Satellite VPN

Similar Messages

• Cisco VPN Client causes blue screen crash on WindowsXP Pro (Satellite M30)

  Hi there,
  I've got a Satellite Pro M30 running Windows XP Professional.
  After starting a vpn Tunnel via a Cisco VPN Client (Version 4.6 and 4.7) the system crashes with a blue screen.
  I can see that the key exchange is successful, but immediatly after the vpn connection gets established Windows XP crashes with a blue screen.
  Has anyone an idea, how to solve this problem?
  Maybe by device driver update? And if so, which driver should be updated?
  Kind regards,
  Thorsten

  Hi R2D2 (and anyone else)!
  1st of all (concerning your link) - I'm not using the wireless adapter.
  I am connectet via 100Mbit via network-cable to my hub (all RJ45 TP Cat.5)
  I found several other Notebook users by google'ing who have the same problem different vpn-clients but most of them with a centrino processor inside the notebook.
  Almost all of them solved the problem by installing new drivers. But I can't use driver-patches from other Notebook to fix my Toshiba Drivers.
  What could help is information about which driver is responsible for the crash by vpn clients on centrino notebooks. Maybe there is an Intel driver for it, but when I do not know which one causes the problem it's like seeking a needle in a haystack... :(
  Disabling ALL other network devices (wireless, 1394-network adapter, modem, etc.) did not solve the problem.
  I used the Cisco VPN clients several times on my old Compaq Notebook without any problems, but here it just doesn't work.
  An idea which driver should be updated is kindly welcome!
  Thank you, Thorsten

• How to update to iOS6 US version: No satellite views except China. No 3D function. No 3D buildings using VPN.???

  Good morning.
  I just updated my iphone 4s and ipad3 to iOs6. It needs some upgrades. I am English, living in China with an English account:
  1 - No Satellite view outside of China. Only can see China in the middle of the ocean. Same problem when using VPN.
  2 - No 3D button. 3D button appears some times when using a VPN.
  3 - No 3D buildings anywhere like in New York (when 3D can be used using VPN). All are flat.
  4 - Flyover of course cannot be activated as no satellite views yet.
  Thank you to tell me:
  1 - Where to download a iOS6 US version.
  2 - How to updated my iphone from iOS6 Chinese download to a US version.
  Thank you in advance.

  Hi,
  If you issue the command "show crypto ikev1 sa" command and all you see is the below (I would suggest taking the output multiple times while testing to see if it always shows this, but I suspect it will show the same)
  1   IKE Peer: 23.102.17.136
      Type    : user            Role    : initiator
      Rekey   : no              State   : MM_WAIT_MSG2
      Encrypt : aes-256         Hash    : SHA
      Auth    : preshared       Lifetime: 0
  Then this likely means that the remote end is not properly configured or you are possibly using the wrong peer IP address in your L2L VPN configurations.
  I would also confirm that you have gotten the correct public IP address for the remote sites VPN device and also confirm that there is no device on your side that would prevent the VPN negotiation from taking place. Perhaps some device in front of the ASA that does firewalling also?
  In the above message the "MM_WAIT_MSG2" basically means that your device has initiated the negotiation by sending the first message of the negotiation and is still waiting for second message (reply) from the remote device.
  I have configured a L2L VPN once for a customer and the remote end was Azure. To be honest I have no real idea what Azure is but to my undertanding its not really the conventional networking device thats sole purpose would be firewalling or VPN. We also had problems configuring the L2L VPN but it was not really clear what caused the problems there.
  - Jouni

• VPN and Satellite Internet

  Is this possible? I have a vpn connection currently w/ broadband internet. Moving to rural area. Can only get satellite internet. Is there one satellite internet service that is compatible with a vpn connection?

  You'd have to check with each specific provider to see what they recommend.
  One option is to use SSL vpn instead of ipsec.

• VPN over Satellite ISP

  I am having an issue with a user connecting via a Satellite internet connection. We are using version 5.0.00.0340. The says that the connection was ended by client. However when we test on a test T1 connection it works fine.

  Thank you for your responce. Amazingly after calling the ISP to make sure they are not blocking anything the user went home and was able to VPN into our network with no issues.

