VPN server on 871 already functioning as DMVPN spoke?

Last week I was sitting in an hotel far away from my family. I wanted to use Skype or MSNMessenger to contact them with Webcam. It didn't work, because there was some huge firewall, blocking several ports. So I decided to setup a VPN server @home, so I could access to everything I wanted, and not be blocked by the firewall of an islamic state... :-)
My 871w @home is functioning as a DMVPN spoke which works well.
Is it possible to contact my router from far away, and then be able to access the internet and my home-lan?
If someone can point me to a (simple :-) config, I will be very thankful...

Try these links:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008014bcd7.shtml
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801eafcb.shtml
http://www.cisco.com/en/US/products/ps6660/products_white_paper0900aecd803e7ee9.shtml

Similar Messages

  • VPN client connect to CISCO 887 VPN Server but I can't ping Local LAN

    Hi
    my scenario is as follows
    SERVER1 on lan (192.168.1.4)
    |
    |
    CISCO-887 (192.168.1.254)
    |
    |
    INTERNET
    |
    |
    VPN Cisco client on windows 7 machine
    My connection have public ip address assegned by ISP, after ppp login.
    I've just configured (with Cisco Configuration Professional) the ADSL connection and VPN Server (Easy VPN).
    All the PC on LAN surf internet and remote PC connect to VPN Cisco server via cisco VPN client.
    But all remote PC after connection to Cisco VPN server don't ping SERVER1 in lan and therefore don't see SERVER1 and every other resource in LAN. I can't even ping the gateway 192.168.1.254
    I'm using Cisco VPN client (V5.0.07) with "IPSec over UDP NAT/PAT".
    What is wrong in my attached configuration? (I've alspo tried to bind Virtual-Template1 both to unnambered Dialer0 and to Loopback0 but without luck)
    Perhaps ACL problem?
    Building configuration...
    Current configuration : 4921 bytes
    ! Last configuration change at 14:33:06 UTC Sun Jan 26 2014 by NetasTest
    version 15.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname TestLab
    boot-start-marker
    boot-end-marker
    enable secret 4 5ioUNqNjoCPaFZIVNAyYuHFA2e9v8Ivuc7a7UlyQ3Zw
    aaa new-model
    aaa authentication login default local
    aaa authentication login ciscocp_vpn_xauth_ml_1 local
    aaa authentication login ciscocp_vpn_xauth_ml_2 local
    aaa authorization exec default local
    aaa authorization network ciscocp_vpn_group_ml_1 local
    aaa authorization network ciscocp_vpn_group_ml_2 local
    aaa session-id common
    memory-size iomem 10
    crypto pki trustpoint TP-self-signed-3013130599
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3013130599
    revocation-check none
    rsakeypair TP-self-signed-3013130599
    crypto pki certificate chain TP-self-signed-3013130599
    certificate self-signed 01
    3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 33303133 31333035 3939301E 170D3134 30313236 31333333
    35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30313331
    33303539 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100A873 940DE7B9 112D7C1E CEF53553 ED09B479 24721449 DBD6F559 1B9702B7
    9087E94B 50CBB29F 6FE9C3EC A244357F 287E932F 4AB30518 08C2EAC1 1DF0C521
    8D0931F7 6E7F7511 7A66FBF1 A355BB2A 26DAD318 5A5A7B0D A261EE22 1FB70FD1
    C20F1073 BF055A86 D621F905 E96BD966 A4E87C95 8222F1EE C3627B9A B5963DCE
    AE7F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
    551D2304 18301680 14E37481 4AAFF252 197AC35C A6C1E8E1 E9DF5B35 27301D06
    03551D0E 04160414 E374814A AFF25219 7AC35CA6 C1E8E1E9 DF5B3527 300D0609
    2A864886 F70D0101 05050003 81810082 FEE61317 43C08637 F840D6F8 E8FA11D5
    AA5E49D4 BA720ECB 534D1D6B 1A912547 59FED1B1 2B68296C A28F1CD7 FB697048
    B7BF52B8 08827BC6 20B7EA59 E029D785 2E9E11DB 8EAF8FB4 D821C7F5 1AB39B0D
    B599ECC1 F38B733A 5E46FFA8 F0920CD8 DBD0984F 2A05B7A0 478A1FC5 952B0DCC
    CBB28E7A E91A090D 53DAD1A0 3F66A3
    quit
    no ip domain lookup
    ip cef
    no ipv6 cef
    license udi pid CISCO887VA-K9 sn ***********
    username ******* secret 4 5ioUNqNjoCPaFZIVNAyYuHFA2e9v8Ivuc7a7UlyQ3Zw
    username ******* secret 4 Qf/16YMe96arcCpYI46YRa.3.7HcUGTBeJB3ZyRxMtE
    controller VDSL 0
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp client configuration group EXTERNALS
    key NetasTest
    dns 8.8.4.4
    pool VPN-Pool
    acl 120
    crypto isakmp profile ciscocp-ike-profile-1
    match identity group EXTERNALS
    client authentication list ciscocp_vpn_xauth_ml_2
    isakmp authorization list ciscocp_vpn_group_ml_2
    client configuration address respond
    virtual-template 1
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    mode tunnel
    crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
    mode tunnel
    crypto ipsec profile CiscoCP_Profile1
    set transform-set ESP-3DES-SHA1
    set isakmp-profile ciscocp-ike-profile-1
    interface Ethernet0
    no ip address
    shutdown
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    hold-queue 224 in
    pvc 8/35
    pppoe-client dial-pool-number 1
    interface FastEthernet0
    no ip address
    interface FastEthernet1
    no ip address
    interface FastEthernet2
    no ip address
    interface FastEthernet3
    no ip address
    interface Virtual-Template1 type tunnel
    ip address 192.168.2.1 255.255.255.0
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile CiscoCP_Profile1
    interface Vlan1
    ip address 192.168.1.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    ip tcp adjust-mss 1452
    interface Dialer0
    ip address negotiated
    ip mtu 1452
    ip nat outside
    ip virtual-reassembly in
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname ****
    ppp chap password 0 *********
    ppp pap sent-username ****** password 0 *******
    no cdp enable
    ip local pool VPN-Pool 192.168.2.210 192.168.2.215
    ip forward-protocol nd
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 600 life 86400 requests 10000
    ip nat inside source list 100 interface Dialer0 overload
    ip route 0.0.0.0 0.0.0.0 Dialer0
    access-list 100 remark
    access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 100 remark
    access-list 100 permit ip 192.168.1.0 0.0.0.255 any
    access-list 120 remark
    access-list 120 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    line con 0
    exec-timeout 5 30
    password ******
    no modem enable
    line aux 0
    line vty 0 4
    password ******
    transport input all
    end
    Best Regards,

