Win 8.1 running HyperV as VPN server

Similar Messages

• VPN Problems - The L2TP-VPN server did not respond

  Okay, so I read quite a few threads about this and can't really figure it out. Would be great if I can get some handholding.
  I'm a complete newbie, trying to set up Server for home use. The VPN service seems to be running fine, but I just can't connect from the clients, it just keeps saying "The L2TP-VPN server did not respond". Here is a glimpse at my settings:
  - I have opened up all the relevant ports for UDP (500,1701,4500) and TCP (1723). But this is only required for the Server, right?
  - I don't have a domain name yet so just using my external IP. This is what I put in under VPN Host name in the Server and Client settings.
  - I login with username and password credentials for one of my network users as created in the Server. Format is [email protected] and the password is the same as the login password.
  ** I seem to get a 'authentication failed' error if I just use my local IP address... Not sure whats happening their, but before that I need to be able to connect to Server with the external IP!
  Am I missing something? Why won't my client connect and that too when I'm at home?

  To run a public VPN server behind an NAT gateway, you need to do the following:
  1. Give the gateway either a static external address or a dynamic DNS name. The latter must be a DNS record on a public DNS registrar, not on the server itself. Also in the latter case, you must run a background process to keep the DNS record up to date when your IP address changes.
  2. Give the VPN server a static address on the local network, and a hostname that is not in the top-level domain "local" (which is reserved for Bonjour.)
  3. Forward external UDP ports 500, 1701, and 4500 (for L2TP) and TCP port 1723 (for PPTP) to the corresponding ports on the VPN server.
  If your router is an Apple device, select the Network tab in AirPort Utility and click Network Options. In the sheet that opens, check the box marked
  Allow incoming IPSec authentication
  if it's not already checked, and save the change.
  With a third-party router, there may be a similar setting.
  4. Configure any firewall in use to pass this traffic.
  5. Each client must have an address on a netblock that doesn't overlap the one assigned by the VPN endpoint. For example, if the endpoint assigns addresses in the 10.0.0.0/24 range, and the client has an address on a local network in the 10.0.1.0/24 range, that's OK, but if the local network is 10.0.1.0/16, there will be a conflict. To lessen the chance of such conflicts, it's best to assign addresses in a random sub-block of 10.0.0.0./0 with a 24-bit netmask.
  6. "Back to My Mac" on the server is incompatible with the VPN service.
  If the server is directly connected to the Internet, see this blog post.

• How to set VPN server with static IP without DHCP on

  I set up a new Mac mini server with OS X 10.9.1 and Server App 3.0.1
  My ISP gave me a static bublic IP address.
  I have on:
  - web server
  - mail server
  - DNS server
  without using DHCP, but now i want to set up L2TP/IPSec VPN server and it requires that i give start IP address of the VPN server.
  Can i use VPN server w/out DHCP server on?
  If yes, how?
  If not, when i turn on the DHCP server, what i have to do with web, mail servers?

  To run a public VPN server, you need to do the following:
  1. Give the gateway either a static external address or a dynamic DNS name. The latter must be a DNS record on a public DNS registrar, not on the server itself. Also in the latter case, you must run a background process to keep the DNS record up to date when your IP address changes.
  2. Give the VPN server a static address on the local network, and a hostname that is not in the top-level domain "local" (which is reserved for Bonjour.)
  3. Forward external UDP ports 500, 1701, and 4500 (for L2TP) and TCP port 1723 (for PPTP) to the corresponding ports on the VPN server.
  If your router is an Apple device, select the Network tab in AirPort Utility and click Network Options. In the sheet that opens, check the box marked
  Allow incoming IPSec authentication
  if it's not already checked, and save the change.
  With a third-party router, there may be a similar setting.
  4. Configure any firewall in use to pass this traffic.

• PIX 501 passthrough with to a Win VPN Server

                     Can this piece of %^$ pix 501 allow port 1723 to be open so users can connect to a Windows VPN server configured by PDM?
  pix  6.3(5)
  Outside staic IP - whatever 111.111.111.111
  Inside 192.168.1.1
  Win VPN server 192.168.1.10
  Thanks to anybody that can help.
  Note - I wnat to know if thi can be accomplished using PDM 3.0.4
  This pix has to have a use other than a glorified 4 port switch

  Yes you can enable PIX501 with version 6.3.5 for PPTP pass through.
  Command line:
  static (inside,outside) tcp interface 1723 192.168.1.10 1723 netmask 255.255.255.255
  fixup protocol pptp 1723
  access-list permit tcp any host 111.111.111.111 eq 1723
  If you don't already have an access-list applied to outside interface, then you also need the following:
  access-group in interface outside
  Then "clear xlate" after the above configuration. I also assume that you would like to use the outside interface ip address of the PIX for the translation. Otherwise, if 111.111.111.111 is actually a spare public ip address, then the above static command should say:
  static (inside,outside) 111.111.111.111 192.168.1.10 netmask 255.255.255.255
  Yes, it can be accomplished using PDM. But i have to apologize that i don't have a handy access to a PDM hence, i can only advise you on the configuration using CLI.
  Hope that helps a little.

