VPN Internet

Hi All!
My Internet provider use VPN for Internet connection.
How I may create VPN connection in Solaris 10 9/10 x86

You need to provide a lot more information.
First of all, you don't use a VPN to connect to the Internet. The Internet is a public network. VPN is "Virtual Private Network." VPN's are to establish a secure connection over the internet, e.g from remote clients to the corporate network, or between two secure sites. It is a virtual private network since you are using a real private network (e.g. frame relay, dedicated lines etc.)
Your Internet provider may in turn be proving a VPN service- either for remote users (although I haven't seen anyone advertising that for a while) or between two sites.
There are various methods of establishing VPN connections- typically a site-to-site VPN would involve using a fixed IPSec tunnel between the routers at each site, and the routers would have static addresses. Client-to-site VPN's are for clients that don't have static address, and don't require a persistent VPN connection. This could be either an IPSec tunnel connection (cisco, sonicwall) or IPSec-over-PPTP (e.g. Microsoft XP native VPN.)
It also matters if your Solaris machine is a remote client or server in the office that remote users want to use.

Similar Messages

  • Static NAT - VPN - Internet Access

    Does anyone know how to configure the following?
    1.  An static NAT from an inside ip address to another inside ip address (not physical subnet).
    2.  The traffic static Natted at the step 1 need to go into a tunnel VPN and at the same time to have internet access.
    My router just have two interfaces a WAN and a LAN.
    I just created the VPN, the static NAT and the PAT for other users of the subnet to have internet access, but the traffic static Natted just goes over the ipsec tunnel but cannot have internet access.
    I tried to apply a route map after the static nat command but since i do not have a physical interface in the same subnet were i am translating the route-map is not applied to the static nat command.
    in an extract:
    LAN traffic (specific server) --->> static nat to inside not real subnet --->> traffic goes over Tunnel (OK), but no internet access.
    BTW.  I need to configure the nat before de ipsec tunnel because both lan subnets of the ipsec tunnel endpoint are the same.

    Why do you need an inside host to be natted to another inside IP address?
    You need to configure a "no nat" policy, for the internet traffic.

  • Windows VPN internet traffic handling

    So at work, I installed Windows 2012 R2's built-in VPN server. I can connect to it from home (using Windows 8.1), but I noticed that when the VPN connection is enabled, all internet traffic that would normally go to my local gateway is now going into the VPN line to my office's gateway and thereby going through my office's firewall. So my home browsing activity is being transacted as if i'm in the office.
    I'm about to roll-out the VPN to the rest of the office but want to see if there's anything I can do to change this behavior. The SonicWall NetExtender VPN doesn't do this.
    This topic first appeared in the Spiceworks Community

    Hi Ross,
    You can do this in several ways:
    1. If your proxy is to be configured on the computer browsers (like ISA proxy), then simply add the traffic from the PCs to the IPs of the proxy to the VPN ACL and to the nonat (with deny).
    2. Add all traffic over VPN from the user subnet. At this time you can remove the NAT commands all together since no NAT is required anymore. You can use this even if the proxy is something like Websense that works by sniffing the traffic.
    Please rate if this helped.
    Regards,
    Daniel

  • IPad and PPTP VPN - Internet access (e-mail & Safari) not working

    Hi there!
    I've got an iPad2 (WiFi only) and need to configure it to use Witopia PPTP VPN, which is the VPN provider I've been using for a long time on my desktop and netbook.
    Configure the iPad was an easy task, and I was able to successfuly authenticate and establish a PPTP session with any of the Witopia servers.
    The problem is that once established the PPTP session, if the "send all traffic" option is ON, I have no Internet access at all (no e-mail neither browsing with Safari). Then, if I stop VPN, turn OFF the "send all traffic" option in the iPad, and start VPN again, I have Internet communication back and everything starts working fine. I've been fiddling with this in my home network (D-Link Dir-655 router using the IP 192.168.0.1 addressing scheme for my LAN).
    Obviously, I decided to leave the "send all traffic" option OFF, but then I discovered that doing this my Safari traffic is not encrypted and my IP is not masked, i.e. the VPN is up and running, I have normal Internet traffic, but the service to be provided by the VPN for some inknown reason is not happening.
    Does anyone have a clue about what's going on ?
    TIA
    RTadeu

    Have you tried a battery pull?  If not, give that a try and then try again. 
    1. Please thank those who help you by clicking the "Like" button at the bottom of the post that helped you.
    2. If your issue has been solved, please resolve it by marking the post "Solution?" which solved it for you!