    I've updated ios to c870-advipservicesk9-mz.124-24.T8.bin  and tried to ping from rv320 to 871 and vice versa. Ping stil not working.
    router#sh crypto session detail 
    Crypto session current status
    Code: C - IKE Configuration mode, D - Dead Peer Detection     
    K - Keepalives, N - NAT-traversal, T - cTCP encapsulation     
    X - IKE Extended Authentication, F - IKE Fragmentation
    Interface: Dialer0
    Uptime: 00:40:37
    Session status: UP-ACTIVE     
    Peer: 93.190.178.205 port 500 fvrf: (none) ivrf: (none)
          Phase1_id: 192.168.1.100
          Desc: (none)
      IKE SA: local 93.190.177.103/500 remote 93.190.178.205/500 Active 
              Capabilities:(none) connid:2001 lifetime:07:19:22
      IPSEC FLOW: permit ip 10.1.1.0/255.255.255.0 10.1.2.0/255.255.255.0 
            Active SAs: 4, origin: dynamic crypto map
            Inbound:  #pkts dec'ed 0 drop 30 life (KB/Sec) 4500544/1162
            Outbound: #pkts enc'ed 5 drop 0 life (KB/Sec) 4500549/1162

  • How to setup built-in VPN server on Mountain Lion

    Anyone have information on configuring the built-in VPN server in OS X Mountain Lion ?

    Update - it works ! At least I can connect to Mountain Lion (not server) from my iPhone using the VPN Server Configurator app.
    Here's what I did :
    1) download the app and install
    2) setup using the help files on the web page : http://www.greenworldsoft.com/product-vpn-server-help.html
    3) at the last stage you need to setup port forwardin on your router
    4) under Airport Utility 6.0 you cannot setup ports 500 or 4500 due to BTTM conflicts but setup the other 2 ports (1723 TCP and 1701 UDP), update airport extreme
    5) download Airport Utility 5.6 from here : download already extracted utility  it is in it's extracted form as is necessary under Mtn Lion (thanks to NetUse Monitor for the download - great app by the way)
    6) run 5.6 and setup port forwarding (Advanced-Port Mapping) for the other 2 ports (500 and 4500 UDP), update airport extreme
    7) that's it, I was able to connect to the VPN from my iPhone !

  • Why does SSL VPN require client for full functionality?So What's the point?

    I was interested in SSL VPN because I thought that I could have the same functionality I have when connecting via Cisco VPN 3000 concentrator (IPSec with AH and ESP enabled), but without the hassle to deploy and maintain client VPN's for thousands of users.
    However, to my disappointment, based on the information below from www.cisco.com (and I believe that it is the case from other vendors, right?) SSL VPN offers limited functionality if deployed clientless. Why is like that?
    Imagine I have a VPN (IPSec) solution functional today. If I deploy SSL VPN (clientless) what lack in functionality should I experience? Why a VPN client is required if SSL VPN can successfully establish the tunnel? I don't get it.
    "...SSL VPNs provide two different types of access: clientless access and full network access. Clientless access requires no specialized VPN software on the user desktop; all VPN traffic is transmitted and delivered through a standard Web browser. Because all applications and network resources are accessed through a browser, only Web-enabled and some client-server applications-such as intranets, applications with Web interfaces, e-mail, calendaring, and file servers-can be accessed using a clientless connection. This limited access is suitable for partners or contractors that should be provided access to a limited set of resources on the network. And because no special-purpose VPN software has to be delivered to the user desktop, provisioning and support concerns are minimized."

    Hi,
    Clientless SSL VPN only able to access application through browser (i.e. HTTP and HTTPS). If you need to acces other application like RDC, you need full SSL client.
    Full SSL Client is deployed automatically depends on how you configure the SSL VPN box (temporary or permanently);
    1. From the SSL VPN box, you can configure it to download and be installed to user PC permanently (500KB+). When the user successfully authenticated by the SSL VNP box, it will download the client and install automatically/permanently without any help from the network administrator. The user need to login on his/her PC with administrator priviledge.
    2. From the SSL VPN box, you can configure it to download and be installed to user PC temporary (500KB+). When the user successfully authenticated by the SSL VPN box, it will download the client and install temporary without any help from the network administrator. The user need to login on his/her PC with administrator priviledge.
    In one of my deployment, I have 1000+ SSL VPN user. I just need to create a 10 page User Manual/Guide complete with troubleshooting on their own. I use the first option which is automatically download and permanently install in their PC. Patching the SSL VPN Full Client need to upload the new client in the SSL VPN box only and it will automatically patch the client in user PC.
    Dandy

  • VPN Server Feature for WRT1900AC

    Hi there,
    is there a timeline for when the VPN Server feature gets implemented into the WRT1900AC router? That particular feature decides whether I'm buying it or not.
    Cheers,
    Dave

    Thanks guys, but you are missing the point.
    See here: www.linksys.com/en-us/press/releases/2014-04-10_Linksys_Starts_Shipping_the_WRT1900AC_the_Successor_...
    "Linksys is also planning to add Wi-Fi Scheduling and an OpenVPN-based VPN server to the WRT in a future firmware update to enable users to establish a secure remote connection to the router from anywhere in the world."
    I wanted to know from Linksys or some insiders here in the forum, whether there is already a rough timeline on this feature. F.i. in which quarter the users can expect it to be implemented.
    Cheers,
    Dave

  • Installing a VPN Server in Mac OS X

    Has anyone tried to install a VPN server successfully in mac os x?
    I was able to get webmin installed successfully, and I know on my linux distros webmin automatically detects if a VPN server is installed (such as poptop) or at least if the option is there, but in mac os x (not the server version) there is nothing listed.
    Anyone know of any other VPN servers that could be installed in mac os x, or even anything for BSD that could be compiled from source?

