VPN, UC560 and a DSL domestic router.
Hi
I'd like to know whether it is possible configure a VPN in a UC560 connected to a DSL domestic router.
I'd to connect to the router through VPN.
It is that posible with the default UC560 licenses?
do I have to do something in the domestic DSL router?
Thank you
Regards
Hi Waldo,
By default the UC-500 supports IPSEC-VPN and SSL VPN connectivity without the need of a license upgrade, however in order for this to work right, you may need to consider doing the following:
* Put your current DSL modem in bridge mode and have the UC-500 authenticate the connection and do all the routing
* Make sure you have a static IP address, as the VPN will not work on a dynamic IP address ( Well it can but very very difficult).
* Make sure you set it up using CCA, that way you can ensure the firewall is configured right and you can properly throttle bandwidth if you need to
Other than that you should be good to go :-)
Cheers,
David Trad.
Sent from Cisco Technical Support Android App
Similar Messages
-
Macbook Pro & Talk Talk DSL-3680 router
Hi, I have unlimited broadband and a DSL-3680 router. As a rule everything works very well, I have an iPhone, iPad, apple tv, LG TV and a Macbook Pro, everything works well apart from the wifi connection to the macbook pro, it works for about 5 minutes and then drops for 5 minutes before coming back every 5 minutes, it's just the internet connection. I can still stream from my macbook to my apple tv in the time its dropped out, whilst its down all my other wifi devices work fine so I'm pretty sure its something to do with the macbook pro and this router. It works fine on other peoples wifi. Any suggestions would be very much appreciated.
Please test after taking each of the following steps that you haven't already tried. Stop when the problem is resolved. Back up all data before making any changes.
Step 1
Take the applicable steps in this support article. The Wireless Diagnostics program generates a large file of information about your system, which would be used by Apple Engineering in case of a support incident. Don't post the contents here.
Step 2
Disconnect all USB 3 devices. If you don't know which are USB 3, disconnect all USB devices except keyboard and mouse.
Step 3
If you're not using a wireless keyboard or trackpad, disable Bluetooth by selecting Turn Bluetooth Off from the menu with the Bluetooth icon. If you don't have that menu, open the Bluetooth preference pane in System Preferences and check the box marked Show Bluetooth in menu bar. Test. If you find that Wi-Fi works better with Bluetooth disabled, you should use the 5 GHz Wi-Fi band. Your router may not support it; in that case, you need a new router.
Step 4
Open the Network pane in System Preferences and make a note of your settings in the Wi-Fi service. It may be helpful to take screenshots of the various tabs in the preference pane. If the preference pane is locked, unlock it by clicking the padlock icon and entering your administrator password. Delete Wi-Fi from the service list on the left by selecting it and clicking the minus-sign button at the bottom. Then recreate the service by clicking the plus-sign button and following the prompts.
Step 5
Reset the System Management Controller.
Step 6
Make a "Genius" appointment at an Apple Store, or go to another authorized service center. -
Have lost ability to connect Cisco VPN - Westell 6100G modem and Netgear WNR1000 v2 router
I have lost the ability to connect my work laptop VPN through my verizon dsl connection. It works at the library, at hotels, and over my BB tether. Corporate IT thinks it is either the router or the modem. There are also some websites that will not load, such as tetongravity.com. The websites seem to be a problem over a wired connection as well as wireless, and I have only tried attaching the VPN while on a wirelesss connection.
Any advice on how to straighten this out? I have rebooted both a couple of times and updated the firmward on the router to no avail. Also, do you know what the default user name and password are on the modem?
Any help would be appreciated.
JohnPS - it worked last week, and stopped working over the weekend.
-
How to configure full tunnel with VPN client and router?
I know the concept of split tunnel....Is it possibe to configure vpn client and router full tunnel or instead of router ASA? I know filter options in concentrators is teher options in ISR routers or ASA?
