Setup Sunray 3G with Cisco 3005 VPN concentrator

hi,
I first explain the setup situation:
Gobi8 (3G) => Cisco 3005 VPN Concentrator => Sunray Server (4 09/07)
Do i need to setup a sunray segment for not-directly connected networks or do i need to setup one for directly connected networks?
can the Sunray server gives IP-addresses to the Gobi8 trough a VPN-tunnel or do i need to let the Cisco handle the IP-address management?
Is there some info about what IKE proposal i need to select in the Cisco 3005?
Any help would be appreciated
Thx

I have not used the Gobi 8 but this is how I configure my SR 2, SR 2FS, and SR 270 for VPN, I believe the Gobi can do similiar things. You will need to setup your SR server as part of a shared network, NOT a dedicated network. Configure your concentrator as an Easy VPN server and the Gobi as an Easy VPN client. Using the Easy VPN setup automatically handles IKE though you will have to setup groups etc. Since my DTUs move around I use DHCP so the initial IP address comes from the local network, as part of connecting to the remote network the concentrator will issue an IP address for SR server network. This has worked for me on wired and WiFi LANs, I do not know if it will work with 3G wireless but I do not see why it should not. Hope this helps and good luck.

Similar Messages

  • Cisco 3005 vpn concentrator console cable

    hi
    i have just purchased a cisco 3005 vpn concentrator and i need to know where i can get a console cable for it the cable is different from the ones i have for my pix and routers as the connection at the concentrator end is a db9 and not rj45
    ive tried looking on ebay but with no luck
    ps
    i live in england
    regards
    melvyn brown

    Melvyn,
    Use a Straight Through Cable to console into the VPN3000.
    I hope it helps.
    Regards,
    Arul

  • Replace 3005 VPN Concentrator

    We have two 3005 concentrators that need to be replaced.
    Is there anything equivilant that will allow for creation of groups, Cisco VPN client, web VPN and is reasonably priced?
    What do people generally do for a plug in replacement to the 3005 VPN concentrator?

    What is generally done about the cost?
    At the moment, the PIX firewalls are not EOL.
    If I replace the firewalls, just because the 3005 is EOL, will be a large expense correct?
    Also, at the moment, the firewall is passing through the traffic to the concentrator in a DMZ.
    What is the alternative in the ASA appliance?
    And, does the ASA allow for the creation of groups for access like the concnetrator does?

  • Problem using SunRay with Cisco AnyConnect VPN Client

    I am using Cisco AnyConnect VPN Client Version 2.5.3046
    I  have a PC and a SunRay connected to my router. I use VPN to connect my  SunRay and my PC to my work computer. My PC works fine, I am able to  connect to the internet and also run cisco VPN to connect to my work  computer. But when I try to use my SunRay, I get a window on the screen  with the message:
        VPN IKE Phase 1 agg I msg1This window  keeps moving around on the screen. I am not able to connect my SunRay  through VPN to my work computer. Any idea what could be wrong and how I  can fix this?

    2.2 is definitely better.
    On one PC, I'm fine. On another -- very similar -- it tells me it can't start the VPN even after uninstalling and re-installing and everything else I can think of, with plenty of re-boots inbetween.
    Aaaaarrrrrrggggggghhhh.

  • C240 M3S can't setup first boot with Cisco UCSC RAID SAS 2008M-8i Mezzanine in BIOS

    Hi all,
    I have a problem with C240 M3S with boot device.
    1. There is a Cisco UCSC RAID SAS 2008M-8i Mezzanine in the C240 M3S
    2. I set up the raid5 for four SAS disks with Cisco UCSC RAID SAS 2008M-8i Mezzanine
    3. When I install the ESXi 5.5, it can be installed in SAS disks.
    4.When I press F2 to setup bios for C240 M3S, I can't find the item for the raid  of Cisco UCSC RAID SAS 2008M-8i Mezzanine
    5. C240 M3S can't boot from the Cisco UCSC RAID SAS 2008M-8i Mezzanine
    6. BIOS have been reloaded for many times, it can't work.
    Anybody have any idea for this problem? Thank you!

    Sorry,
    I can't find the item of local storage.
    I never setup the boot order ( default bios can find raid card, I don't know that raid can't be found at this time )
    Would you please offer any references, thank you
    By the way, I check the install guide for c240 m3
    If the RAID controller does not appear in the system boot order even with the option ROMs for those
    slots are enabled, the RAID controller option ROM might not have sufficient memory space to
    execute. In that case, disable other option ROMs that are not needed for the system configuration to
    free up some memory space for the RAID controller option ROM.
    this means I want to turn off all option ROMs to get more memory ? However, I turn off all option ROMs, I still can't find the raid.
    Thank you very much!! 

