VPN Connect Kills LAN iChat Jabber

Similar Messages

• Is there a jabber client for iPad that will connect to Apple's iChat/jabber server?

  I've just purchased a third gen iPad and I'd like to be able to use the VPN connection in conjunction with an iChat client to communicate with my office's internal iChat/jabber server. However, none of the apps I've tried are able to successfully connect? I've tried Monal, IM+, IMO, munduIM OSE and Talkonaut. No joy.
  I use Messages (beta) on the desktop, but there's no way to setup anything other than an Apple ID in Messages on the iPad. I'd love to keep it unified.
  Any thoughts or suggestions? I've heard that Beejive is the way to go, but (call me a cheapskate) I don't want to pay for another app just to find out it won't do what I want!

  You almost certainly have a misconfigured router/firewall for jabber. I can confirm that OS X Lion Server works with the iPad and iPhone IM apps imo and BeeJiveIM.
  To track down your problem, which almost certainly is simply a port getting blocked or not forwarded at some point between your router and server, I'd suggest getting an nmap executable (e.g., get Xcode via app store, then macports, then sudo port install nmap) and download the old feature-rich Airport Utility 5.6 from Apple. First try this:
  $ nmap -p 5222 localhost
  $ nmap -p 5222 server_ip_on_LAN
  $ nmap -p 5222 server_ip_on_INTERNET
  This port should be open for each probe. When I first set up my server, Messages beta added a port forwarding entry on my Airport router, but this had a duplicate entry with another port forward, so I had to use Airport Utility 5.6 to track down and delete the superfluous port forward entry. I also had to use Server Admin to open all the iChat ports.
  One thing I was hoping for is an iOS app that supports video/voice over jabber, but all the apps I see are strictly IM. Can anyone recommend an app for this?

• IChat/AIM not working on VPN connection.

  hi!
  so, i'm an american studying in scotland this semester. at this university, there is a 'campus net' VPN connection that i had to configure onto my ibook in order to connect to the internet here. all of a sudden, nothing works--aim, ichat, msn...even my last.fm music doesn't scrobble. i was able to figure out how to connect to skype by looking at a friend's configurations but couldn't do the same with anything else. i already went into my firewall and tried to fix that, but i think it's the 'proxy' or something that is set up wrong in these applications. is there anyone out there who could help me out?!
  thanks!

  Just to let you know I'm experiencing the same problem, I'm at Newcastle Uni with a VPN connection. My AIM account works through iChat, but my Jabber one does not. I might be able to help you with your AIM through iChat. In iChat Preferences, go to your AIM account, there should be a tab on the top that says Server settings. In mine, the server is listed as login.oscar.aol.com with port number 5190. Under this, there should be a check box that says Connect using proxy. Ensure this is checked, as well as the check box below that which says Use System Preferences. This way, iChat should use the existing settings that are used by the rest of your system.
  Hope this helps, but I also hope someone else can help with my Jabber problem.