  • VPN Internet Sharing?

    I'm thinking about getting OS X Server, and I was just wondering if it's possible to use the VPN function of the OS X Server to share the Internet connection on the server computer? For example if I have my iMac connected to the Internet through a VPN (I live in China), and then have another VPN which connects to my MacBook Pro, would I be able to use the VPN connection between my iMac and my MacBook Pro to visit the Internet through the Internet VPN connection on my iMac? I know this sounds a little abstract and weird but it would help since the VPN I bought that connects to the US only works on one computer at a time so it would be nice if I can use my own VPN to group all my computers under one connection and be able to visit YouTube (blocked in China if you didn't know) on all of them at once.

    Oh I know about the Internet sharing functionality in System Preferences, I'm just asking because I might buy OS X Server anyways for school work and having my personal site, email server etc. I've tried to activate it using Bluetooth but for some reason it wouldn't connect to my MacBook Pro, what I'm trying to do now is this: I have a Time Capsule and when I'm at home both my iMac and my MacBook Pro are connected to it, so they are on the same LAN network. Basically what I'm trying to explore with is exporting that VPN connection to SF on my iMac to my MacBook Pro via the VPN on the LAN network on my Time Capsule. So the entire thing would just run on the Wifi interface but instead of sharing my network by inputing the Internet connection in one end and outputting it to another computer on another interfece, I'm trying to see if that connection would work over the LAN network. Thanks anyways.

  • RV016 Gateway to Gateway VPN Internet Traffic

    I have a RV016 router in place that has numerous Gateway to Gateway VPNs connected to various sites over Comcast Cable. I would like to funnel all traffic through the RV016, but I am only seeing the tunnel traffic going between each.
    I think I saw some posts eluding to the fact that since the RV016 only deals with layer 3 that this is impossible. What if I added a route to each of my workstations that router all 0.0.0.0 traffic through the RV016 router. Would this work even if it's really ugly?
    What I am trying to avoid is having an open Internet connection at all of my sites. I would rather be able to control it here at the main office's RV016.
    Thanks in advance!

    tekliu,
    I actually found and tried this solution last night, but below is how my routing table looks on my RV042. When I do a tracert to www.google.com or whatever I can see that the traffic basically hits my router then out through the Comcast modem. If I do anything on the main office subnet 172.16.1.0 then I can see it hit both routers.
    Should I maybe reset the router to default and do this from the start? As you can see below all 0.0.0.0 traffic is set to go out through the Comcast gateway 74.94.253.10.
    Routing Table Entry List
    Destination IP Address
    Subnet Mask
    Default Gateway
    Hop Count
    Interface
    74.94.253.8
    255.255.255.252
    40
    ixp1
    74.94.253.8
    255.255.255.252
    45
    ipsec0
    192.168.3.0
    255.255.255.0
    50
    ixp0
    192.168.2.0
    255.255.255.0
    74.94.253.10
    10
    ipsec0
    192.168.2.0
    255.255.255.0
    50
    ixp0
    172.16.1.0
    255.255.255.0
    50
    ixp0
    default
    0.0.0.0
    74.94.253.10
    40
    ixp1
    I can send you all of my config data when if you need it.
    Thanks!

  • VPN internet access

    Hello,
          I have a question about setting up a VPN connect, I have a Cisco VPN profile which is configured to exclude and include some IP addresses to be able to access some internet sites during connected to that VPN.
    On Mac OS X 10.9.2 I have setup a native VPN yet I cannot find a way to exclude/include those ip addresses.
    Is there any way to do that?

    The only place I know to add IP addresses and/or Domain Names is in your OS X VPN connection within System Preferences/Network.
    Select your VPN connection then click the Advanced button. Click the DNS tab and this is where IP addresses (DNS Servers) and Domain Names (Search Domains) can be entered.

  • VPN internet issue.

