Virtual Private Networking

Similar Messages

• Creating a virtual private network?

  I've been reading some articles recently about creating a virtual private network for security and privacy reasons. Is it easy and is it a good thing to do?
  One part mentioned possibly having to pay a subscription for this service with your service provider? Would I have to with sky?

  If you regularly have the need to remotely access another machine which is at a different geographic location, VPN is a great idea. It can be difficult to set up, and requires network hardware support. For example, you either need to have a VPN gateway device (such as a Netgear FVS114 - check for them on eBay), which acts as the VPN endpoint, or you need to run a VPN server on your Mac and your gateway must allow VPN passthrough traffic. I'd generally recommend the first option, although it can be more expensive.
  You also need VPN client software running on the Mac you use to access your network. I recommend the free IPSecuritas. There's also VPN Tracker, which is very user friendly but does come at a price.
  Matt

• Virtual Private Network using JSP

  Sir tell me how to create a virtual private network in jsp using rmi to register for a new user and socket program to 1.send data(file and text)
  2.Recieve data (for a particular client).The server will monitor which all clients are loggined into the network and control all transactions between clients.I am using jakarta tomcat 5.0 as webserver and notepad as editor.
  Sir please help me....

  alan,
  Thank you for your reply.
  I apologize for misunderstanding. I should have phrased my question better.
  You wrote:
  "Load up each OS on the hardware and then add the software and then figure out which matrix you're looking for. In order to do this your application will need to be compiled for each OS assuming that it isn't something cross platform such as a Java application. Is it completion time, time on the network, load, memory consumption, or something else that you're looking to measure?"
  Although the application's own performance is extremely important, my question was not related to it.
  It's written in .NET 2.0, and it's not designed to work on non-Windows machines, or not even on Mono framework.
  I am asking about performance of virtual machines.
  For example, if I had 2 servers (not just one) with the same technical characteristics, and run several "guest" virtual machines (say, for example, 1 Windows Server 2003 + 1 Windows XP) in a virtual private network on VirtualBox on both of those servers...
  ...so, everything is exactly the same, EXCEPT the host OS on the two servers: Solaris vs. something else (Fedora, or Windows Server 2008, or whatever),
  my question is: would Solaris 10 provide better performance benchmark numbers, or would those numbers be the same as the other OS on the 2nd machine?
  The problem is, I have quite a bit of experience with running virtual machines on Windows hosts, but I am new to Solaris, and I am trying to figure out which OS I would be better off installing on the new machine, because that decision is not going to be easy to undo later.
  No "OS wars". Really. I do not have any allegiance to any particular OS.
  Thank you.
  Dmitriy

• Broken Link - Firewall and Virtual Private Network Communication for Oracle

  The link for Firewall and Virtual Private Network Communication for Oracle Enterprise Manager on http://otn.oracle.com/products/oem/files/best_practices.html returns a 404 error. It is not pointing to the correct document

  This link is still broken !
  Can you please correct this ASAP ?
  Best regards, Yolanda
  Oracle HUB support services

• Virtual Private Network Zones

  I posted this topic in zones [http://forum.java.sun.com/thread.jspa?threadID=5287549&tstart=0|http://forum.java.sun.com/thread.jspa?threadID=5287549&tstart=0]
  What I'm trying to do is set up a way to create zones with ip's in the private ip space 10.0.0.0 that do not communicate outside.
  After doing some more investigating it seems that is possible somehow without crossbow, but I'm not sure how.
  I only have one nic installed.
  Can I add a virtual ip address like rtls0:2 with ip address 10.x.y.z, add an entry in /etc/netmasks then add zones in that network?
  At this point I don't care if the zones can't communicate with the internet as long as they can communicate amongst themselves. I also want to make sure that packets in the 10.0.0.0 network don't leave the computer.
  I'd prefer to find a way to do it without putting the 10.x.y.z address on the actual rlts0 device if possible. What I want to make sure is that no packets in the 10.0.0.0 network leave the computer, and more importantly, none from outside the computer enter.

