VPN -- Point to Point Connection Routing.

Similar Messages

• How to set up a point to point connection in 4 sites

  Hi all.
  I'm investigating the option of set up a point to point connection around 4 sites.
  I will call Site01, Site02, Site03 and Site04.
  Site01 will be the main one with a Main Domain Controller.
  Site02, Site03 and Site04 will be the Secondary Domain Controllers.
  I need to install an VPN Router on each Site to create a full VPN Network, I mean, All the computers should see the other computers.
  I need some support about it.
  I suppose that I have to config like this:
  Site01 with VPNRouter01 will have the IP range 192.168.1.X.
  Site02 with VPNRouter02 will have the IP range 192.168.2.X.
  Site03 with VPNRouter03 will have the IP range 192.168.3.X.
  Site04 with VPNRouter04 will have the IP range 192.168.4.X.
  If I config on each VPNRouter 3 point to point VPN connection is the only config that I have to do?
  I mean, is not neccesary to config anything else?
  I suppose that for example, the client with IP 192.168.1.10 should have the following IP address as well:
  192.168.2.10
  192.168.3.10
  192.168.4.10
  Is this neccesary to see all the clients on the remote networks?
  Thanks and best regards.

  HI,
  Try the below
  1) Configure site to site vpn from all the three site to the HUB site.
  2) Configure ospf or any dynamic routing protocol on the vpn, thus you will have routes of site1, site2 and site3 in site4 and visaversa.
  Once you have the connectivity established you can access any computers from any site.

• All about Point-Point Connection

  Hi All,
  I have read this point in the disscussion abt why we need XI
  1. right now you are using point to pont connection which is not the best way.
  I know that the concept of ALE which is used to send the IDOC's from SAP-Non-SAP and Vice versa.This is working on Point to point conection.
  Q1) Then on which basis XI is working. Is it is Point -Multi point concept??
  Q2) What is the Dis Advantages of using the Poin--Point conection
  Q3) What are the Advantages of avoiding the point point connection by using XI
  Regards
  Suman

  Hi,
  instead of having point to point connections between systems you connect all systems with the XI.
  For example if you have four systems A, B, C and D.
  If you have point to point connections between all of them it will look like:
  A - B
  A - C
  A - D
  B - C
  B - D
  C - D
  With XI it will look like:
  A - XI
  B - XI
  C - XI
  D - XI
  So one advantage is that you will have less connections.
  Another advantage is that if System A changes you have to adjust three connections in case of point to point.
  With XI you have only to change one connection.
  A further advantage is to have central point to configure and monitor your connections between the systems.
  Some more informations:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f79be190-0201-0010-96b9-f00ef2ac00df
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/50fc0e7e-bd11-2a10-85a0-966fb8ec21cc
  Regards
  Patrick

• Point-2-Point Connection Speed

  Hello,
  We are using a point-2-point connection, 2611 and 1760. Connection speed has been unbelievable slow, ran a "show int" and noticed quiet of few drops. I am a newbie and would like someone to point me in the right direction on where to start the troubleshooting prodcedures, would appreciate it. The e0/0 is are redundancy connection. Here is my show int post.
  Serial1/0 is up, line protocol is up
  Hardware is PQUICC with Fractional T1 CSU/DSU
  Description: Cox point-to-point to Parkwest
  Internet address is 192.168.23.10/30
  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
  reliability 255/255, txload 7/255, rxload 26/255
  Encapsulation HDLC, loopback not set
  Keepalive set (10 sec)
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 852
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/820 (size/max total/threshold/drops)
  Conversations 0/26/256 (active/max active/max total)
  Reserved Conversations 0/0 (allocated/max allocated)
  Available Bandwidth 1158 kilobits/sec
  5 minute input rate 179000 bits/sec, 26 packets/sec
  5 minute output rate 47000 bits/sec, 24 packets/sec
  140277729 packets input, 246331714 bytes, 0 no buffer
  Received 1453268 broadcasts, 0 runts, 12 giants, 0 throttles
  322261272 input errors, 10815 CRC, 72091 frame, 0 overrun, 3 ignored, 322178358 abort
  128315056 packets output, 3481037074 bytes, 3 underruns
  3 output errors, 0 collisions, 1939 interface resets
  0 output buffer failures, 0 output buffers swapped out
  43 carrier transitions
  DCD=up DSR=up DTR=up RTS=up CTS=up
  Ethernet0/0 is up, line protocol is up
  Hardware is PQUICC Ethernet, address is 000d.28dc.7f6f (bia 000d.28dc.7f6f)
  Description: Cont. Wireless connection to Parkwest
  Internet address is 10.1.35.5/29
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 10BaseT
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:19:17, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 91
  Queueing strategy: fifo
  Output queue :0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
  104661829 packets input, 3244614507 bytes, 0 no buffer
  Received 1167 broadcasts, 0 runts, 0 giants, 0 throttles
  2569 input errors, 0 CRC, 2245 frame, 8 overrun, 316 ignored
  0 input packets with dribble condition detected
  92195243 packets output, 3499224551 bytes, 2 underruns
  316 output errors, 854809 collisions, 1 interface resets
  0 babbles, 0 late collision, 1808906 deferred
  314 lost carrier, 0 no carrier
  0 output buffer failures, 0 output buffers swapped out