• Connecting two remote LANs through a VPN connection

  1)   
  I am trying to interconnect
  two LANs as you see below.
  2)   
  The scenario is to interconnecting two LANs with a
  single domain “domain.local” in order to have
  two domain controllers backing up each other. We already have a Domain Controller “SRVDC1.domain.local” in our local network “LAN1” and another Server which is going to be as both our
  secondary domain controller and VPN Server “SRVDC3.domain.local” in our remote network “LAN2” where is the
  Netelligent Network. I am trying to make these two servers (our two LANs)
  visible to each other by a MikroTik Cloud Router Switch solution.
  3)   
  I am using a
  MikroTik Router as a PPTP Client to VPN to our
  Remote Server SRVDC3 (87.75.45.66/29).
  4)   
  All the computers in
  LAN1, including Server SRVDC1, have a gateway set on “192.168.10.1” which is a
  Asus WiFi Router as a core switch which is connected to our Fiber Optic Translator. <o:p></o:p>
  5)   
  To prevent and minimize any down-time risk during the configuration, I have isolated one computer “table2pc5.domain.local” as sample of the
  whole network; by changing its gateway set to 192.168.10.6 (the
  Ether3-Slave-Lacal-interface on the MikroTikRouter).
  I am going to replace the “Asus WiFi Router” shown in the map, by the
  MikroTik Router later, after making sure that everything would work properly, so, everything is going to be naturalized after.
  6)   
  My
  solution simply can be explained as below:
  a.   
  Providing
  another interface in addition to “Netelligent Network” adapter.
  b.   
  To
  assign a LAN-based IP (in network range 192.168.10.0/24) to the added adapter (Microsoft Virtual Adapter)
  c.   
  Configuring
  SRVDC3 in Netelligent network “LAN2” as
  a Remote Access Server (VPN Server).
  d.   
  To provide a
  MikroTik Router/Firewall on the Edge of the
  LAN1 as VPN Client.
  e.   
  Configure
  MikroTik Router VPN PPTP connection to
  SRVDC3 via the Internet.
  f.     
  To have
  two LANs connected through a permanent VPN connection.
  7)   
  IP Addresses for the three EDGE-Devices (SRVDC1
  ßàMikroTik
  Router ßàSRVDC3)
  are as below:
  a.   
  SRVDC1:
  Interface:          
  Local Area Connection
  IP Address:          
  192.168.10.2/24
  Gateway:          
  192.168.10.1/24         
  (Asus WiFi Router)
  DHCP Server Pool:          
  192.168.10.1 – 192.168.10.254 (exclusions 10.1-10.50 , 10.50-10.99 , 10.200-10.254)
  b.   
  MikroTikRouter:
  Interface:          
  Local IP          
  IP Address:     192.168.88.1/24
  Interface:          
  Ether1-gateway-master         
  IP Address:     192.168.0.1/24
  Interface:          
  Ether2-master-local               
  IP Address:     192.168.88.1/24
  Interface:          
  ether3-slave-local                  
  IP Address:     192.168.10.6/24
  DHCP Server Pool:          
  192.168.10.1 – 192.168.102.254
  c.   
  SRVDC3:
  Interface:          
  Netelligent Network                
  IP Address:     87.75.45.66/29
  Gateway: 87.75.45.65/29
  Interface:          
  Microsoft Network Adapter     
  IP Address:     192.168.10.50/24
  Gateway: 192.168.11.1
  Interface:          
  PPP Adapter RAS                  
  IP Address:     192.168.11.1/24                      
  gateway:
  8)   
  The node “table7pc2.domain.local” is not able to see<o:p></o:p>
  Now, I would ask you to help me to realise this solution by helping me to find the Bad-Routing problem, and letting me know how to fix it.
  What NAT / Rout Paths or any configuration do I need to make this two LANs visible and recognizable to each other?
  I would introduce you critical nodes which play important roles in this configuration. I have tried to colour-mark them in order to have a better recognition once you take a look at the “Ping Result” table.
  The “Ping Result” table would give you an idea which nodes are able to see which others and where does problem hide itself?

  I got my own answer :D
  1) I have to right-click on my "Routing and Remote Access" Server.
  2) on IPv4 tab, I should define a static IP Pool. I had it done before; but since that I had chosen a wide range as 192.168.11.0/24, every time the router was taking a different IP address; so I should define a very small pool with two 2
  nodes as 192.168.11.1 and 192.168.11.2. In this way, I'll have the local address (router) as 192.168.11.2 and the remote address (my remote server) as 192.168.11.1
  3) After establishment of the PPTP connection successfully, I should add an static route to the "Netelligent Network" adapter. I had it done but in the RRAS routes, so that's why it didn't work. so:
  C:\SRVDC3>_ route -p add 192.168.10.0 mask 255.255.255.0 192.168.11.2
  [Enter]
  Now, I would be able to ping all of the computers whose their gateways are set on 192.168.10 (router)
  and If I wand to see all of the computers  at the first LAN, I have to put my router at the edge of the network, instead of the ASUS WiFi Router, then change it's IP address to 192.168.10.1 or alternatively set all of the computers gateways on 192.168.10.6.

• VPN connects when on LAN but not via WAN

  Hi Guys,
  I've recently configured a VPN on my SLS. I uses the following settings:
  L2TP over IPsec
  PPP Authentication: Directory Services: MS-CHAPv2
  Shared Secret: xxxxxxxxx
  Client Information:
  DNS Servers: 10.0.1.250 (my server) 10.0.1.1 (my airport extreme) - This is where I think I'm going wrong
  In my SLS firewall I've open every possible port for both L2TP, PPTP and all required directory authentication ports I believe. If there are any tricky ones please let me know
  I am able to successfully connect to the VPN and route all traffic to the delegated IP when on my local network. However when ever I'm away from that network - friends, work, and various other tested internet connections - I am unable to connect to the VPN.
  I've ruled out the SLS firewall by turning it of for several days and trying to connect at several locations. I've checked the log on the VPN and there is no record of even an attempt to connect.
  In Security of Server Preferences i have exposed the VPN on the airport extreme. I've tried both with and without port forwarding. As far as i know (correct me if I'm wrong) because I have my domain name resolving to my server then I don't need port forwarding. My DNS works for all other services on the SLS.
  Any ideas at to what I might be doing wrong? Things I could try to isolate the problem?
  Any suggestions would be very handy!
  Best
  -J