  One solution is to put a second NIC on your machine, then you can use precursor-to-crossbow IP Instances. The NIC will have to be GLDv3, though, like e1000g or bge or nge, however, unless you're running one of the very recent OpenSolaris builds.
  Once you create a unique-instance zone, you can have that net-10 interface be in its own TCP/IP stack.
  Hope this helps,
  Dan McD. - Solaris Engineering

• Creating a virtual private network from OSX Leopard to Windows Vista

  Well as the title suggests, I need to be on the same VLAN with another user running Windows Vista. What solutions are there to accomplish this?
  (HamachiX stops responding. The HamachiX CLI (command line) makes me login without me knowing how to. I'm ultimately trying to have a VLAN for some online gaming, NOT transferring files.)
  Thanks so much!

  This issue is not resolved but is being closed due to lack of response.

• Virtual Private Network

  We would like to use MS direct for our VPN and therefore, please advice whether MS professional will support the feature or we need to go for MS enterprise.

  If you are talking about using Direct Access as your VPN, then that requires Windows 7 Enterprise or Windows 8 Enterprise.
  http://technet.microsoft.com/en-us/windows/dn197886.aspx
  "What Windows 8 editions support DirectAccess?
  Using DirectAccess requires Windows 7 Enterprise or Windows 8 Enterprise. Some DirectAccess features are not available in Windows 7 Enterprise, requiring Windows 8 Enterprise to deploy them."
  . : | : . : | : . tim

• Virtual Private Networking (VPN)

  Hi all, I am new to the Java technology. I was wondering if the latest Java 2 SDK and the J2ME are capable of VPN'ing into remote servers? If so, please clarify what it is I need to look up API wise to do so. Please BE specific so that I don't research the wrong stuff. If not, then what other option do I have?
  Please clarify. Thanks.

  I think the general answer to your question is "No."
  The reason is that "VPN" is a generic name for a number of possible technologies. I do not think that Java comes with a class which encapsulates the various different protocols used for VPN. The most generic protocol is the new "IPSEC" protocol that is becoming more prevalent. But, again, I don't think that Java comes with an IPSEC class that you can use to create a "VPN tunnel" to a remote system or LAN.
  In general, a "VPN tunnel" would need to be created outside of Java. Your Java program could then talk to the remote site via the "VPN tunnel" using the standard TCP/IP capabilities of Java.

• How can I create a Virtual Private Nework on my MacBook Pro?

  Hello all,
  I have a MacBook Pro 17" with OS X 10.4.7. I need to install and run five instances of Apache2 and demonstration the websites without having to be connected to a network/Internet. My /etc/hosts file would look something like:
  192.168.21.1 www.local
  192.168.21.2 svn.local
  192.168.21.3 trac.local
  192.168.21.4 jsp.local
  192.168.21.5 cfmx.local
  Then I could just open up a browser and type www.local in the url locator.
  How would I setup a virtual network card where I can assign these IP addresses to it? Would I use the lo0 (loopback) for this?
  I also have Parallels installed so that I can run one or more other operating system along side Mac OS X like Windows XP Pro, Redhat, etc.
  Is there a way that I could create a virtual private network on my MacBook Pro and not have to be connected to any network?
  How would I do this?
  Thanks,
  Troy Simpson

  As it turns out this is exactly what I am looking for:
  http://forum.parallels.com/thread1877.html
  I want to create a Host-Only Network on my MacBook Pro. The Parallels software created a virtual Network Interface Card on the Host OS called en2. I just added aditional IP Address to this virtual Network Interface Card.
  Even if you do not use Parallels for Hosting Guest OS (Virtual Machines), it does create the Virtual Network Interface Card.
  Now I have 5 Web Servers on my MacBook Pro so that I can test various senerios and configurations.
  Troy Simpson