    I run the server on PowerPC and use clients on both PowerPC and Intel. Admittedly, my wife has run off the the MBP so my use on the Intel is limited these days.
    If you want to route onto the network, you'll have to create routes after the TUN/TAP interface is up. The OS X FAQs on OpenVPN detail various ways to do this.
    # Sample OpenVPN 2.0 config file for #
    # multi-client server. #
    # This file is for the server side #
    # of a many-clients <-> one-server #
    # OpenVPN configuration. #
    # OpenVPN also supports #
    # single-machine <-> single-machine #
    # configurations (See the Examples page #
    # on the web site for more info). #
    # This config should work on Windows #
    # or Linux/BSD systems. Remember on #
    # Windows to quote pathnames and use #
    # double backslashes, e.g.: #
    # "C:\\Program Files\\OpenVPN\\config\\foo.key" #
    # Comments are preceded with '#' or ';' #
    # Which local IP address should OpenVPN
    # listen on? (optional)
    ;local 192.168.2.253
    # Which TCP/UDP port should OpenVPN listen on?
    # If you want to run multiple OpenVPN instances
    # on the same machine, use a different port
    # number for each one. You will need to
    # open up this port on your firewall.
    port 443
    # TCP or UDP server?
    ;proto tcp
    proto tcp
    # "dev tun" will create a routed IP tunnel,
    # "dev tap" will create an ethernet tunnel.
    # Use "dev tap0" if you are ethernet bridging
    # and have precreated a tap0 virtual interface
    # and bridged it with your ethernet interface.
    # If you want to control access policies
    # over the VPN, you must create firewall
    # rules for the the TUN/TAP interface.
    # On non-Windows systems, you can give
    # an explicit unit number, such as tun0.
    # On Windows, use "dev-node" for this.
    # On most systems, the VPN will not function
    # unless you partially or fully disable
    # the firewall for the TUN/TAP interface.
    ;dev tap
    dev tun
    # Windows needs the TAP-Win32 adapter name
    # from the Network Connections panel if you
    # have more than one. On XP SP2 or higher,
    # you may need to selectively disable the
    # Windows firewall for the TAP adapter.
    # Non-Windows systems usually don't need this.
    ;dev-node MyTap
    # SSL/TLS root certificate (ca), certificate
    # (cert), and private key (key). Each client
    # and the server must have their own cert and
    # key file. The server and all clients will
    # use the same ca file.
    # See the "easy-rsa" directory for a series
    # of scripts for generating RSA certificates
    # and private keys. Remember to use
    # a unique Common Name for the server
    # and each of the client certificates.
    # Any X509 key management system can be used.
    # OpenVPN can also use a PKCS #12 formatted key file
    # (see "pkcs12" directive in man page).
    ca /etc/openvpn/key/ca.crt
    cert /etc/openvpn/key/server.crt
    key /etc/openvpn/key/server.key
    # Diffie hellman parameters.
    # Generate your own with:
    # openssl dhparam -out dh1024.pem 1024
    # Substitute 2048 for 1024 if you are using
    # 2048 bit keys.
    dh /etc/openvpn/key/dh1024.pem
    # Configure server mode and supply a VPN subnet
    # for OpenVPN to draw client addresses from.
    # The server will take 10.8.0.1 for itself,
    # the rest will be made available to clients.
    # Each client will be able to reach the server
    # on 10.8.0.1. Comment this line out if you are
    # ethernet bridging. See the man page for more info.
    server 169.254.1.0 255.255.255.0
    # Maintain a record of client <-> virtual IP address
    # associations in this file. If OpenVPN goes down or
    # is restarted, reconnecting clients can be assigned
    # the same virtual IP address from the pool that was
    # previously assigned.
    ifconfig-pool-persist ipp.txt
    # Configure server mode for ethernet bridging.
    # You must first use your OS's bridging capability
    # to bridge the TAP interface with the ethernet
    # NIC interface. Then you must manually set the
    # IP/netmask on the bridge interface, here we
    # assume 10.8.0.4/255.255.255.0. Finally we
    # must set aside an IP range in this subnet
    # (start=10.8.0.50 end=10.8.0.100) to allocate
    # to connecting clients. Leave this line commented
    # out unless you are ethernet bridging.
    ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
    ;server-bridge 192.168.2.1 255.255.255.0 192.168.2.240 192.168.2.245
    # Push routes to the client to allow it
    # to reach other private subnets behind
    # the server. Remember that these
    # private subnets will also need
    # to know to route the OpenVPN client
    # address pool (10.8.0.0/255.255.255.0)
    # back to the OpenVPN server.
    push "route 10.0.0.0 255.255.255.0"
    ;push "route 192.168.20.0 255.255.255.0"
    # To assign specific IP addresses to specific
    # clients or if a connecting client has a private
    # subnet behind it that should also have VPN access,
    # use the subdirectory "ccd" for client-specific
    # configuration files (see man page for more info).
    # EXAMPLE: Suppose the client
    # having the certificate common name "Thelonious"
    # also has a small subnet behind his connecting
    # machine, such as 192.168.40.128/255.255.255.248.
    # First, uncomment out these lines:
    ;client-config-dir ccd
    ;route 192.168.40.128 255.255.255.248
    # Then create a file ccd/Thelonious with this line:
    # iroute 192.168.40.128 255.255.255.248
    # This will allow Thelonious' private subnet to
    # access the VPN. This example will only work
    # if you are routing, not bridging, i.e. you are
    # using "dev tun" and "server" directives.
    # EXAMPLE: Suppose you want to give
    # Thelonious a fixed VPN IP address of 10.9.0.1.
    # First uncomment out these lines:
    ;client-config-dir ccd
    ;route 10.9.0.0 255.255.255.252
    # Then add this line to ccd/Thelonious:
    # ifconfig-push 10.9.0.1 10.9.0.2
    # Suppose that you want to enable different
    # firewall access policies for different groups
    # of clients. There are two methods:
    # (1) Run multiple OpenVPN daemons, one for each
    # group, and firewall the TUN/TAP interface
    # for each group/daemon appropriately.
    # (2) (Advanced) Create a script to dynamically
    # modify the firewall in response to access
    # from different clients. See man
    # page for more info on learn-address script.
    ;learn-address ./script
    # If enabled, this directive will configure
    # all clients to redirect their default
    # network gateway through the VPN, causing
    # all IP traffic such as web browsing and
    # and DNS lookups to go through the VPN
    # (The OpenVPN server machine may need to NAT
    # the TUN/TAP interface to the internet in
    # order for this to work properly).
    # CAVEAT: May break client's network config if
    # client's local DHCP server packets get routed
    # through the tunnel. Solution: make sure
    # client's local DHCP server is reachable via
    # a more specific route than the default route
    # of 0.0.0.0/0.0.0.0.
    ;push "redirect-gateway"
    # Certain Windows-specific network settings
    # can be pushed to clients, such as DNS
    # or WINS server addresses. CAVEAT:
    # http://openvpn.net/faq.html#dhcpcaveats
    ;push "dhcp-option DNS 10.8.0.1"
    ;push "dhcp-option WINS 10.8.0.1"
    # Uncomment this directive to allow different
    # clients to be able to "see" each other.
    # By default, clients will only see the server.
    # To force clients to only see the server, you
    # will also need to appropriately firewall the
    # server's TUN/TAP interface.
    ;client-to-client
    # Uncomment this directive if multiple clients
    # might connect with the same certificate/key
    # files or common names. This is recommended
    # only for testing purposes. For production use,
    # each client should have its own certificate/key
    # pair.
    # IF YOU HAVE NOT GENERATED INDIVIDUAL
    # CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
    # EACH HAVING ITS OWN UNIQUE "COMMON NAME",
    # UNCOMMENT THIS LINE OUT.
    ;duplicate-cn
    # The keepalive directive causes ping-like
    # messages to be sent back and forth over
    # the link so that each side knows when
    # the other side has gone down.
    # Ping every 10 seconds, assume that remote
    # peer is down if no ping received during
    # a 120 second time period.
    keepalive 10 120
    # For extra security beyond that provided
    # by SSL/TLS, create an "HMAC firewall"
    # to help block DoS attacks and UDP port flooding.
    # Generate with:
    # openvpn --genkey --secret ta.key
    # The server and each client must have
    # a copy of this key.
    # The second parameter should be '0'
    # on the server and '1' on the clients.
    ;tls-auth ta.key 0 # This file is secret
    # Select a cryptographic cipher.
    # This config item must be copied to
    # the client config file as well.
    ;cipher BF-CBC # Blowfish (default)
    ;cipher AES-128-CBC # AES
    ;cipher DES-EDE3-CBC # Triple-DES
    # Enable compression on the VPN link.
    # If you enable it here, you must also
    # enable it in the client config file.
    comp-lzo
    # The maximum number of concurrently connected
    # clients we want to allow.
    ;max-clients 100
    # It's a good idea to reduce the OpenVPN
    # daemon's privileges after initialization.
    # You can uncomment this out on
    # non-Windows systems.
    ;user nobody
    ;group nobody
    # The persist options will try to avoid
    # accessing certain resources on restart
    # that may no longer be accessible because
    # of the privilege downgrade.
    persist-key
    persist-tun
    # Output a short status file showing
    # current connections, truncated
    # and rewritten every minute.
    status /var/log/openvpn-status.log
    # By default, log messages will go to the syslog (or
    # on Windows, if running as a service, they will go to
    # the "\Program Files\OpenVPN\log" directory).
    # Use log or log-append to override this default.
    # "log" will truncate the log file on OpenVPN startup,
    # while "log-append" will append to it. Use one
    # or the other (but not both).
    ;log openvpn.log
    ;log-append openvpn.log
    # Set the appropriate level of log
    # file verbosity.
    # 0 is silent, except for fatal errors
    # 4 is reasonable for general usage
    # 5 and 6 can help to debug connection problems
    # 9 is extremely verbose
    verb 3
    # Silence repeating messages. At most 20
    # sequential messages of the same message
    # category will be output to the log.
    ;mute 20

