VPN Using IPSec

Similar Messages

• User having trouble connecting to VPN using mobile broadband card

  I've got a user with a laptop running Windows 7 who is trying to use an AT&T mobile broadband card to connect to a VPN using the Cisco IPSec VPN client. The card is the Sierra Wireless Momentum 4G. The VPN connection established fine, but no traffic gets passed after that. Other users can connect to the VPN fine (not using mobile broadband, though). Wired and wireless connections from this laptop are able to get to the VPN fine. It's just over the mobile broadband service that this happens. Are there any workarounds for this issue?

  Hi and Welcome to the Community!
  To use the proprietary BB services (including Push email capability, native browser, BBM, etc.), you must have an adequate data plan from your carrier. The carriers host BIS (BlackBerry Internet Service) for their BB users. Typically, BIS is not available via generic data plans. Many carriers call what is necessary The Blackberry Data Plan. Whatever they call it, it is the carrier who delivers BIS to their BB users -- contact them for assistance. Once you have a BIS-capable data plan on your BB (at whatever fees your carrier will charge, btw), your BB-proprietary services will function (e.g., you will have Personal/Internet Email added to the email setup wizard, your BBM will function, etc).
  http://www.blackberryfaq.com/index.php/What_do_I_need_a_Data_Plan_for%3F
  With hundreds of carriers in the world, each with dozens of different data plans, it's impossible to tell you specifically what any service plan might actually provide. Only the carriers can answer that question. The best thing to do is to decide what services you desire, and then talk to your carrier about obtaining (from them) a data plan that enables what you desire.
  Good luck!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• AnyConnect configuration using IPSec

  I have configured our ASA running 8.4(7) for the AnyConnect client (using IPSec). It prompted me to create an identity certificate when running the VPN wizard, which I did. We use AAA to authenticate so I didn't create a CA certificate. Is this required anyways for AnyConnect? When I try to connect from a pre-deployed AnyConnect client, I get an error: "Untrusted VPN Server Certificate". If I ignore and choose to connect anyway, the Login Fails. What am I missing?
  Thanks

  The identity certificate generated during setup is OK as long as you want to manually install it as follows below.
  to establish trust, install it on the client PC in the trusted root CA store. You need to browse to the ASA and use your browser tools to download the certificate to your computer. (i.e click on lock icon in your browser bar, select certificate information, copy to file). Then import it - in windows this is the default action for a .cer file. You should override the default store to make sure it is installed n the trusted root store.
  Avoiding that complexity is why Cisco recommends getting a certificate issued by a trusted 3rd party CA. Most organizations don't want to have to explain all the above to their users as it doesn't scale very well support-wise.

• CCP site-to-site VPN using access rules

  hello, I use CCP for creating site-to-site VPNs on a Cisco router. I need to use network objects on my ipsec rule for having multiple hosts but the network objects are only available on the access rules through access editor.
  On the encryption domain dialogue on site-to-site VPN wizzard the access rules I have created from Access Editor window are not listed. Should I associate the rules with the interface to be listed???
  I manage to create a VPN using an access rule by just inserting the access rule (that is not associated to any interface) number, - it wasn't listed on the access rules when I clicked select from the existing rules - the VPN worked but then another issue came up.
  The issue is that when I created a second VPN the way I described above the public IP of the router is unreachable. No ping/ssh etc. I recover it by shh on private and reload with the old config. While the public interface seems down the VPNs I have already configured are up and running.
  Though the router is going down when a new s-to-s VPN is created by using an access rule if I create a VPN with the way is shown on the image below everything works fine.
  http://www.cisco.com/image/gif/paws/112153/ccp-vpn-asa-router-config-24.gif
  but with that way I cannot have multiple hosts for my VPN.

  hello guys, can anyone help me on this?
  for using network objects on the encryption domains of a site-to-site VPN I have to create access rules from access editor on CCP and associate them with the interface that the vpn will take place. In the encryption domain dialogue of the VPN wizzard i will have to choose them from the existing rules on CCP. Is this right?
  I did it without Network Objects. By creating those access rules I was messing with the allowed traffic.
  So I assigned more than one ipsec rules for each tunnel.

