VPN Connect Kills LAN iChat Jabber
We use Jabber for internal LAN communications. I have a VPN set up to another office for file sharing and ARD.
As soon as I connect the VPN, Jabber goes down on my computer.
If I terminated the VPN connection, Jabber re-connects. It's repeatable each time.
Sounds like a port conflict but I don't know where to start looking...
Jabber in iChat users ports 5220, 5222, 5223 on TCP.
5223 is older Jabber servers and GoogleTalk logins.
5222 is most Jabber Logins
5220 is for other stuff like file sending within Jabber.
http://support.apple.com/kb/HT1507?viewlocale=en_US
Apple Remote Desktop normally uses port 5988 where as VPN usually uses port 5900
http://support.apple.com/kb/TS1629
That should get you started.
10:39 PM Tuesday; May 5, 2009
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
Similar Messages
-
Is there a jabber client for iPad that will connect to Apple's iChat/jabber server?
I've just purchased a third gen iPad and I'd like to be able to use the VPN connection in conjunction with an iChat client to communicate with my office's internal iChat/jabber server. However, none of the apps I've tried are able to successfully connect? I've tried Monal, IM+, IMO, munduIM OSE and Talkonaut. No joy.
I use Messages (beta) on the desktop, but there's no way to setup anything other than an Apple ID in Messages on the iPad. I'd love to keep it unified.
Any thoughts or suggestions? I've heard that Beejive is the way to go, but (call me a cheapskate) I don't want to pay for another app just to find out it won't do what I want!You almost certainly have a misconfigured router/firewall for jabber. I can confirm that OS X Lion Server works with the iPad and iPhone IM apps imo and BeeJiveIM.
To track down your problem, which almost certainly is simply a port getting blocked or not forwarded at some point between your router and server, I'd suggest getting an nmap executable (e.g., get Xcode via app store, then macports, then sudo port install nmap) and download the old feature-rich Airport Utility 5.6 from Apple. First try this:
$ nmap -p 5222 localhost
$ nmap -p 5222 server_ip_on_LAN
$ nmap -p 5222 server_ip_on_INTERNET
This port should be open for each probe. When I first set up my server, Messages beta added a port forwarding entry on my Airport router, but this had a duplicate entry with another port forward, so I had to use Airport Utility 5.6 to track down and delete the superfluous port forward entry. I also had to use Server Admin to open all the iChat ports.
One thing I was hoping for is an iOS app that supports video/voice over jabber, but all the apps I see are strictly IM. Can anyone recommend an app for this? -
IChat/AIM not working on VPN connection.
hi!
so, i'm an american studying in scotland this semester. at this university, there is a 'campus net' VPN connection that i had to configure onto my ibook in order to connect to the internet here. all of a sudden, nothing works--aim, ichat, msn...even my last.fm music doesn't scrobble. i was able to figure out how to connect to skype by looking at a friend's configurations but couldn't do the same with anything else. i already went into my firewall and tried to fix that, but i think it's the 'proxy' or something that is set up wrong in these applications. is there anyone out there who could help me out?!
thanks!Just to let you know I'm experiencing the same problem, I'm at Newcastle Uni with a VPN connection. My AIM account works through iChat, but my Jabber one does not. I might be able to help you with your AIM through iChat. In iChat Preferences, go to your AIM account, there should be a tab on the top that says Server settings. In mine, the server is listed as login.oscar.aol.com with port number 5190. Under this, there should be a check box that says Connect using proxy. Ensure this is checked, as well as the check box below that which says Use System Preferences. This way, iChat should use the existing settings that are used by the rest of your system.
Hope this helps, but I also hope someone else can help with my Jabber problem. -
Connecting two remote LANs through a VPN connection
1)
I am trying to interconnect
two LANs as you see below.
2)
The scenario is to interconnecting two LANs with a
single domain “domain.local” in order to have
two domain controllers backing up each other. We already have a Domain Controller “SRVDC1.domain.local” in our local network “LAN1” and another Server which is going to be as both our
secondary domain controller and VPN Server “SRVDC3.domain.local” in our remote network “LAN2” where is the
Netelligent Network. I am trying to make these two servers (our two LANs)
visible to each other by a MikroTik Cloud Router Switch solution.
3)
I am using a
MikroTik Router as a PPTP Client to VPN to our
Remote Server SRVDC3 (87.75.45.66/29).