  Hello,
  since the interface counters have never been cleared, it is kind of hard to tell how fast these errors are actually increasing, but the number of input and crc errors, as well as the amount of interface resets points to some problem with either the hardware, or the provider side of the circuit.
  The output drops would actually tell you that you are trying to send too much data over the line, and the traffic is being dropped, which would not necessarily mean a problem with the equipment...
  Regards,
  GP

• Support for TLS-DSK Authentication in UCMA End Point connections?

  The Lync servers support NTLM, Kerberos, TLS-DSK as supported Authentication Protocols.
  However, it appears that  UCMA API when used in the End Point connection mode does not provide an option to use TLS-DSK as an authentication scheme.  Is there any way to connect to a Lync server that only supports TLS-DSK as an authentication protocol?
  //etc
              _collabPlatform = new CollaborationPlatform(clientPlatformSettings);
              _collabPlatform.AllowedAuthenticationProtocol = SipAuthenticationProtocols.None;   //Authentication protocol limitation -- TLS-DSK not available.
  UCFin

  No, UCMA only supports NTLM/Kerberos.  TLS-DSK requires HTTP requests which UCMA can not currently handle.

• Cheep solution for SHDSL routers for Point to Point Connectivity

  Please give me best solution and cost effective solution for SHDSL routers for Point to Point Connectivity.

  Already replied in another thread, please do not open duplicates.

• SHDSL routers for Point to Point Connectivity

  Could please light me what is best option for SHDSL point to point connectivity.
  Alos please comapre the WAN interface card below which should I choose for SHDSL connection:
  Cisco 1-Port G.SHDSL WAN Interface Card (part number WIC-1SHDSL-V3)
  Cisco 2-Pair G.SHDSL HWIC (HWIC-2SHDSL)
  Cisco 4-Pair G.SHDSL HWIC (HWIC-4SHDSL)

  Already replied in another thread, please do not open duplicates.

• Aironet 1500 series point to point connection

  Hello, I have a question for cisco Aironet 1500 series. I want to connect two of them as point to point in a distance about 6 km (kilometers). So there are two questions, can them be connected as point to point to transmit signal and the second one what is the max distance of AP to be connected.
  Kind regards,
  Ardit

  There are a lot of factors when it comes to an outdoor bridge connection. What kind of traffic is going to pass over that link? How much bandwidth do you need? Is there an free line of sight and can you place the (high gain) external antennas somewhere high or maybe even in an tower? And what about the factors you can't influence like the weather?
  I personally don't have experience with this kind of high distances, but if you are going to do an test I would advise to go for the 1570 bridges and select an high gain antenna. A good starting-point for outdoor point-to-point connections is Cisco's WNG Coverage Capacity Calculator. You can also use tis tool to calcuate your Effective Isotropic Radiated Power, which should not exceed the rules dictated by your regulatory domain.

• My NetExtender VPN will no longer connect with the Lion upgrade. Can anyone help me?

  My NetExtender VPN will no longer connect since I've upgraded to Lion. Can anyone offer some advice?