I think it is possible. Following links may help you
http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a0080819289.shtml -
VPN between ASA5505 Easy VPN Server and 881G Router as Easy VPN Client
Hello,
I have problem in VPN between ASA5505 Easy VPN Server and 881G Router as Easy VPN Client. ASA 5505 have 7.2.3 software and 881G router have 15.1 software.
881G is configured as hardware client in network exstention mode, and it is placed behind NAT. ASA5505 is working as server. Same VPN Group works correctly from VPN software clients.
When I send traffic from 881G client side, in show cryto sessin detail I see encrypted packets. But with same command I dont see decrypted packet on ASA5505 side. On both devices Phase 1 and Phase 2 are UP.
VPN is working when I replace ASA5505 with ASA5510 correctly with have 8.4.6 software. But problem is that i need to do this VPN between ASA5505 and 881G.
Can you help me, how can I debug or troubleshoot this problem ?
I am unable to update software on ASA5505 side.Hello,
Hire is what my config look like:
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 120 set pfs
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 140 set pfs
crypto dynamic-map outside_dyn_map 140 set transform-set ESP-AES-128-SHA
crypto dynamic-map outside_dyn_map 160 set pfs
crypto dynamic-map outside_dyn_map 160 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 180 set pfs
crypto dynamic-map outside_dyn_map 180 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 200 set pfs
crypto dynamic-map outside_dyn_map 200 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 2
authentication pre-share
encryption 3des
hash sha
group 1
lifetime 86400
crypto isakmp policy 3
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
tunnel-group HW-CLIENT-GROUPR type ipsec-ra
tunnel-group HW-CLIENT-GROUP general-attributes
address-pool HW-CLIENT-GROUP-POOL
default-group-policy HW-CLIENT-GROUP
tunnel-group HW-CLIENT-GROUP ipsec-attributes
pre-shared-key *******
group-policy HW-CLIENT-GROUP internal
group-policy HW-CLIENT-GROUP attributes
password-storage enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value cisco_splitTunnelAcl
nem enable -
Problem with WRT54G and DSL NAT router
I have a WRT54G connected to a Westell DSL NAT router. I would like to be able to allow incoming connections to my FreeBSD server.
The Westell router allows me to set IP Passthrough (they call it "Single Static IP"). This gives the WRT54G the outside IP address given to the DSL router. I can then set up the WRT54G for DDNS and port forwarding to forward specific ports I want to my server.
This works, for about 2-3 days. Then, I start to randomly lose outside connectivity. Web pages start coming up with missing elements, or taking a long time to load. This will eventually lead to total loss of outgoing communication.
Normally, I would blame this on the Westell NAT router, but as I'm losing connectivity to the internet, I'm also losing connectivity to the WRT54G. It will try to load configuration pages but will be slow with missing elements, etc.
All communications between computers on my inside network continue to function properly, it's just connectivity to the WRT54G and the internet that seem to start to fail.
Does anyone have any idea what is going on? I just upgraded the firmware on the WRT54G from 1.01.1 to 1.02.0, but I don't imagine this will help.
Thanks,
David ChamberlainTry setting the MTU to manual and change the value to 1450
"Only those who risk going too far can possibly find out how far one can go..." -
I recently purchased an iPad after using a laptop and PC for years. I use a wireless router connected to a DSL line at home and have been using the iPad without difficulty for about a month and tonight it will not connect to the Internet. There is not a problem with the DSL or router. I am using the laptop now. Could someone please give this eectnically challenged individual assistance?
1. Turn router off for 30 seconds and on again
2. Settings>General>Reset>Reset Network Settings -
WiFi Problems w/ OS X 10.4.11 and Speedport W 502V DSL Modem/Router
We just moved to Germany again, so went to Deutsche Telekom (DT) for Internet/phone access. They sold us a Speedport W 502V DSL Modem/Router with manuals--all in German, as DT does (DT offers NO support in English; some would argue they offer no customer support at all).