4)
All the computers in
LAN1, including Server SRVDC1, have a gateway set on “192.168.10.1” which is a
Asus WiFi Router as a core switch which is connected to our Fiber Optic Translator. <o:p></o:p>
5)
To prevent and minimize any down-time risk during the configuration, I have isolated one computer “table2pc5.domain.local” as sample of the
whole network; by changing its gateway set to 192.168.10.6 (the
Ether3-Slave-Lacal-interface on the MikroTikRouter).
I am going to replace the “Asus WiFi Router” shown in the map, by the
MikroTik Router later, after making sure that everything would work properly, so, everything is going to be naturalized after.
6)
My
solution simply can be explained as below:
a.
Providing
another interface in addition to “Netelligent Network” adapter.
b.
To
assign a LAN-based IP (in network range 192.168.10.0/24) to the added adapter (Microsoft Virtual Adapter)
c.
Configuring
SRVDC3 in Netelligent network “LAN2” as
a Remote Access Server (VPN Server).
d.
To provide a
MikroTik Router/Firewall on the Edge of the
LAN1 as VPN Client.
e.
Configure
MikroTik Router VPN PPTP connection to
SRVDC3 via the Internet.
f.
To have
two LANs connected through a permanent VPN connection.
7)
IP Addresses for the three EDGE-Devices (SRVDC1
ßàMikroTik
Router ßàSRVDC3)
are as below:
a.
SRVDC1:
Interface:
Local Area Connection
IP Address:
192.168.10.2/24
Gateway:
192.168.10.1/24
(Asus WiFi Router)
DHCP Server Pool:
192.168.10.1 – 192.168.10.254 (exclusions 10.1-10.50 , 10.50-10.99 , 10.200-10.254)
b.
MikroTikRouter:
Interface:
Local IP
IP Address: 192.168.88.1/24
Interface:
Ether1-gateway-master
IP Address: 192.168.0.1/24
Interface:
Ether2-master-local
IP Address: 192.168.88.1/24
Interface:
ether3-slave-local
IP Address: 192.168.10.6/24
DHCP Server Pool:
192.168.10.1 – 192.168.102.254
c.
SRVDC3:
Interface:
Netelligent Network
IP Address: 87.75.45.66/29
Gateway: 87.75.45.65/29
Interface:
Microsoft Network Adapter
IP Address: 192.168.10.50/24
Gateway: 192.168.11.1
Interface:
PPP Adapter RAS
IP Address: 192.168.11.1/24
gateway:
8)
The node “table7pc2.domain.local” is not able to see<o:p></o:p>
Now, I would ask you to help me to realise this solution by helping me to find the Bad-Routing problem, and letting me know how to fix it.
What NAT / Rout Paths or any configuration do I need to make this two LANs visible and recognizable to each other?
I would introduce you critical nodes which play important roles in this configuration. I have tried to colour-mark them in order to have a better recognition once you take a look at the “Ping Result” table.
The “Ping Result” table would give you an idea which nodes are able to see which others and where does problem hide itself?I got my own answer :D
1) I have to right-click on my "Routing and Remote Access" Server.
2) on IPv4 tab, I should define a static IP Pool. I had it done before; but since that I had chosen a wide range as 192.168.11.0/24, every time the router was taking a different IP address; so I should define a very small pool with two 2
nodes as 192.168.11.1 and 192.168.11.2. In this way, I'll have the local address (router) as 192.168.11.2 and the remote address (my remote server) as 192.168.11.1
3) After establishment of the PPTP connection successfully, I should add an static route to the "Netelligent Network" adapter. I had it done but in the RRAS routes, so that's why it didn't work. so:
C:\SRVDC3>_ route -p add 192.168.10.0 mask 255.255.255.0 192.168.11.2
[Enter]
Now, I would be able to ping all of the computers whose their gateways are set on 192.168.10 (router)
and If I wand to see all of the computers at the first LAN, I have to put my router at the edge of the network, instead of the ASUS WiFi Router, then change it's IP address to 192.168.10.1 or alternatively set all of the computers gateways on 192.168.10.6. -
VPN connects when on LAN but not via WAN
Hi Guys,
I've recently configured a VPN on my SLS. I uses the following settings:
L2TP over IPsec
PPP Authentication: Directory Services: MS-CHAPv2
Shared Secret: xxxxxxxxx
Client Information:
DNS Servers: 10.0.1.250 (my server) 10.0.1.1 (my airport extreme) - This is where I think I'm going wrong
In my SLS firewall I've open every possible port for both L2TP, PPTP and all required directory authentication ports I believe. If there are any tricky ones please let me know
I am able to successfully connect to the VPN and route all traffic to the delegated IP when on my local network. However when ever I'm away from that network - friends, work, and various other tested internet connections - I am unable to connect to the VPN.