  I have not found this to be a solution in my case. I have some Apple OS users, Fedora/Ubuntu users and Windows 7 users who are using the SonicWall client. They can connect to either location in the US fine. Once connected, they receive a DNS search domain of pppFrameEncoded =0; instead of our AD domains which are passed fine in Windows and additionally the correct DNS servers (IP addresses) are listed in preference above the local router IP of the user.
  I found that the correct DNS and routes were listed in the SonicWall client and while could ping the IP of the resource, I could not resolve its hostname with the Network Utility. After manually adding the Search Domains (we have two) in preference and removing the previous above, I was then able to resolve lookups to the FQDN and IP but not the hostname. This really ***** for our Apple users who are mainly execs and use samba connections to shared resources. Strangely enough this also seems to impact the Apple iPad and iPhone 4 I have on iOS 5.1 as well. Any thoughts anyone? Can connect with no error, ping IP, can resolve easily FQDN and can access resources by IP or FQDN but not by hostname.
  172.xxx.xxx.xxx works fine
  smb://hostname.sub.domain.com works fine
  smb://hostname does not but resolves
  Anyone else run into this? It doesn't affect any Windows users at all.

• 10.5: VPN clients can't connect to each other

  Hey all,
  I've got a bit of an odd problem. Got my VPN server setup and working fine on 10.5.4. Clients can connect in, mount file shares, etc. However, if we have multiple clients connected in via VPN, they can't connect to each other. They can't ping each other or anything. I've checked firewalls, etc, on the client machines, and everything looks fine.
  Machines within the network can ping and connect to them both, it's just when they're trying to connect to one another that the problem occurs. Any ideas why this might be, and any possible solutions?
  Thanks in advance,
  Paul

  OS X Server / VPN /The L2TP-VPN server did not respond

• How can i delay the present of direct connected route?

  Hi, I got 2 3550SMI switch interconnecting by Etherchannel. Each 3550 has an uplink to its upstream router (R1-SW1=SW2-R2). R1 and R2 connects to the remote site routers (say R3 and R4).
  With EIGRP redistribute connected, R1 update the direct connected network via WAN link A to R3 where R2 does the same thing updating R4 via WAN link B.
  The failover is fine after SW2 powered off. However, problem occured when I powered up SW2. During the bootup of SW2, there was carrier signal which brought up the ethernet port of R2 and the direct connected route presented in R2 then updating R4. Some of the traffic had started to come over from R4 via WAN link B to R2 while SW2 is still booting. (or Etherchannel was not yet ready). As a result, workstation connecting to SW1 cannot be reached for those traffic came from R4->R3->SW2.
  I have tried to use "carrier-delay 60"on the ethernet port of R2. It seems solve the problem since the direct connected route delay 60sec. Within that 60 sec, no update via EIGRP from R2 to R4 so that all traffic still went through R3->R1. After that 60 sec, SW2 had already bootup and the etherchannel was also ready.
  However, i can only do it with C3725 router. I've tried 1750, 25xx, 26xx and 3640-12.3T but the behavior was not expected (route still present immediately after carrier signal detected).
  My questions are:
  Is that command valid on Eth or FE interface?
  Is there any different using that command with diff. router series, eg. ISR (18xx,28xx,38xx)?
  Is there any condition that I could make it work? (at least 3725 worked)
  Is there any other way to delay the present of that direct connected route?
  Thanks.

  Hello,
  instead of the 'carrier-delay' command, you could try to change the EIGRP hello and hold-time intervals (which default to 5 and 15 seconds respectively on broadcast media such as Ethernet), in order to delay EIGRP convergence. So, on your Ethernet interfaces when you use the interface commands:
  ip hello-time eigrp x 60
  ip hold-time eigrp x 180
  the redistributed routes will show up only after 60 seconds, which effectively does the same as the 'carrier-delay'...
  Can you try that and see if that works for you ?
  Regards,
  GP