• Configure VPN Server Cisco 877W

  Hello!
  I need to implement VPN Server on a Cisco 877W.
  The idea is as follows:
  Access the network from anywhere using the Cisco VPN Client;
  The router need receive a minimum 5 simultaneous connections;
  Each User would have a login and password;
  Cisco 877W (System image file is "flash: C870-advipservicesk9-mz.150-1.M10.bin")
  Following script:
  version 15.0
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug uptime
  service timestamps log uptime
  service password-encryption
  service sequence-numbers
  hostname VPN
  boot-start-marker
  boot-end-marker
  logging buffered 10240
  enable secret PASS@PASS
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  clock timezone BR -3
  dot11 syslog
  dot11 ssid ACESSO01
  authentication open
  authentication key-management wpa
  guest-mode
  wpa-psk ascii PASS@PASS
  no ip source-route
  ip dhcp pool ODIM
     import all
     network 192.168.100.224 255.255.255.224
     default-router 192.168.100.254
     dns-server 10.151.176.80 201.10.120.3 10.151.176.79 201.10.1.2
     update arp
  ip cef
  no ip bootp server
  no ip domain lookup
  ip domain name local
  ip inspect name firewall tcp
  ip inspect name firewall udp
  ip inspect name firewall cuseeme
  ip inspect name firewall h323
  ip inspect name firewall rcmd
  ip inspect name firewall realaudio
  ip inspect name firewall streamworks
  ip inspect name firewall vdolive
  ip inspect name firewall sqlnet
  ip inspect name firewall tftp
  ip inspect name firewall ftp
  ip inspect name firewall icmp
  ip inspect name firewall sip
  ip inspect name firewall esmtp max-data 52428800
  ip inspect name firewall fragment maximum 256 timeout 1
  ip inspect name firewall netshow
  ip inspect name firewall rtsp
  ip inspect name firewall pptp
  ip inspect name firewall skinny
  no ipv6 cef
  multilink bundle-name authenticated
  archive
  path flash:config
  write-memory
  file verify auto
  username suporte privilege 15 secret 5 $1$WdPL$PHwugOutS3fztS8hBUl9g0
  ip tcp timestamp
  ip ssh version 2
  bridge irb
  interface ATM0
  description #### A D S L - INTERNET ####
  no ip address
  no ip proxy-arp
  load-interval 30
  no atm ilmi-keepalive
  interface ATM0.1 point-to-point
  description #### A D S L - INTERNET ####
  pvc 0/35
    pppoe-client dial-pool-number 1
  interface FastEthernet0
  description #### I N T R A N E T ####
  switchport trunk native vlan 100
  switchport mode trunk
  load-interval 30
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface Dot11Radio0
  no ip address
  no ip proxy-arp
  load-interval 30
  encryption mode ciphers aes-ccm tkip
  ssid ACESSO01
  speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
  station-role root
  no cdp enable
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 spanning-disabled
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  interface Vlan1
  description #### ETH`S ####
  no ip address
  no ip proxy-arp
  load-interval 30
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface Vlan100
  description #### I N T R A N E T ####
  ip address dhcp
  no ip proxy-arp
  ip nat outside
  ip virtual-reassembly
  interface Dialer0
  description #### I N T E R N E T ####
  ip address negotiated
  ip access-group Traffic-Permit-IN in
  no ip redirects
  no ip unreachables
  ip mtu 1492
  ip nat outside
  ip inspect firewall out
  ip virtual-reassembly
  rate-limit input access-group 100 16000 8000 8000 conform-action transmit exceed-action drop
  encapsulation ppp
  load-interval 30
  dialer pool 1
  dialer-group 1
  ppp authentication pap chap callin
  ppp chap hostname user@user
  ppp chap password pass@pass
  ppp pap sent-username user@user password pass@pass
  ppp ipcp dns request
  ppp ipcp wins request
  ppp ipcp route default
  no cdp enable
  interface BVI1
  description #### BRIDGE Vlan1/Dot11Radio0 ####
  ip address 192.168.100.254 255.255.255.224
  no ip proxy-arp
  ip nat inside
  ip virtual-reassembly
  ip tcp adjust-mss 1452
  ip policy route-map PBR
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat inside source route-map ADSL interface Dialer0 overload
  ip nat inside source route-map INTRANET interface Vlan100 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0 name ADSL
  ip route 0.0.0.0 0.0.0.0 10.48.50.1 name INTRANET
  ip access-list extended ADSL
  deny   ip any 10.0.0.0 0.255.255.255
  permit ip any any
  deny   ip any host 192.168.100.255
  deny   udp any any eq tftp log
  deny   ip any 0.0.0.0 0.255.255.255 log
  deny   ip any 127.0.0.0 0.255.255.255 log
  deny   ip any 169.254.0.0 0.0.255.255 log
  deny   ip any 172.16.0.0 0.15.255.255 log
  deny   ip any 192.0.2.0 0.0.0.255 log
  deny   ip any 192.168.0.0 0.0.255.255 log
  deny   ip any 198.18.0.0 0.1.255.255 log
  deny   udp any any eq 135 log
  deny   tcp any any eq 135 log
  deny   udp any any eq netbios-ns log
  deny   udp any any eq netbios-dgm log
  deny   tcp any any eq 445 log
  deny   ip any any log
  ip access-list extended INTRANET
  permit ip any 10.0.0.0 0.255.255.255
  deny   ip any any
  deny   ip any host 10.48.50.255
  deny   udp any any eq tftp log
  deny   ip any 0.0.0.0 0.255.255.255 log
  deny   ip any 10.0.0.0 0.255.255.255 log
  deny   ip any 127.0.0.0 0.255.255.255 log
  deny   ip any 169.254.0.0 0.0.255.255 log
  deny   ip any 172.16.0.0 0.15.255.255 log
  deny   ip any 192.0.2.0 0.0.0.255 log
  deny   ip any 192.168.0.0 0.0.255.255 log
  deny   ip any 198.18.0.0 0.1.255.255 log
  deny   udp any any eq 135 log
  deny   tcp any any eq 135 log
  deny   udp any any eq netbios-ns log
  deny   udp any any eq netbios-dgm log
  deny   tcp any any eq 445 log
  ip access-list extended Traffic-Permit-IN
  deny   ip 0.0.0.0 0.255.255.255 any
  deny   ip 10.0.0.0 0.255.255.255 any
  deny   ip 127.0.0.0 0.255.255.255 any
  deny   ip 169.254.0.0 0.0.255.255 any
  deny   ip 172.16.0.0 0.15.255.255 any
  deny   ip 192.0.2.0 0.0.0.255 any
  deny   ip 192.168.0.0 0.0.255.255 any
  deny   ip 198.18.0.0 0.1.255.255 any
  deny   ip 224.0.0.0 0.15.255.255 any
  deny   ip any host 255.255.255.255
  permit tcp any any eq 1723
  permit gre any any
  deny   icmp any any echo
  deny   ip any any log
  access-list 100 permit icmp any any echo-reply
  access-list 100 permit icmp any any echo
  access-list 110 permit ip 192.168.100.224 0.0.0.31 any
  dialer-list 1 protocol ip permit
  no cdp run
  route-map ADSL permit 10
  match ip address 110
  match interface Dialer0
  route-map INTRANET permit 10
  match ip address 110
  match interface Vlan100
  route-map PBR permit 10
  match ip address ADSL
  set interface Dialer0
  route-map PBR permit 20
  match ip address INTRANET
  set interface Vlan100
  control-plane
  bridge 1 route ip
  line con 0
  no modem enable
  line aux 0
  line vty 0 4
  transport input telnet ssh
  scheduler max-task-time 5000
  end

  Some Help?