I've ruled out the SLS firewall by turning it of for several days and trying to connect at several locations. I've checked the log on the VPN and there is no record of even an attempt to connect.
In Security of Server Preferences i have exposed the VPN on the airport extreme. I've tried both with and without port forwarding. As far as i know (correct me if I'm wrong) because I have my domain name resolving to my server then I don't need port forwarding. My DNS works for all other services on the SLS.
Any ideas at to what I might be doing wrong? Things I could try to isolate the problem?
Any suggestions would be very handy!
Best
-JYour Airport Extreme does not contain a DNS server.
Ensure MobileMe is disabled at your Airport. That messes up VPN pass-through.
From a remote network, confirm that all of the necessary ports are open via nmap or Applications > Utilities > Network Utility or other tools.
Quadruple-check the list of ports (and preferably with a second and third technical resource), as the Apple documentation around L2TP port pass-through with Airport and Time Capsule is murky.
Ensure that you don't have the same subnet on both ends of the VPN connection as that can interfere with IP routing.
Also try testing with PPTP, in place of L2TP.
I'm in the midst of tussling with a recalcitrant VPN router myself, but that's another topic. -
Native VPN tunnel kills wireless connection
After ugprading to the Windows 10 Technical Preview, I noticed a new behaviour for all existing SSTP connections:
- The client accepts the credentials and connects automatically
- The client disconnects immediately after the succesful connection
The reason I found is that immediately after connecting, the client drops the underlying wireless connection. This results in immediate termination of the VPN tunnel.
So the question: Why is the wireless connection dropped? Is this configurable or is it a known bug?
It's possible to reconnect to the Wireless network manually once the VPN tunnel is dropped.Update: I decided to downgrade to Win8.1 again. After the downgrade all exising SSTP VPN connections were gone. They must have been removed during the downgrade. Perhaps deleting / recreating the connections after the upgrade to Win10 would have solved
the issue. Anyway there seems to be an issue with upgrading the network connections. -
Window 8.1 system unable to access network shares via VPN connection
Is there something inherent to Windows 8.1 that prevents it from accessing shares on a domain?
I know that it cannot join a domain, but does that also mean that it cannot access shares which are on a domain?
My problem is that I have several user that are running windows 8.1 that are connecting to our network via a VPN.
The users have domain accounts but their computers as windows 8.1 cannot joined to the domain.
So to access network shares they have to use their domain credentials to create a VPN connection.
Once connected the user can RDP to systems on the domain using their domain accounts, so I know that their user names/passwords and permissions are correct. They can access these systems using the computer name, so I don't feel that I have a DNS issue.
They can see the shares on our file server, but when they try to access their departments shared file, they receive an access denied message. There are a few shares that are completely wide open, shared to all users and all departments but they cannot access
those shares either.
You can ping the file server, from the the client when they are connected to the VPN but you just cannot access any of the shares.
So...
I am thinking that it has something to do with windows 8.1 and not being able to join a domain, but I cannot find anything to explicitly support this thought.
Other users running a variety different OS (windows 7, OSX, Linux) can all access the shares without any problems via the VPN, so I am a little stumped.I have done some more testing and oddly enough I can map a drive if I use the IPaddress, but not the computer name, when checking the check box "connect using different credentials"and providing they users domain credentials.
This seems to point to a DNS issue, one would think, but I can hit the file share server by name \\fileserver.dev.lan
I can see all the shares, so dns seems to be fine right?
So I don't understand why I can map a drive using do the IPaddress and not the machine name, but yet I can see and ping the server by name?
When I try to create a mapped drive by machine name I receive the following message:
Windows cannot access \\fileserver.dev.lan\all
You do not have permissions to access \\fileserver.dev.lan. contact your network administrator to request access.
But if I use the \\x.x.x.x\all using the very same user and password I get connected with no problem.
This only seems to happen on windows 8.1, which leads me to think that has something to do with OS.