  • Cisco 871W eZVPN is unable to connect Cisco PIX vpn server

    crypto ipsec client ezvpn TEST
    connect auto
    group Cisco key cisco123
    mode client
    peer 172.1.1.1
    xauth userid mode interfactive
    interface FastEthernet4
    ip address 10.1.1.1 255.255.255.0
    ip access-group 101 in
    ip nat outside
    crypto ipsec client ezvpn TEST
    Internet Vlan1
    ip address 192.168.1.1 255.255.255.0
    ip access-group 100 out
    ip nat inside
    crypto ipsec client ezvpn TEST inside
    ip route 0.0.0.0. 0.0.0.0 192.168.1.254
    ip nat inside source route-map EzVPN1 interface FastEthernet4 overload
    access-list 100 permit ip any any
    access-list 101 permit ip any any
    access-list 103 permit ip 192.168.1.0 0.0.0.255 any
    route-map EzVPN1 permit 1
    match ip address 103
    These are the following commands I applied in my Router, It is able to connect but unable to access any other servers. The same user name & password I tried with the VPN dialer it works on my Laptop. Anything I am missing on the router configuration. The VPN server is Cisco PIX 515E.
    Cisco IOS on 871W is 12.3(8)Y12

    1) Isn't your default route supposed to be pointing towards the external interface?
    ip route 0.0.0.0. 0.0.0.0 192.168.1.254 ?
    2) Can you change the 'mode client' to 'mode network-extension'. Also the PIX will need 'nem enable'.
    Have a look at the following (I'm assuming you already have as your config seems to be similar):
    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml
    For old 6.x code on PIX, have a look at:
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080241a0d.shtml
    Regards
    Farrukh

  • How to start VPN Server with PPTP + How to backup Addressbook Server

    Hey people,
    I currently have Lion Server running on my mac mini server, it was upgraded to Lion (server) from Snow Leopard server.
    Now i have 2 issues i'd like to address and ask your help for.
    1. VPN Server on Lion Server.
    I have had the VPN server running on Snow Leopard server without a problem, however, since my Lion upgrade it just isn't working with PPTP anymore.
    I did read alot of discussions here and also read that you can configure it through the terminal using the serveradmin tool.
    I have followed the instructions to get PPTP enabled, but it just isnt listening on the correct port, i don't see anything running nor can i connect from my Lion client to the server (i get server not responding).
    Does anyone experiece the same problem? or know how to solve this?
    2. Addressbook Server on Lion Server.
    I have a few network users on my system, they use the Addressbook server through their iphone/ipad.
    I don't know how to backup their contacts they added in the server, is there a way to backup the data?
    I have already tried to export the user using the Workgroup Manager, but when i look in the file, i don't see any additional info other then the user settings.
    I have been thinking of reinstalling the server to a complete fresh Lion only installation instead of the current upgraded Lion from Snow Leopard, that's why i need to backup the info.
    Time Machine backups of an upgraded Snow Leopard Server to Lion Server won't work on a fresh Lion Server installation, i have always had the problem that it can't read the data for some reason.
    Anyone know a solution for these 2 issues?

    Hi,
    In your base module MANIFEST.MF include Rest module in ATG-Required.
    It like,
    ATG-Required: DCS B2CCommerce WebUI Rest
    Hope it will work for you.
    Regrads
    Kumaresh Babu A

  • Cisco 28xx easy vpn server & MS NPS (RADIUS server)

    Здравстуйте.
    Имеется LAN (192.168.11.0/24) с граничным роутером cisco 2821 (192.168.11.1), на котором настроен Easy VPN Server с локальной авторизацией удаленных пользователей, использующих для подключения Cisco VPN Client v 5.0. Все работает. В той же LAN имеется MS Windows Server 2012 Essensial в качестве DC AD.
    Возникла необходимость перенести авторизацию удаленных пользователей на RADIUS сервер. В качестве RADIUS сервера хочется использовать MS Network Policy Server (NPS) 2012 Essensial (192.168.11.9).
    На сервере поднята соответствующая политика, NPS сервер зарегистрирован в AD, создан RADIUS-клиент (192.168.11.1), настроена Сетевая политика. В AD создана группа VPN-USERS, в которую помимо удаленных пользователей добавлен служебный пользователь EasyVPN с паролем "cisco".
    Ниже выдежка из сонфига cisco 2821:
    aaa new-model
    aaa authentication login rausrs local
    aaa authentication login VPN-XAUTH group radius
    aaa authorization network ragrps local
    aaa authorization network VPN-GROUP local
    aaa session-id common
    crypto isakmp policy 10
    encr aes 256
    authentication pre-share
    group 2
    crypto isakmp client configuration address-pool local RAPOOL
    crypto isakmp client configuration group ra1grp
    key key-for-remote-access
    domain domain.local
    pool RAPOOL
    acl split-acl
    split-dns 192.168.11.9
    crypto isakmp client configuration group EasyVPN
    key qwerty123456
    domain domain.local
    pool RAPOOL
    acl split-acl
    split-dns 192.168.11.9
    crypto isakmp profile RA-profile
       description profile for remote access VPN
       match identity group ra1grp
       client authentication list rausrs
       isakmp authorization list ragrps
       client configuration address respond
    crypto isakmp profile VPN-IKMP-PROFILE
       description profile for remote access VPN via RADIUS
       match identity group EasyVPN
       client authentication list VPN-XAUTH
       isakmp authorization list VPN-GROUP
       client configuration address respond
    crypto ipsec transform-set tset1 esp-aes esp-sha-hmac
    crypto dynamic-map dyn-cmap 100
    set transform-set tset1
    set isakmp-profile RA-profile
    reverse-route
    crypto dynamic-map dyn-cmap 101
    set transform-set tset1
    set isakmp-profile VPN-IKMP-PROFILE
    reverse-route
    crypto map stat-cmap 100 ipsec-isakmp dynamic dyn-cmap
    int Gi0/1
    descrition -- to WAN --
    crypto map stat-cmap
    В результате на cisco вылезает следующая ошибка (выделено жирным):
    RADIUS/ENCODE(000089E0):Orig. component type = VPN_IPSEC
    RADIUS:  AAA Unsupported Attr: interface         [157] 14
    RADIUS:   31 39 34 2E 38 38 2E 31 33 39 2E 31              [194.88.139.1]
    RADIUS(000089E0): Config NAS IP: 192.168.11.1
    RADIUS/ENCODE(000089E0): acct_session_id: 35296
    RADIUS(000089E0): sending
    RADIUS(000089E0): Send Access-Request to 192.168.11.9:1645 id 1645/61, len 103
    RADIUS:  authenticator 4A B1 DB 2D B7 58 B2 BF - 7F 12 6F 96 01 99 32 91
    RADIUS:  User-Name           [1]   9   "EasyVPN"
    RADIUS:  User-Password       [2]   18  *
    RADIUS:  Calling-Station-Id  [31]  16  "aaa.bbb.ccc.137"
    RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
    RADIUS:  NAS-Port            [5]   6   1
    RADIUS:  NAS-Port-Id         [87]  16  "aaa.bbb.ccc.136"
    RADIUS:  Service-Type        [6]   6   Outbound                  [5]
    RADIUS:  NAS-IP-Address      [4]   6   192.168.11.1
    RADIUS: Received from id 1645/61 192.168.11.9:1645, Access-Reject, len 20
    RADIUS:  authenticator A8 08 69 44 44 8B 13 A5 - 06 C2 95 8D B4 C4 E9 01
    RADIUS(000089E0): Received from id 1645/61
    MS NAS выдает ошибку 6273:
    Сервер сетевых политик отказал пользователю в доступе.
    За дополнительными сведениями обратитесь к администратору сервера сетевых политик.
    Пользователь:
        ИД безопасности:            domain\VladimirK
        Имя учетной записи:            VladimirK
        Домен учетной записи:           domain
        Полное имя учетной записи:   domain.local/Users/VladimirK
    Компьютер клиента:
        ИД безопасности:            NULL SID
        Имя учетной записи:            -
        Полное имя учетной записи:    -
        Версия ОС:            -
        Идентификатор вызываемой станции:        -
        Идентификатор вызывающей станции:       aaa.bbb.ccc.137
    NAS:
        Адрес IPv4 NAS:        192.168.11.1
        Адрес IPv6 NAS:        -
        Идентификатор NAS:            -
        Тип порта NAS:            Виртуальная
        Порт NAS:            0
    RADIUS-клиент:
        Понятное имя клиента:        Cisco2821
        IP-адрес клиента:            192.168.11.1
    Сведения о проверке подлинности:
        Имя политики запроса на подключение:    Использовать проверку подлинности Windows для всех пользователей
        Имя сетевой политики:        Подключения к другим серверам доступа
        Поставщик проверки подлинности:        Windows
        Сервер проверки подлинности:        DC01.domain.local
        Тип проверки подлинности:        PAP
        Тип EAP:            -
        Идентификатор сеанса учетной записи:        -
        Результаты входа в систему:            Сведения об учетных данных были записаны в локальный файл журнала.
        Код причины:            66
        Причина:                Пользователь пытался применить способ проверки подлинности, не включенный в соответствующей сетевой политике.
    Игры с Cisco AV Pairs и прочими параметрами настройки Сетевой политики на RADIUS выдают аналогичный результат.
    Штудирование "Network Policy Server Technical Reference" и "Configuring IPSec Between a Cisco IOS Router and a Cisco VPN Client 4.x for Windows Using RADIUS for User Authentication" Document ID: 21060 ответа не дали.
    Если кто практиковал подобное, прошу дать направление для поиска решения.