  Your Airport Extreme does not contain a DNS server.
  Ensure MobileMe is disabled at your Airport. That messes up VPN pass-through.
  From a remote network, confirm that all of the necessary ports are open via nmap or Applications > Utilities > Network Utility or other tools.
  Quadruple-check the list of ports (and preferably with a second and third technical resource), as the Apple documentation around L2TP port pass-through with Airport and Time Capsule is murky.
  Ensure that you don't have the same subnet on both ends of the VPN connection as that can interfere with IP routing.
  Also try testing with PPTP, in place of L2TP.
  I'm in the midst of tussling with a recalcitrant VPN router myself, but that's another topic.

• Native VPN tunnel kills wireless connection

  After ugprading to the Windows 10 Technical Preview, I noticed a new behaviour for all existing SSTP connections:
  - The client accepts the credentials and connects automatically
  - The client disconnects immediately after the succesful connection
  The reason I found is that immediately after connecting, the client drops the underlying wireless connection. This results in immediate termination of the VPN tunnel.
  So the question: Why is the wireless connection dropped? Is this configurable or is it a known bug?
  It's possible to reconnect to the Wireless network manually once the VPN tunnel is dropped.

  Update: I decided to downgrade to Win8.1 again. After the downgrade all exising SSTP VPN connections were gone. They must have been removed during the downgrade. Perhaps deleting / recreating the connections after the upgrade to Win10 would have solved
  the issue. Anyway there seems to be an issue with upgrading the network connections.

• Window 8.1 system unable to access network shares via VPN connection

  Is there something inherent to Windows 8.1 that prevents it from accessing shares on a domain?
  I know that it cannot join a domain, but does that also mean that it cannot access shares which are on a domain?
  My problem is that I have several user that are running windows 8.1 that are connecting to our network via a VPN.
  The users have domain accounts but their computers as windows 8.1 cannot joined to the domain.
  So to access network shares they have to use their domain credentials to create a VPN connection.
  Once connected the user can RDP to systems on the domain using their domain accounts, so I know that their user names/passwords and permissions are correct. They can access these systems using the computer name, so I don't feel that I have a DNS issue.
  They can see the shares on our file server, but when they try to access their departments shared file, they receive an access denied message. There are a few shares that are completely wide open, shared to all users and all departments but they cannot access
  those shares either.
  You can ping the file server, from the the client when they are connected to the VPN but you just cannot access any of the shares.
  So...
  I am thinking that it has something to do with windows 8.1 and not being able to join a domain, but I cannot find anything to explicitly support this thought.
  Other users running a variety different OS (windows 7, OSX, Linux) can all access the shares without any problems via the VPN, so I am a little stumped.

  I have done some more testing and oddly enough I can map a drive if I use the IPaddress, but not the computer name, when checking the check box "connect using different credentials"and providing they users domain credentials.
  This seems to point to a DNS issue, one would think, but I can hit the file share server by name \\fileserver.dev.lan
  I can see all the shares, so dns seems to be fine right?
  So I don't understand why I can map a drive using do the IPaddress and not the machine name, but yet I can see and ping the server by name?
  When I try to create a mapped drive by machine name I receive the following message:
  Windows cannot access \\fileserver.dev.lan\all
  You do not have permissions to access \\fileserver.dev.lan. contact your network administrator  to request access.
  But if I use the \\x.x.x.x\all using the very same user and password I get connected with no problem.
  This only seems to happen on windows 8.1, which leads me to think that has something to do with OS. 
  I am thinking about upgrading to windows 8.1 pro, but I don't want to go though the hassle and expanse is the OS is not the problem.