Babelfish and I managed to configure a late-model eMac, G4 PowerBook and two iPhones with the DSL router, with pretty good success (sometimes we have intermittent Internet connectivity). Then our household goods were delivered and we unpacked and set up the G4 dual-GHz tower. So...the G4's Airport (not Airport Extreme) "sees" the WLAN and the https://speedport.ip site "sees" the IP address of the G4, but the G4 can't join the network, no matter what I try. It's to the point that I think it's something painfully obvious that I'm missing and I must be too far in the weeds...so now I need fresh eyes on the problem.
I have no computer connected to the Speedport, and wouldn't have thought that was the problem because the other non-physically-connected computers are using the WLAN network. Thanks for any help!hi kathryn
did it have to be the Telekom, by all means??
anyway, first of all a link to a video where a german comedian writes a letter to steve jobs demanding he chose any carrier but the DTAG for the iPhone distribution in germany - really funny!
http://bit.ly/4B4OdQ
OK, I´m currently downloading the speedport manual from their website and will look through it, in order to see if there´s something in there..
as a first guess I´d try looking at the wireless prefs of that speedport box. I guess it supports by default 802.11a/b/g, whereas the G4 only does 802.11b (the "normal" airport). Try selecting only the 802.11b portion from the speedport (that makes networking somewhat slower for airport express computers, but shoudn´t be a problem since it´s still at least as fast as basic DSL service (11MBit vs 2 or 6 MBit)
cheers
Matt
(german in spain) -
Site-Site VPN PIX501 and CISCO Router
Hello Experts,
I'm having a test lab at home, I configure a site-to-site vpn using Cisco PIX501 and CISCO2691 router, for the configurations i just some links on the internet because my background on VPN configuration is not too well, for the routers configuration i follow this link:
www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/867-cisco-router-site-to-site-ipsec-vpn.html
and for the pIX configuration I just use the VPN wizard of pix. Done all the confgurations but ping is unsuccessful. Hope you can help me with this, don't know what needs to be done here (Troubleshooting).
Attached here is my router's configuration, topology as well as the pix configuration. Hope you can help me w/ this. Thanks in advance.YES! IT FINALLY WORKS NOW! Here's the updated running-config
: Saved
PIX Version 7.2(2)
hostname PIX
domain-name aida.com
enable password 2KFQnbNIdI.2KYOU encrypted
names
name 172.21.1.0 network2 description n2
interface Ethernet0
speed 100
duplex full
nameif OUTSIDE
security-level 0
ip address 1.1.1.1 255.255.255.252
interface Ethernet1
nameif INSIDE
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name aida.com
access-list TO_ENCRYPT_TRAFFIC extended permit ip 192.168.1.0 255.255.255.0 network2 255.255.255.0
access-list nonat extended permit ip 192.168.1.0 255.255.255.0 network2 255.255.255.0
pager lines 24
mtu OUTSIDE 1500
mtu INSIDE 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (OUTSIDE) 1 interface
nat (INSIDE) 0 access-list nonat
nat (INSIDE) 1 192.168.1.0 255.255.255.0
route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username mark password MwHKvxGV7kdXuSQG encrypted
http server enable
http 192.168.1.3 255.255.255.255 INSIDE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set MYSET esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map MYMAP 10 match address TO_ENCRYPT_TRAFFIC
crypto map MYMAP 10 set peer 2.2.2.2
crypto map MYMAP 10 set transform-set MYSET
crypto map MYMAP interface OUTSIDE
crypto isakmp enable OUTSIDE
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
prompt hostname context
Cryptochecksum:8491323562e3f1a86ccd4334cd1d37f6
: end
ROUTER:
R9#sh run
Building configuration...