• Installing a VPN Server in Mac OS X

  Has anyone tried to install a VPN server successfully in mac os x?
  I was able to get webmin installed successfully, and I know on my linux distros webmin automatically detects if a VPN server is installed (such as poptop) or at least if the option is there, but in mac os x (not the server version) there is nothing listed.
  Anyone know of any other VPN servers that could be installed in mac os x, or even anything for BSD that could be compiled from source?

  I run the server on PowerPC and use clients on both PowerPC and Intel. Admittedly, my wife has run off the the MBP so my use on the Intel is limited these days.
  If you want to route onto the network, you'll have to create routes after the TUN/TAP interface is up. The OS X FAQs on OpenVPN detail various ways to do this.
  # Sample OpenVPN 2.0 config file for #
  # multi-client server. #
  # This file is for the server side #
  # of a many-clients <-> one-server #
  # OpenVPN configuration. #
  # OpenVPN also supports #
  # single-machine <-> single-machine #
  # configurations (See the Examples page #
  # on the web site for more info). #
  # This config should work on Windows #
  # or Linux/BSD systems. Remember on #
  # Windows to quote pathnames and use #
  # double backslashes, e.g.: #
  # "C:\\Program Files\\OpenVPN\\config\\foo.key" #
  # Comments are preceded with '#' or ';' #
  # Which local IP address should OpenVPN
  # listen on? (optional)
  ;local 192.168.2.253
  # Which TCP/UDP port should OpenVPN listen on?
  # If you want to run multiple OpenVPN instances
  # on the same machine, use a different port
  # number for each one. You will need to
  # open up this port on your firewall.
  port 443
  # TCP or UDP server?
  ;proto tcp
  proto tcp
  # "dev tun" will create a routed IP tunnel,
  # "dev tap" will create an ethernet tunnel.
  # Use "dev tap0" if you are ethernet bridging
  # and have precreated a tap0 virtual interface
  # and bridged it with your ethernet interface.
  # If you want to control access policies
  # over the VPN, you must create firewall
  # rules for the the TUN/TAP interface.
  # On non-Windows systems, you can give
  # an explicit unit number, such as tun0.
  # On Windows, use "dev-node" for this.
  # On most systems, the VPN will not function
  # unless you partially or fully disable
  # the firewall for the TUN/TAP interface.
  ;dev tap
  dev tun
  # Windows needs the TAP-Win32 adapter name
  # from the Network Connections panel if you
  # have more than one. On XP SP2 or higher,
  # you may need to selectively disable the
  # Windows firewall for the TAP adapter.
  # Non-Windows systems usually don't need this.
  ;dev-node MyTap
  # SSL/TLS root certificate (ca), certificate
  # (cert), and private key (key). Each client
  # and the server must have their own cert and
  # key file. The server and all clients will
  # use the same ca file.
  # See the "easy-rsa" directory for a series
  # of scripts for generating RSA certificates
  # and private keys. Remember to use
  # a unique Common Name for the server
  # and each of the client certificates.
  # Any X509 key management system can be used.
  # OpenVPN can also use a PKCS #12 formatted key file
  # (see "pkcs12" directive in man page).
  ca /etc/openvpn/key/ca.crt
  cert /etc/openvpn/key/server.crt
  key /etc/openvpn/key/server.key
  # Diffie hellman parameters.
  # Generate your own with:
  # openssl dhparam -out dh1024.pem 1024
  # Substitute 2048 for 1024 if you are using
  # 2048 bit keys.
  dh /etc/openvpn/key/dh1024.pem
  # Configure server mode and supply a VPN subnet
  # for OpenVPN to draw client addresses from.
  # The server will take 10.8.0.1 for itself,
  # the rest will be made available to clients.
  # Each client will be able to reach the server
  # on 10.8.0.1. Comment this line out if you are
  # ethernet bridging. See the man page for more info.
  server 169.254.1.0 255.255.255.0
  # Maintain a record of client <-> virtual IP address
  # associations in this file. If OpenVPN goes down or
  # is restarted, reconnecting clients can be assigned
  # the same virtual IP address from the pool that was
  # previously assigned.
  ifconfig-pool-persist ipp.txt
  # Configure server mode for ethernet bridging.
  # You must first use your OS's bridging capability
  # to bridge the TAP interface with the ethernet
  # NIC interface. Then you must manually set the
  # IP/netmask on the bridge interface, here we
  # assume 10.8.0.4/255.255.255.0. Finally we
  # must set aside an IP range in this subnet
  # (start=10.8.0.50 end=10.8.0.100) to allocate
  # to connecting clients. Leave this line commented
  # out unless you are ethernet bridging.
  ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
  ;server-bridge 192.168.2.1 255.255.255.0 192.168.2.240 192.168.2.245
  # Push routes to the client to allow it
  # to reach other private subnets behind
  # the server. Remember that these
  # private subnets will also need
  # to know to route the OpenVPN client
  # address pool (10.8.0.0/255.255.255.0)
  # back to the OpenVPN server.
  push "route 10.0.0.0 255.255.255.0"
  ;push "route 192.168.20.0 255.255.255.0"
  # To assign specific IP addresses to specific
  # clients or if a connecting client has a private
  # subnet behind it that should also have VPN access,
  # use the subdirectory "ccd" for client-specific
  # configuration files (see man page for more info).
  # EXAMPLE: Suppose the client
  # having the certificate common name "Thelonious"
  # also has a small subnet behind his connecting
  # machine, such as 192.168.40.128/255.255.255.248.
  # First, uncomment out these lines:
  ;client-config-dir ccd
  ;route 192.168.40.128 255.255.255.248
  # Then create a file ccd/Thelonious with this line:
  # iroute 192.168.40.128 255.255.255.248
  # This will allow Thelonious' private subnet to
  # access the VPN. This example will only work
  # if you are routing, not bridging, i.e. you are
  # using "dev tun" and "server" directives.
  # EXAMPLE: Suppose you want to give
  # Thelonious a fixed VPN IP address of 10.9.0.1.
  # First uncomment out these lines:
  ;client-config-dir ccd
  ;route 10.9.0.0 255.255.255.252
  # Then add this line to ccd/Thelonious:
  # ifconfig-push 10.9.0.1 10.9.0.2
  # Suppose that you want to enable different
  # firewall access policies for different groups
  # of clients. There are two methods:
  # (1) Run multiple OpenVPN daemons, one for each
  # group, and firewall the TUN/TAP interface
  # for each group/daemon appropriately.
  # (2) (Advanced) Create a script to dynamically
  # modify the firewall in response to access
  # from different clients. See man
  # page for more info on learn-address script.
  ;learn-address ./script
  # If enabled, this directive will configure
  # all clients to redirect their default
  # network gateway through the VPN, causing
  # all IP traffic such as web browsing and
  # and DNS lookups to go through the VPN
  # (The OpenVPN server machine may need to NAT
  # the TUN/TAP interface to the internet in
  # order for this to work properly).
  # CAVEAT: May break client's network config if
  # client's local DHCP server packets get routed
  # through the tunnel. Solution: make sure
  # client's local DHCP server is reachable via
  # a more specific route than the default route
  # of 0.0.0.0/0.0.0.0.
  ;push "redirect-gateway"
  # Certain Windows-specific network settings
  # can be pushed to clients, such as DNS
  # or WINS server addresses. CAVEAT:
  # http://openvpn.net/faq.html#dhcpcaveats
  ;push "dhcp-option DNS 10.8.0.1"
  ;push "dhcp-option WINS 10.8.0.1"
  # Uncomment this directive to allow different
  # clients to be able to "see" each other.
  # By default, clients will only see the server.
  # To force clients to only see the server, you
  # will also need to appropriately firewall the
  # server's TUN/TAP interface.
  ;client-to-client
  # Uncomment this directive if multiple clients
  # might connect with the same certificate/key
  # files or common names. This is recommended
  # only for testing purposes. For production use,
  # each client should have its own certificate/key
  # pair.
  # IF YOU HAVE NOT GENERATED INDIVIDUAL
  # CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
  # EACH HAVING ITS OWN UNIQUE "COMMON NAME",
  # UNCOMMENT THIS LINE OUT.
  ;duplicate-cn
  # The keepalive directive causes ping-like
  # messages to be sent back and forth over
  # the link so that each side knows when
  # the other side has gone down.
  # Ping every 10 seconds, assume that remote
  # peer is down if no ping received during
  # a 120 second time period.
  keepalive 10 120
  # For extra security beyond that provided
  # by SSL/TLS, create an "HMAC firewall"
  # to help block DoS attacks and UDP port flooding.
  # Generate with:
  # openvpn --genkey --secret ta.key
  # The server and each client must have
  # a copy of this key.
  # The second parameter should be '0'
  # on the server and '1' on the clients.
  ;tls-auth ta.key 0 # This file is secret
  # Select a cryptographic cipher.
  # This config item must be copied to
  # the client config file as well.
  ;cipher BF-CBC # Blowfish (default)
  ;cipher AES-128-CBC # AES
  ;cipher DES-EDE3-CBC # Triple-DES
  # Enable compression on the VPN link.
  # If you enable it here, you must also
  # enable it in the client config file.
  comp-lzo
  # The maximum number of concurrently connected
  # clients we want to allow.
  ;max-clients 100
  # It's a good idea to reduce the OpenVPN
  # daemon's privileges after initialization.
  # You can uncomment this out on
  # non-Windows systems.
  ;user nobody
  ;group nobody
  # The persist options will try to avoid
  # accessing certain resources on restart
  # that may no longer be accessible because
  # of the privilege downgrade.
  persist-key
  persist-tun
  # Output a short status file showing
  # current connections, truncated
  # and rewritten every minute.
  status /var/log/openvpn-status.log
  # By default, log messages will go to the syslog (or
  # on Windows, if running as a service, they will go to
  # the "\Program Files\OpenVPN\log" directory).
  # Use log or log-append to override this default.
  # "log" will truncate the log file on OpenVPN startup,
  # while "log-append" will append to it. Use one
  # or the other (but not both).
  ;log openvpn.log
  ;log-append openvpn.log
  # Set the appropriate level of log
  # file verbosity.
  # 0 is silent, except for fatal errors
  # 4 is reasonable for general usage
  # 5 and 6 can help to debug connection problems
  # 9 is extremely verbose
  verb 3
  # Silence repeating messages. At most 20
  # sequential messages of the same message
  # category will be output to the log.
  ;mute 20