• RA VPN into ASA5505 behind C871 Router with one public IP address

  Hello,
  I have a network like below for testing remote access VPN to ASA5505 behind C871 router with one public IP address.
  PC1 (with VPN client)----Internet-----Modem----C871------ASA5505------PC2
  The  public IP address is assigned to the outside interface of the C871. The  C871 forwards incoming traffic UDP 500, 4500, and esp to the outside  interface of the ASA that has a private IP address. The PC1 can  establish a secure tunnel to the ASA. However, it is not able to ping or  access PC2. PC2 is also not able to ping PC1. The PC1 encrypts packets  to PC2 but the ASA does not to PC1. Maybe a NAT problem? I understand  removing C871 and just use ASA makes VPN much simpler and easier, but I  like to understand why it is not working with the current setup and  learn how to troubleshoot and fix it. Here's the running config for the C871 and ASA. Thanks in advance for your help!C871:
  version 15.0
  no service pad
  service timestamps debug datetime msec localtime
  service timestamps log datetime msec localtime
  service password-encryption
  hostname router
  boot-start-marker
  boot-end-marker
  enable password 7 xxxx
  aaa new-model
  aaa session-id common
  clock timezone UTC -8
  clock summer-time PDT recurring
  dot11 syslog
  ip source-route
  ip dhcp excluded-address 192.168.2.1
  ip dhcp excluded-address 192.168.2.2
  ip dhcp pool dhcp-vlan2
     network 192.168.2.0 255.255.255.0
     default-router 192.168.2.1
  ip cef
  ip domain name xxxx.local
  no ipv6 cef
  multilink bundle-name authenticated
  password encryption aes
  username xxxx password 7 xxxx
  ip ssh version 2
  interface FastEthernet0
  switchport mode trunk
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description WAN Interface
  ip address 1.1.1.2 255.255.255.252
  ip access-group wna-in in
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  no cdp enable
  interface Vlan1
  no ip address
  interface Vlan2
  description LAN-192.168.2
  ip address 192.168.2.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  interface Vlan10
  description router-asa
  ip address 10.10.10.1 255.255.255.252
  ip nat inside
  ip virtual-reassembly
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat inside source list nat-pat interface FastEthernet4 overload
  ip nat inside source static 10.10.10.1 interface FastEthernet4
  ip nat inside source static udp 10.10.10.2 500 interface FastEthernet4 500
  ip nat inside source static udp 10.10.10.2 4500 interface FastEthernet4 4500
  ip nat inside source static esp 10.10.10.2 interface FastEthernet4
  ip route 0.0.0.0 0.0.0.0 1.1.1.1
  ip route 10.10.10.0 255.255.255.252 10.10.10.2
  ip route 192.168.2.0 255.255.255.0 10.10.10.2
  ip access-list standard ssh
  permit 0.0.0.0 255.255.255.0 log
  permit any log
  ip access-list extended nat-pat
  deny   ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
  permit ip 192.168.2.0 0.0.0.255 any
  ip access-list extended wan-in
  deny   ip 192.168.0.0 0.0.255.255 any
  deny   ip 172.16.0.0 0.15.255.255 any
  deny   ip 10.0.0.0 0.255.255.255 any
  deny   ip 127.0.0.0 0.255.255.255 any
  deny   ip 169.255.0.0 0.0.255.255 any
  deny   ip 255.0.0.0 0.255.255.255 any
  deny   ip 224.0.0.0 31.255.255.255 any
  deny   ip host 0.0.0.0 any
  deny   icmp any any fragments log
  permit tcp any any established
  permit icmp any any net-unreachable
  permit udp any any eq isakmp
  permit udp any any eq non500-isakmp
  permit esp any any
  permit icmp any any host-unreachable
  permit icmp any any port-unreachable
  permit icmp any any packet-too-big
