Windows 8.1 connected by VPN, contents of mapped drives "disappears" intermittently.

I have a client with a Windows 8.1 Pro laptop who works in a satellite office and connects to the main office via VPN. The main office is running SBS 2011.  The user has his G drive mapped to a share on the server and will be working on 2 or 3 files,
he'll then go to open the G drive to find another file and he'll see that only the files/folders he's actually been working on are showing up, the rest of the contents of the drive seems to "disappear".  I believe this is caused by the VPN dropping
connection (not proven yet).  The problem is that even if you reconnect to the VPN, those files don't re-appear... or they might be back when he comes back into the office after doing some calls.  We can make the files instantaneously re-appear if
he grabs his notebook, walks across the street from the satellite office to the main office and plugs into the hardwired network... but this is less than practical, and impossible if he's actually on the road somewhere.
He does not have "offline files" active for the G drive, nor do we really want to do that... but I'm thinking that Windows is going into some sort of half-baked automatic offline files mode when the VPN goes away.   I've played with
registry and group policy settings in reference to offline files in the hope that would rectify the issue but to no avail.
We don't particularly care that the files are unavailable when the VPN isn't connected, the client understands they aren't local files.  What is really the big issue is that activating the VPN doesn't make the files reappear and that there doesn't seem
to be any consistent way of "forcing" the issue except to physically hardware to the lan segment the server is on.
This was working just fine on the client's old system under Windows 7 Pro, but just since moving to a new laptop with Windows 8.1 it has become flakey.
Any suggestions hints or tips are appreciated.
Cheers,
Mike
P.S. When I say the files "disappear", they are just invisible to this user... they are still physically on the server and accessible by all other users on the LAN. 

I will have to double check again to make sure I'm telling the truth (I've gone through so many iterations in the past weeks I can't remember which way is up :-)  but I believe that the drive was showing in offline files, but that attempting sync (even
repeatedly) did not bring the drive contents back.  Which also begs the question, if the user has not made the drive "available offline" why would it be acting like it is?  I've considered actually making it available offline, but I don't want
all of that data on his laptop and I'm also concerned that we'd then have more problems as he continues to work for hours and days on his offline copies.
I should also add that I was able to work with the client on Friday and we were able to determine that the VPN is NOT dropping as we're able to ping devices on the LAN side immediately once the files disappear.  
Cheers,
Mike

Similar Messages

  • Windows 8 Mapped Drives Disappear - Offline Cache

    Hi, 
    We have a Windows 8 machine that has a mapped network drive and we enabled this to be "always available".
    When the laptop is connected to the domain the mapped drive is there fine, and you can see that the offline file symbol is on the network folder! However when you reboot the machine and it is not connected to the network the folder disappears from My Computer!
    If I then open "run" and type the folder path of the server where this mapped drive is mapped to i am able to view the files fine so they are there and working offline but not via My Computer or the drive letter.
    I have tried the following:
    Disable and re-enable offline files
    Remove all offline files and then re-sync 
    Any suggestions very much appreciated!
    Thanks

    Check the Sync Center settings.
    Control Panel --> Sync Center
    Click Manage offline files and select the General tab.
    Verify that the status is showing enabled.

  • In Windows 8, after connecting to VPN - Wireless datacard connection disconnects. Once i disconnect VPN, 3G datacard internet connection comes back.. Any idea

    Not able to access my remote machine using VPN in Windows 8.
    VPN connected successfully resulting internet  disconnection .
    I am using Wireless 3G datacard device for internet.
    But the same VPN connection is working fine in WIFI & I able to access remote machine. Not sure why the problem when connecting from device.
    Plz help me out guys.
    Thanks in Advance

    What kind of VPN client are you using? You can try the following suggestion for a test.
    1) Get into VPN Properties
    2) Select "Security" tab
    3) Click "Allow these protocols" radio button and check the "Microsoft CHAP Version 2 (MS-CHAP v2)" box
    4) Select Networking Tab; select "Internet Protocol Version 4 (TCP/IPv4)" and click "Properties"
    5) Click "Advanced"
    6) Uncheck box for "Use default gateway on remote network"
    Niki Han
    TechNet Community Support

  • Running Windows 7 and connecting to VPN

    There is an issue at my university with signing on to its VPN netword using Lion.  I want to install Windows7 on my mac so I can run the VPN connection through windows (which should theoretically work).  My question is this: If I connected to the VPN through Windows on my MacBook and then switch to the MacOS, will I remain connected to the VPN or will I be dropped once I swtich from Windows to MacOS?