• ASA 5505 VPN Connection Issue

  Good morning everyone,
  At my last position I was IT Director whose area of expertise was database and application development. All of the company's networking planning and maintainence I entrusted to my sysadmin, Salvadore. Back in 2004 we began implementing major changes in the network. Salvadore recommended SonicWALL firewalls. He did a fantastic job of securing our valuable server assets. Among the many improvements Salvadore established VPN access to the datacenter assets for mobile employees. What I remember especially well was the ease-of-use: start the VPN Client then RDP to a server or connect with SQL Server, in addition to connecting to all devices on my home network. It was absolutely beautiful!
  Fast forward to today. I have since retired. I do a little bit of daytrading on the side for entertainment. I leased a dedicated server to run an application that runs continuously 24 hours a day, 5 days a week. I contacted Salvadore to do a security audit on the server. As expected the server was under constant assault by bots trying to hack the RDP port. Salvadore recommended a firewall. The datacenter host offered us two choices of Cisco firewalls, one of which we chose: ASA 5505.
  Today I have a secure server which pleases me. The one thing that bothers me however is that I lose access to my home network devices while the VPN Client is connected. Here are the symptoms:
  I cannot send an email with Outlook as I normally do by relaying off of my Internet provider's SMTP server.
  I cannot connect to the TradeStation servers with my TradeStation application using login credentials that are authorized for my home network only.
  I cannot access my Seagate network storage drive.
  This is what I discovered:
  My wireless adapter (which I use from this laptop) identifies itself as "Wireless LAN adapter Wireless Network Connection" in IPCONFIG. IPv4 address is 192.168.0.5. Default Gateway: 192.168.0.1.
  After I connect the VPN Client, IPCONFIG reports a new adapter: "Ethernet adapter Local Area Connection 2". IPv4 address is 10.0.10.4. Default Gateway: 10.0.10.1.
  When I launch Windows Task Manager and click on the Networking tab, I see those two adapters.
  When launch IE and go to bandwidthplace.com to run a test, I see all of the network traffic going over "Ethernet adapter Local Area Connection 2".
  When I disconnect VPN and then rerun the bandwidth test, I see that all of the network traffic now goes over "Wireless LAN adapter Wireless Network Connection".
  This explains all of the symptoms:
  My Internet Provider will only allow me to relay off of their email servers if I am connected to their network.
  TradeStation refuses connection to their network because my credentials do not match my network address.
  There is no Seagate network storage device on the remote server network.
  My questions to the Cisco Support Community are:
  Is this the best I can hope for?
  Must all traffic be routed through the VPN connection?
  Is there any way to route traffic destined for 10.0.*.* through VPN and everything else through the default connection?
  Thank you everyone for your help. I would be happy to provide additional detailed information.

  Hi Brian,
  you can route traffic destined to 10.0.*.* over the VPN and keep normal internet traffic unencrypted over the default connection - this setup is known as VPN Split Tunnelling.
  This doc shows how to setup the access control list and apply this to the tunnel policy.
  Hope this helps
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

• ASA 5510 Anyconnect VPN question-"Hairpin" vpn connection on same external interface

  I have a Cisco ASA 5510, I want to allow a VPN connection to be established by a client on one of the inside interfaces(10.20.x.x) to be able to go out the single External interface and get authenticated by the ASA to create a VPN tunnel to the other inside interface (10.0.X.X) and access resources on that subnet.
  Basically want clients on a WLAN to be able to VPN back in to the LAN with the ASA in the middle to get to company resources,
  Is this possible?
  Thanks,
  Tommy

  When we connect any VPN on a device then it is always a TO THE DEVICE connection and I am afraid we can connect only to the local / nearest interface where user is connected in a network with respect to ASA.
  I have seen this scenario working though earlier with one of my clients wherein he has configured his DNS server accordingly so that depending upon the source of the DNS request an appropriate IP address was provided for same DNS name. For example if user from IP address range 192.168.0.0 range connects to abc.com then it will get IP address 192.168.1.1 and if a user from range IP address10.0.0.0 connects then it will get 10.1.1.1.
  If we configure the same scenario as well then your requirement will be fulfiled with same name however VPN has to be enabled on wireless interface again. If not, then as you have described configuring a new domain name for VPN connection only for wireless users should do the deal.
  Regards,
  Anuj

• Can ASA5505 forward remote-access-VPN clients to LAN

  I currently have ASA-5505 and 2911-Router and I'm trying to configure VPN topology.
  Can ASA5505 forward remote-access-VPN clients to LAN operated by a different router?
  Are these two cases possible?:
  (1) ASA-5505 and 2911-Router are on separate WAN interfaces, each directly connected to ISP. But then can I connect one of other LAN interfaces of ASA-5505 into a switch managed by 2911-Router to inject remote-SSL-VPN clients into the LAN managed by the router?
  (2) ASA-5505 is behind 2911-Router. Can 2911 Router assign a public ip address or have public ip address VPN-access attempts directly be forwarded to ASA-5505 when there is only one public ip address available?
  Long put short, can ASA-5505 inject its remote-access-VPN clients as one of hosts on the LAN managed by 2911-router?
  Thanks.

  I could help you more if you can explain the purpose of this setup and the connectivity between the ASA and router.
  You can enable reverse-route on the Dynamic map on the ASA. The ASA will install a static route for the client on the routing table. You can use a Routing protocol to redistribute the static routes to your switch on the LAN side of the ASA.