Current configuration : 3313 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R9
boot-start-marker
boot-end-marker
aaa new-model
aaa authentication login default local
aaa authorization config-commands
aaa authorization exec default local
aaa session-id common
resource policy
memory-size iomem 5
ip cef
no ip domain lookup
ip domain name aida.com
ip ssh version 2
crypto pki trustpoint TP-self-signed-998521732
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-998521732
revocation-check none
rsakeypair TP-self-signed-998521732
crypto pki certificate chain TP-self-signed-998521732
A75B9F04 E17B5692 35947CAC 0783AD36 A3894A64 FB6CE1AB 1E3069D3
A818A71C 00D968FE 3AA7463D BA3B4DE8 035033D5 0CA458F3 635005C3 FB543661
9EE305FF 63
quit
username mark privilege 15 secret 5 $1$BTWy$PNE9BFeWm1SiRa/PiO9Ak/
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 1.1.1.1 255.255.255.252
crypto ipsec transform-set MYSET esp-3des esp-sha-hmac
crypto map MYMAP 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set MYSET
match address TO_ENCRYPT_TRAFFIC
interface FastEthernet0/0
ip address 2.2.2.2 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map MYMAP
interface FastEthernet0/1
ip address 172.21.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip route 0.0.0.0 0.0.0.0 2.2.2.1
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list NAT_IP interface FastEthernet0/0 overload
ip access-list extended NAT_IP
deny ip 172.21.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 172.21.1.0 0.0.0.255 any
ip access-list extended TO_ENCRYPT_TRAFFIC
permit ip 172.21.1.0 0.0.0.255 192.168.1.0 0.0.0.255
control-plane
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
transport input ssh
end -
my router does vpn passthrough and is set up correctly. Does it also have to host the vpn?
Thanks
GregNot sure I understand your question or problem, but I'll give it a shot.
No, you do not have to host the VPN server on your router. That wouldn't do you any good for working around the limitations of the VZW network anyways since you are still on the same VZW network. When you setup a VPN you normally want it to be on someone else's network so you can enable things like port forwarding and remote access.
The VPN Passthrough feature only allows your VPN clients to access VPN servers, its not the same thing as hosting. If you want your router to auto connect to a VPN server (which is more common) that is something different. VPN clients connect to VPN servers. VPN clients are normally installed on your personal devices or your router. VPN servers are geographically located somewhere else and on someone else's network. -
I need help with the speed of AirPort Express and ATT DSL.
I just discovered this, and it seems to have solved issues with my Time Capsule.
Open AirPort Utility; select your AirPort Express and choose manual setup.
Click >Wireless
Change Radio Mode to 802.11a/n - 802.11b/g
Click >Wireless Network Options
Change Transmit Power to 50%
Check >Use interference robustness < This step is purely optional. It's worth a shot.
I've been noticing issues with performance of my Time Capsule for a while.
It really started with lack of good range, followed by lousy performance with my iPhone 4 and iPad 2. I was lucky to get 10% of what my speed really is (1.5 Mbps vs. 15.9 Mbps). My iMac was the only thing that seemed unaffected.
I attempted to setup a Sony Media Player (stay away from them- junk!) then a Roku XD in my bedroom only 20' down the hall from the Time Capsule (direct line of sight). Signal kept dropping and performance was lousy for both. I want another new Apple TV for the bedroom, but that TV doesn't have an HDMI port. I ended up running an ethernet cable down the hall... until this morning.
After some digging, I found a forum talking about WiFi performance for iPhones and stumbled upon something kinda basically unrelated, but gave me the idea to dig into AirPort Utility a bit deeper. Changing power to 50% didn't sound logical, but lowering output power was mentioned in the forum. AirPort Utility goes from 100% to 50% then lower. Nothing between 50% and 100%. I'll know more about range later today, but I have a feeling it may be mysteriously improved as well.
Hope it works out for you! -
Cisco ASA 8.3(1) with VPN Client and IP Communicator - one way communication
Hi Community.
I have a strange problem with my setup and I'm pretty sure it's either some type of routing (or NAT) or just a missing rule allowing the traffic. But I'm now at a point where I'd like to request your help.