I am thinking about upgrading to windows 8.1 pro, but I don't want to go though the hassle and expanse is the OS is not the problem. -
Good morning everyone,
At my last position I was IT Director whose area of expertise was database and application development. All of the company's networking planning and maintainence I entrusted to my sysadmin, Salvadore. Back in 2004 we began implementing major changes in the network. Salvadore recommended SonicWALL firewalls. He did a fantastic job of securing our valuable server assets. Among the many improvements Salvadore established VPN access to the datacenter assets for mobile employees. What I remember especially well was the ease-of-use: start the VPN Client then RDP to a server or connect with SQL Server, in addition to connecting to all devices on my home network. It was absolutely beautiful!
Fast forward to today. I have since retired. I do a little bit of daytrading on the side for entertainment. I leased a dedicated server to run an application that runs continuously 24 hours a day, 5 days a week. I contacted Salvadore to do a security audit on the server. As expected the server was under constant assault by bots trying to hack the RDP port. Salvadore recommended a firewall. The datacenter host offered us two choices of Cisco firewalls, one of which we chose: ASA 5505.
Today I have a secure server which pleases me. The one thing that bothers me however is that I lose access to my home network devices while the VPN Client is connected. Here are the symptoms:
I cannot send an email with Outlook as I normally do by relaying off of my Internet provider's SMTP server.
I cannot connect to the TradeStation servers with my TradeStation application using login credentials that are authorized for my home network only.
I cannot access my Seagate network storage drive.
This is what I discovered:
My wireless adapter (which I use from this laptop) identifies itself as "Wireless LAN adapter Wireless Network Connection" in IPCONFIG. IPv4 address is 192.168.0.5. Default Gateway: 192.168.0.1.
After I connect the VPN Client, IPCONFIG reports a new adapter: "Ethernet adapter Local Area Connection 2". IPv4 address is 10.0.10.4. Default Gateway: 10.0.10.1.
When I launch Windows Task Manager and click on the Networking tab, I see those two adapters.
When launch IE and go to bandwidthplace.com to run a test, I see all of the network traffic going over "Ethernet adapter Local Area Connection 2".
When I disconnect VPN and then rerun the bandwidth test, I see that all of the network traffic now goes over "Wireless LAN adapter Wireless Network Connection".
This explains all of the symptoms:
My Internet Provider will only allow me to relay off of their email servers if I am connected to their network.
TradeStation refuses connection to their network because my credentials do not match my network address.
There is no Seagate network storage device on the remote server network.
My questions to the Cisco Support Community are:
Is this the best I can hope for?
Must all traffic be routed through the VPN connection?
Is there any way to route traffic destined for 10.0.*.* through VPN and everything else through the default connection?
Thank you everyone for your help. I would be happy to provide additional detailed information.Hi Brian,
you can route traffic destined to 10.0.*.* over the VPN and keep normal internet traffic unencrypted over the default connection - this setup is known as VPN Split Tunnelling.
This doc shows how to setup the access control list and apply this to the tunnel policy.
Hope this helps
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml -
ASA 5510 Anyconnect VPN question-"Hairpin" vpn connection on same external interface
I have a Cisco ASA 5510, I want to allow a VPN connection to be established by a client on one of the inside interfaces(10.20.x.x) to be able to go out the single External interface and get authenticated by the ASA to create a VPN tunnel to the other inside interface (10.0.X.X) and access resources on that subnet.
Basically want clients on a WLAN to be able to VPN back in to the LAN with the ASA in the middle to get to company resources,
Is this possible?
Thanks,
TommyWhen we connect any VPN on a device then it is always a TO THE DEVICE connection and I am afraid we can connect only to the local / nearest interface where user is connected in a network with respect to ASA.
I have seen this scenario working though earlier with one of my clients wherein he has configured his DNS server accordingly so that depending upon the source of the DNS request an appropriate IP address was provided for same DNS name. For example if user from IP address range 192.168.0.0 range connects to abc.com then it will get IP address 192.168.1.1 and if a user from range IP address10.0.0.0 connects then it will get 10.1.1.1.
If we configure the same scenario as well then your requirement will be fulfiled with same name however VPN has to be enabled on wireless interface again. If not, then as you have described configuring a new domain name for VPN connection only for wireless users should do the deal.
Regards,
Anuj -
Can ASA5505 forward remote-access-VPN clients to LAN
I currently have ASA-5505 and 2911-Router and I'm trying to configure VPN topology.
Can ASA5505 forward remote-access-VPN clients to LAN operated by a different router?
Are these two cases possible?:
(1) ASA-5505 and 2911-Router are on separate WAN interfaces, each directly connected to ISP. But then can I connect one of other LAN interfaces of ASA-5505 into a switch managed by 2911-Router to inject remote-SSL-VPN clients into the LAN managed by the router?