    It should drop because the settings are different. Settings don't transfer over.

  • Windows Server Backup cannot backup to network or mapped drive - Microsoft what were you thinking?

    I still cannot believe that you cannot do a scheduled backup to a network drive in windows server 2008.  You can only do it to a local internal/external drive.  Microsoft are you crazy?  That goes against all best practices for backing up your data when you should have a backup at least 60 miles away from the original server.  Gives us back the NT Backup tool or provide a solution for this. 

    Your feedback is valid. This issue has been fixed in WS2008 R2.
    Thanks,
    Prabu Ambravaneswarn [MSFT]
    Prabu A [MSFT] ---- This posting is provided "AS IS" with no warranties, and confers no rights
    That doesn't exactly help people who run windows server 2008 now does it?
    something so trivial that could be done in server 2003 with NTBackup and it wasnt included in server 2008? WHo overlooked that.
    Why can this not be fixed in server 2008 with a update or a service pack?
    Also, then why is it you can do a MANUAL backup to a network drive, but not a scheduled one?

  • Software install in Windows 7 doesn't see mapped drives

    I've looked through the related topics that came up when I started to write this, but I am not sure they answer my questions fully.
    I am trying to install software on a Windows 7 box as the Administrator. My mapped drives are fine, I can see them and they are not dropping off to the middle of nowhere. What is happening though is that when I attempt to install software, the only thing
    that is showing is my local drives, not my networked drives. My work around so far is do it via UNC.
    Is there an easy fix for this or do I have to continue with my workaround of doing installs via UNC?

    Hi,
    I would like to confirm that does this issue occur on all the software you tried to install?
    You may try to
    disable User Account Control (UAC) to test the issue.
    If it does not work, I also would like to suggest you enable NetBIOS to test the issue.
    1. Click "Start", input "NCPA.CPL" (without quotation marks) and press Enter.
    2. Right click on the connection that you use for the local connection, and then click "Properties".
    3. Click Continue button to verify the administrator permission.
    4. Click to select "Internet Protocol Version 4 (TCP/IPv4)", and then click "Properties".
    5. Click "Advanced" button in the open window. On the "WINS" tab, click to select "Enable NetBIOS over TCP/IP", and then click "OK" to save the setting.
    If the issue persists, I also would like to suggest you disable the antivirus program and test the issue in
    Clean Boot.
    What is the result?
    Regards,
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Mapped Drive B:\ to a network share but does not show up in Windows Explorer.

    I mapped drive B: to a network share but it does not show up in Windows explorer.  I can go to the drive by typing b:\ but is not visible in explorer.  But if I login as local admin it shows up in windows explorer.  Any suggestions?

    Hi Lloyd Reeves,
    Based on my research, I would like to suggest the following:
    Disconnect the mapped drive and map it again.
    Ensure the user is using an administrator account; or change another user account to have a try.
    Create  a shortcut for a share folder and see if it will disappear.
    In addition,  it would be helpful for future troubleshooting if you could help to collect the following information:
    Which method did you use to map drive?
    Was there any error message in the Event log? If so, please provide the      detailed information.
    For your information, please refer to this similar case:
    http://social.technet.microsoft.com/Forums/windows/en-US/6acab187-c46c-4ff9-8604-196c64ea8995/mapped-drives-not-visible-in-explorer-although-shown-in-map-network-drive?forum=w7itpronetworking
    Regards,
    Lany Zhang

  • RasClient:dialed a connection named "VPN Connection Name " which has failed. The error code returned on failure is 789 on windows 8.1