• Using VPD (Virtual Private Database) with Discoverer for Dummies

  Firstly could you please excuse me for the title of the thread, but it’s all I could come up with. For those of you who are looking at me with a strange look of disgust, please view thread that started it all: BIS vs DBI vs Noetix .
  Otherwise I’m hoping to gain a greater understanding of how VPD can be used to enhance Discoverer and it’s performance. I've just read that :
  “Oracle 8i introduced the notion of a Virtual Private Database (VPD). A VPD offers Fine-Grained Access Control (FGAC) for secure separation of data. This ensures that users only have access to data that pertains to them. Using this option, one could even store multiple companies' data within the same schema, without them knowing about it.
  VPD configuration is done via the DBMS_RLS (Row Level Security) package. Select from SYS.V$VPD_POLICY to see existing VPD configuration.”
  With Regards to Discoverer, I would like to ask the following:
  -When would be best to use VPD in Discoverer?
  -Pro’s and Con’s of VPD?
  -Tips / Tricks?
  -and anything else Michael would like to add (I don’t believe there is a post limit, although this could change in the future)
  I've found a few handy links:
  http://www.adp-gmbh.ch/ora/security/vpd/index.html
  http://www.oracle.com/technology/oramag/oracle/04-mar/o24tech_security.html
  As Metalink support would say : I Looking forward to your ‘Positive’ comments. ;-)
  Lance

  Lance,
  You sure do raise some interesting questions here.
  I've noticed from some of your previous posts that you are using views to link Discoverer through to apps. I have found this very interesting document that may help with your queries; http://www.oracle.com/technology/deploy/security/oracle9ir2/pdf/VPD9ir2twp.pdf
  If you scroll down to the section "Additional VPD Capabilities" and read the following sub-topics, this might enable you to base your Discoverer reports on views that contain VPD policies.
  I trust "My Positive Comment" may help!!
  Merry Christmas
  Si ;-)
  P.s This also may come in handy if running 10g http://www.stanford.edu/dept/itss/docs/oracle/10g/network.101/b10773/apdvpoli.htm
  Message was edited by:
  Simon Pittaway

• 2012R2 DC private network

  Disaster recovery scenario. 
  The domain controller has been backed up with proper VSS aware backup. 
  Restore the virtual machine to a target off-site datacenter. 
  Boot the VM and it is identified on a "Public/Private" network, hence it's not working at all. 
  Doesn't seem to matter what I do, it simply refuses to come online as "Domain Network". 
  My question is this: 
  How exactly does the NLS identify the domain network? 
  Things I tried already. 
  Disable/Enable NIC
  Set the awareness service to delayed start. 
  Manually removed all the network profiles from the registry, forcing a new identification. 
  Start up a 2003 DC before booting the 2012R2 DC. 
  Manually enable Network discovery on all network types. 
  Tried resetting the ipv4 stack with netsh. 
  The default gateway on the server does NOT reply to PING. 
  Is that necessary? 
  Any tips are greatly appreciated.

  In some instances, VMM cannot determine the network location by using NLA. This happens when a loopback adapter is used because it is not part a network, and on ESX Servers because the operating system on ESX Server hosts does not have an NLA feature. In
  these cases, you can manually enter the network location by selecting the
  Override discovered network location check box and then typing a name for the network location in the
  Network location box.
  https://technet.microsoft.com/en-us/library/ee236499.aspx
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• ASA 5505 VPN - how to access Two private networks

  Hello
  i have cisco 5505 and i confirgured a remote VPN clients.  here is my sceniro
  cisco switch 2950   ===  holds two private network 192.168.8.x  and 192.168.4.x
  vlan 2  outside interface -    Eth0/0       155.155.155.x
  Vlan 1 inside interface --       Eth 0/1    192.168.8.180
  VPN pool ip address  =  192.168.8.100 --110
  i drag i cable from my cisco switch and put in to Eth0/1. and i want to access this twor private networks 192.168.4.x and 192.168.8.x .
  now i can access to 192.168.8.x .
  but i can't access 192.168.4.x .. please can any one help me that.
  Regards
  Thomas

  configure a split tunnel list that contains the networks you want the client to access.
  Sent from Cisco Technical Support iPad App

• Can I add a wi-fi hotspot to my private network?