(2) ASA-5505 is behind 2911-Router. Can 2911 Router assign a public ip address or have public ip address VPN-access attempts directly be forwarded to ASA-5505 when there is only one public ip address available?
Long put short, can ASA-5505 inject its remote-access-VPN clients as one of hosts on the LAN managed by 2911-router?
Thanks.I could help you more if you can explain the purpose of this setup and the connectivity between the ASA and router.
You can enable reverse-route on the Dynamic map on the ASA. The ASA will install a static route for the client on the routing table. You can use a Routing protocol to redistribute the static routes to your switch on the LAN side of the ASA. -
Cisco ASA 5505 Remote Access IP/Sec VPN Connectivity Issues
We have a Cisco ASA that we use just for Remote Access VPN. It uses UDP and was working fine for about 2 months. Recently clients have had intermittent issues when connecting from home. The following message is display by the Cisco VPN Client :
"Secure VPN connection terminated locally by the Client. Reason 412: The remote peer is no longer responding"
Upon looking at a client side packet capture, I notice that no response is being given back to the client for the udp packets sent to the ASA on udp 500. If I login to the ASA from the LAN and send a single ping FROM the ASA, then the client can connect without issue. I don't understand the significance of the needed outbound ping since ping is not used by the client to test if the ASA is alive.
Once again this is a remote access udp ip/sec VPN. I set most of it up with the VPN wizard and then backed up the config. The issue started happening at least a month after setup (maybe two) and I restored to the saved config just in-case, but the issue remains.
Any insight would be greatly appreciated.
I'm using IOS 831 and have tried 821 and 823 as one thread that I found recommended downgraded to 821.
Thanks much,
JustinJavier,
I logged into the ASA last time the VPN went down. I issued the following commands:
debug crypto isakmp 190
debug crypto ipsec 190
capture outside-cap interface outside match udp any any
I then used a remote access tool to access the client and tried to connect. I got absolutely nothing from debugging. So I issued the following command:
show capture outside | include 500
and also got nothing. So I issued the following command:
ping 4.2.2.2
Upon which my normal deug messaged began to showup, so I issued the show capture outside command again and recieved the expected output below:
1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 868
2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 444
3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 172
4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 60
8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 204
9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 252
11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 868
12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 444
13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 172
14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 204
19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 252
20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 1036
21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 188
23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 100
174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 500
377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000: udp 100 1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 868
2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 444
3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 172
4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 76
7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 60
8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 204
9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500: udp 92
10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151: udp 252
11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 868
12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 444
13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 172
14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 76
17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 204
19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 252
20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 1036
21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 188
23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 60
34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500: udp 92
35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155: udp 92
70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 100
174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000: udp 500
377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000: udp 100
It would seem as if no traffic reached the ASA until some outbound traffic to an arbitrary public IP. In this case I sent an echo request to a public DNS server. It seems almost like a state-table issue although I don't know how ICMP ties in.
Once again, any insight would be greatly appreciated.
Thanks,
Justin -
One VPN connection at a time.
I have an issue with the Cisco 4.01 VPN client connecting more then one connection.
I have it set to connect to the remote sight using the following parameters
Group Authentication
Transparent Tunneling with IPSec over UDP (Nat / Pat)
I have also selected allow local LAN access
I am connecting to the remote network through a Sonicwall firewall to the remote Cisco device.
I have no problem getting connected to the remote network. All connection attempts work.
If I have a VPN connection connected and active the next connection that is made disconnects the first one. This is repeatable and constant. So each connection is successful but it always disconnects any session that is active from that location.
Multiple sessions are possible as long as they dont originate from the one site. In other words workers working from home do not affect workers working from the main office.
Any Ideas as to what may be causing this?just wondering what sort of cisco device we are discussing here.
the issue maybe related to the vpn client pool.