  • Trouble with Cisco Anyconnect VPN Client

    Hello,
    our Cisco AnyConnect VPN Client has stopped working, we are a medical office and we are attempting to connect to "clientvpn.e-mds.com" however it will not connect, the username and password we input are irrelevant it doesnt come up with a "wrong credentials" window it just erases the password and at the bottom of the window it says "Please enter your username and password". our version is 2.5.0217 does anyone know anything to try? any help would be appreciated

    you may want to try the OS X networking forums:
    http://discussions.apple.com/forum.jspa?forumID=733

  • Help with Cisco RV180 VPN

    I have installed the Cisco RV180 VPN at a customer location.
    Because this customer makes credit card transactions over the Internet, their merchant account requires a third-party to perform a security scan on the gateway.  When scanning, the third-party states they are not in compliance with this report:
    THREAT REFERENCE
    Summary:
    TLS Protocol Session Renegotiation Security Vulnerability
    Risk: High (3)
    Port: 443
    Protocol: TCP
    Threat ID: misc_opensslrenegotiation
    Details: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
    06/11/12
    CVE 2009-3555
    Multiple vendors TLS protocol implementations are prone to a  security vulnerability related to the session-renegotiation process  which allows man-in-the-middle attackers to insert data into HTTPS  sessions, and possibly other types of sessions protected by TLS or SSL, by  sending an unauthenticated request that is processed retroactively by a  server in a post-renegotiation context.
    Information From Target:
    Service: 443:TCP
    Session Renegotiation succeeded on 443:TCP
    They are using the QuickVPN Client to connect and must be able to connect from anywhere in the world.  From my understanding, port 443 must be opened for the QuickVPN Client to function.  How do I block port 443 from everyone except the QuickVPN Client?  Or how do I configure the RV180 to satisfy the above threat?
    Thanks in advance for any information you can provide.

    Hi,
    following config is for cisco VPN client access with dynamic allocation and split-tunnel.
    Hope this helps, please rate post if it does!
    aaa new-model
    aaa authentication login userauthen local
    aaa authorization network groupauthor local
    username vpnc password 0 userpass
    crypto isakmp client configuration group vpncg
    key grouppass
    dns 4.2.2.1
    wins 10.59.2.10
    domain domain.com
    pool ip-pool
    acl 108
    crypto ipsec transform-set myset esp-aes esp-sha-hmac
    crypto dynamic-map dynmap 10
    set transform-set myset
    crypto map clientmap client authentication list userauthen
    crypto map clientmap isakmp authorization list groupauthor
    crypto map clientmap client configuration address respond
    crypto map clientmap 10 ipsec-isakmp dynamic dynmap
    interface FastEthernet0/0
    ip nat outside
    crypto map clientmap
    interface vlan1
    ip address 10.59.2.1 255.255.255.0
    ip nat inside
    ip local pool ip-pool 10.0.230.1 10.0.230.20
    access-list 108 remark VPN client split tunnel
    access-list 108 permit ip 10.59.2.0 0.0.0.255 10.0.230.0 0.0.0.255

  • Will Nortel's Contivity VPN Client work with Cisco's VPN 3000 concentrator?

    Hi, need help. We have VPN 3000 concentrator and a number of VPN clients (these are using Cisco VPN client).
    We have one user that wants to use Nortel's Contivity VPN Client. Will this work with the Cisco COncentrator 3000?

    Tricky question - in theory yes, if the nortel client follows all the ISPEC RFC's.
    I did try to get the cisco VPN client working on a Nortel Contivity once - did not get it working - but did'nt have that much time to test and get it working.
    My advise - Configure, TEST DEBUG TEST DEBUG!

  • Confused how to set-up a PC & laptop with Cisco WRVS4400N VPN for home use

    Just bought a new PC and laptop and was recommended by (CDW) to use a Cisco WRVS4400N to set up the VPN.
    For home use, only the PC and laptop, both running Windows 7.  I use Comcast as my ISP.
    The mountains of docs confuses me to no end, can anyone simplify this for me.  I look at all the details and do not know where to start.
    In short,
    (1) configure router to recognize my PC and Comcast, and I guess the laptop.
    (2) configure laptop to go wireless and communicate with PC.
    Any assistance would be much appreciated.
    Thanks,
    Terry

    For a very small office and a minimum of admin and tech know how, one approach i'd suggest is to not worry about user id collisions at all. any time anyone wants to use a mac you just set them up as a user, using consistent names/passwords.
    Have a "Work" volume on each mac that has "ignore ownership on this volume" ticked. that way UID collisions aren't important.
    You can make a Desktop folder on the Work volume and make a SYMBOLIC LINK from every user's home that replaces their desktop with the desktop folder on the Work volume.
    Make it known that the user's home is for personal stuff ONLY, and the Work volume (inc the desktop) is where work in progress lives.
    At a later date with some confidence in your network and your admin skills you could impose consistent UIDs using an OD master