• Cisco ASA 5505 Remote Access IP/Sec VPN Connectivity Issues

  We have a Cisco ASA that we use just for Remote Access VPN. It uses UDP and was working fine for about 2 months. Recently clients have had intermittent issues when connecting from home. The following message is display by the Cisco VPN Client :
  "Secure VPN connection terminated locally by the Client. Reason 412: The remote peer is no longer responding"
  Upon looking at a client side packet capture, I notice that no response is being given back to the client for the udp packets sent to the ASA on udp 500. If I login to the ASA from the LAN and send a single ping FROM the ASA, then the client can connect without issue. I don't understand the significance of the needed outbound ping since ping is not used by the client to test if the ASA is alive.
  Once again this is a remote access udp ip/sec VPN. I set most of it up with the VPN wizard and then backed up the config. The issue started happening at least a month after setup (maybe two) and I restored to the saved config just in-case, but the issue remains.
  Any insight would be greatly appreciated.
  I'm using IOS 831 and have tried 821 and 823 as one thread that I found recommended downgraded to 821.
  Thanks much,
  Justin

  Javier,
  I logged into the ASA last time the VPN went down. I issued the following commands:
  debug crypto isakmp 190
  debug crypto ipsec 190
  capture outside-cap interface outside match udp any any
  I then used a remote access tool to access the client and tried to connect. I got absolutely nothing from debugging. So I issued the following command:
  show capture outside | include 500
  and also got nothing. So I issued the following command:
  ping 4.2.2.2
  Upon which my normal deug messaged began to showup, so I issued the show capture outside command again and recieved the expected output below:
     1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 868
     2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 444
     3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 172
     4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
     5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
     6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
     7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 60
     8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 204
     9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
    10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 252
    11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 868
    12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 444
    13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 172
    14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
    15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
    16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
    17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
    18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 204
    19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 252
    20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 1036
    21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
    22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 188
    23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
    34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
    35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
    70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 100
  174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 500
  377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000:  udp 100    1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 868
     2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 444
     3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 172
     4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
     5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
     6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
     7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 60
     8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 204
     9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
    10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 252
    11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 868
    12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 444
    13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 172
    14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
    15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
    16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
    17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
    18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 204
    19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 252
    20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 1036
    21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
    22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 188
    23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
    34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
    35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
    70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 100
  174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 500
  377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000:  udp 100
  It would seem as if no traffic reached the ASA until some outbound traffic to an arbitrary public IP. In this case I sent an echo request to a public DNS server. It seems almost like a state-table issue although I don't know how ICMP ties in.
  Once again, any insight would be greatly appreciated.
  Thanks,
  Justin

• One VPN connection at a time.

  I have an issue with the Cisco 4.01 VPN client connecting more then one connection.
  I have it set to connect to the remote sight using the following parameters
  Group Authentication
  Transparent Tunneling with IPSec over UDP (Nat / Pat)
  I have also selected allow local LAN access
  I am connecting to the remote network through a Sonicwall firewall to the remote Cisco device.
  I have no problem getting connected to the remote network. All connection attempts work.
  If I have a VPN connection connected and active the next connection that is made disconnects the first one. This is repeatable and constant. So each connection is successful but it always disconnects any session that is active from that location.
  Multiple sessions are possible as long as they don’t originate from the one site. In other words workers working from home do not affect workers working from the main office.
  Any Ideas as to what may be causing this?

  just wondering what sort of cisco device we are discussing here.
  the issue maybe related to the vpn client pool.
  e.g. the pool should start with x.x.x.1, not an entire subnet.