    Hello Experts.
    I want to connect RA VPN from different location(not site to site) and need to share file by making it under one network.
    I have installed VPN in a remote location and when i try to connect using Cisco VPN client, my internet is automatically disconnecting. I was trying to fix it with split tunneling.. and  i installed a Radius Server. Actually i messed up everything. My configuration is pasted below.  please go through the configuration and check what stupid things i have done in the configuration. I want to get the internet from the remote location not from local. I have given the demo IP for the location
    This is the diagram. 
    My Configuration
    Building configuration...
    Current configuration : 3147 bytes
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname Test-VPN
    boot-start-marker
    boot-end-marker
    logging message-counter syslog
    enable secret 5 $1$F1NSDS@#M$lK5HoK1ekziowNPFLjhKV1
    enable password 7 1533180F0234321243F212B3B647040
    aaa new-model
    aaa authentication login AUTHEN group radius local
    aaa authentication login RAS-Users group radius local
    aaa authorization network AUTHOR local
    aaa session-id common
    dot11 syslog
    ip source-route
    ip cef
    ip domain name www.domain.net
    no ipv6 cef
    multilink bundle-name authenticated
    voice-card 0
    username administrator password 7 12346568845678767545
    crypto isakmp policy 3
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp keepalive 40 5
    crypto isakmp nat keepalive 20
    crypto isakmp client configuration group GROUP
    key Cisco123
    dns 6.6.6.6
    wins 7.7.7.7
    domain www.domain.net
    pool POOL
    acl SPLIT-TUNNEL
    include-local-lan
    netmask 255.255.255.0
    crypto isakmp profile ISAPRO
       match identity group GROUP
       client authentication list default
       isakmp authorization list default
       client configuration address initiate
       client configuration address respond
       virtual-template 1
    crypto ipsec transform-set SET esp-3des esp-sha-hmac
    crypto ipsec profile IPSECPRO
    set security-association idle-time 120
    set transform-set SET
    crypto dynamic-map DYNAMICMAP 10
    set transform-set SET
    reverse-route
    crypto map MAP client authentication list NOCAUTHEN
    crypto map MAP isakmp authorization list NOCAUTHOR
    crypto map MAP client configuration address respond
    crypto map MAP 10 ipsec-isakmp dynamic NOC-DYNAMICMAP
    archive
    log config
      hidekeys
    interface Loopback0
    no ip address
    interface FastEthernet0/0
    ip address 88.88.88.88 255.255.0.0
    ip nat outside
    ip virtual-reassembly
    ip policy route-map VPN-Client
    duplex auto
    speed auto
    crypto map MAP
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    interface Virtual-Template1 type tunnel
    description Remote access tunnel interface
    ip unnumbered FastEthernet0/0
    no ip redirects
    no ip unreachables
    ip flow ingress
    ip nat inside
    ip virtual-reassembly
    tunnel mode ipsec ipv4
    ip local pool POOL 192.168.1.1 192.168.1.15
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 <gateway ip>
    ip route 192.168.1.0 255.255.255.0 <gateway ip>
    no ip http server
    no ip http secure-server
    ip access-list extended SPLIT-TUNNEL
    remark RA Split Tunnel VPN ACL
    permit ip any 88.88.88.0 0.0.0.255
    ip radius source-interface FastEthernet0/0
    route-map VPN-Client permit 10
    match ip address 144
    set ip next-hop <gateway ip>
    radius-server host 5.5.5.5 auth-port 1645 acct-port 1646 key 7 096D5D0A1C0B03170804557878
    control-plane
    line con 0
    password 7 083B454342D400339544541
    line aux 0
    line vty 0 4
    password 7 1113100B1DJHJ5568325A5E57
    scheduler allocate 20000 1000
    end
    Sorry to change the real IPs.. Hope you can understand the security issue.
    What routing and ACL should i do with this IPs to  access the internet through my VPN client.

    Hi Folks,
    We
    have a internet link with site to site VPN connection. We are facing
    performance issues on this link for past few days. We analyzed that
    internet interface of our router was negotiating with service provider
    modem on 10Mbps/half duplex and there was some collisions on the
    circuit. We asked the provider to hard code the settings to
    100Mbps/Full on thier modem so that our router will negotiate
    100Mbps/full settings. Will it make the performance better now? We have
    internet link speed of 768K upload & download..
    Please let me know, if more information required.
    Mahi
    Hi Mahi,
    It will give you a better performance compare to 10 Mbps configuration setup because in 10 Mbps/half duplex and peer end 100Mbps/full duplex will end in always poor performce and lots of port error and frame error in network.Better recomendation for having a good performance port and router and modem ports need to full duplex with 100 Mbps.
    and Min. requirement for site to site von connection is  512Kbits/sec of internet bandwidth at each site
    Hope to help
    If helpful do rate the post
    Ganesh.H

  • VPN internet connection

    How do I establish a VPN?