  • Trouble with Cisco AnyConnect VPN after getting new Airport Extreme

    So I had a previous version Time Capsule that I used for years, and it started having issues where it would start spontaneously rebooting. I decided to get a new Airport Extreme (the new taller one) and went in without a hitch. Problem it, though, I work from home sometimes with my company provided Windows 7 laptop and I'm experiencing issues around the VPN hanging for 15-20 seconds then coming back, maybe 1x or 2x per hour. Especially noticeable when I'm on higher bandwidth applications like Lync meetings or Remote Desktop sessions. Never had the issue on the old Time Capsule, it was always solid (until the device itself started dying), and I don't have the issue when I'm in my office using the same VPN software. Never an issue with any of the computers in the house on the regular internet, non-VPN connection. Is there a setting I missed somewhere in my setup of the new Airport that can help to stabilize that VPN connection? Seems in newer versions, some of the options have been taken away or harder to find.
    Running version 7.7.3 on the Airport Extreme.
    Andy Martin

    Hi Geo,
      fnfErr                   
    = -43,  /*File not found*/
    Bootup holding CMD+r, or the Option/alt key to boot from the Restore partition & use Disk Utility from there to Repair the Disk, then Repair Permissions.
    Any change on reboot?

  • Cannot console into a 3005 VPN Concentrator

    Hi all,
    I recently acquired a 3005 that was supposed to be working.  And in all fairness, it seems to be.  The status light is yellow while it boots and a few seconds after turning it on, it goes to solid green.
    I have tried everything I can to console into this unit.  I used TeraTerm with a USB to serial adapter and a straight through serial cable with the settings suggested in the manual and I get nothing.  Is there something I could be doing wrong?  Is there any other way I could try to test this unit?  Is there anything else you guys can think of to try?
    Any help is much appreciated.  This has frustrated me to no end.  I have tried mutliple computers, multiple cables, multiple com ports.  I'm fairly positive I'm doing something wrong, but I have no idea what. 
    Here are my terminal session settings:
    BR:     9600
    Data:   8 Bit
    Parity: None
    Stop:   1 Bit
    Flow Control:  Hardware
    This is per the manual.
    Thanks,
    Brandon

    Finally got it!  Ended up just making a straight through cable.  The cables that I thought were straight through were not.  Made one with two RJ45 to DB9 adapters pinned out to standard serial on each end of a cat 5. 
    Brandon

  • Help with cisco 837 VPN firewall configuration

    Hi guys,
    I attempted to configure remote access VPN using cisco 837.IPSEC and firewall features were added already.However, the VPN client keeps saying "remote peer no longer responding".
    Upon removing firewall and ACLs, VPN client works. Therefore, I believe these two parts went wrong. Could you please take a look on my config below and see what is going on. On the other hand, when i issue the same config to cisco 827, it does not work. My question is whether cisco 827 IOS 12.1(3)support IPSEC.
    Any help would be highly appreciated.

    This document demonstrates how to configure a connection between a router and the Cisco VPN Client 4.x using Remote Authentication Dial-In User Service (RADIUS) for user authentication. Cisco IOS? Software Releases 12.2(8)T and later support connections from Cisco VPN Client 3.x. The VPN Clients 3.x and 4.x use Diffie Hellman (DH) group 2 policy. The isakmp policy # group 2 command enables the VPN Clients to connect.
    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946b7.shtml

  • 3005 VPN Client Time-Outs

    My Cisco 3005 VPN Concentrator keeps timeing out for some connections. When I look through the logs the only thing I see is:
    626 07/03/2002 00:06:30.890 SEV=5 IP/50 RPT=192
    Headend received TCP ACK pkt from client 68.38.72.43, TCP source port 1195
    627 07/03/2002 00:11:31.260 SEV=5 IP/50 RPT=193
    Headend received TCP ACK pkt from client 68.38.72.43, TCP source port 1195
    628 07/03/2002 00:16:31.720 SEV=5 IP/50 RPT=194
    Headend received TCP ACK pkt from client 68.38.72.43, TCP source port 1195
    629 07/03/2002 00:21:32.030 SEV=5 IP/50 RPT=195
    Headend received TCP ACK pkt from client 68.38.72.43, TCP source port 1195
    630 07/03/2002 00:26:32.420 SEV=5 IP/50 RPT=196
    Headend received TCP ACK pkt from client 68.38.72.43, TCP source port 1195
    631 07/03/2002 00:31:32.810 SEV=5 IP/50 RPT=197
    Headend received TCP ACK pkt from client 68.38.72.43, TCP source port 1195
    632 07/03/2002 00:36:33.200 SEV=5 IP/50 RPT=198
    Headend received TCP ACK pkt from client 68.38.72.43, TCP source port 1195
    633 07/03/2002 00:41:33.610 SEV=5 IP/50 RPT=199
    Headend received TCP ACK pkt from client 68.38.72.43, TCP source port 1195
    634 07/03/2002 00:46:33.970 SEV=5 IP/50 RPT=200
    Headend received TCP ACK pkt from client 68.38.72.43, TCP source port 1195
    Any Ideas???? I have hardcoded the speed and duplex on the WAN interface
    Thanks