• Unable to access satellite offices with Cisco VPN client

  There are 4 sites:
  Main office - 192.168.0.x/24
  Sat office1 - 10.0.0.x/24
  Sat Office2 - 10.0.1.x/24
  Sat Office3 - 10.0.2.x/24
  All 4 offices are connected via MPLS using other Cisco routers from the telcom co. The user VPN endpoint is at the main office. (Cisco 1811)
  We can make the VPN connection with the Cisco VPN client and browse the 192 network all day long. We cannot access any of the other subnets over the VPN connection. Browsing the other subnets while physically at the main office is fine. This DID work in the past. Something changed that I cannot pinpoint, any ideas?
  Scope for the VPN endusers is 10.100.100.x/24
  Cisco VPN Client versions 4.x and 5.x (both affected)
  Thanks in advance

  Ken
  It is good to know that it did work in the past and then stopped working. That indicates that something changed. Is it possible that a software upgrade has been done and that the change is behavior is reflecting a different version of IOS? (I suspect that is is possible but not so likely - but we need to ask.)
  My guess is either that there was some change in the routing logic or that the access lists which indicate what traffic is to be protected by the VPN used to include remote to remote but has been changed for some reason.
  Could you post the configuration of the main office 1811?
  Another question that occurs to me is whether the main office 1811 is directly connected to the Internet or does it go through some firewall? If if goes through some firewall is it possible that there has been some change in the firewall rules that is denying the remote to remote traffic?
  HTH
  Rick

• ASA 5505 site-to-site VPN tunnel and client VPN sessions

  Hello all
  I have several years of general networking experience, but I have not yet had to set up an ASA from the ground up, so please bear with me.
  I have a client who needs to establish a VPN tunnel from his satellite office (Site A) to his corporate office (Site Z).  His satellite office will have a single PC sitting behind the ASA.  In addition, he needs to be able to VPN from his home (Site H) to Site A to access his PC.
  The first question I have is about the ASA 5505 and the various licensing options.  I want to ensure that an ASA5505-BUN-K9 will be able to establish the site-to-site tunnel as well as allow him to use either the IPsec or SSL VPN client to connect from Site H to Site A.  Would someone please confirm or deny that for me?
  Secondly, I would like to verify that no special routing or configuration would need to take place in order to allow traffic not destined for Site Z (i.e., general web browsing or other traffic to any resource that is not part of the Site Z network) to go out his outside interface without specifically traversing the VPN tunnel (split tunneling?)
  Finally, if the client were to establish a VPN session from Site H to Site A, would that allow for him to connect directly into resources at Site Z without any special firewall security rules?  Since the VPN session would come in on the outside interface, and the tunnel back to Site Z goes out on the same interface, would this constitute a split horizon scenario that would call for a more complex config, or will the ASA handle that automatically without issue?
  I don't yet have the equipment in-hand, so I can't provide any sample configs for you to look over, but I will certainly do so once I've got it.
  Thanks in advance for any assistance provided!

  First question:
  Yes, 5505 will be able to establish site-to-site tunnel, and he can use IPSec vpn client, and SSL VPN (it comes with 2 default SSL VPN license).
  Second question:
  Yes, you are right. No special routing is required. All you need to configure is site-to-site VPN between Site A and Site Z LAN, and the internet traffic will be routed via Site A internet. Assuming you have all the NAT statement configured for that.
  Last question:
  This needs to be configured, it wouldn't automatically allow access to Site Z when he VPNs in to Site A.
  Here is what needs to be configured:
  1) Split tunnel ACL for VPN Client should include both Site Z and Site A LAN subnets.
  2) On site A configures: same-security-traffic permit intra-interface
  3) Crypto ACL for the site-to-site tunnel between Site Z and Site A needs to include the VPN Client pool subnet as follows:
  On Site Z:
  access-list permit ip
  On Site A:
  access-list permit ip
  4) NAT exemption on site Z needs to include vpn client pool subnet as well.
  Hope that helps.
  Message was edited by: Jennifer Halim

• I wish for a VPN concentrator with cmd-line IOS!=HELP on public IP blocmove

  If you have the time, I would like to run a problem past u that I am sure there is an easy answer to, but I keep running into a major brick wall, every way I go. It basically has to do with changing to a new ISPand new T1, losing the IP block, moving to and a new T1/IP block. Both old and new are up right now on separate 2600 routers, although no traffic is on the “new” T yet. All my remote sites (around 25)VPN back to a concentrator (3015) which has an outside public address from the ISP that is going away.(as soon as I get them all switched over) The problem is the fact that, like I would normally do, I can’t have a one time “cut-over” and change all the sites. I need to find a way to migrate, slowly, over a few weeks, these satellite sites, which must stay up 24/7. I thought that it was going to be as simple (since I brought the second T up on a seperate router), as adding a secondary address from the “new” block onto the concentrators public interface...??? Then slowly pointing each client (hard 3002s and some soft) to this address, then, when all were moved, dropping the old T and the $1,000.00 a month it is costing. Of course,there is no “IP address secondary” command on the 3015. Could I utilize the 3rd interface for the new block?? I wish it had the same command-line as router IOS. By the way, the old T is dedicated, the new is frame-relay. My solution of last resort is to build a shadow VPN config. from the 3015 onto a PIX515R I have, and terminate on it. Then put the new public ip address on the away the 3015 and move them back one at a time………..ANY…I mean ANY suggestions u might have would be appreciated.