    Going through your post, I could see that radius is sending access-reject because radius access-request is sending a vpn group name in the user name field. I was in a discussion of same problem few days before and that got resolved by making 2 changes.
    replace the authorization from radius to local
    and
    changing the encryption type in transform set
    However, in your configuration, your configuration already have those changes.
    Here you can check the same : https://supportforums.cisco.com/thread/2226065
    Could you please tell me what exactly radius server complaining? Can you please paste the error you're getting on the radius server.
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

  • How to setup a vpn server

    Can I setup my Time Capule 2TB as a VPN server so I can connect to my network from a remote (out-of-state) location or is there another way?

    There is no vpn server in the TC so no you cannot use it that way.
    If you want to use vpn .. buy a vpn endpoint modem or modem router or router depending on your broadband. Bridge the TC so it is simply a part of the network and all routing functions are handled by the vpn router.
    If the TC is directly facing the internet.. ie you get the public IP on the wan interface.. you can connect by checking the remote access and using a decent password. Security is no where near as good as vpn but for occasional connection is probably OK. You can only use AFP protocol. So this must be done from a Mac computer. Just do a google search.. lots of sites.. lots of threads.
    If the TC is not getting public IP then you can port forward AFP to the TC.. that is the only protocol still.. SMB is blocked by all ISP as too dangerous as half the computers in the world would be exposed.
    There is a final issue.. you need either a static public ip or dynamic dns service. The TC does not have a dyndns client.. mobileme used to provide that service but is being discontinued. Cloud is now the way.. if you need a dyndns service read how to set this up..
    http://dyn.com/support/airport-time-capsule-with-dynamic-dns/
    You need a personal domain for this to work.. note also the experimental aspect to it.
    IMHO vpn with a vpn router is the way to go. All vpn routers have some dyndns client services.

  • Forwarding L2TP to an internal Windows 2008 R2 VPN server behind RV042

    Hi all,
    we have a Cisco RV042 router and we wanted to use a Win 2k8 R2 VPN server that is located behind it to handle L2TP VPN connections.
    I have forwarded Ports 500 and 4500 UDP and Port 1701 TCP and UDP to the VPN server, but I cannot establish a connection from my Windows 7 machine. I'm getting error 809 after a timeout.
    It is working from the iPhone and the Mac without problems. 
    I have already set the parameter "AssumeUDPEncapsulationContextOnSendRule" to 2 in the registry of both the client and the server but with no effect.
    My guess is that I cannot forward "IP Protocol 50" from the RV042 and that the iPhone VPN does not care about that but the Windows VPN does and so it's not working. Or is it possible that the active PPTP server on the RV042 could interfere here? It should be using different ports though. 
    Any idea how I could make this setup work? 
    Thanks 
    Regards,
    Michael