• Branch Office DC Demand Dial VPN connection keeps failing

  here is me issue
  Our Branch Office DC is connected to Main Office DC with a Demand Dial Connection in RRAS Everything is connected fine for a little bit then its like the connection just gives out, it stays connected but i cannot ping the branch office DC with the local
  IP from the Main Office or access any network shares on it. When this happens i have to disconnect the server at the remote office and wait for it to reconnect im currently baffled as there are no Error LOGS to help me along and there doesnt seem to be anything
  that would be causing the issue for now until i get some answers as to what is going on i opened a command prompt on the DC here at the main office and i typed "ping 10.141.70.25 -t100" to monitor the connection more or less and when i see it timeout
  i reconnect it, i also have the networking tab open in task manager to monitor the LAN and RAS (Dial-In) Interface  the LAN doesnt seem too active but the RAS Interface does its got a constant network utilization of 0.28% and the Demand Dial interface
  on the remote office DC has a Utilization of 0.38% (Server Just disconnected as i was typing this and the utilization on the VPN connections on both servers went through the roof) heres the troubleshooting i have tried so far
  1. Rebooted both office DC`s at the same time
  2. Rebooted the branch office DC alone (this helped a little because the connection is staying active longer without fail)
  3. looked through all RRAS configuration on both servers to see if theres any mistakes by any other administrators (None Were Found)
  4. Used wireshark to see if there was anything interfering or that would cause this to happen (Nothing found)
  5. manually connected to the server in multiple ways like accessing network shares and remote management via MMC and manually making the servers replicate to see if any of that was causing issues and it wasnt
  My thoughts: im starting to think it may be a switch or something causing the connection issue at the branch office because the main office has all new routers and switches and just recently got a 100.00MBPS connection but nothing was affected for a good
  month so im not thinking it is the new connection or anything at the main office if theres something im overlooking here please let me know if some ipconfig /all results are needed i can provide them
  Viper Technologies Computer Repair Putting The Venomus Bite Back In Your Computer We Are Located In Antigonish ,NS Canada Check Us Out HTTP://WWW.VIPERTECHNOLOGIES.TK

  Hi,
  Are there any error messages on the event log ?
  Meanwhile, it is more network issue, i think you may ask in network forums:
  http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverNIS
  Regards.
  Vivian Wang