  See if you can demo a linkproof for 30-45 days.
  www.radware.com. We ran accross the same thing, put it in place, showed the VP, bought it and then put in 5 more T1's for higher throughput.
  Takes about 2-1/2 hours to get where you need it.
  Its either that or BGP, which if your ISP is managing the routers, then I dont think you even want to look down that road.
  With the linkproof you can have both T's running and move people over when you feel like it.
  Basic Linkproof LT 10mbs thougput is about $6500. Demos are free though.

• Windows 8.1 connected by VPN, contents of mapped drives "disappears" intermittently.

  I have a client with a Windows 8.1 Pro laptop who works in a satellite office and connects to the main office via VPN. The main office is running SBS 2011.  The user has his G drive mapped to a share on the server and will be working on 2 or 3 files,
  he'll then go to open the G drive to find another file and he'll see that only the files/folders he's actually been working on are showing up, the rest of the contents of the drive seems to "disappear".  I believe this is caused by the VPN dropping
  connection (not proven yet).  The problem is that even if you reconnect to the VPN, those files don't re-appear... or they might be back when he comes back into the office after doing some calls.  We can make the files instantaneously re-appear if
  he grabs his notebook, walks across the street from the satellite office to the main office and plugs into the hardwired network... but this is less than practical, and impossible if he's actually on the road somewhere.
  He does not have "offline files" active for the G drive, nor do we really want to do that... but I'm thinking that Windows is going into some sort of half-baked automatic offline files mode when the VPN goes away.   I've played with
  registry and group policy settings in reference to offline files in the hope that would rectify the issue but to no avail.
  We don't particularly care that the files are unavailable when the VPN isn't connected, the client understands they aren't local files.  What is really the big issue is that activating the VPN doesn't make the files reappear and that there doesn't seem
  to be any consistent way of "forcing" the issue except to physically hardware to the lan segment the server is on.
  This was working just fine on the client's old system under Windows 7 Pro, but just since moving to a new laptop with Windows 8.1 it has become flakey.
  Any suggestions hints or tips are appreciated.
  Cheers,
  Mike
  P.S. When I say the files "disappear", they are just invisible to this user... they are still physically on the server and accessible by all other users on the LAN. 

  I will have to double check again to make sure I'm telling the truth (I've gone through so many iterations in the past weeks I can't remember which way is up :-)  but I believe that the drive was showing in offline files, but that attempting sync (even
  repeatedly) did not bring the drive contents back.  Which also begs the question, if the user has not made the drive "available offline" why would it be acting like it is?  I've considered actually making it available offline, but I don't want
  all of that data on his laptop and I'm also concerned that we'd then have more problems as he continues to work for hours and days on his offline copies.
  I should also add that I was able to work with the client on Friday and we were able to determine that the VPN is NOT dropping as we're able to ping devices on the LAN side immediately once the files disappear.  
  Cheers,
  Mike

• Installing Windows XP on Satellite L40-114

  I just bought a Satellite L40-114 for home and education. I just found out I need windows XP for some scientific applications and the VPN software for access, so I tried to install it. I was really disappointed Toshiba does not seem to deliver XP drivers for this laptop. I managed to get the sound working for what its worth (sound skipping) but hotkeys and video drivers is not working at all.
  Anyone who had more luck installing Windows XP on this laptop?

  Hi there,
  I cannot help you regarding the hotkeys but in case of videodrivers you should visit www.intel.com for video drivers since your machine has an intel 900GMA video chipset.
  Just go to the Intel website and download drivers for that chipset, it should work.
  Would appreciate some feedback on your success.
  Greets

• Site-site VPN issue

  Hi All,
  Iam trying to establish a VPN tunnel between satellite office& HQ with ASA5510. Please find the attached satellite ASA config. After adding the satellite public IP , transform-set , pre-shared key info in to HQ ASA tunnel is not building. 'Show crypto isakmp sa : There are no isakmp sas.
  HQ ASA already has mulitple tunnels to otehr offices.
  Please advice
  Thank you
  MS

  Hi,
  I got the L2L tunnel up. But it is dropping by its own after certin time (not sude how much). I have to initiate 'ping' from my PC to bring it up.The lifetime in isakmp policy set to 86400 Sec. Any clue what else should I check...?
  Myasa# sh crypto isakmp sa
  Active SA: 1
  Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
  Total IKE SA: 1
  1 IKE Peer: 8.1.1.2
  Type : L2L Role : initiator
  Rekey : no State : MM_ACTIVE

• Choppy calls with satellite connection

  We have a DSL connecion of 2Mbits with a 1760 and on the other side is a satellite connection with direcway and 512 kbps and a 1751 the sound received in the direcway point is complete clear, but in the DSL side is choppy, the sound is very bad, i tried the direct connecion and the tunnel connection both without VPN, and the last is best, i cannot turn on rtp header compression because is a ethernet interface in the direcway side.
  I use the codec g723ar53 no vad. some suggestion?
  tnanks a lot