    This router is now supported on the Cisco forums since the sale of Linksys to Belkin. I had issues with L2TP with a different router. I just switched to PPTP instead. I've found PPTP much more forgiving between devices.
    Please remember to Kudo those that help you.
    Linksys
    Communities Technical Support

  • VPN Server in Snow Leopard Server not accepting connections

    I've got some issues with a new Snow Leopard Server, running on a Mac mini Server, and VPN.
    I have a Linksys WRT310N performing router duties. I have enabled the VPN Passthrough in the router's configuration pages (IPSec, PPTP and L2TP all Enabled). In the Applications and Gaming section, I have enabled ports 1723 (TCP and UDP) and 1701 (TCP and UDP) to go through to the mini Server. In order to have the VPN Passthrough enabled, I have to have the SPI Firewall enabled on the router.
    I have both PPTP and L2TP enabled on the Server. When I first tested it, everything worked.
    Within 24 hours, it stopped working, and I can't work out why.
    On the Server, I can see in the logs the following messages: (server name and IPs changed to protect the guilty)
    ---BEGIN vpnd.log---
    2009-11-03 20:03:32 EST Incoming call... Address given to client = 192.168.0.213
    Tue Nov 3 20:03:32 2009 : Directory Services Authentication plugin initialized
    Tue Nov 3 20:03:32 2009 : Directory Services Authorization plugin initialized
    Tue Nov 3 20:03:32 2009 : PPTP incoming call in progress from '123.456.789.123'...
    Tue Nov 3 20:03:33 2009 : PPTP connection established.
    Tue Nov 3 20:03:33 2009 : using link 0
    Tue Nov 3 20:03:33 2009 : Using interface ppp0
    Tue Nov 3 20:03:33 2009 : Connect: ppp0 <--> socket[34:17]
    Tue Nov 3 20:03:33 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:33 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:33 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:33 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:36 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:36 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:36 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:36 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:39 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:39 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:39 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:39 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:42 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:42 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:42 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:42 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:45 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:45 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:45 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:45 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:48 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:48 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:48 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:48 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:51 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:51 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:51 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:51 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:54 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:54 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:54 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:54 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:57 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:57 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:57 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:57 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:04:00 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:04:00 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:04:00 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:04:00 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:04:03 2009 : LCP: timeout sending Config-Requests
    Tue Nov 3 20:04:03 2009 : Connection terminated.
    Tue Nov 3 20:04:03 2009 : PPTP disconnecting...
    Tue Nov 3 20:04:03 2009 : PPTP disconnected
    2009-11-03 20:04:03 EST --> Client with address = 192.168.0.213 has hungup
    ---END vpnd.log---
    On the client I'm seeing this in the logs
    --- BEGIN ---
    3/11/09 8:03:32 PM pppd[12074] pppd 2.4.2 (Apple version 314.0.2) started by root, uid 502
    3/11/09 8:03:32 PM pppd[12074] PPTP connecting to server 'server.example.com' (10.0.1.1)...
    3/11/09 8:03:33 PM pppd[12074] PPTP connection established.
    3/11/09 8:03:33 PM pppd[12074] Connect: ppp0 <--> socket[34:17]
    3/11/09 8:04:03 PM pppd[12074] LCP: timeout sending Config-Requests
    3/11/09 8:04:03 PM pppd[12074] Connection terminated.
    3/11/09 8:04:03 PM pppd[12074] PPTP disconnecting...
    3/11/09 8:04:03 PM pppd[12074] PPTP disconnected
    3/11/09 8:04:03 PM pppd[12074] PPTP disconnected
    3/11/09 8:04:03 PM pppd[12074] PPTP disconnected
    --- END ---
    Any ideas?

    Well, this didn't last long. The VPN is already down. Cannot connect to it again.Very Frustrating.
    I know the actual server is receiving the requests (Server Log):
    Jan 7 10:26:33 SnowServer racoon[118]: Connecting.
    Jan 7 10:26:33 SnowServer racoon[118]: IKE Packet: receive success. (Responder, Main-Mode message 1).
    Jan 7 10:26:33 SnowServer racoon[118]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
    Jan 7 10:26:33 SnowServer racoon[118]: IKE Packet: receive success. (Responder, Main-Mode message 3).
    Jan 7 10:26:33 SnowServer racoon[118]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
    Jan 7 10:26:36 SnowServer racoon[118]: IKE Packet: transmit success. (Phase1 Retransmit).
    Jan 7 10:26:55: --- last message repeated 6 times ---
    Jan 7 10:26:55 SnowServer servermgrd[67]: servermgr_jabber[W]: detailed service status not available until network configuration completed
    Jan 7 10:26:57 SnowServer racoon[118]: IKE Packet: transmit success. (Phase1 Retransmit).
    Jan 7 10:27:03: --- last message repeated 1 time ---
    Jan 7 10:27:03 SnowServer racoon[118]: IKEv1 Phase1: maximum retransmits. (Phase1 Maximum Retransmits).
    Jan 7 10:27:03 SnowServer racoon[118]: Disconnecting. (Connection tried to negotiate for, 30.655020 seconds).
    Jan 7 10:27:03 SnowServer racoon[118]: IKE Phase1 Failure-Rate Statistic. (Failure-Rate = 100.000).
    Jan 7 10:27:57 SnowServer racoon[118]: Connecting.
    Jan 7 10:27:57 SnowServer racoon[118]: IKE Packet: receive success. (Responder, Main-Mode message 1).
    Jan 7 10:27:57 SnowServer racoon[118]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
    Jan 7 10:27:58 SnowServer racoon[118]: IKE Packet: receive success. (Responder, Main-Mode message 3).
    Jan 7 10:27:58 SnowServer racoon[118]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
    Jan 7 10:28:01 SnowServer racoon[118]: IKE Packet: transmit success. (Phase1 Retransmit).
    Jan 7 10:28:28: --- last message repeated 8 times ---
    Jan 7 10:28:28 SnowServer racoon[118]: IKEv1 Phase1: maximum retransmits. (Phase1 Maximum Retransmits).
    Jan 7 10:28:28 SnowServer racoon[118]: Disconnecting. (Connection tried to negotiate for, 30.993122 seconds).
    Jan 7 10:28:28 SnowServer racoon[118]: IKE Phase1 Failure-Rate Statistic. (Failure-Rate = 100.000).
    But the VPN Server never gets the connection request (VPN Log):
    2010-01-07 10:12:13 EST Loading plugin /System/Library/Extensions/L2TP.ppp
    2010-01-07 10:12:13 EST Listening for connections...
    2010-01-07 10:12:13 EST Listening for connections...
    I have a call with Apple Support this afternoon. Hopefully it will be fruitful. If I get anywhere, I will post it. If anyone has any bright ideas, they would be greatly appreciated.
    Message was edited by: AeroJet