e.g. the pool should start with x.x.x.1, not an entire subnet. -
Branch Office DC Demand Dial VPN connection keeps failing
here is me issue
Our Branch Office DC is connected to Main Office DC with a Demand Dial Connection in RRAS Everything is connected fine for a little bit then its like the connection just gives out, it stays connected but i cannot ping the branch office DC with the local
IP from the Main Office or access any network shares on it. When this happens i have to disconnect the server at the remote office and wait for it to reconnect im currently baffled as there are no Error LOGS to help me along and there doesnt seem to be anything
that would be causing the issue for now until i get some answers as to what is going on i opened a command prompt on the DC here at the main office and i typed "ping 10.141.70.25 -t100" to monitor the connection more or less and when i see it timeout
i reconnect it, i also have the networking tab open in task manager to monitor the LAN and RAS (Dial-In) Interface the LAN doesnt seem too active but the RAS Interface does its got a constant network utilization of 0.28% and the Demand Dial interface
on the remote office DC has a Utilization of 0.38% (Server Just disconnected as i was typing this and the utilization on the VPN connections on both servers went through the roof) heres the troubleshooting i have tried so far
1. Rebooted both office DC`s at the same time
2. Rebooted the branch office DC alone (this helped a little because the connection is staying active longer without fail)
3. looked through all RRAS configuration on both servers to see if theres any mistakes by any other administrators (None Were Found)
4. Used wireshark to see if there was anything interfering or that would cause this to happen (Nothing found)
5. manually connected to the server in multiple ways like accessing network shares and remote management via MMC and manually making the servers replicate to see if any of that was causing issues and it wasnt
My thoughts: im starting to think it may be a switch or something causing the connection issue at the branch office because the main office has all new routers and switches and just recently got a 100.00MBPS connection but nothing was affected for a good
month so im not thinking it is the new connection or anything at the main office if theres something im overlooking here please let me know if some ipconfig /all results are needed i can provide them
Viper Technologies Computer Repair Putting The Venomus Bite Back In Your Computer We Are Located In Antigonish ,NS Canada Check Us Out HTTP://WWW.VIPERTECHNOLOGIES.TKHi,
Are there any error messages on the event log ?
Meanwhile, it is more network issue, i think you may ask in network forums:
http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverNIS
Regards.
Vivian Wang -
UNABLE TO ACCESS THE INTERNET FROM LOCAL PROVIDER ON A SITE-TO-SITE VPN CONNECTION
Dear All,
I have a site-to-site connection from point A to point B. From point B i am unable to access the internet from local internet provider.
I am trying to ping from 192.168.20.1 the dns 8.8.8.8 but i receive the message "destination net unreachable".
When i run "show ip nat translation" i receive nothing.
The vpn connection is working properly, i can ping the other side 192.168.10/24
Below is the configuration of the cisco router on point B.
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.21.254
ip dhcp pool voice
network 192.168.21.0 255.255.255.0
default-router 192.168.21.254
option 150 ip 192.168.5.10
ip cef
ip domain name neocleous.ru
ip inspect name IOS_FIREWALL tcp
ip inspect name IOS_FIREWALL udp
ip inspect name IOS_FIREWALL icmp
ip inspect name IOS_FIREWALL h323
ip inspect name IOS_FIREWALL http
ip inspect name IOS_FIREWALL https
ip inspect name IOS_FIREWALL skinny
ip inspect name IOS_FIREWALL sip
no ipv6 cef
multilink bundle-name authenticated
vty-async
isdn switch-type primary-net5
redundancy
crypto isakmp policy 5
hash md5
authentication pre-share
group 2
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
lifetime 28800
crypto isakmp policy 50
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key Pb85heuvMde9Wdac5Qohha7lziIf142u address [ip address]
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10
crypto ipsec transform-set TRANSET esp-aes esp-sha-hmac
crypto ipsec transform-set TRANSET2 esp-des esp-md5-hmac
crypto ipsec df-bit clear
crypto map CryptoMAP1 ipsec-isakmp
set peer [ip address]
set transform-set TRANSET
match address CryptoACL
interface FastEthernet0/0
description Primary Provider