    Hello,
    i am trying to connect to my corporation VPN Server " ISA 2006" using windows 8.1 client built in VPN,  but its returned the following error:
     Event ID 20227: dialed a connection named "VPN connection Name" which has failed. The error code returned on failure is 789.
    VPN connection is working fine with windows XP and windows 7 with no issue , this error is only appear when try to connect to using windows 8 client machine.
    this error is shows only on windows 8.1 client , same procedures used to enroll the certificate from internal CA " IPsec Type" is followed .
    below are the  ISA server specifications:
    VPN Server : ISA 2006.
    windows Server version 2003. 
    appreciate your quick help and reply .
    Thanks

    Thanks for your reply.
    i would like to add another point for this case, that when we are trying to enroll a certificate from internal CA web enrollment directly using windows 8 " internet explorer 11"  , its install a certificate without Digital
    Signature and non-repudiation in key usage property, then when try to connect , its will give the above error 789 ..
    when try to enroll a certificate into windows 7 " internet explorer 10" and then export and import  this certificate into windows 8.1 machine "with the name of
    windows 8.1 machine" into windows 8.1 machine, the VPN is working normally and without issue.
    The properties of the Certificate are difference between windows 7 machine and windows 8 machine is key usage missing the Digital Signature and non-repudiation properties when enroll
    from windows  8.1 " internet explorer 11", this is in fact because of
    we don't have an option for key usage " both" when subment a certificate on web enrollment page from windows 8 machine ,, the only option available is exchange "
    no signature and both option available "
    i believe that there is something wrong when using windows 8.1 internet explorer 11 so its gave a certificate with wrong key usage property .
    appreciate your quick help in this .
    thanks

  • User cannot connect through VPN (Windows 2008 R2)

    Hello,
    TechNet has been a major help for some resent server and network problems our office has been having.
    There is one ongoing issue that no matter how much I try to fix, it wants to be stubborn and refuse to work properly.
    We have a user who has the necessary permissions to VPN using our router's IP address. Just recently, she found that she was unable to VPN. This was the beginning of our technical issues as after rebooting the router, our main server, and our QuickBooks
    server, we lost internet and access to the main server. Those issues have been resolved. However, the user is still unable to VPN.
    I have looked up every error code that has been presented when trying to connect to VPN (807 and 800 are the most frequent), and unfortunately, none of the solutions suggested worked. These errors occur when connecting through the WAN Miniport. I am trying
    to find out if I am overlooking something.
    What has been tried:
    Router rebooted
    Created new user in Active Directory
    Deleting VPN Users group and readding to user
    Changing tunneling protocol to L2TP instead of PPTP. Then, created a rule in Windows Advanced Firewall to allow UDP 1701.
    Creating new VPN connection.
    Confirmed with ISP that there are no issues with router
    I am not extremely familiar with Windows 2008 R2 and every fix I see online is extremely in depth with not much walkthrough information.
    I greatly appreciate any support anyone might be able to provide.
    Thank you!

    Hi ,
    According to your description, my understanding is that the client can’t access the VPN with error code 800 and 807.
    I have noticed that it failed to ping the VPN server form the client.  The VPN server should be connected from the client without VPN connection established. I suggest you to turn off firewall temporarily on both sides of client and VPN server, then
    try to ping the IP address of the VPN server’s interface which is connected to extranet network.
    If ping failed, there might be network connectivity problem. If ping successfully, check to see if the port is open for turning traffic. Detailed troubleshooting steps you may reference the link below:
    I received error 800, which says the VPN server is unreachable:
    http://technet.microsoft.com/en-us/library/cc772616(WS.10).aspx#BKMK_1
    Troubleshooting commom VPN related errors:
    http://blogs.technet.com/b/rrasblog/archive/2009/08/12/troubleshooting-common-vpn-related-errors.aspx
    If this problem still exits, does other user successfully access the VPN? Or just specified device can’t access? Would you simply describe the deployment of the VPN, such TCP/IP settings, VPN type.
    Best Regards,           
    Eve Wang

  • Problems connect to vpn since upgrading to Windows 8.1

    Since upgrading from Windows 8.0 to 8.1, although normal web access is OK, I can no longer connect to vpn services - receiving error 619. Using another laptop running Windows 7 SP1 on the same router I can connect without any problems. Please help. I have
    limited technical knowledge with networking.