  permit icmp any any administratively-prohibited
  permit icmp any any source-quench
  permit icmp any any ttl-exceeded
  permit icmp any any echo-reply
  deny   ip any any log
  control-plane
  line con 0
  exec-timeout 0 0
  logging synchronous
  no modem enable
  line aux 0
  line vty 0 4
  access-class ssh in
  exec-timeout 5 0
  logging synchronous
  transport input ssh
  scheduler max-task-time 5000
  end
  ASA:
  ASA Version 9.1(2)
  hostname asa
  domain-name xxxx.local
  enable password xxxx encrypted
  xlate per-session deny tcp any4 any4
  xlate per-session deny tcp any4 any6
  xlate per-session deny tcp any6 any4
  xlate per-session deny tcp any6 any6
  xlate per-session deny udp any4 any4 eq domain
  xlate per-session deny udp any4 any6 eq domain
  xlate per-session deny udp any6 any4 eq domain
  xlate per-session deny udp any6 any6 eq domain
  passwd xxxx encrypted
  names
  ip local pool vpn-pool 192.168.100.10-192.168.100.35 mask 255.255.255.0
  interface Ethernet0/0
  switchport trunk allowed vlan 2,10
  switchport mode trunk
  interface Ethernet0/1
  switchport access vlan 2
  interface Ethernet0/2
  shutdown
  interface Ethernet0/3
  shutdown
  interface Ethernet0/4
  shutdown
  interface Ethernet0/5
  shutdown
  interface Ethernet0/6
  shutdown
  interface Ethernet0/7
  shutdown
  interface Vlan1
  no nameif
  no security-level
  no ip address
  interface Vlan2
  nameif inside
  security-level 100
  ip address 192.168.2.2 255.255.255.0
  interface Vlan10
  nameif outside
  security-level 0
  ip address 10.10.10.2 255.255.255.252
  ftp mode passive
  clock timezone UTC -8
  clock summer-time PDT recurring
  dns server-group DefaultDNS
  domain-name xxxx.local
  object network vlan2-mapped
  subnet 192.168.2.0 255.255.255.0
  object network vlan2-real
  subnet 192.168.2.0 255.255.255.0
  object network vpn-192.168.100.0
  subnet 192.168.100.0 255.255.255.224
  object network lan-192.168.2.0
  subnet 192.168.2.0 255.255.255.0
  access-list no-nat-in extended permit ip 192.168.2.0 255.255.255.0 192.168.100.0 255.255.255.0
  access-list vpn-split extended permit ip 192.168.2.0 255.255.255.0 any
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (inside,outside) source static lan-192.168.2.0 lan-192.168.2.0 destination static vpn-192.168.100.0 vpn-192.168.100.0 no-proxy-arp route-lookup
  object network vlan2-real
  nat (inside,outside) static vlan2-mapped
  route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  aaa authentication http console LOCAL
  http server enable
  http 192.168.2.0 255.255.255.0 inside
  http 10.10.10.1 255.255.255.255 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec security-association pmtu-aging infinite
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-256-SHA
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto ca trustpool policy
  crypto ikev1 enable outside
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 192.168.2.0 255.255.255.0 inside
  ssh 10.10.10.1 255.255.255.255 outside
  ssh timeout 20
  ssh version 2
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  anyconnect-essentials
  group-policy vpn internal
  group-policy vpn attributes
  dns-server value 8.8.8.8 8.8.4.4
  vpn-tunnel-protocol ikev1
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value vpn-split
  default-domain value xxxx.local
  username xxxx password xxxx encrypted privilege 15
  tunnel-group vpn type remote-access
  tunnel-group vpn general-attributes
  address-pool vpn-pool
  default-group-policy vpn
  tunnel-group vpn ipsec-attributes
  ikev1 pre-shared-key xxxx
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:40c05c90210242a42b7dbfe9bda79ce2
  : end