    Hey there,
    This article should help you out. Just make sure to follow the Leopard instructions.
    http://www.it.northwestern.edu/oncampus/vpn/native/native-config-mac.html#mac-ad d-vpn-leopard
    B-rock

  • Routers connected via serial subinterfaces(for non VPN internet service in a mpls network)

    I have conected two cisco 7200 routes via one serial interface.
    I am going to create two subinterfaces in each of them assign them IP address and connect them via (two BGP neighborship)
    the fact is that they cannot even ping eachother though they are directly connected .
    1. interfaces are no shut
    2.L2 protocol is HDLS on both sides
    3.the IPs are in the same subnets .
    the question is how to connect two routers with serial sub-interfaces.?
    this is my config on both routers , only the IPs are different:
    int ser 1/0
    no shut
    encapsulation hdlc
    clock rate 64000
    int ser 1/0.1
    subif)#ip add a.b.c.d x.x.x.x

    Hello Gabriel,
    Instead of using the HDLC, use frame-relay encap. Make one side as DCE. Use same DLCI on both sides.
    R4#sh run int se2/0
    Building configuration...
    Current configuration : 96 bytes
    interface Serial2/0
    no ip address
    encapsulation frame-relay
    frame-relay intf-type dce
    end
    R4#sh run int se2/0.1
    Building configuration...
    Current configuration : 113 bytes
    interface Serial2/0.1 point-to-point
    ip address 1.1.1.1 255.255.255.0
    frame-relay interface-dlci 100  
    end
    R4#ping 1.1.1.1
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms
    R4#ping 1.1.1.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 20/22/32 ms
    R4#sh run | i swit
    frame-relay switching
    R4#
    R5#sh run int se2/0
    Building configuration...
    Current configuration : 69 bytes
    interface Serial2/0
    no ip address
    encapsulation frame-relay
    end
    R5#sh run int se2/0.1
    Building configuration...
    Current configuration : 113 bytes
    interface Serial2/0.1 point-to-point
    ip address 1.1.1.2 255.255.255.0
    frame-relay interface-dlci 100  
    end
    R5#ping 1.1.1.1
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 20/21/24 ms
    R5#ping 1.1.1.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 36/40/44 ms
    R5#
    Hope this helps.
    Regards,
    Imran

  • PBR on router: VPN + Internet on ADSL; static NAT on serial

    Hi,
    By reposting, I'm hoping to get some replies.
    If it's not possible, please let me know.
    http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbe4378
    Many thanks.
    Archie

    You've received replies on that thread.

  • How to share internet if the server connects to it via VPN?

    Hi, mac brothers! Need your help.
    I have a server with 2 ethernet cards (en0, en1). It connects to internet via VPN on en0. LAN clients connect to the server using en1. I can't share VPN internet connection to LAN %(. (tried to find the answer in the 10.4 server documentation, but there is nothing about it).
    I know how to share internet connection when there is no VPN - direct connection via DSL modem...
    Can you help me?
    PS; 0S X Server 10.4.11

    You need to use NAT and have the firewall running.
    And then you need to use the VPN connection (PPTP?) "interface" (when connected), probably ppp0 - not en0, in your NAT config. This can be achieved by dragging the config (small symbol in lower right corner in NAT config in Server Admin) to the desktop, edit it (look for en0 and change it to ppp0), save it, and then drag it back into the NAT config window and save.
    I think the VPN tunnel must be up before turning on NAT/firewall so if you reboot the server you might need to turn NAT/firewall off -> on to make it work again.
    If the WAN/ppp0 IP is not static (so you can enter it in your server DNS) you probably will have trouble with many of OS X services running in the server.
    Most OS X server installations using an Internet connection with a shifting public IP is better off by putting a NAT router which can do the in initial connection (by DHCP, PPTP, PPPoE, whatever), between it and the Internet.