    The instructions below are included on the site. These do not make sense in Windows 8.1. Right clicking on the 'vpn connection' does not give any additional pop up options (so no properties to change). I also cannot find any options to change the
    'Security' settings as described. These instructions are for Windows 8.0, is 8.1 really that much different?
    "........Click on the
    monitor icon on the bottom right-hand corner;
    Right–click on the “VPNForUK.COM” connection, and choose “Properties” from the menu.
    Select “Security” tab and for “Type of VPN” select “Point to Point Tunneling Protocol (PPTP)”;
    Click “OK”;
    Click again on the monitor icon on the bottom right-hand corner, and click “Connect” to “VPNForUK.COM”;
    In the
    next fields type “vpnforuk” as VPN username and VPN password found from website and click “OK”;........"

  • Cannot Connect to VPN

    I'm just about ready to ragequit for the day. I've been pouring through dozens of support pages, youtube videos, tutorials. The lack of true documentation on problems like this has me considering a start-up business that specifically deals with these frustrations. Clearly I could make millions!
    I will detail everything about this problem as best as I can, to avoid confusion later with questions:
    Here's what I have for hardware:
    1) A Public IP Address. We'll just call it X.X.X.X.
    2) A D-Link DI-604 router (yes they DO support VPN services, with a router address of 192.168.1.254.
         This router is running Firmware Version 3.53, the last firmware released for it on Wed, 18 Apr 2007 (YES I AM AWARE THE ROUTER IS OLD, DEFLECTING THIS ISSUE BY TELLING ME TO GET A NEWER ROUTER WITHOUT FIRST READING THROUGH EVERYTHING BELOW IS NOT A HELPFUL CONTRIBUTION TO THE PROBLEM, D-LINK HAS CONFIRMED THIS ROUTER SUPPORTS VPN PASSTHROUGHS).
    3) A Mac Mini Server running 10.6.8, router address of 192.168.1.10.
    Here are the ports that I've allowed through the router, pointed directly at 192.168.1.10 (aka my Server):
    UDP Port 500
    UDP Port 1701
    UDP Port 4500
    TCP & UDP Port 1723
    Here is how I have the VPN Service configured on my Server:
    L2TP is Enabled.
    Starting IP address range of 192.168.1.180
    Ending IP Address range of 192.168.1.189
    PPP Authentication: Directory Service with Authentication set to MS-CHAPv2
    IPSec Authentication is set to Shared Secret, let's just say the secret is "derp" without quotes.
    PPTP is Disabled.
    Client Information:
    DNS Servers point to my router: 192.168.1.254
    Search Domains is empty.
    Network Routing Definition is empty.
    Logging:
    Verbose logging is enabled.
    VPN Service is: Running.
    Server User Information
    Access to VPN Services:
    Allow only users and groups below:
    (I have users dedicated to this, but for the sake of this topic let's just say one of them is "misterderp" without quotes)
    The Hardware I'm Using to Connect to the VPN Server:
    I have a Macbook Pro running 10.6.8, another laptop running Windows XP Professional Service Pack 3, and another laptop running Windows 7 Home Premium 64-bit Service Pack 1. All 3 laptops acquire an IP Address via DHCP from the Router (192.168.1.254). Below is what happens when I try to set up a VPN connection on all 3 machines:
    Computer #1: MacBook Pro, running 10.6.8
    Settings: (this is in System Preferences > Network, by the way):
    New VPN Connection
    Server Address: X.X.X.X. (this is our Public IP Address)
    Account Name: misterderp (this is the account who has access granted to use VPN)
    Authentication Settings > User Authentication:
    Password: (password given to misterderp from server)
    Authentication Settings > Machine Authentication:
    Shared Secret: derp (as specified in the L2TP tab of the VPN Service on the Server)
    At this point I will try to connect. I receive the following error message:
    =========
    VPN Connection
    The L2TP-VPN server did not respond. Try reconnecting. If the problem persists, verify your settings and contact your Administrator.
    =========
    Computer #2: Laptop, running Windows XP Professional Service Pack 3
    Settings: (this is in Control Panel > Network Connections, by the way):
    Add a New Connection