ip address [PUBLIC IP MAIN PROVIDER] 255.255.255.252
ip access-group outside_acl in
ip mtu 1390
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map CryptoCY
crypto ipsec df-bit clear
interface FastEthernet0/1
description TO LAN
no ip address
load-interval 30
speed 100
full-duplex
interface FastEthernet0/1.1
description DATA VLAN
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip access-group inside_acl in
ip nat inside
ip inspect IOS_FIREWALL in
ip virtual-reassembly in
ip tcp adjust-mss 1379
interface FastEthernet0/1.2
description VOICE VLAN
encapsulation dot1Q 21
ip address 192.168.21.254 255.255.255.0
interface Serial0/2/0:15
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn incoming-voice voice
no cdp enable
interface FastEthernet0/3/0
no ip address
ip access-group outside_acl in
ip nat outside
ip virtual-reassembly in
shutdown
duplex auto
speed auto
crypto map CryptoCY
ip local pool VPNPool 192.168.23.2 192.168.23.10
ip forward-protocol nd
ip http server
no ip http secure-server
ip nat inside source list nat_list interface FastEthernet0/3/0 overload
ip route 0.0.0.0 0.0.0.0 [default gateway ip]
ip access-list standard VTY
permit 192.168.20.0 0.0.0.255
ip access-list extended CryptoACL
permit ip 192.168.20.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.21.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.21.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.21.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.21.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip host 192.168.22.1 192.168.5.0 0.0.0.255
permit ip host 192.168.20.1 192.168.5.0 0.0.0.255
permit ip host 192.168.22.1 192.168.6.0 0.0.0.255
ip access-list extended DFBIT_acl
permit tcp any any
ip access-list extended inside_acl
permit ip 192.168.20.0 0.0.0.255 host 192.168.3.35
permit ip 192.168.20.0 0.0.0.255 host 192.168.3.39
permit ip 192.168.20.0 0.0.0.255 host 192.168.3.23
permit ip 192.168.20.0 0.0.0.255 host 192.168.3.18
permit ip 192.168.20.0 0.0.0.255 host 192.168.3.55
permit ip 192.168.20.0 0.0.0.255 host 192.168.10.144
permit ip 192.168.20.0 0.0.0.255 host 192.168.10.146
permit ip 192.168.20.0 0.0.0.255 host 192.168.10.141
permit ip host 192.168.20.253 host 192.168.3.21
permit ip host 192.168.20.254 host 192.168.3.21
permit ip 192.168.20.0 0.0.0.255 host 192.168.3.10
permit ip 192.168.20.0 0.0.0.255 host 192.168.20.254
ip access-list extended nat_list
deny ip host 192.168.20.254 192.168.10.0 0.0.0.255
deny ip host 192.168.20.254 192.168.3.0 0.0.0.255
deny ip host 192.168.20.1 192.168.3.0 0.0.0.255
deny ip host 192.168.20.1 192.168.10.0 0.0.0.255
deny ip host 192.168.20.2 192.168.3.0 0.0.0.255
deny ip host 192.168.20.2 192.168.10.0 0.0.0.255
permit ip host 192.168.20.1 any
permit ip host 192.168.20.2 any
permit ip host 192.168.20.254 any
ip access-list extended outside_acl
permit gre any host [ip address]
permit esp any host [ip address]
deny ip any any
ip sla 2
icmp-echo 192.168.10.254 source-interface FastEthernet0/1.1
frequency 180
timeout 500
ip sla schedule 2 life forever start-time now
logging 192.168.3.21
route-map DFBIT_routemap permit 10
match ip address DFBIT_acl
set ip df 0
route-map ISP2 permit 10
match ip address nat_list
match interface FastEthernet0/3/0
route-map nonat permit 10
match ip address nonat_acl
route-map ISP1 permit 10
match ip address nat_list
match interface FastEthernet0/0You cannot access internet, because all traffic is tunneled for VPN !!!!
Please see cisco tech documentation and bypass traffic for internet.
eg. if lan traffic is going from site a to site b then through vpn
else
lan traffic to internet (any) should be out thorugh the vpn . -
VPN connection drops after 1 minute or less
Hi All,
not sure if this is a server-side or client-side issue. Trying to establish a VPN connection from an MBP to my Mac Mini server (L2TP over IPSec, Shared Secret w/ Password authentication) I manage to connect, authenticate and establish a connection. However, after about 45-60 seconds I see no more traffic (from the remote LAN) coming through to the MBP. The status indicator still shows that the tunnel is up but I just don't get any further response from the server. I can still get to the web, however, the traceroute seems to indicate that this traffic is flowing outside the VPN tunnel (whether the "Send all traffic over VPN connection" option on the MBP is selected or not).
I've tried this with all combinations of 10.6.5 and 10.6.6 to no avail. It is possible to keep the tunnel alive just a little longer if I keep a ping to the server going on the MBP, but this eventually gets lost as well.