  Most likely you are hearing the effects of jitter.
  Do you nhave any QOS configured:
  http://cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800b2d29.shtml

• Clean Access and satellite internet

  We have NAC 4.1.6 enabled for our IPSec VPN client users, and have at least one user coming in from a HughesNet satellite Internet connection. When he connects via HughesNet, the VPN connection works fine but the NAC agent will not run and check his machine. However, when he uses any other type of Internet connection (including a Verizon aircard), NAC works properly.
  Has anyone experienced this, and is there a fix or workaround? He's running the 4.1.6 Windows agent. Thanks.

  Try connecting the console directly to the router which is connected to the internet and check if it works. If it works then you will only have to change the MTU size on the ASA. Another option will be to have the console connect directly to the internet bypassing the CCA.

• Router to Router Dialer VPN

  one of my router is configured with site to site vpn, I want this router to establish a dialer vpn from a remote router,
  Remote router will be configured as dialer vpn as there is no Live IP available in remote site, I dont want to configure it as Site to site vpn,
  Please refer some docuement to achive this goal,

  Hi Karsten -
  I'm afraid I cannot use the EasyVPN feature at all.
  The vendor informs me that there is another IPSec  VPN tunnel which connects back to their office to provide other capabilities.
  So I have to use L2L IPSec -- and do it with a dynamic IP from the router side, to a fixed IP on the ASA side.
  Is it possible to build the tunnel-group on the ASA side so that it doesn't require a known IP for the remote side of the tunnel?
  I'm using DefaultL2L tunnel group (on the ASA) at the moment to terminate the VPN when the router is using the satellite connection via FA90/1, with a fixed IP address.
  But the DefaultL2L group doesn't have the IP of the router -- yet it works...
  The same VPN config, used from the FA0/0 interface of the router with the same crypto map
  just gives the traditional "No match, deleting SA" message..
  I can see the router trying to establish the VPN, but it's just not able to negotiate, and the only reason I could think of was that the FA0/0 interface had a DHCP address instead of a static IP.
  Strange that it works OK with the ASA's DefaultL2L tunnel group, with no mention of the router's FA0/1 static IP, yet the FA0/0 with a dynamic IP won't work.
  We did just hook up the satellite and used FA0/1 to test it -- vpn came up instantly...

• Satellite L550-32bit vs 64 bit...

  hi folks,
  I just purchased a Satellite-L550 on labor day.  Received it today.  In playing around with it, I noticed that it has vista home premium x64 on it...I didnt notice this when I purchased it (I chose the ST5702 option instead of the ST5701 option). 
  Turns out, I need this computer to be able to work from home when necessary...this requires use of a Cisco Systems VPN Client...My understanding is that none of these are supported in x64 (vista, xp, etc) yet, and my company only has support for 32 bit windows...
  So I would like to reformat my computer and install Vista Ultimate (32 bit) on my machine so that I can run the vpn client...I have Vista Ultimate already, and I have generated the applications and drivers dvd.  I am concerned (since I dont know much about 32 vs 64) that some of the hardware in this st5702 (L550) will not be compatible and I will have problems getting everything working again...
  Does anyone know if this will be possible or not?  Or have any other ideas about what I should do?  Is contacting Toshiba even remotely worth my time?
  thanks for any assistance you can provide...

  Any hardware that supports Vista 64bit will be fully supported under Vista 32bit so you are good to go there.  The opposite is not true though.  Not all hardware that is supported by 32bit is supported by 64bit.  You should have no problems performing this with the understanding that you will need to wipe the hard drive first then do a clean install of Vista 32 (you can't do an in place upgrade). The only hardware change that you will notice is that you will only see and be able to use between 3.0 and 3.5gb of the 4 gig of ram that is installed under Vista 32 (it's a limitation of a 32bit Operating System). 
  From what I can tell from looking at the two systems specs the main difference between the two hardware wise is the 5702 has 4gig of ram vs 3gig on the 5701 and the 5702 has a Higher End ATI Graphics Chipset vs the 5701's middle of the road at best Intel Graphics Chipset so you actually have a better laptop hardware wise. 
  If you wanted to do so and have enough hard disk space to spare you could install Vista Ultimate 32 to a different partition and have both your existing Vista 64 and the new Vista Ult 32 available to use.  See this guide but substitute Vista 64 for Vista already installed and Vista 32 for Windows 7. 
  If you don't post your COMPLETE model number it's very difficult to assist you. Please try to post in complete sentences with punctuation, capitals, and correct spelling. Toshiba does NOT provide any direct support in these forums. All support is User to User in their spare time.