    VPN Server Selection: X.X.X.X. (this is our Public IP Address)
    Smart Card
    Do not use my Smart Card
    New VPN Connection Properties
    General Tab:
    Host Name: X.X.X.X.
    Security Tab:
    Security Options:
         Advanced Custom Settings
              Data Encryption: Require encryption (disconnect if server declines)
              Allow These Protocols: Microsoft CHAP Version 2 (MS-CHAP v2)
         IPSec Settings
              Use Preshared key for authentication: derp (as specified in the L2TP tab of the VPN Service on the Server)
    At this point I will try to connect. I am using the Account Name misterderp, and the password given to this account from the server. I receive the following error message:
    =========
    Error 800: Unable to establish the VPN connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection.
    =========
    Computer #3: Laptop, running Windows 7 Home Premium x64 Service Pack 1
    Settings: (this is in Control Panel > Network and Internet > Network and Sharing Center, by the way):
    Set Up a Connection or Network:
         Connect to a workplace
         Use my Internet Connection
    Internet Address: X.X.X.X. (this is our Public IP Address)
    Type your username and password:
         User name: misterderp (specified on the Server to have VPN access)
         Password: password given to the misterderp account
    VPN Connection Properties:
    Security Tab:
    Type of VPN: Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)
         Advanced Settings: Use preshared key for authentication: derp (as specified in the L2TP tab of the VPN Service on the Server)
    Data Encryption: Require encryption (disconnect if server declines)
    Allow these protocols: Microsoft CHAP Version 2 (MS-CHAP v2)
    At this point I will try to connect. The window hangs at "Connecting to X.X.X.X. using "WAN Miniport (L2TP)"". After about 30 seconds, I receive the following error message:
    =========
    Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during intiial negotiations with the remote computer.
    =========
    So there you have it, 3 sources of unintelligible frustration.
    You're probably wondering, HEY, WHAT ABOUT THE LOG ON YOUR SERVER ADMIN PAGE?
    I've been looking at the log, and there's a whole lot of nothing. The only thing I have is this:
    #Start-Date: 2012-02-17 14:01:46 CST
    #Fields: date time s-comment
    2012-02-17 14:01:46 CSTLoading plugin /System/Library/Extensions/L2TP.ppp
    2012-02-17 14:01:46 CSTListening for connections. . .
    So the Server's not getting ANYTHING, let alone spit out errors.
    Now you might be wondering, ALRIGHT, WHAT ABOUT VPN-ING WITHIN YOUR OWN NETWORK, THAT PROBABLY WORKS RIGHT?
    Yes it does. Without any question, my MacBook Pro will connect to the VPN Service so long as I'm connecting DIRECTLY to the Server through its local IP address, and not trying to reach it through a public IP address that's forwarding the requests through the ports I've assigned.
    At this point I am at a complete loss. I believe I have done everything correctly, but it would appear that my router isn't playing nice with VPN requests. If there is/are any other ports I should be turning on to point to my server, I would like to know what ones those are.
    If there are any tweaks or additional settings I should know about for the Windows computers (especially Windows 7), I would like to know what those are.
    If at the end of this post that you've just read and know with irrefutable proof or a reasonably educated decision that this router magically will not serve my VPN needs AT ALL, I would like to know a reasonably-priced alternative, preferably something that is not an Extreme Base Station, Time Capsule, or other product because my ISP hates Apple-based routers for a reason even they do not understand
    If at the end of htis post that you've just read and know with irrefutable proof or a reasonably educated decision that I would be better off attempting this with PPTP on this D-Link Router, and if you know how to set the correct settings on Server Admin, forward the correct ports on the router I have, I would like to know that
    Thank you for reading this wall of text, anyone willing to help me with this is an amazing person