  • VPN Problems - The L2TP-VPN server did not respond

    Okay, so I read quite a few threads about this and can't really figure it out. Would be great if I can get some handholding.
    I'm a complete newbie, trying to set up Server for home use. The VPN service seems to be running fine, but I just can't connect from the clients, it just keeps saying "The L2TP-VPN server did not respond". Here is a glimpse at my settings:
    - I have opened up all the relevant ports for UDP (500,1701,4500) and TCP (1723). But this is only required for the Server, right?
    - I don't have a domain name yet so just using my external IP. This is what I put in under VPN Host name in the Server and Client settings.
    - I login with username and password credentials for one of my network users as created in the Server. Format is [email protected] and the password is the same as the login password.
    ** I seem to get a 'authentication failed' error if I just use my local IP address... Not sure whats happening their, but before that I need to be able to connect to Server with the external IP!
    Am I missing something? Why won't my client connect and that too when I'm at home?

    To run a public VPN server behind an NAT gateway, you need to do the following:
    1. Give the gateway either a static external address or a dynamic DNS name. The latter must be a DNS record on a public DNS registrar, not on the server itself. Also in the latter case, you must run a background process to keep the DNS record up to date when your IP address changes.
    2. Give the VPN server a static address on the local network, and a hostname that is not in the top-level domain "local" (which is reserved for Bonjour.)
    3. Forward external UDP ports 500, 1701, and 4500 (for L2TP) and TCP port 1723 (for PPTP) to the corresponding ports on the VPN server.
    If your router is an Apple device, select the Network tab in AirPort Utility and click Network Options. In the sheet that opens, check the box marked
    Allow incoming IPSec authentication
    if it's not already checked, and save the change.
    With a third-party router, there may be a similar setting.
    4. Configure any firewall in use to pass this traffic.
    5. Each client must have an address on a netblock that doesn't overlap the one assigned by the VPN endpoint. For example, if the endpoint assigns addresses in the 10.0.0.0/24 range, and the client has an address on a local network in the 10.0.1.0/24 range, that's OK, but if the local network is 10.0.1.0/16, there will be a conflict. To lessen the chance of such conflicts, it's best to assign addresses in a random sub-block of 10.0.0.0./0 with a 24-bit netmask.
    6. "Back to My Mac" on the server is incompatible with the VPN service.
    If the server is directly connected to the Internet, see this blog post.

  • PIX 501 passthrough with to a Win VPN Server

                       Can this piece of %^$ pix 501 allow port 1723 to be open so users can connect to a Windows VPN server configured by PDM?
    pix  6.3(5)
    Outside staic IP - whatever 111.111.111.111
    Inside 192.168.1.1
    Win VPN server 192.168.1.10
    Thanks to anybody that can help.
    Note - I wnat to know if thi can be accomplished using PDM 3.0.4
    This pix has to have a use other than a glorified 4 port switch

    Yes you can enable PIX501 with version 6.3.5 for PPTP pass through.
    Command line:
    static (inside,outside) tcp interface 1723 192.168.1.10 1723 netmask 255.255.255.255
    fixup protocol pptp 1723
    access-list permit tcp any host 111.111.111.111 eq 1723
    If you don't already have an access-list applied to outside interface, then you also need the following:
    access-group in interface outside
    Then "clear xlate" after the above configuration. I also assume that you would like to use the outside interface ip address of the PIX for the translation. Otherwise, if 111.111.111.111 is actually a spare public ip address, then the above static command should say:
    static (inside,outside) 111.111.111.111 192.168.1.10 netmask 255.255.255.255
    Yes, it can be accomplished using PDM. But i have to apologize that i don't have a handy access to a PDM hence, i can only advise you on the configuration using CLI.
    Hope that helps a little.

  • Block outgoing email because of VPN server

    We have Cisco VPN on ASA for over 4 years. Recently, barracudacentral.org blocks our outgoing email because of these reasons: •Your email server contains a virus and has been sending out spam. •Your email server may be misconfigured. •Your PC may be infected with a virus or botnet software program. •Someone in your organization may have a PC infected with a virus or botnet program. •You may be utilizing a dynamic IP address which was previously utilized by a known spammer. •Your marketing department may be sending out bulk emails that do not comply with the CAN-SPAM Act. •You may have an insecure wireless network which is allowing unknown users to use your network to send spam. •In some rare cases, your recipient's Barracuda Spam Firewall may be misconfigured. This is the undeliverable message: barracudacentral.org rejected your message to the following e-mail addresses and  gave this error: Service unavailable; Client host [VPN IP address-illinois.hfc.comcastbusiness.net] blocked using Barracuda Reputation; http://bbl.barracudacentral.com/q.cgi?ip=VPN IP Address The IP address they blocks is our VPN server. Why?                   

    gmail issue
    Your post is the 4th one already this morning.
    This is a gmail issue, contact them.

Maybe you are looking for