• Cannot connect to VPN Server

  Upgraded to Yosemite last night and now my iMac can't connect to my companies VPN server.
  My error is  “The PPTP-VPN server did not respond.”
  The error log at my company's VPN server is...
  Log Name: System
  Source: RasMan
  Date: 10/17/2014 3:46:05 AM
  Event ID: 20209
  Task Category: None
  Level: Warning
  Keywords: Classic
  User: N/A
  Computer: TEXAS.private.4d.com
  Description:
  A connection between the VPN server and the VPN client 69.132.54.71 has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47).
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="RasMan" />
    <EventID Qualifiers="0">20209</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-10-17T10:46:05.000000000Z" />
    <EventRecordID>46547</EventRecordID>
    <Channel>System</Channel>
    <Computer>TEXAS.private.4d.com</Computer>
    <Security />
    </System>
    <EventData>
    <Data>69.132.54.71</Data>
    </EventData>
  </Event>
  Hope there is a solution to this problem. My MacBook Pro on the same network running 10.9.5 connect just fine.

  I had the same problem. Tried different vpn protocols via the OS X native interface but to no avail.
  I solved the problem by installing Tunnelblick: https://code.google.com/p/tunnelblick/
  Best regards
  Jan

• Dyndns meets Lion VPN Server

  Hello all together,
  initial situation:
  MacMini with Lion Server (10.7.1)
  iPhone 4 (iOS 4.3.5)
  MacBook Pro with Lion (10.7.1)
  Router:
  Manual IP Configuration - Every local Machine has its own static address.
  Necessary UDP-Ports (500, 4500, [1701, 1723]) for VPN are open.
  Registered dyndns-Account
  I configured VPN with the Lion Server App and shared the Configuration Profile with my iPhone and my MacBook and it works - but only locally.
  On the MacMini Server i use DynDNS Updater App which works fine for remote connections via ScreenSharing and ssh - but not VPN.
  What i tried:
  1.) using my external IP (to make sure it is not a dyndns issue)
  2.) using DMZ - even switched off my firewall (to make sure it is not a firewall issue)
  3.) using other services via dyndns without any problems (as mentioned before)
  4.) double checked Port Forwarding Configuration in Router (with Ports mentioned before)
  5.) created two mobileconfig-Files, with local IP (works locally) and dyndns-Adress (works not at all) as VPN Host
  iPhone says that the L2TP-VPN-Server does not answer. Try again, change settings or ask administrator...
  Any clues how to get things done?