• UNABLE TO ACCESS THE INTERNET FROM LOCAL PROVIDER ON A SITE-TO-SITE VPN CONNECTION

  Dear All,
  I have a site-to-site connection  from point A to point B. From point B i am unable to access the internet from local internet provider.
  I am trying to ping from 192.168.20.1 the dns 8.8.8.8   but i receive the  message "destination net unreachable".
  When i run "show ip nat translation" i receive nothing.
  The vpn connection is working properly, i can ping the other side 192.168.10/24
  Below is the configuration of the cisco router on point B.
  dot11 syslog
  ip source-route
  no ip dhcp use vrf connected
  ip dhcp excluded-address 192.168.21.254
  ip dhcp pool voice
   network 192.168.21.0 255.255.255.0
   default-router 192.168.21.254 
   option 150 ip 192.168.5.10 
  ip cef
  ip domain name neocleous.ru
  ip inspect name IOS_FIREWALL tcp
  ip inspect name IOS_FIREWALL udp
  ip inspect name IOS_FIREWALL icmp
  ip inspect name IOS_FIREWALL h323
  ip inspect name IOS_FIREWALL http
  ip inspect name IOS_FIREWALL https
  ip inspect name IOS_FIREWALL skinny
  ip inspect name IOS_FIREWALL sip
  no ipv6 cef
  multilink bundle-name authenticated
  vty-async
  isdn switch-type primary-net5
  redundancy
  crypto isakmp policy 5
   hash md5
   authentication pre-share
   group 2
  crypto isakmp policy 10
   encr aes
   authentication pre-share
   group 2
   lifetime 28800
  crypto isakmp policy 50
   encr 3des
   hash md5
   authentication pre-share
   group 2
  crypto isakmp key Pb85heuvMde9Wdac5Qohha7lziIf142u address [ip address]
  crypto isakmp invalid-spi-recovery
  crypto isakmp keepalive 10
  crypto ipsec transform-set TRANSET esp-aes esp-sha-hmac 
  crypto ipsec transform-set TRANSET2 esp-des esp-md5-hmac 
  crypto ipsec df-bit clear
  crypto map CryptoMAP1 ipsec-isakmp 
   set peer [ip address]
   set transform-set TRANSET 
   match address CryptoACL
  interface FastEthernet0/0
   description Primary Provider
   ip address [PUBLIC IP MAIN PROVIDER] 255.255.255.252
   ip access-group outside_acl in
   ip mtu 1390
   ip nat outside
   ip virtual-reassembly in
   load-interval 30
   duplex auto
   speed auto
   crypto map CryptoCY
   crypto ipsec df-bit clear
  interface FastEthernet0/1
   description TO LAN
   no ip address
   load-interval 30
   speed 100
   full-duplex
  interface FastEthernet0/1.1
   description DATA VLAN
   encapsulation dot1Q 20
   ip address 192.168.20.254 255.255.255.0
   ip access-group inside_acl in
   ip nat inside
   ip inspect IOS_FIREWALL in
   ip virtual-reassembly in
   ip tcp adjust-mss 1379
  interface FastEthernet0/1.2
   description VOICE VLAN
   encapsulation dot1Q 21
   ip address 192.168.21.254 255.255.255.0
  interface Serial0/2/0:15
   no ip address
   encapsulation hdlc
   isdn switch-type primary-net5
   isdn incoming-voice voice
   no cdp enable
  interface FastEthernet0/3/0
   no ip address
   ip access-group outside_acl in
   ip nat outside
   ip virtual-reassembly in
   shutdown
   duplex auto
   speed auto
   crypto map CryptoCY
  ip local pool VPNPool 192.168.23.2 192.168.23.10
  ip forward-protocol nd
  ip http server
  no ip http secure-server
  ip nat inside source list nat_list interface FastEthernet0/3/0 overload
  ip route 0.0.0.0 0.0.0.0 [default gateway ip]
  ip access-list standard VTY
    permit 192.168.20.0 0.0.0.255
  ip access-list extended CryptoACL
   permit ip 192.168.20.0 0.0.0.255 192.168.3.0 0.0.0.255
   permit ip 192.168.21.0 0.0.0.255 192.168.5.0 0.0.0.255
   permit ip 192.168.21.0 0.0.0.255 192.168.6.0 0.0.0.255
   permit ip 192.168.21.0 0.0.0.255 192.168.12.0 0.0.0.255
   permit ip 192.168.21.0 0.0.0.255 192.168.2.0 0.0.0.255
   permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
   permit ip host 192.168.22.1 192.168.5.0 0.0.0.255
   permit ip host 192.168.20.1 192.168.5.0 0.0.0.255
   permit ip host 192.168.22.1 192.168.6.0 0.0.0.255
  ip access-list extended DFBIT_acl
   permit tcp any any
  ip access-list extended inside_acl
   permit ip 192.168.20.0 0.0.0.255 host 192.168.3.35
   permit ip 192.168.20.0 0.0.0.255 host 192.168.3.39
   permit ip 192.168.20.0 0.0.0.255 host 192.168.3.23
   permit ip 192.168.20.0 0.0.0.255 host 192.168.3.18
   permit ip 192.168.20.0 0.0.0.255 host 192.168.3.55
   permit ip 192.168.20.0 0.0.0.255 host 192.168.10.144
   permit ip 192.168.20.0 0.0.0.255 host 192.168.10.146
   permit ip 192.168.20.0 0.0.0.255 host 192.168.10.141
   permit ip host 192.168.20.253 host 192.168.3.21
   permit ip host 192.168.20.254 host 192.168.3.21
   permit ip 192.168.20.0 0.0.0.255 host 192.168.3.10
   permit ip 192.168.20.0 0.0.0.255 host 192.168.20.254
  ip access-list extended nat_list
   deny   ip host 192.168.20.254 192.168.10.0 0.0.0.255
   deny   ip host 192.168.20.254 192.168.3.0 0.0.0.255
   deny   ip host 192.168.20.1 192.168.3.0 0.0.0.255
   deny   ip host 192.168.20.1 192.168.10.0 0.0.0.255
   deny   ip host 192.168.20.2 192.168.3.0 0.0.0.255
   deny   ip host 192.168.20.2 192.168.10.0 0.0.0.255
   permit ip host 192.168.20.1 any
   permit ip host 192.168.20.2 any
   permit ip host 192.168.20.254 any
  ip access-list extended outside_acl
   permit gre any host [ip address]
   permit esp any host [ip address]
   deny   ip any any
  ip sla 2
   icmp-echo 192.168.10.254 source-interface FastEthernet0/1.1
   frequency 180
   timeout 500
  ip sla schedule 2 life forever start-time now
  logging 192.168.3.21
  route-map DFBIT_routemap permit 10
   match ip address DFBIT_acl
   set ip df 0
  route-map ISP2 permit 10
   match ip address nat_list
   match interface FastEthernet0/3/0
  route-map nonat permit 10
   match ip address nonat_acl
  route-map ISP1 permit 10
   match ip address nat_list
   match interface FastEthernet0/0

  You cannot access internet, because all traffic is tunneled for VPN !!!!
  Please see cisco tech documentation and bypass traffic for internet.
  eg.  if lan traffic is going from site a to site b  then through vpn
        else
         lan traffic to internet (any) should be out thorugh the vpn .