• Cisco 2800 - Multiple VPNs Using Virtual-Template

  Hello List,
  I have a question related to the way of setting up multiple VPNs using
  virtual-template configuration (Cisco calls this Dynamic VPN): how can
  I make my configuration to be a "spoke" type VPN rather than "hub" type
  without using "crypto map" on the physical interface?
  Here is how it works now (the VPN hub config):
  !!! the VPN hub config
  crypto keyring PSKs
  pre-shared-key address <peer_ip> key 6 ************
  crypto isakmp profile ISAKMP_Profile
  keyring PSKs
  self-identity address
  match identity address <peer_ip> 255.255.255.255
  virtual-template 1
  crypto ipsec transform-set Transform_Set esp-3des esp-md5-hmac
  crypto ipsec profile IPSEC_Profile
  set transform-set Transform_Set
  set isakmp-profile ISAKMP_Profile
  interface Loopback1007
  description This is a public IP address from a range routed via my
  gatey IP address (see bellow)
  ip address <my_VPN-hub_ip> 255.255.255.255
  no ip redirects
  interface Multilink1
  description This is my gateway IP address facing the ISP
  ip address <my_public_IP> 255.255.255.252
  no ip redirects
  no ip unreachables
  ip nbar protocol-discovery
  ip nat outside
  ip virtual-reassembly
  rate-limit input access-group 102 8000 1500 2000 conform-action
  transmit exceed-action drop
  ip route-cache flow
  no cdp enable
  ppp multilink
  ppp multilink fragment delay 20
  ppp multilink interleave
  ppp multilink group 1
  ppp multilink multiclass
  service-policy output qos_pm-outbound
  interface Serial0/0/0
  description 1st Serial Interface to ISP
  bandwidth 2048
  no ip address
  encapsulation ppp
  ip route-cache flow
  no fair-queue
  ppp multilink
  ppp multilink group 1
  interface Serial0/0/1
  description 2nd Serial Interface to ISP
  bandwidth 2048
  no ip address
  encapsulation ppp
  ip route-cache flow
  no fair-queue
  ppp multilink
  ppp multilink group 1
  interface Virtual-Template1 type tunnel
  ip unnumbered Loopback1007
  ip access-group vpn_acl-tunnel-encr-in in
  ip access-group vpn_acl-tunnel-encr-out out
  ip mtu 1400
  ip route-cache flow
  tunnel source Loopback1007
  tunnel mode ipsec ipv4
  tunnel sequence-datagrams
  tunnel checksum
  tunnel path-mtu-discovery
  tunnel protection ipsec profile IPSEC_Profile
  service-policy output qos_pm-VPN
  ip access-list extended vpn_acl-tunnel-encr-in
  permit ip 172.20.40.0 0.0.0.255 192.168.2.0 0.0.0.255
  ip access-list extended vpn_acl-tunnel-encr-out
  permit ip 192.168.2.0 0.0.0.255 172.20.40.0 0.0.0.255
  !!! the Spoke VPN is configured by my peers (Cisco routers, PIXes,
  Cisco VPN concentrators)
  !!! all follow the standard crypto map config on the physical
  interface.
  !!! i.e. http://www.vpnc.org/InteropProfiles/cisco-ios.txt
  It is obvious that with my router configured as a VPN hub, if the
  tunnel dies, I need to wait for the peer to reset the tunnel, all this
  time my clients in my network are not able to access the remote sites.
  The reason to use the virtual-template interfaces as suppose to
  traditional "crypto map" way, is that my peers do not want to share the
  same VPN end-point between themselves (different companies all
  together) and they are very strict in regards to ACLs. As I don't have
  a VPN device for each one of them and their number increases (I have 5
  separate tunnels right now with a potential grow to 15 in the next 3
  months), I need to find a way to get rid of the hub config in my end (I
  did not have much choice there when I migrated to this platform from a
  linux box).
  Pros for the Virtual-Template:
  - separate QoS for each tunnel
  - ACLs configured directly on the tunnel interface (grater flexibility)
  - tunnel end-point IP address can be part of a range BGP advertised via
  multiple ISP links
  Cons:
  - hub config, the tunnel needs to be reseted by the peer
  Any help is very much appreciated. Thank you,
  Adrian

  Hope the following link will help you
  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008019d6f7.shtml

• Double VPN (Cisco IPSEC + PPTP) no longer works in Yosemite

  Hi there.
  I used to use two VPN connections pre-Yosemite, I could establish a Cisco IPSEC VPN using the native VPN in Mavericks, and then establish another VPN through that connection to connect to a PPTP VPN.
  It is not possible anymore, but if instead of using Apple's Cisco VPN implementation I use Cisco's AnyConnect, then sure enough I can use the native PPTP VPN to connect to my lab.
  MacBook Pro --> Corporate VPN (Cisco) --> Lab VPN (PPTPD)
  Whether I use Cisco AnyConnect or native VPN, I can always ping the PPTP server, but can't establish a VPN if using native VPN.
  Anybody noticed something change and maybe has a fix for that?

  The issue was with my tech department after all...