  • Cisco ASA 5505 AnyConnect SSL VPN problem

    Hi!
    I have a small network, wiht ASA 5505, 8.4:
    Inside network: 192.168.2.0/24
    Outside: Static IP
    I would like to deploy a SSL AnyConnect setup.
    The state:
    -I give the correct IP from my predefined VPN pool (10.10.10.0/24).
    But, could not reach any resource, could not ping too. My host has given 10.10.10.1 IP, and I had a GW: 10.10.10.2. Where is this GW from?
    Could you help me?
    Here is my config (I omitted my PUBLIC IP, and GW): 
    Result of the command: "show running-config"
    : Saved
    ASA Version 8.4(4)1
    hostname valamiASA
    domain-name valami.local
    enable password OeyyCrIqfUEmzen8 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    switchport access vlan 12
    interface Vlan1
    description LAN
    no forward interface Vlan12
    nameif inside
    security-level 100
    ip address 192.168.2.1 255.255.255.0
    interface Vlan2
    description WAN
    nameif outside
    security-level 0
    ip address MY_STATIC_IP 255.255.255.248
    interface Vlan12
    description Vendegeknek a valamiHotSpot WiFi-hez
    nameif guest
    security-level 100
    ip address 192.168.4.1 255.255.255.0
    management-only
    ftp mode passive
    clock timezone GMT 0
    dns domain-lookup inside
    dns domain-lookup outside
    dns domain-lookup guest
    dns server-group DefaultDNS
    name-server 62.112.192.4
    name-server 195.70.35.66
    domain-name valami.local
    same-security-traffic permit intra-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network inside-net
    subnet 192.168.2.0 255.255.255.0
    object network guest-net
    subnet 192.168.3.0 255.255.255.0
    object network NETWORK_OBJ_192.168.2.128_25
    subnet 192.168.2.128 255.255.255.128
    object-group protocol DM_INLINE_PROTOCOL_3
    protocol-object ip
    protocol-object icmp
    object-group protocol DM_INLINE_PROTOCOL_1
    protocol-object ip
    protocol-object icmp
    object-group protocol DM_INLINE_PROTOCOL_2
    protocol-object ip
    protocol-object icmp
    access-list global_access extended permit object-group DM_INLINE_PROTOCOL_3 any any
    access-list AnyConnect_Client_Local_Print extended deny ip any any
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
    access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
    access-list AnyConnect_Client_Local_Print remark Windows' printing port
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
    access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
    access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
    access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
    access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any
    access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu guest 1500
    ip local pool valami_vpn_pool 10.10.10.1-10.10.10.10 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    no asdm history enable
    arp timeout 14400
    object network inside-net
    nat (inside,outside) dynamic interface
    object network guest-net
    nat (guest,outside) dynamic interface
    access-group inside_access_in in interface inside
    access-group outside_access_in in interface outside
    access-group global_access global
    route outside 0.0.0.0 0.0.0.0 MY_STATIC_GW 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa local authentication attempts max-fail 16
    http server enable
    http 192.168.2.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics host
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    enable inside
    enable outside
    anyconnect-essentials
    anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
    anyconnect enable
    tunnel-group-list enable
    group-policy GroupPolicy_valami_VPN internal
    group-policy GroupPolicy_valami_VPN attributes
    wins-server value 192.168.2.2
    dns-server value 192.168.2.2
    vpn-tunnel-protocol ssl-client
    split-tunnel-policy tunnelall
    default-domain value valami.local
    webvpn
      anyconnect ssl rekey time 30
      anyconnect ssl rekey method ssl
      anyconnect ask enable default anyconnect timeout 30
      customization none
      deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
    username test password P4ttSyrm33SV8TYp encrypted
    tunnel-group valami_VPN type remote-access
    tunnel-group valami_VPN general-attributes
    address-pool valami_vpn_pool
    default-group-policy GroupPolicy_valami_VPN
    tunnel-group valami_VPN webvpn-attributes
    group-alias valami_VPN enable
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:d54de340bb6794d90a9ee52c69044753
    : end