  I also am having the same problem. I have a Mac Mini server Running Lion OS, its my fathers. I am into PC's a bit more, but have an ipad and iphone. I cannot for the life of me get the servers L2TP VPN service working over my Ipad/Iphone 3g, havent tried another wifi connection yet... I opened all the above ports for the Mini server on my verizon fios router and i get a diff error message now on my ipad when trying to connect making me think ATT is definetly blocking LT2P. Interestingly on my Desktop PC I use PPTP in win7 and its working like a charm and my dad who is in Europe right now can watch Netflix from all his Devices as long as its 1 at a time. I have tried everything save an outside network, disabling my PC's PPTP just incase the router cant handle 2 services (both Mini and PC are on same network), I may decide to turn manually turn on PPTP for the mini through terminal "sigh". The entire reason my dad bought the dang Mac mini server was so we could watch Netflix and use other services like itunes while out of the USA, my PC uses way to much power to be left on all the time for VPN. If anyone can figure out how to get L2TP working on mac mini let me know. Also I am using No-IP Dynamic IP DUC which is a free Dynamic DNS server for my external IP, again works fine on my PC, appears to work fine on the mac, but cannot connect with the No-Ip(dynamic) Address over 3g or wifi, however i can connect to the Mac server mini on Wifi using its local address.
  WOW B4 writing all that above I disabled the No-Ip on my PC used to maintain my PPTP Dynamic IP address so I can connect to it from outside the house  and also disconnected my dads macbook from my win 7 PPTP setup and then tried to connect to the mac mini again on my ipad 3g and nothing got an error... As soon as i finished writing I tried it again and it now works!! I guess the routers ports maybe took a while save or No-IP needed some time to adjust or something.. Maybe its just very unstable... Not sure but anyone who needs a Free Dynamic DNS server try No-Ip. Connected for almost 9 min now on 3g seems stable once im on.

• VPN client connect to CISCO 887 VPN Server bat they stop at router!!

  Hi
  my scenario is as follows
  SERVER1 on lan (192.168.5.2/24)
  |
  |
  CISCO-887 (192.168.5.4) with VPN server
  |
  |
  INTERNET
  |
  |
  VPN Cisco client on xp machine
  My connection have public ip address assegned by ISP, after ppp login.
  I've just configured (with Cisco Configuration Professional) the ADSL connection and VPN Server (Easy VPN).
  All the PC on LAN surf internet and remote PC connect to VPN Cisco server via cisco VPN client.
  But all remote PC after connection to Cisco VPN server don't ping SERVER1 in lan and therefore don't see SERVER1 and every other resource in LAN.
  They can ping only router!!!
  They are configured with Cisco VPN client (V5.0.007) with "Enabled Trasparent Tunnelling" and "IPSec over UDP NAT/PAT".
  What is wrong in my attached configuration? (I've alspo tried to bind Virtual-Template1 both to unnambered Dialer0 and to Loopback0 but without luck)
  Peraps ACL problem?
  Building configuration...
  Current configuration : 5019 bytes
  ! Last configuration change at 05:20:37 UTC Tue Apr 24 2012 by adm
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname gate
  boot-start-marker
  boot-end-marker
  no logging buffered
  aaa new-model
  aaa authentication login default local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authentication login ciscocp_vpn_xauth_ml_2 local
  aaa authorization exec default local
  aaa authorization network ciscocp_vpn_group_ml_1 local
  aaa authorization network ciscocp_vpn_group_ml_2 local
  aaa session-id common
  memory-size iomem 10
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-453216506
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-453216506
  revocation-check none
  rsakeypair TP-self-signed-453216506
  crypto pki certificate chain TP-self-signed-453216506
  certificate self-signed 01
          quit
  ip name-server 212.216.112.222
  ip cef
  no ipv6 cef
  password encryption aes
  license udi pid CISCO887VA-K9 sn ********
  username adm privilege 15 secret 5 *****************
  username user1 secret 5 ******************
  controller VDSL 0
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group EXTERNALS
  key 6 *********\*******
  dns 192.168.5.2
  wins 192.168.5.2
  domain domain.local
  pool SDM_POOL_1
  save-password
  crypto isakmp profile ciscocp-ike-profile-1
     match identity group EXTERNALS
     client authentication list ciscocp_vpn_xauth_ml_2
     isakmp authorization list ciscocp_vpn_group_ml_2
     client configuration address respond
     virtual-template 1
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
  crypto ipsec profile CiscoCP_Profile1
  set transform-set ESP-3DES-SHA1
  set isakmp-profile ciscocp-ike-profile-1
  interface Loopback0
  ip address 10.10.10.10 255.255.255.0
  interface Ethernet0
  no ip address
  shutdown
  interface ATM0
  no ip address
  no atm ilmi-keepalive
  interface ATM0.1 point-to-point
  pvc 8/35
    encapsulation aal5snap
    protocol ppp dialer
    dialer pool-member 1
  interface FastEthernet0
  no ip address
  interface FastEthernet1
  no ip address
  interface FastEthernet2
  no ip address
  interface FastEthernet3
  no ip address
  interface Virtual-Template1 type tunnel
  ip unnumbered Dialer0
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile CiscoCP_Profile1
  interface Vlan1
  ip address 192.168.5.4 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat inside
  ip virtual-reassembly in
  interface Dialer0
  ip address negotiated
  ip nat outside
  ip virtual-reassembly in
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname ******@*******.****
  ppp chap password 0 alicenewag
  ppp pap sent-username ******@*******.**** password 0 *********
  ip local pool SDM_POOL_1 192.168.5.20 192.168.5.50
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 600 life 86400 requests 10000
  ip nat inside source list 1 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.5.0 0.0.0.255
  access-list 100 remark CCP_ACL Category=4
  access-list 100 permit ip 192.168.5.0 0.0.0.255 any
  dialer-list 1 protocol ip permit
  line con 0
  line aux 0
  line vty 0 4
  transport input all
  end

  Hello,
  Your pool of VPN addresses is overlapping with the interface vlan1.
  Since proxy-arp is disabled on that interface, it will never work
  2 solutions
  1- Pool uses a different network than 192.168.5
  2- Enable ip proxy-arp on interface vlan1
  Cheers,
  Olivier

• How to setup built-in VPN server on Mountain Lion

  Anyone have information on configuring the built-in VPN server in OS X Mountain Lion ?