• VPN connection drops after 1 minute or less

  Hi All,
  not sure if this is a server-side or client-side issue. Trying to establish a VPN connection from an MBP to my Mac Mini server (L2TP over IPSec, Shared Secret w/ Password authentication) I manage to connect, authenticate and establish a connection. However, after about 45-60 seconds I see no more traffic (from the remote LAN) coming through to the MBP. The status indicator still shows that the tunnel is up but I just don't get any further response from the server. I can still get to the web, however, the traceroute seems to indicate that this traffic is flowing outside the VPN tunnel (whether the "Send all traffic over VPN connection" option on the MBP is selected or not).
  I've tried this with all combinations of 10.6.5 and 10.6.6 to no avail. It is possible to keep the tunnel alive just a little longer if I keep a ping to the server going on the MBP, but this eventually gets lost as well.
  I've determined that there are some changes in the routing tables on the MBP whilst this is going on:
  Last login: Thu Jan 20 09:45:37 on ttys001
  guava:~ mark$ netstat -rn
  Routing tables
  ## Normal Connection
  Internet:
  Destination Gateway Flags Refs Use Netif Expire
  default 10.149.16.1 UGSc 13 0 en1
  10.149.16/22 link#6 UCS 2 0 en1
  10.149.16.1 0:0:5e:0:1:8e UHLWI 13 17 en1 1038
  10.149.18.96 127.0.0.1 UHS 0 0 lo0
  10.149.19.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 en1
  127 127.0.0.1 UCS 0 0 lo0
  127.0.0.1 127.0.0.1 UH 0 176 lo0
  169.254 link#6 UCS 0 0 en1
  192.168.0 link#8 UC 1 0 vmnet8
  192.168.0.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 vmnet8
  192.168.106 link#7 UC 1 0 vmnet1
  192.168.106.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 vmnet1
  guava:~ mark$ netstat -rn
  Routing tables
  ## VPN Connection Alive
  Internet:
  Destination Gateway Flags Refs Use Netif Expire
  default 10.149.16.1 UGSc 2 0 en1
  default 192.168.1.180 UGScI 0 0 ppp0
  10.149.16/22 link#6 UCS 3 0 en1
  10.149.16.1 0:0:5e:0:1:8e UHLWI 3 0 en1 1198
  10.149.18.96 127.0.0.1 UHS 0 0 lo0
  10.149.19.255 ff:ff:ff:ff:ff:ff UHLWbI 1 8 en1
  xx.xxx.xxx.xxx 10.149.16.1 UGHS 1 34 en1
  127 127.0.0.1 UCS 0 0 lo0
  127.0.0.1 127.0.0.1 UH 0 176 lo0
  169.254 link#6 UCS 0 0 en1
  192.168.0 link#8 UC 1 0 vmnet8
  192.168.0.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 vmnet8
  192.168.1 ppp0 USc 0 0 ppp0
  192.168.1.180 192.168.1.160 UH 7 33 ppp0
  192.168.106 link#7 UC 1 0 vmnet1
  192.168.106.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 vmnet1
  guava:~ mark$ netstat -rn
  Routing tables
  ## VPN Connection but no net traffic coming back from server
  Internet:
  Destination Gateway Flags Refs Use Netif Expire
  default 10.149.16.1 UGSc 11 0 en1
  default 192.168.1.180 UGScI 0 0 ppp0
  10.149.16/22 link#6 UCS 1 0 en1
  10.149.16.1 0:0:5e:0:1:8e UHLWI 13 0 en1 1154
  10.149.18.96 127.0.0.1 UHS 0 0 lo0
  xx.xxx.xxx.xxx 10.149.16.1 UGHS 2 1644 en1
  127 127.0.0.1 UCS 0 0 lo0
  127.0.0.1 127.0.0.1 UH 0 176 lo0
  169.254 link#6 UCS 0 0 en1
  192.168.0 link#8 UC 0 0 vmnet8
  192.168.1 ppp0 USc 1 0 ppp0
  192.168.1.180 192.168.1.160 UH 21 1635 ppp0
  192.168.106 link#7 UC 0 0 vmnet1
  The MBP is connected via WiFi to a router which gives it 10.149.18.96. The remote network is on 192.168.1.0/24. The VPN server (as well as the DNS and DHCP server) are on machine 192.168.1.180 (the Mac Mini).
  Neither the MBP nor the server logs really contain anything useful which would indicate why this is failing.
  It looks as though this issue has been there for quite a long time in some form:
  - http://discussions.apple.com/thread.jspa?threadID=1208715
  - http://discussions.apple.com/message.jspa?messageID=10958263
  - http://discussions.apple.com/thread.jspa?threadID=2462874
  This is incredibly frustrating and I cannot understand while Apple has not done anything about this. Is there anyone here that is having the same problem and has possibly made some headway on this? Any suggestions would be highly appreciated!
  Thanks.
  Mark

  First guess would be a faulty Openreach VDSL modem (the white box).
  Call 0800 111 4567, explain the problem. Be polite but firm and insist on an engineer visit. The engineer will test the line and probably replace the modem.