  I have an existing private network in our home consisting of cat5 outlets hard-wired to a Cisco 2900 Catalyst switch and wi-fi for the laptop and palm pilot is via a Linksys WRT54GX4 wired to the switch, which in turn is fed via direct bury cat5 from an exterior wireless broadband radio atop a tower. The current wi-fi is locked down with MAC address filtering, WPA-2 encryption and SSID off.
  I would like to add a public wi-fi hotspot for guests without exposing our network. (We host a gathering of motorcyclists from around North America, the kids have freinds over, etc.)
  I assume I will need to add a second wireless router or access point.
  What type of device do I need to add?
  Can I use the advanced routing features to control this, with or without isolating them by setting up a separate VLAN on the switch? 
  How would I configure this? 

  Hmmm. No responses, eh?
  Ah well, I think I may have found my answer. Does anyone have experience with the WRV200 or WRV210? They appear to feature multiple SSIDs (that can be hidden or exposed independently) and VLAN support. Am I correct in assuming that I could set up one VLAN for my private network, with it's own hidden SSID and encryption key and a second VLAN with a visible SSID and possibly a separate encryption key?
  Now, assuming all that works. How will the wireless get along with my existing SRX400 exquipment? Does the fact that the WRV210 only has 2 antennas compared to the 3 on my existing WRT5GX4 mean this one will be slower or have reduced range?

• I am using a verizion jetpack to wireless connect to an airport express next i want to connect a Airport extreme wired from toe express to create a second private network that has internet access via the jetpack

  Thanks for the help after looking over your sugesstion I did some additional troubleshooting which i should have done in the beginning and heres what i found
  Airport express is joined to and existing wireless network and i have internet access....all good
  I set up my Airport Extreme as follows:
                      Connect using :ethernet
                Ethernet Wan Port : automatic
                Connetion Sharing : Share a public IP address
  Tcpip      Configue IPv4: Using DHCP
  DHCP                   Begin address: 172.16.22.200
                             Ending address:  172.16.22.254
  Wireless    Create a wireless network
                           Wireless network name Test1
                            wpa2 security
  This is needed due to set ip address of device on this private network did not address NAT
  Conneted Express ethernet port to Extreme wan port
  All wired devices have internet access and i get a double nat status which ignore
  however my wireless device will not connect.... sometimes they will they want
  any suggestions

  Here are sceeen shots of the Express

• IP routing utilizing Verizon private network (GRE tunnel) with remote cellular gateways