  Update - it works ! At least I can connect to Mountain Lion (not server) from my iPhone using the VPN Server Configurator app.
  Here's what I did :
  1) download the app and install
  2) setup using the help files on the web page : http://www.greenworldsoft.com/product-vpn-server-help.html
  3) at the last stage you need to setup port forwardin on your router
  4) under Airport Utility 6.0 you cannot setup ports 500 or 4500 due to BTTM conflicts but setup the other 2 ports (1723 TCP and 1701 UDP), update airport extreme
  5) download Airport Utility 5.6 from here : download already extracted utility  it is in it's extracted form as is necessary under Mtn Lion (thanks to NetUse Monitor for the download - great app by the way)
  6) run 5.6 and setup port forwarding (Advanced-Port Mapping) for the other 2 ports (500 and 4500 UDP), update airport extreme
  7) that's it, I was able to connect to the VPN from my iPhone !

• Windows 8.1 VPN Server Setup - No Network softwaare to choose

  Hi Everyone
  Windows 8.1
  Setting up an incoming VPN Server.
  When I try to create a New Incoming Connection via  Control Panel > Network and Sharing Center > Change adapter settings > Alt - F > New Incoming Connection.
  The wizard appears so  I check the User Account > Next  > Check Through the Internet > Next  bringing up the Allow connections to this computer window where I should be able select Networking software to be enabled and then go on
  to click Allow Access button.   The networking software to highlight window is blank.  Using the Install... button below this window brings up the Select Network Feature Type window where I can highlight a feature (Client, Service or Protocol)
  and click Add button .  It returns to the Allow connections window which has not changed and nothing is added.  Still blank.
  How do I get the network software to be there to select?
  I have done this on other machines and had no problems at all.  It worked the way it should. 
  After I did an image and reset operating system, the VPN Server Setup worked as it should.  Restored image as it is way to much work to rebuild the machine. So any ideas?
  Any and all help will be appreciated.
  Thanks in advance. Lowell

  Hi,
  Did you mean you have solved this problem by resetting Windows?
  Regarding to current information, this issue can be caused by port settings or corrupted Windows components.
  Please check if the VPN port 1723 has been set as allowed in both your Firewall and router settings pages.
  Also, we may fix such issue by running following repair command:
  NOTE: Please run these commands as administrator.
  SFC /SCANNOW
  dism /online /cleanup-image /restorehealth
  For further help, you can upload %windir%\logs\CBS\cbs.log and %windir%\Logs\DISM\dism.log into Onedrive or similar file service and share the link here for our research.
  Kate Li
  TechNet Community Support

• RDP over Easy VPN Server fails, ping works

  Dear experts,
  What can I do to troubleshout this problem?
  This is our router configuration with the Easy VPN Server enabled:
  version 15.1
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  no service dhcp
  hostname ####
  boot-start-marker
  boot-end-marker
  security authentication failure rate 3 log
  security passwords min-length 6
  logging buffered 51200
  logging console critical
  enable secret ###########################
  aaa new-model
  aaa authentication login local_authen local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authorization exec local_author local
  aaa authorization network ciscocp_vpn_group_ml_1 local
  aaa session-id common
  no ipv6 cef
  no ip source-route
  ip cef
  ip dhcp excluded-address 192.168.1.1 192.168.1.29
  ip dhcp excluded-address 192.168.1.59
  ip dhcp excluded-address 192.168.1.99
  ip dhcp excluded-address 192.168.1.182
  ip dhcp excluded-address 192.168.1.192
  ip dhcp excluded-address 192.168.1.193
  ip dhcp excluded-address 192.168.1.198
  ip dhcp excluded-address 192.168.1.238
  ip dhcp excluded-address 192.168.1.240
  ip dhcp excluded-address 192.168.1.243
  ip dhcp excluded-address 192.168.1.245
  ip dhcp excluded-address 192.168.1.215
  ip dhcp excluded-address 192.168.1.122
  ip dhcp excluded-address 192.168.1.33
  ip dhcp excluded-address 192.168.1.10
  ip dhcp excluded-address 192.168.1.11
  ip dhcp excluded-address 192.168.1.201
  no ip bootp server
  ip dhcp-server ##########
  multilink bundle-name authenticated
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-############
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-############
  revocation-check none
  crypto pki certificate chain TP-self-signed-############
  certificate self-signed 01
          quit
  license udi pid CISCO1941/K9 sn ##########
  license boot module c1900 technology-package securityk9
  license boot module c1900 technology-package datak9
  username #### privilege 15 secret ####################.
  username #### secret ####################
  username #### secret ####################
  username #### secret ####################
  redundancy
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  crypto ctcp port 10000
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group ###########
  key ##########
  dns 192.168.1.4 192.168.1.6
  domain ####.local
  pool SDM_POOL_1
  acl 102
  include-local-lan
  crypto isakmp profile ciscocp-ike-profile-1
     match identity group ##############
     client authentication list ciscocp_vpn_xauth_ml_1
     isakmp authorization list ciscocp_vpn_group_ml_1
     client configuration address respond
     virtual-template 1
  crypto ipsec transform-set ########### esp-aes 256 esp-sha-hmac
  crypto ipsec profile CiscoCP_Profile1
  set transform-set ###########
  set isakmp-profile ciscocp-ike-profile-1
  interface Null0
  no ip unreachables
  interface GigabitEthernet0/0
  description $ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$$ETH-LAN$$FW_INSIDE$
  ip address 192.168.1.1 255.255.255.0
  ip access-group 101 in
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat inside
  ip virtual-reassembly in
  duplex auto
  speed auto
  no mop enabled
  interface GigabitEthernet0/1
  description $FW_OUTSIDE$
  ip address dhcp
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat outside
  ip nat enable
  ip virtual-reassembly in
  duplex auto
  speed auto
  no mop enabled
  interface Virtual-Template1 type tunnel
  ip unnumbered GigabitEthernet0/0
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile CiscoCP_Profile1
  ip local pool SDM_POOL_1 192.168.2.1 192.168.2.10
  ip forward-protocol nd
  ip http server
  ip http access-class 23
  ip http authentication local
  no ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip nat inside source list 23 interface GigabitEthernet0/1 overload
  ip route 0.0.0.0 0.0.0.0 ###########
  logging esm config
  logging trap debugging
  access-list 23 permit 192.168.1.0 0.0.0.255
  access-list 23 permit 192.168.2.0 0.0.0.255
  access-list 101 deny   ip any host 184.82.162.163
  access-list 101 deny   ip any host 184.22.103.202
  access-list 101 deny   ip any host 76.191.104.39
  access-list 101 permit ip any any
  access-list 102 permit tcp any any eq 3389
  access-list 102 permit ip any any
  access-list 102 permit icmp any any
  access-list 700 permit 000d.6066.0d02   0000.0000.0000
  no cdp run
  snmp-server group ICT v3 priv
  control-plane
  banner exec ^C
  Welcome ####^C
  banner login ^C
  Unauthorized access prohibited
  ##################################^C
  line con 0
  login authentication local_authen
  transport output telnet
  line aux 0
  login authentication local_authen
  transport output telnet
  line vty 0 4
  access-class 23 in
  password 7 ##################
  authorization exec local_author
  login authentication local_authen
  transport input telnet ssh
  line vty 5 15
  access-class 23 in
  authorization exec local_author
  login authentication local_authen
  transport input telnet ssh
  scheduler allocate 20000 1000
  end