  Hi,
  I think, that you want control all outbound traffic from the LAN to the outside by ASA.
  I suggest some modifications as shown below.
  C871:
  interface Vlan2
  description LAN-192.168.2
  ip address 192.168.2.2 255.255.255.0
  no ip nat inside
  no ip proxy-arp
  ip virtual-reassembly
  ip access-list extended nat-pat
  no deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
  no permit ip 192.168.2.0 0.0.0.255 any
  deny ip 192.168.2.0 0.0.0.255 any
  permit ip 10.10.10.0 0.0.0.255 any
  ASA 5505:
  interface Vlan2
  nameif inside
  security-level 100
  ip address 192.168.2.1 255.255.255.0
  Try them out and response.
  Best regards,
  MB

• BM VPN causing dial-up connections to disappear - Air Card

  I'm having an issue with BM VPN. I have an end user on an XP laptop who needs to connect via BM VPN using his Verizon Wireless Broadband Air Card. The Broadband Cards are always listed under Dial-Up Connections in Network Connections, but after installing BM VPN, the dial-up connections are no longer there and if I try to manually create a connection, it is greyed out. Also, to no avail, the following services in XP are not turned on and for the life of me I cannot get them to start:
  Remote Accesss Auto Connection Manager
  Remote Accesss Connection Manager
  From what I've read, these services must be on in order to create a new dial-up connection. The Broadband card refuses to connect due to the fact that a dial-up connection cannot be created. The Broadband card and software were installed and working before BM VPN was installed. I tried uninstalling/reinstalling BM VPN, but that didn't fix the problem.
  Also, if I look under the Novell Client properties, Location Profiles Tab, VPN, Properties, Properties again, and finally the VPN Dial-Up tab, there is a message that says "A VPN dial-up initialization has occurred. Microsoft Dial-Up Networking is not installed." I don't know if this means anything or is related to the problem, but I thought I'd relay this information as well. I looked for ways to reinstall the Microsoft Dial-Up Networking, but all articles refer to Windows 95 or 98 installations. I've also reinstalled Windows XP SP3 successfully, but it didn't fix the problem.
  Has anyone else ever ran into a problem like this and can help me? I'm so lost and desperate for help. Thanks.

  I'm not sure how to recover on the system that is currently broken -
  though I suspect some form of remove/reinstall MS components should get
  you back running again.
  When you install the VPN client, and you select the dial-up option, it
  basically tries to integrate the MS dial up networking system into VPN
  menus. I don't think it really invents anything new there. If there
  is something non-standard on the dial-up entries, it may be that the
  VPN installation doesn't handle it properly. I don't know, because
  I've not installed that component or used it in years.
  What I would recommend is to not install the dial-up component on with
  the VPN client. Just leave it off, make a usual dial-up connection,
  and then launch the VPN client. The VPN dial-up component just
  tries to manage all of that so you do it with less button clicks.
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to http://www.craigjconsulting.com ***

• I'm trying to connect to my work's VPN.  I am connected to the VPN, but I cannot access the server. I keep getting a message that says the server may not exist or is unavailable.  I know that's not the case because my coworkers are connected. Can someone

  I'm trying to connect to my work's VPN.  I am connected to the VPN, but I cannot access the server. I keep getting a message that says the server may not exist or is unavailable.  I know that’s not the case because my coworkers are connected. Can someone please help me? 

  I have the same problem. It is only with tv shows and only with programs I have downloaded after the software update.
  Apple support sent me the above link too....but it doesn't solve the problem...my computer is authorized and the content is in my library and will play on my Mac air, but it will not sync the tv shows, it keeps saying my computer isn't authorized for it.
  No answers here, but you are definitely not alone with this issue.

• Using "route-target import" only connected routes?

  When using the route-target import, the only routes imported are ones directly connected on one of the other PE routers. How does one get the advertised routes and the connected routes imported?
  PE1 -- PE2
  |
  |
  PE3
  Customer's remote site attaches to PE1 which peers to PE2. PE2 connects to Customer HQ.
  Another VRF (100:110) provides a centralized service that will be used by several different customers. Some of the subnets for this shared service are directly connected to PE2 while other subnets are directly connected to PE3.
  Since PE1 and PE2 were already peered, I thought all that was needed was an import statement to get the routes from the shared service vrf into the customer's vrf.
  PE1:
  ip vrf customer1
  rd 100:105
  route-target export 100:105
  route-target import 100:105
  route-target import 100:110
  When I do a 'show ip route vrf Customer1' the only routes that appear are the ones directly connected to PE2. I then peered PE1 to PE3, creating a full mesh but no other routes appeared in the routing table.
  PE1 -- PE2
  \ |
  \ |
  \ PE3
  I plan to use an export map and import map to filter the networks to the desired ones, but in this example, should not all routes be seen from the shared services VRF (100:110)?
  Thanks!

  Frank,
  Performing the import on one PE doesn't cause that one PE to start advertising the imported prefixes to other member of the same VRF on other PEs.
  If you want the prefixes from the shared services VRF to show up in the customer VRF on all PEs, you need to import RT 100:10 in VRF Customer1 on all PEs.
  Hope this helps,