I have some remote access users who have the Cisco IP Communicator (CIPC) installed on their notebooks. So:
VPN user with CIPC <> ASA Firewall <> Voice Router <> CCM <> IP Phone
The VPN works fine for any other traffic. Also the basic connection for the IP Communicator works fine. It get's connected to the CallManager, is shown as registered and you even can call an internal phone and also external phones. BUT: while you can hear the called party (so the internal phone) it doesn't work for the other way. There is no sound coming from the remote/caller.
I already figured out that it's also not possible to ping from the VPN phone to the internal IP Phone subnet. While the VPN user can ping any other device in the internal network, he can't do it to the Cisco IP Phones. But if the VPN phone calls a none-internal phone (mobiles...) - it works!
My thought is that the call can't be build up correctly between the VPN phone and the internal phone.
I found similiar situations with google but they are all for the other way around: call to internal works, but not to VPN.
What do you think?Hi,
Typically ASA lists specific networks to the VPN Client when Split Tunnel is used.
This would mean that there is a Split Tunnel ACL used in the ASA configurations for this VPN connection which needs to have the missing network added for the traffic to be tunneled to the VPN connection.
- Jouni -
Mavericks VPN dropouts with native VPN client and Cisco IPSec
Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions?Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions? -
Cisco ASA 5505, Cisco VPN Client and Novell Netware
Hi,
Our ISP have installed Cisco ASA 5505 firewall. We are trying to connect to our Novell 5.1 server using VPN client.
I installed VPN client on a laptop that is using wireless connection. I connect using wireless signal from near by hotel and I am able to connect to my firewall usinging vpn client and also able to login in using Novell client for XP.
When I use same vpn client and Novell client at home that is not using wireless connection, but DSL connection amd not able to login or find the tree.
The only difference in two machine is laptop using wireless connection and my home machine is using wired connection using DSL.If your remote end of the services in question support IPsec IKEv1 as the VPN type then, yes - the 5505 can be a client for that service. At that point it looks like a regular LAN-LAN VPN which is documented in many Cisco and 3rd party how-to documents.
-
Problem with VPN Client and PIX 7.0(5)
Hi, i have a problem configuring my pix 525 7.0(5) as a remote vpn server. I already configure the pix
sollowing this instructions (http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml)
and i can establish a vpn using CISCO VPN Client; but i can't reach any resource from my inside network or any network define in the PIX.
I think that could be a missing nat or an acl; but i have do a lot of research but i can figure out the solution.
This is the configuration i apply
access-list cryptomap-scada extended permit ip any 172.10.0.0 255.255.255.0
access-list acl-vpn-sap-remoto extended permit ip any 172.16.42.64 255.255.255.224
access-list acl-vpn-sap-remoto extended permit icmp any 172.16.42.64 255.255.255.224
access-list acl-vpn-sap-remoto extended permit ip any any
access-list acl-vpn-sap-remoto extended permit icmp any any
ip local pool pool_vpn_sap 172.*.*.1-172.10.0.254 mask 255.255.255.0
nat (inside) 0 access-list cryptomap-scada
group-policy VPN_SAP_PED internal
group-policy VPN_SAP_PED attributes
vpn-filter value acl-vpn-sap-remoto
vpn-tunnel-protocol IPSec
username vpnuser password **** encrypted
username vpnuser attributes
vpn-group-policy VPN_SAP_PED
crypto ipsec transform-set vpn-cliente-remoto esp-3des esp-md5-hmac
crypto dynamic-map vpn-remoto-dymap 7 set transform-set vpn-cliente-remoto
crypto dynamic-map vpn-remoto-dymap 7 set reverse-route
crypto map siemens-scada-map 7 ipsec-isakmp dynamic vpn-remoto-dymap
isakmp policy 7 authentication pre-share
isakmp policy 7 encryption 3des
isakmp policy 7 hash sha
isakmp policy 7 group 2
isakmp policy 7 lifetime 43200
tunnel-group VPN_SAP_PED type ipsec-ra
tunnel-group VPN_SAP_PED general-attributes
address-pool pool_vpn_sap
default-group-policy VPN_SAP_PED
tunnel-group VPN_SAP_PED ipsec-attributes
pre-shared-key clavevpnsap
Thanks in AdvancedHi, thanks for you response, if i remove the acl form de vpn filter, i get the same problem (i can't reach any host). This is the output from the command that you ask for.