  In the server debug, I see this:
  *Oct 13 09:25:46.662: ISAKMP:(2013): retransmitting phase 2 CONF_XAUTH    -2020890165 ...
  *Oct 13 09:25:46.662: ISAKMP (2013): incrementing error counter on node, attempt 1 of 5: retransmit phase 2
  *Oct 13 09:25:46.662: ISAKMP (2013): incrementing error counter on sa, attempt 1 of 5: retransmit phase 2
  *Oct 13 09:25:46.662: ISAKMP:(2013): retransmitting phase 2 -2020890165 CONF_XAUTH
  *Oct 13 09:25:46.662: ISAKMP:(2013): sending packet to 109.59.232.39 my_port 500 peer_port 500 (R) CONF_XAUTH
  *Oct 13 09:25:46.662: ISAKMP:(2013):Sending an IKE IPv4 Packet.
  *Oct 13 09:25:49.850: ISAKMP (2013): received packet from 109.59.232.39 dport 500 sport 500 Global (R) CONF_XAUTH
  *Oct 13 09:25:49.850: ISAKMP:(2013):processing transaction payload from 109.59.232.39. message ID = -2020890165
  *Oct 13 09:25:49.850: ISAKMP: Config payload REPLY
  *Oct 13 09:25:49.850: ISAKMP/xauth: reply attribute XAUTH_USER_NAME_V2
  *Oct 13 09:25:49.850: ISAKMP/xauth: reply attribute XAUTH_USER_PASSWORD_V2
  *Oct 13 09:25:49.850: ISAKMP/xauth: Expected attribute XAUTH_TYPE_V2 not received
  *Oct 13 09:25:49.850: ISAKMP:(2013):peer does not do paranoid keepalives.
  Is it something with the above line ?
  /Jesper

• Cisco VPN server internal connection

  I have a cisco 1841 router which I use as VPN server. This is the configuration:
  Cisco#show running-config Building configuration...Current configuration : 6382 bytes!version 15.1service tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Cisco!boot-start-markerboot-end-marker!!enable secret 5 $1$Xg19$MKt1eIm4yrmDwcYn1z0x2/enable password qwerty!aaa new-model!!aaa authentication login default localaaa authentication login ciscocp_vpn_xauth_ml_1 localaaa authorization exec default local aaa authorization network ciscocp_vpn_group_ml_1 local !         !!         !!         aaa session-id common!         dot11 syslogip source-route!!         !!         !ip cef    no ipv6 cef!         multilink bundle-name authenticated!         crypto pki token default removal timeout 0!         crypto pki trustpoint TP-self-signed-947112914 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-947242914 revocation-check none rsakeypair TP-self-signed-947182914!         !crypto pki certificate chain TP-self-signed-947142914 certificate self-signed 01  3082023B 308201A4 A0030201 02020101 300D0609 2A874886 F70D1101 04050030   30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274   69666963 6174652D 39343731 34325931 34301E17 0D313131 31323532 30353931   325A170D 32303031 30313030 30303030 5A303031 2E302C06 03559403 1325444F   532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3934 37313432   39313430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100   B4C6CC16 5EA2210F D4A0234B 90D9E29C E1132F0D 491CC9BC F513EF57 A5986C31   C03BC061 B3B4E103 0005F992 A7CA2605 8C46FCB2 C22AAC4B 739D1DC2 49EA3883   253D553C A1E7BD3A 26D49347 86414B11 5C03F4E6 A4BD5306 CD857F99 0A567B85   FD639414 C2E25161 74A52A7B 32753F25 AE8FDC73 EC859EEC D8A1C9C4 D8A50EED   02030100 01A36530 63300F06 03551D13 0101FF04 05300301 01FF3010 0603551D   11040930 07820543 6973636F 301F0603 551D2304 18301680 14414AD6 2A674283   54CC008C A6B81E1D 7A3B09A4 8C301D06 03551D0E 04160414 414AD62A 67428354   CC008CA6 B81E1D7A 3B09A48C 300D0609 2A864886 F70D0101 04050003 8181007B   00264BAE A55C3CB0 20F83B46 A047F400 3B5748CA D8C64A49 5484FE1E 7588949F   A8E5EBAE BE5FAD22 0C89FC92 671E0BB6 1155EB76 21E72F07 68F76AE3 2F0CB2C6   EC26A8C1 C3EA1300 CE284F9B 3E3F6BB9 7807CF63 8154BC4B AD33392E 68347E0B   F78AE625 818C3A4E 6E0302D8 26DF4890 08E42063 37BF9026 BF4E251D A86EEA        quit!!         license udi pid CISCO1841 sn FCZ150218ACusername root privilege 15 password 0 qwertyusername admin secret 5 $1$78MV2Yc72fwt5PoEm.eK33PlKw1username test privilege 15 password 0 test_123!redundancy!!         ! crypto ctcp keepalive 6crypto ctcp port 443 !         crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2crypto isakmp keepalive 10 10 periodiccrypto isakmp nat keepalive 20!         crypto isakmp client configuration group cisco key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_client include-local-lan max-users 1000 netmask 255.255.255.0!crypto isakmp client configuration group server_1 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_1 include-local-lan netmask 255.255.255.0!crypto isakmp client configuration group server_2 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_2 include-local-lan netmask 255.255.255.0!crypto isakmp client configuration group server_3 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_3 include-local-lan netmask 255.255.255.0!crypto isakmp client configuration group server_4 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_4 include-local-lan netmask 255.255.255.0!crypto isakmp client configuration group server_5 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_5 include-local-lan netmask 255.255.255.0!crypto isakmp client configuration group server_6 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_6 include-local-lan netmask 255.255.255.0!crypto isakmp client configuration group server_7 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_7 save-password include-local-lan netmask 255.255.255.0!         crypto isakmp client configuration group server_8 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_8 include-local-lan netmask 255.255.255.0!         crypto isakmp client configuration group server_9 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_9 include-local-lan netmask 255.255.255.0!         crypto isakmp client configuration group server_10 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_10 include-local-lan netmask 255.255.255.0!         crypto ipsec security-association lifetime seconds 86400crypto ipsec security-association idle-time 86400!crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac !crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA reverse-route!!         crypto map SDM_CMAP_1 local-address FastEthernet0/0crypto map SDM_CMAP_1 client authentication list ciscocp_vpn_xauth_ml_1crypto map SDM_CMAP_1 isakmp authorization list ciscocp_vpn_group_ml_1crypto map SDM_CMAP_1 client configuration address respondcrypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 !         !!         !!         interface Loopback0 ip address 172.16.0.1 255.255.255.255!interface FastEthernet0/0 ip address 192.168.1.130 255.255.255.0 ip flow ingress speed auto full-duplex no mop enabled crypto map SDM_CMAP_1!interface FastEthernet0/1 no ip address shutdown speed auto full-duplex no mop enabled!         ip local pool SDM_POOL_client 10.10.10.51 10.10.10.190ip local pool SDM_POOL_server_1 10.10.10.1ip local pool SDM_POOL_server_2 10.10.10.2ip local pool SDM_POOL_server_3 10.10.10.3ip local pool SDM_POOL_server_4 10.10.10.4ip local pool SDM_POOL_server_5 10.10.10.5ip local pool SDM_POOL_server_6 10.10.10.6ip local pool SDM_POOL_server_7 10.10.10.7ip local pool SDM_POOL_server_8 10.10.10.8ip local pool SDM_POOL_server_9 10.10.10.9ip local pool SDM_POOL_server_10 10.10.10.10ip forward-protocol ndip http serverip http authentication localip http secure-server!         !ip route 0.0.0.0 0.0.0.0 192.168.1.1!logging esm configaccess-list 100 remark CCP_ACL Category=4access-list 100 permit ip 10.10.0.0 0.0.255.255 any!!         !!         !!         !!         control-plane!         !!         line con 0line aux 0line vty 0 4 password qwerty transport input telnet ssh!         scheduler allocate 20000 1000end       Cisco#
  I have a VPN clients which can connect to the VPN server and communicate  each other. I want to connect dedicated server to port FE 0/1 and all  VPN clients to be able to see and communicate with the server. How I can  connect the two networks?