  Okay, I give up, and think I have done my due diligence (I have been engrossed and fascinated spending many more hours than allotted to try and learn some of the finer details).  Time for some advice.  My usual trade is controls engineering which generally require only basic knowledge of networking principals.  However I recently took a job to integrate 100 or so lift stations scattered around a county into a central SCADA system.  I decided to use cellular technology to connect these remote sites back to the main SCADA system.  Well the infrastructure is now in and it’s time to get these things talking.  Basic topology description is as follows:  Each remote site has an Airlink LS300 gateway.  Attached to the gateway via Ethernet is a system controller that I will be polling via Modbus TCP from the main SCADA system.  The Airlinks are provisioned by Verizon utilizing a private network with static IP's.  This private networks address is 192.168.1.0/24.  Back at the central office the SCADA computer is sitting behind a Cisco 2911.  The LAN address of the central office is 192.168.11.0/24.  The 2911 is utilizing GRE tunnels that terminate with Verizon.  The original turn up was done with another contractor that did a basic config of the router which you will find below.  As it stands now I am pretty confident the tunnels are up and working (if I change a local computers subnet to 255.255.0.0 I can surprisingly reach the airlinks in the field), but this is obviously not the right way to solve the problem, not to mention I was unable to successfully poll the end devices on the other side of the Airlinks.  I think I understand just about every part of the config below and think it is just missing a few items to be complete.  I would greatly appreciate anyone’s help in getting this set up correctly.  I also have a few questions about the set up that still don’t make sense to me, you will find them below the config.  Thanks in advance.
  no aaa new-model
  ip cef
  ip dhcp excluded-address 10.10.10.1
  ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1 
   lease 0 2
  ip domain name yourdomain.com
  no ipv6 cef
  multilink bundle-name authenticated
  username cisco privilege 15 one-time secret 
  redundancy
  crypto isakmp policy 1
  encr 3des
  hash md5
   authentication pre-share
   group 2
  crypto isakmp key AbCdEf01294 address 99.101.15.99  
  crypto isakmp key AbCdEf01294 address 99.100.14.88 
  crypto ipsec transform-set VZW_TSET esp-3des esp-md5-hmac 
  mode transport
  crypto map VZW_VPNTUNNEL 1 ipsec-isakmp 
   description Verizon Wireless Tunnel
   set peer 99.101.15.99
   set peer 99.100.14.88
   set transform-set VZW_TSET 
   match address VZW_VPN
  interface Tunnel1
   description GRE Tunnel to Verizon Wireless
   ip address 172.16.200.2 255.255.255.252
   tunnel source 22.20.19.18
   tunnel destination 99.101.15.99
  interface Tunnel2
  description GRE Tunnel 2 to Verizon Wireless
   ip address 172.16.200.6 255.255.255.252
   tunnel source 22.20.19.18
   tunnel destination 99.100.14.88
  interface Embedded-Service-Engine0/0
   no ip address
   shutdown
  interface GigabitEthernet0/0
   description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
   ip address 10.10.10.1 255.255.255.248
   shutdown
   duplex auto
   speed auto
  interface GigabitEthernet0/1
   ip address 192.168.11.1 255.255.255.0
   duplex auto
   speed auto
  interface GigabitEthernet0/2
   ip address 22.20.19.18 255.255.255.0
  duplex full
   speed 100
   crypto map VZW_VPNTUNNEL
  router bgp 65505
   bgp log-neighbor-changes
   network 0.0.0.0
   network 192.168.11.0
   neighbor 172.16.200.1 remote-as 6167
   neighbor 172.16.200.5 remote-as 6167
  ip forward-protocol nd
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip route 0.0.0.0 0.0.0.0 22.20.19.19
  ip access-list extended VZW_VPN
   permit gre host 99.101.15.99 host 22.20.19.18
   permit icmp host 99.101.15.99 host 22.20.19.18
   permit esp host 99.101.15.99 host 22.20.19.18
   permit udp host 99.101.15.99 host 22.20.19.18 eq isakmp
   permit gre host 22.20.19.18 host 99.101.15.99
   permit gre host 22.20.19.18 host 99.100.14.88
  access-list 23 permit 10.10.10.0 0.0.0.7
  control-plane
  end
  So after spending countless hours analyzing every portion of this,  I think that adding one line to this will get it going (or at least closer).
  ip route 192.168.1.0 255.255.0.0 22.20.19.19
  That should allow my internal LAN to reach the Airlink gateways on the other side of the tunnel (I think)
  Now for a couple of questions for those that are still actually hanging around.
  #1 what is the purpose of the Ethernet address assigned to each tunnel?  I only see them being used in the BGP section where they are receiving routing tables from the Verizon side (is that correct?).  Why wouldn't or couldn't you just use the physical Ethernet address interface in its place (in the BGP section)?
  #2 is the config above correct in pointing the default route to the physical Ethernet address?  Does that force the packets into the tunnel, or shouldn’t you be pointing it towards the tunnel IP's (172.16.200.2)?  If the config above is correct then I should not need to add the route I described above as if I ping out to 192.168.1.X that should catch it and force it into the tunnel where Verizon would pick it up and know how to get it to its destination??
  #3 Will I need to add another permit to the VZW_VPN for TCP as in the end I need to be able to poll via Modbus which uses port 502 TCP.  Or is TCP implicit in some way with the GRE permit?
   I actually have alot more questions, but I will keep reading for now.
  I really appreciate the time you all took to trudge through this.  Also please feel free to point anything else out that I may have missed or that can be improved.  Have a great day!

  This post is a duplicate of this thread
  https://supportforums.cisco.com/discussion/12275476/proper-routing-lan-through-verizon-private-network-gre-airlink-gateways
  which has a response. I suggest that all discussion of this question be done through the other thread.
  HTH
  Rick