• Airport Extreme 802.11ac VPN Passthrough (IPSec, PPTP, and L2TP)

  Hi There,
  I just got an Airport Extreme 6th Gen and set it up in a breeze using Airport Utility on Mavericks. It was actually too simple to configure but I cannot connect to our company's VPN using Cisco IPSEC. I can't find any settings within Aiport Utility that says about VPN Passthrough. My router mode is in DHCP and NAT mode by the way.
  Have anyone experienced this issue and solved it? I know our VPN is working since I upgraded from a Cisco SMB router and if I plug it back in I can connect to it.
  Any help will be much appreciated.
  Thanks!

  What modem is the AE plugged into and is it a router as well??
  The AE cannot handle vpn passthrough easily if you have double NAT.. well it just won't work.
  If you are using a PC it also may not work because it will need upnp which airport does not provide. Manually forward the ports but it will only work if the AE is the one and only router in the network.
  You may still have issues.. as port 500 could well be used by the AE with btmm.. you will need to not use btmm to use ipsec .. but I haven't explored it fully.

• How do I set up my very first VPN using a BT Home ...

  Greetings!
  I would like to set up a VPN via my BT Home Hub.
  I've already set up a Windows 7 VPN server on my PC, and I can connect my Android devices successfully using my domestic wireless connection through the hub.
  Now I want to be able to connect to my VPN using any internet connection, anywhere.
  I'd like to find out what settings I need to set on my hub, and what settings I need to set on the Android device. I'm assuming – perhaps overoptimistically – that I won't need to do anything more with my Windows 7 VPN server.
  What I need to do on the hub is a complete mystery to me. Presumably I need to tell it to send VPN traffic straight to my PC, but I've no idea how to do this.
  As I've managed to connect my Android devices to the Windows VPN server this aspect of the process seems less mysterious to me. Presumably I need to tell them (the Android devices) the IP address of my hub (which, while it isn't technically static, is more than static enough for my needs). And presumably, if my hub has been persuaded to route VPN traffic to my PC, I can use the Windows account name and password to make the connection.
  If anyone can point me in the direction I need to go, or point me at where my questions have already been answered, I would be most grateful. I see a lot of VPN threads here, but they all seem to be about difficulties encountered on existing setups. I need to know how to create an existing setup first: then I'll know if I have issues that require further attention.
  Cheers!

  "You will need to set port forwarding on your home hub so that the incoming VPN connection is forwarded to the IP address of your PC. Your VPN range you have set on Windows 7, must not be on the same subnet as the home hub.
  If its using a standard VPN port, then there may already be a pre-defined application within the home hub that you can use, depending on which version of the home hub you are using. If not, then you will have to define one yourself.
  I think its port 1723 for Windows VPN."
  Thanks, Keith.
  Unfortunately my ignorance exceeds your expectations, so I have to ask more questions…
  How do I specify the incoming VPN connection in my home hub?
  What is the VPN range I must set on Windows 7, and how do I ensure it's not on the same subnet as my home hub? Is this something to do with the incoming IP addresses assignment settings for the TCP/IPv4 network component of the Windows 7 Incoming Connections' properties?
  How can I tell if "it" is using a standard VPN port? And does "it" refer to my home hub, my Windows Incoming Connection, or my Android device?
  When it comes to defining an application myself, how do I determine what port range needs to be translated, how do I determine what (port range?) it needs to be translated to, and how do I determine what the trigger port needs to be?
  Thanks.

• How to set up VPN using MAC OSX 10.4.11, Please help I need someone to help me set up VPN using regular DSL connection on my home so someone can help me troubleshoot my XSAN system remotely. THANKS

  Hello,
  I'm having trouble setting up a VPN using MAC OSX 10.4.11 Server. I have and XSAN system and one of my volumes has been down for quite a while now. There is a very kind MAC IT professional that is willing to help be troubleshoot my system but he needs to be able to access my system remotely. I am able to connect the MDC to DSL but I haven't been able to set up the VPN. Please help, this is an emergency. Thanks!
  Marco

  have you forwared the ports on your router? Why not let him in via teamviewer? its free and mac compatable

• Connecting over VPN using Toad

  Hello,
  We have started experience problems connecting to our 9i and 10g databases when using Toad over a VPN connection. Although a connection is actually made nothing is returned to the Toad client and it justs hangs. This problem only occurs over a VPN. When connected to the LAN there is no problem. Also it is possible to connect over the VPN using SQL Developer. This has only recently started happening. In the past we have been able to connect over the VPN without a problem. Sounds like a Toad problem? Yes! I was wondering if anyone else had experienced this and new of a resolution.
  Thanks James