    Hi,
    I think we need to turn on some additional logs to figure out the issue here, Some of the things to check on:
    Does it happen with all ISP connections using the same client machine?
    Is the timing consistent with the disconnects?
    Did you try with both Split tunneling enabled and disabled?
    Hope this helps,
    Regards,
    Aamir Waheed,
    Cisco Systems, Inc.
    -=-=-

  • LDAP ON VPN CONCENTRATOR

    I have a vpn 3015, I want my vpn users to be authenticated and authorized to the vpn 3015 throught my Active directory (LDAP).
    For Authentication server, I use Kerberos/Active Ritectory Server and it works when I test it.
    but for the Authorization Server, I use LDAP server (the same server as the authentication server), with all the parameters like Login DN, Base DN, naming attributes, but when i test it it doesnt work?????why??
    Thanks

    The VPN Concentrator supports user authorization on an external LDAP or RADIUS server. Before you configure the VPN Concentrator to use an external server, you must configure the server with the correct VPN Concentrator authorization attributes and, from a subset of these attributes, assign specific permissions to individual users. Follow the instructions given here to configure your external server.
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a008015ce27.html

  • Azure multiple site-to-site VPNs (dynamic gateway) with Cisco ASA devices

    Hello
    I've been experimenting with moving certain on-premise servers to Azure however they would need a site-to-site VPN link to our many branch sites e.g. monitoring of nodes.
    The documentation says I need to configure a dynamic gateway to have multiple site-to-site VPNs. This is not a problem for our typical Cisco ISR's. However three of our key sites use Cisco ASA devices which are listed as 'Not Compatible' with dynamic routing.
    So I am stuck...
    What options are available to me? Is there any sort of tweak-configuration to make a Cisco ASA work with Azure and dynamic routing?
    I was hoping Azure's VPN solution would be very flexible.
    Thanks

    Hello RTF_Admin,
    1. Which is the Series of CISCO ASA device you are using?
    Thank you for your interest in Windows Azure. The Dynamic routing is not supported for the Cisco ASA family of devices.
    Unfortunately, a dynamic routing VPN gateway is required for Multi-Site VPN, VNet to VNet, and Point-to-Site.
    However, you should be able to setup a site-to-site VPN with Cisco ASA 5505 series security appliance as demonstrated in this blog:
    Step-By-Step: Create a Site-to-Site VPN between your network and Azure
    http://blogs.technet.com/b/canitpro/archive/2013/10/09/step-by-step-create-a-site-to-site-vpn-between-your-network-and-azure.aspx
    You can refer to this article for Cisco ASA templates for Static routing:
    http://msdn.microsoft.com/en-us/library/azure/dn133793.aspx
    If your requirement is only for Multi-Site VPN then there is no option but to upgrade the device as Multisite VPN requires dyanmic routing and unfortunately there is no tweak or workaround due to hardware compatibility issue.
    I hope that this information is helpful
    Thanks,
    Syed Irfan Hussain

Maybe you are looking for

  • Jabber for Windows v9.1 FCS - Dial String Issue

    I thought the capability to cut and past phone numbers that started with a "(" was fixed in the newere version of J4W. I just tried a copy/paste of a number pulled from the internet, but Jabber doesn't recognize it as a phone number. A number that is

  • How to use radiobutton in table control ?

    I have four radio buttons in a row in table control. How to group radio buttons horizontally in a table control ? Thanks in advance.

  • Lacie Electron 22 blue III connection mac mini

    Hi, I'm trying to connect a Lacie Electron 22 Blue III CRT monitor to a new Mac Mini... I have the adaptor (HDMI to VGA), so monitor appear completely black... no signal. I connected  the Mac Mini to an HDMI TV, and I selected a 1024x768 resolution..

  • How to insert a string with \' and \" into an Oracle table?

    I'm transferring an MS Access column contains characters such like \' and \" to an Oracle table. The following statement can work PROPERLY while rsSrc.getString(1) does NOT contain \' and \". But when \' or \" occurs in rsSrc.getString(1), a SQLExcep

  • Import whole database from 9.2.0.4 to 10.2.0.1

    Hi all, We are tried to change the database server from 9.2.0.4 Enterprise to 10g Express Edition. I export the data file using exp with full=y and then I tried to import the dmp file with imp full=y The result is that a lot of error is popup So I tr