I've determined that there are some changes in the routing tables on the MBP whilst this is going on:
Last login: Thu Jan 20 09:45:37 on ttys001
guava:~ mark$ netstat -rn
Routing tables
## Normal Connection
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.149.16.1 UGSc 13 0 en1
10.149.16/22 link#6 UCS 2 0 en1
10.149.16.1 0:0:5e:0:1:8e UHLWI 13 17 en1 1038
10.149.18.96 127.0.0.1 UHS 0 0 lo0
10.149.19.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 en1
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 0 176 lo0
169.254 link#6 UCS 0 0 en1
192.168.0 link#8 UC 1 0 vmnet8
192.168.0.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 vmnet8
192.168.106 link#7 UC 1 0 vmnet1
192.168.106.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 vmnet1
guava:~ mark$ netstat -rn
Routing tables
## VPN Connection Alive
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.149.16.1 UGSc 2 0 en1
default 192.168.1.180 UGScI 0 0 ppp0
10.149.16/22 link#6 UCS 3 0 en1
10.149.16.1 0:0:5e:0:1:8e UHLWI 3 0 en1 1198
10.149.18.96 127.0.0.1 UHS 0 0 lo0
10.149.19.255 ff:ff:ff:ff:ff:ff UHLWbI 1 8 en1
xx.xxx.xxx.xxx 10.149.16.1 UGHS 1 34 en1
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 0 176 lo0
169.254 link#6 UCS 0 0 en1
192.168.0 link#8 UC 1 0 vmnet8
192.168.0.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 vmnet8
192.168.1 ppp0 USc 0 0 ppp0
192.168.1.180 192.168.1.160 UH 7 33 ppp0
192.168.106 link#7 UC 1 0 vmnet1
192.168.106.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 vmnet1
guava:~ mark$ netstat -rn
Routing tables
## VPN Connection but no net traffic coming back from server
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.149.16.1 UGSc 11 0 en1
default 192.168.1.180 UGScI 0 0 ppp0
10.149.16/22 link#6 UCS 1 0 en1
10.149.16.1 0:0:5e:0:1:8e UHLWI 13 0 en1 1154
10.149.18.96 127.0.0.1 UHS 0 0 lo0
xx.xxx.xxx.xxx 10.149.16.1 UGHS 2 1644 en1
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 0 176 lo0
169.254 link#6 UCS 0 0 en1
192.168.0 link#8 UC 0 0 vmnet8
192.168.1 ppp0 USc 1 0 ppp0
192.168.1.180 192.168.1.160 UH 21 1635 ppp0
192.168.106 link#7 UC 0 0 vmnet1
The MBP is connected via WiFi to a router which gives it 10.149.18.96. The remote network is on 192.168.1.0/24. The VPN server (as well as the DNS and DHCP server) are on machine 192.168.1.180 (the Mac Mini).
Neither the MBP nor the server logs really contain anything useful which would indicate why this is failing.
It looks as though this issue has been there for quite a long time in some form:
- http://discussions.apple.com/thread.jspa?threadID=1208715
- http://discussions.apple.com/message.jspa?messageID=10958263
- http://discussions.apple.com/thread.jspa?threadID=2462874
This is incredibly frustrating and I cannot understand while Apple has not done anything about this. Is there anyone here that is having the same problem and has possibly made some headway on this? Any suggestions would be highly appreciated!
Thanks.
MarkFirst guess would be a faulty Openreach VDSL modem (the white box).
Call 0800 111 4567, explain the problem. Be polite but firm and insist on an engineer visit. The engineer will test the line and probably replace the modem.
Maybe you are looking for
-
Can't put my finger on what's wrong with iMac
From the beginning: My wife asked me to copy a couple scratched dvd-rs the other night. The superdrive couldn't read one, but the other showed up on the desktop. I tried to copy it and got an error that the iMac couldn't copy the disc. Thinking it
-
How to send mails to "CC" and "BCC" using receiver mail adapter dynamically
Hi, Due to business requirement PI need to send mails dynamically to u201CCCu201D and u201CBCCu201D using receiver mail adapter. We have an option to send mails to u201CTou201D dynamically, but are there any option to send mails u201CCCu201D and u201
-
Why would 0BI_ALL need to be manually regenerated?
Question regarding the 0BI_ALL setting of S_RS_AUTH: At some point yesterday, all our users started getting authorizaton errors on all Infoproviders, with the same message you would receive if you did not have S_RS_AUTH permissions. However, all use
-
Problem with creating an account
my internet (safari) working well.but the connection doctor fails when to detect the network.and i canot getting the new mail also.help me
-
Error in Database accessing!!!
Hello, i get this error when the application is running..... this i quite often Error Type : SQL FETECH Cursor error, couldn't do a physical order read to fetch next row. (ISAM error code: -107 DB_ER_INVALID STATE) Class :qqdb_usageException Error #