PIX-Principal(config)# show running-config nat
nat (inside) 0 access-list cryptomap-scada
nat (inside) 9 JOsorioPC 255.255.255.255
nat (inside) 9 GColinaPC 255.255.255.255
nat (inside) 9 AlfonsoPC 255.255.255.255
nat (inside) 9 AngelPC 255.255.255.255
nat (inside) 9 JerryPC 255.255.255.255
nat (inside) 9 EstebanPC 255.255.255.255
nat (inside) 9 GiancarloPC 255.255.255.255
nat (inside) 9 WilliamsPC 255.255.255.255
nat (inside) 9 PerniaPC 255.255.255.255
nat (inside) 9 ElvisDomPC 255.255.255.255
nat (inside) 8 LBermudezPC 255.255.255.255
nat (inside) 9 HelpDeskPC 255.255.255.255
nat (inside) 9 OscarOPC 255.255.255.255
nat (inside) 9 AnaPC 255.255.255.255
nat (inside) 9 RobertoPC 255.255.255.255
nat (inside) 9 MarthaPC 255.255.255.255
nat (inside) 9 NOCPc5-I 255.255.255.255
nat (inside) 9 NOCPc6-I 255.255.255.255
nat (inside) 9 CiraPC 255.255.255.255
nat (inside) 9 JaimePC 255.255.255.255
nat (inside) 9 EugemarPC 255.255.255.255
nat (inside) 9 JosePC 255.255.255.255
nat (inside) 9 RixioPC 255.255.255.255
nat (inside) 9 DaniellePC 255.255.255.255
nat (inside) 9 NorimarPC 255.255.255.255
nat (inside) 9 NNavaPC 255.255.255.255
nat (inside) 8 ManriquePC 255.255.255.255
nat (inside) 8 MarcialPC 255.255.255.255
nat (inside) 8 JAlbornozPC 255.255.255.255
nat (inside) 9 GUrdanetaPC 255.255.255.255
nat (inside) 9 RVegaPC 255.255.255.255
nat (inside) 9 LLabarcaPC 255.255.255.255
nat (inside) 9 Torondoy-I 255.255.255.255
nat (inside) 9 Escuque-I 255.255.255.255
nat (inside) 9 Turbio-I 255.255.255.255
nat (inside) 9 JoseMora 255.255.255.255
nat (inside) 8 San-Juan-I 255.255.255.255
nat (inside) 8 Router7507 255.255.255.255
nat (inside) 8 NOCPc4-I 255.255.255.255
nat (InterfaceSAN) 8 MonitorHITACHI-I 255.255.255.255
Maybe you are looking for
-
How do I accept comments/notes?
I have a document with comments/notes and need to know how I accept the comments/notes and remove the marks in the text.
-
Exception handling in an RFC server
Hi, I've an RFC server coded in vb.net. Am trying to capture the exceptions raised by the server in an ABAP program. But it is giving a short dump. Can any one tell me the reason for this? Regards, Aravinda Sarma M. The following is the code:
-
How can i export excel 2003(Version 11) from Crystal Report 8.5
how can i export report to excel 2003(Version 11) from Crystal Report 8.5
-
ClassCastException when I access an EJB from a remote EJB in WL 8.1
I am using WebLogic 8.1 and am trying to lookup the home interface for an EJB (_ejbRemote_) from another EJB (_ejbCurrent_). They are deployed in seperate EARs. When I bundle the home and remote interfaces for ejbRemote in the EAR file that ejbCurren
-
Pricing : Discount on basic price and excise duty
Hi gurus, I want to give a discount based on sum of basic price and excise duty. But Excise duty is captured only in tax. In this case how to give the discount based on the sum of basic price and excise duty since excise duty is not in the pricing p