  Hi ,
  The OP is able to connect through SQL Developer using VPN so no issues with VPN,The OP is facing problem when connecting using TOAD so:
  1)Try to disconnect the TOAD and than try if that doesn't work can you please type the error message you are getting while connecting to the TOAD using VPN.
  Best regards,
  Rafi.
  http://rafioracledba.blogspot.com/

• How to add new group entry in Cisco Vpn using powershell

  I am working on a powershell script to connect cisco vpn using powershell, I am able to connect to vpn but not sure how to add new group to vpn. I am using the following script$vpn_profile = 'Test'
  $username = 'TestUser'
  $userPassword = ConvertTo-SecureString -String "Password" -AsPlainText -Force
  $credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist
  $username,$userPassword
  $password = $credentials.GetNetworkCredential().Password
  Set-Location 'c:\Program Files (x86)\Cisco Systems\VPN Client'
  .\vpnclient.exe connect $vpn_profile user $username pwd $password
  Write-Host "You Are Connected"
  cd "C:\"

  Have you entered .\vpnclient.exe /? to see if it will return information about other switches you can use with this executable? Other than connect, I was able to track down a few without actually having the executable (http://www.scribd.com/doc/40108893/Cisco-VPN-Client-Command-Line).
  That said, I do not believe that there is a switch that will help you create a connection. These are either done manually through the GUI, or can be likely be added by supplying a properly formatted file in the proper place.
  If you're using the version of the Cisco VPN client I think you are, then your connection settings, or profiles, are stored in individual .pcf files somewhere on your computer (likely in the Cisco directory). These are simple, text-based files. Find one
  on your computer, save it with another name, and then modify it manually. If you really want to use PowerShell, then use this opportunity to learn how to create and edit basic text files using PowerShell. If you have a standard connection file, then you can
  put that file onto remote computers any number of ways. If a .pcf file exists in the proper place when the VPN client is opened, then it likely will not prompt for a new connection.
  Update: Added more info; clarified

• Is the jetpack 5510L compatible with VPN use

  My jetpack 5510L does not seem to be compatible with VPN use. I installed a personal protective VPN for use at hotspots when traveling. It worked flawlessly since installing this year. Now I am in a resort and using the Jetpack but I cannot keep a connection open with the VPN (surf easy). Is there some special setting I need to activate so that my jetpack cannot let me get internet traffic with a VPN interface? It has all the latest updates as of today. I use Macs and Apple devices. They all work fine with the same VPN program at a hotspot if I drive into town. They work fine at my house. It is only when I try to use the jetpack 5510L that it won't work. The VPN connects for a few seconds then gets disabled then re-establishes a connection then gets disabled and that cycle continues. In the few seconds that it is established, I can download a book or something but then it gets disabled and the file is corrupt. So is the jetpack compatible with VPN use?

  What type of VPN are you using?
  1. PPTP VPN (Dial-up VPN)
  2. Site-to-Site VPN
  3. VPN Passthough
  2 of them you will  need a static IP address at a cost of $500 from Verizon Wireless, the other you do not.

• Lion successfully installed. now unable to get on vpn using cisco, error 51 constantly appears. should have stayed on snow leopard!

  ion successfully installed. now unable to get on vpn using cisco, error 51 constantly appears. should have stayed on snow leopard!

  Try opening a terminal window (Applications >> Utilities). At the prompt, enter:
  >sudo SystemStarter restart CiscoVPN
  This will ask you for the admin password and it will restart the Cisco client service. That should fix it. This seems to be a known issue that will eventually be solved with some updates.
  DB

• At use ipsec useful speed in the channel decreases?

  At use ipsec useful speed in the channel decreases? ?
  Example:
  remoteuser-----internet---server_with_FTP
  remoteuser download (over internet) from the FTP with the sped: 15k/sec
  If use this:
  remoteuser(BM39vpnClient)--------INTERNET---BM39SP1--server_with_ftp
  How will be decreases channel speed ?
  What will be: 15 K/sec, 10 K/sec, 5 K/s ... ??
  Any info, please.
  Serg

  serg,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Connecting VPNs using a PIX Firewall

  Hi,
  We are trying to configure a PIX firewall to connect differents VPNs on a MPLS enviroment and we have a problem when we use more than one firewall.
  With one FW all works fine, but with two or more in some situation we can have recursive routing and It doens't work.
  Do you know any way to connect differents MPLS VPNs using differents Firewalls.
  Regards.
  Enrique.

  Would appreciate if you can elaborate more on the topology and the minute details on the problem that you experience with multiple firewalls.