    First of all thanks your link.
    I know your notes, but i don't understand 1 thing:
    if i check nat exemption in the anyconnect wizad, why should i make nat exemption rule?
    A tried creating a roule, but it is wrong.
    My steps (on ASDM):
    1: create network object (10.10.10.0/24), named VPN
    2: create nat rule: source any, destination VPN, protocol any
    Here is my config:
    Result of the command: "show running-config"
    : Saved
    ASA Version 8.4(4)1
    hostname companyASA
    domain-name company.local
    enable password OeyyCrIqfUEmzen8 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    switchport access vlan 12
    interface Vlan1
    description LAN
    no forward interface Vlan12
    nameif inside
    security-level 100
    ip address 192.168.2.1 255.255.255.0
    interface Vlan2
    description WAN
    nameif outside
    security-level 0
    ip address 77.111.103.106 255.255.255.248
    interface Vlan12
    description Vendegeknek a companyHotSpot WiFi-hez
    nameif guest
    security-level 100
    ip address 192.168.4.1 255.255.255.0
    ftp mode passive
    clock timezone CEST 1
    clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
    dns domain-lookup inside
    dns domain-lookup outside
    dns domain-lookup guest
    dns server-group DefaultDNS
    name-server 62.112.192.4
    name-server 195.70.35.66
    domain-name company.local
    same-security-traffic permit intra-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network inside-net
    subnet 192.168.2.0 255.255.255.0
    object network guest-net
    subnet 192.168.3.0 255.255.255.0
    object network NETWORK_OBJ_192.168.2.128_25
    subnet 192.168.2.128 255.255.255.128
    object network WEBSHOP
    host 192.168.2.2
    object network INSIDE_HOST
    host 10.100.130.5
    object network VOIP_management
    host 192.168.2.215
    object network Dev_1
    host 192.168.2.2
    object network Dev_2
    host 192.168.2.2
    object network RDP
    host 192.168.2.2
    object network Mediasa
    host 192.168.2.17
    object network VOIP_ePhone
    host 192.168.2.215
    object network NETWORK_OBJ_192.168.4.0_28
    subnet 192.168.4.0 255.255.255.240
    object network NETWORK_OBJ_10.10.10.8_29
    subnet 10.10.10.8 255.255.255.248
    object network VPN
    subnet 10.10.10.0 255.255.255.0
    object network VPN-internet
    subnet 10.10.10.0 255.255.255.0
    object-group protocol DM_INLINE_PROTOCOL_3
    protocol-object ip
    protocol-object icmp
    object-group protocol DM_INLINE_PROTOCOL_1
    protocol-object ip
    protocol-object icmp
    object-group protocol DM_INLINE_PROTOCOL_2
    protocol-object ip
    protocol-object icmp
    access-list global_access extended permit object-group DM_INLINE_PROTOCOL_3 any any
    access-list AnyConnect_Client_Local_Print extended deny ip any any
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
    access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
    access-list AnyConnect_Client_Local_Print remark Windows' printing port
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
    access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
    access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
    access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
    access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any
    access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu guest 1500
    ip local pool company_vpn_pool 10.10.10.10-10.10.10.15 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    no asdm history enable
    arp timeout 14400
    nat (any,any) source static any any destination static VPN VPN
    nat (inside,outside) source static inside-net inside-net destination static VPN VPN
    object network inside-net
    nat (inside,outside) dynamic interface
    object network guest-net
    nat (guest,outside) dynamic interface
    access-group inside_access_in in interface inside
    access-group outside_access_in in interface outside
    access-group global_access global
    route outside 0.0.0.0 0.0.0.0 77.111.103.105 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa local authentication attempts max-fail 16
    http server enable
    http 192.168.2.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics host
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    enable inside
    enable outside
    anyconnect-essentials
    anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
    anyconnect enable
    tunnel-group-list enable
    group-policy GroupPolicy_company_VPN internal
    group-policy GroupPolicy_company_VPN attributes
    wins-server value 192.168.2.2
    dns-server value 192.168.2.2
    vpn-tunnel-protocol l2tp-ipsec
    split-tunnel-policy tunnelall
    default-domain value company.local
    webvpn
      anyconnect ssl rekey time 30
      anyconnect ssl rekey method ssl
      anyconnect ask enable default anyconnect timeout 30
      customization none
      deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
    group-policy GroupPolicy_VPN internal
    group-policy GroupPolicy_VPN attributes
    wins-server none
    dns-server value 62.112.192.4 195.70.35.66
    vpn-tunnel-protocol ssl-client
    default-domain value company.local
    username test password P4ttSyrm33SV8TYp encrypted
    tunnel-group company_VPN type remote-access
    tunnel-group company_VPN general-attributes
    address-pool company_vpn_pool
    default-group-policy GroupPolicy_company_VPN
    tunnel-group company_VPN webvpn-attributes
    group-alias company_VPN enable
    tunnel-group VPN type remote-access
    tunnel-group VPN general-attributes
    address-pool company_vpn_pool
    default-group-policy GroupPolicy_VPN
    tunnel-group VPN webvpn-attributes
    group-alias VPN enable
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
      inspect icmp
      inspect icmp error
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:33ee37a3722f228f9be9b84ef43f731e
    : end
    Could you give me a CLI-code?
    (or ASDM steps).