  Ideally, VPN connectivity is tested from devices behind the endpoint devices that do the encryption, yet many users test VPN connectivity with the ping command on the devices that do the encryption. While the ping generally works for this purpose, it is important to source your ping from the correct interface. If the ping is sourced incorrectly, it can appear that the VPN connection has failed when it really works. If ping works continuously then the problem can be that the xauth times out. Increase the timeout value for AAA server in order to resolve this issue.
  For further information about troubleshoot the VPN connectivity click this link.
  http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solunf

• Untrusted VPN Server Certificate

  We just upgraded our AnyConnect to Ver 3.1.01065 and we are using a self signed cert with it. We haven't had any issues with the before but now when ever a customer logs on to the VPN using AnyConnect we get " Security warning: Untrusted VPN Server Certificate!" and it says that AnyConnect cannot verify the VPN server.
  Then i can connect anyways or cancel.
  Because this is my server and i trust the cert i am fine just clicking Connect anyways. My customers freak out a bit when they see this, I know this has to be a simple fix but i can't figure out how to get my local boxes to trust the cert. Has anyone run in to this with Ver 3.1.01065 and how did you fix it?
  Thanks,
  Jeremy

  Cisco is really trying to make people stop using self-signed certificates with AC 3.1. You have to either use a trusted root CA (either private or public) or turn off the certificate checking altogether.

• Solaris 10 VPN server/gateway setup

  Hi all,
  I have a V20z running Solaris 10 at home, and I would like to set it up as a VPN server. The Solaris 10 is behind a router with a reserved private IP assigned by DHCP and port forwarding set up for only SSH at the moment. The router has a static external IP.
  I'm not exactly sure what the terms are for what I'm trying to do, but this is basically it:
  When I am out of town or overseas, I want to be able to connect from my laptop running OS X or Linux to my Solaris 10 server at home, and have the S10 server act as a proxy(?) (gateway?) for all the traffic from my laptop; for example, if I was in a place where nytimes.com was blocked and wanted to be able to browse from my laptop by having the Solaris 10 server proxy (transparently) my requests and forward the responses back to me. I hope I'm explaining this ok...
  I have searched a lot online for how to do this, and I have found a lot of info, but nothing that really ties it all together. I'm pretty comfortable working in the shell and doing config stuff, but it would be a huge help if anyone could explain all the pieces I need to snap together to get this working.
  These are my questions:
  1. What is what I have described called? Just "VPN" or "VPN router," or "VPN gateway"?
  2. What software do I need on my Solaris 10 server to do this?
  A lot of what I read pointed me to OpenVPN, but I am not clear if OpenVPN alone would enable me to use the public web via the VPN.
  If not, then what would I need to have on the server to enable incoming requests over the VPN connection to be rerouted to the public internet?
  3. I'm sure I can figure this out if I can just get the server VPN working, but if anyone happens to know, I'd appreciate it:
  Built into OS X Networking Prefs I have the ability to add a VPN interface of either of these 2 types:
       "PPTP"
       "L2TP over IPsec"
  From what I have read so far, it seems like IPsec is likely the only reasonable choice, but the option of "L2TP over IPsec" confuses me since I haven't read that they are required to be used together.
  Will this option work for connecting to my Solaris VPN server or will I need a 3rd-party app?
  Any guidance would be a tremendous help.
  Thanks guys!
  Jamie

  Mobile IP???
  Assuming that you had the right security in place you could have the "Home" box export it's display back to the "Roving" box and then just run a web browser over X. Something like SSH with X forwarding.
  alan