
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DfltGrpPolicy attributes
dns-server value 87.117.198.200 87.117.237.100
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SplitTunnel
username XX password uvgXvd9nQEHdkA73 encrypted privilege 15
username XX password 3CUtfh8r/IKb6DxX encrypted
username XX attributes
service-type remote-access
tunnel-group Remote type remote-access
tunnel-group Remote general-attributes
address-pool RemoteAddressPool
tunnel-group Remote ipsec-attributes
pre-shared-key 5|J5XX&6u*
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:21ec6d8c73515258ed808b45e154b1c6
: end
Maybe you are looking for
-
Re: i was charging my iphone 3GS yesterday in electricity when once it turned off suddenly while it was in quarter battery. I tried charging it again but it didint open, i tried to plug it into my laptop but itunes didnt recognize it and it doesnt wo
-
Recommendation of use for MaxDB for production use and Oracle comparison
Hi all, We are about to propose to a customer of ours the use of SAPDB for production use. This would be a good way to reduce license costs. Previous use of this DB platform has shown that it is mature, but since I am not a basis or DBA, I can't real
-
SAP_SLD_ADMINISTRATOR Group
Hi everybody, I´m working on a PO system where I have two Java instances (POD + POQ) that share the same SLD, the thing is that in POD (Development) I can see the SAP_SLD_ADMINISTRATOR group and role, and we haven´t any trouble with assigning users e
-
ICal's day won't start later than 12noon
my work day starts at 5pm and ends around midnight - iCal only has options for midnight to noon (a twelve hour period) which eliminates anyone who's day starts after noon. any help?
-
After installing 8.00c.08 on WinXP Pro under tools/options/software updates is greyed out.