  • How can i configure my iphone to only pass traffic from certain apps over vpn

    I have got a telephony app that connects to a phone system through vpn. when I turn on "send all traffic through vpn" internet and other apps are really slow. is their a way to configure the phone to send only traffic from the app through VPN.

    Now all my new apps as well as several others are gone from the iPhone.
    Look on other screens. The 4.1 update ands Game Center to the home screen. If that screen was full it create a blank screen and moves one app from the home screen to the new screen to make room for Game Center. All the other screens are pushed back one place.
    How can I get my apps back? It cost me a lot of time and money to discover those apps and get them onto the phone. Are they just gone now?
    If they are really gone, you can download them again. You will not be charged again if you use the same iTunes account.

  • Please, help me to set up wireless Internet connection. M...

             Please, help me to set up wireless Internet connection. My router is WRT54GS. I able to get online when computer is wired direct to VPN internet cable.
    First, I can’t open password request screen on http://192.168.1.1. 
    Second, when "Setup wizard" runs step #6 (“Check the router’s status”), the program asks for the password. Default password “admin” is rejected by the program and I can’t install Linksys software. Just in case I already pressed reset switch on the back of the router but to no avail. 
    Third, I don’t find out my Ethernet Adapter Wireless Network Connection and correct router’s IP address using ipconfig/all command after connecting WRT54GS with my computer. Ethernet adapter: DHCP disabled, subnet mask 255.255.255.0, IP address 10.32.132.193, default gate 10.32.132.1.
    Tell me please: what’s the matter?

    Pensive wrote:
             Please, help me to set up wireless Internet connection. My router is WRT54GS. I able to get online when computer is wired direct to VPN internet cable.
    First, I can’t open password request screen on http://192.168.1.1. 
    Second, when "Setup wizard" runs step #6 (“Check the router’s status”), the program asks for the password. Default password “admin” is rejected by the program and I can’t install Linksys software. Just in case I already pressed reset switch on the back of the router but to no avail. 
    Third, I don’t find out my Ethernet Adapter Wireless Network Connection and correct router’s IP address using ipconfig/all command after connecting WRT54GS with my computer. Ethernet adapter: DHCP disabled, subnet mask 255.255.255.0, IP address 10.32.132.193, default gate 10.32.132.1.
    Tell me please: what’s the matter?
    hi pensive ,
     Seems interesting , first do this -  push the reset button on the back of router .
    push it till 30 seconds , unplug the power cable and plug in the power cable back in After completion of 30 seconds.
    then try to log into , 192.168.1.1 again . with the password "admin".
    see if it reply?
    Else -
    strt>cmd>ipconfig /all - post the result ?
    pe@c3
    Message Edited by meteor on 01-09-2008 05:58 AM
    ~~~Nobudy's Perfect , i try To Be So ! Each n every moment of maH LYF , AND I THINK dat wats make Me "Different" From others....~~~

Maybe you are looking for

  • Does anyone know how to get your i pod touch out of recovery mode?

    Hi I'm Stuck in Recovery mode Can anyone help me

  • Ipod touch wont turn on and itunes wont detect.HELP!!!!

    Can anyone please help me after updated my ipod touch 8gb 1st or 2nd gen cant remember. when i plug it into my laptop, itunes pops up as normal and it says waiting for ipod then the ipod turns on no logo just a blank black screen but its on, after ab

  • How to call a void bean method in a jsp ?

    I want to call a bean method from the jsp page. The method is void i.e it returns nothing. Lets say the bean id is mybean and the method name is beanmethod( ). I want to know in what type of jsp tags should I put mybean.beanmethod( ). Using jsp expre

  • Delete rows dynmically from internal table

    Hi Gurus, I have got an problem. I have an internal table itab. Case 1. It has got some 10 rows. I want to delete rows between those two rows containing same field value of a Field 'X'. Here same value of that field could come on 1st and 7th row. The

  • Fix for embedding YouTube video in powerpoint?

    Is there a fix coming soon for embedding YouTube video into powerpoint? I've tried all suggestions - reinstalling, deleting Version=3, the ampersand issues, etc.). I need this functionality for an upcoming presentation in a week. Please help!!!