    Hi Esther,
    After 3 months, I was finally able to revisit this issue. Here are the results of my nmap TCP test using your code:
    Gerchak$ nmap -T5 XX.XX.XXX.XX
    Starting Nmap 6.00 ( http://nmap.org ) at 2012-05-22 17:50 CDT
    Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
    Nmap done: 1 IP address (0 hosts up) scanned in 1.68 seconds
    And here are the results of my UDP test using your code:
    Gerchak$ sudo nmap -sU -T5 -p 500,1701,4500,9999 XX.XX.XXX.XX
    Starting Nmap 6.00 ( http://nmap.org ) at 2012-05-22 17:51 CDT
    Nmap scan report for xxx-bb-xxx-3-ws-6.xxx.xxxxxxxxxxxx.net (XX.XX.XXX.XX)
    Host is up (0.096s latency).
    PORT     STATE         SERVICE
    500/udp  open          isakmp
    1701/udp open|filtered L2TP
    4500/udp open|filtered nat-t-ike
    9999/udp open|filtered distinct
    Obviously there's something wrong since the TCP scan registered a major problem, so I redid the scan per nmap's recommendations:
    Gerchak$ nmap -Pn XX.XX.XXX.XX
    Starting Nmap 6.00 ( http://nmap.org ) at 2012-05-22 17:55 CDT
    Nmap scan report for xxx-bb-xxx-3-ws-6.xxx.xxxxxxxxxxxx.net (XX.XX.XXX.XX)
    Host is up (0.14s latency).
    Not shown: 990 filtered ports
    PORT     STATE  SERVICE
    22/tcp   closed ssh
    427/tcp  closed svrloc
    500/tcp  closed isakmp
    548/tcp  open   afp
    1723/tcp closed pptp
    5002/tcp closed rfe
    5003/tcp open   fm
    5004/tcp closed avt-profile-1
    5222/tcp open   xmpp-client
    8080/tcp open   http-proxy
    So, where should I go from here? 1723 is closed off yet my router says it's open. I'm just about ready to throw my hands up in the air and just purchase a different router.

  • Internet disconnects when trying to connect a vpn on a different user account on the same computer

    Im trying to have one user account with my real ip address and another user account on windows 8 with a vpn connection. Everytime i switch (i dont logout i just lock the user) then try to connect a vpn on the other user account the internet disconnects
    on the other user account. It's like it wants to change my entire internet connection to use the vpn instead of having a seperate connection on each user account. is there a way around this or am i stuck having to use two laptops? I also unchecked
    Use default gateway on remote network on the vpn.
     

    Hi,
    Try to temporary disable firewall to see if the same issue occurs.
    Leo Huang
    TechNet Community Support
    This is definitely not the answer.  Why is it marked as the answer?

  • MaxDB Connection Issue for Content Server

    Hi All,
    We have installed Content Server 6.40 on Windows 203 server.
    We are able to visit the Url http://host:port/ContentServer/ContentServer.dll?serverInfo
    But while creatng a repository i am facing issues..its throwing error that
    "HTTP error: 500 (Internal Server Error)  "CreateTab ContentStorage, connect error SQLConnect failed, [Microsoft][ODBC Driver Manager] Data s"
    Checked these two notes 698915, 301352 and ru the comman to register MaxDB drivers and got that message that the drivers registered successfulyy.
    But still i am not able to create repository uing CSADMIN.
    Also ,when tryng to connect to MaxDB using superdba or contro user ,its throwing error "-2 ERR_USRFAIL authorization failed "
    Even the control user i amnot able to login.I am giving the password which i gave during installation.
    Database is SDB
    Pls suggest.
    Regards
    Ajay

    Hello Ajay,
    1. I recommend you to create the SAP ticket, if you failed to connect to MaxDB
    using superdba or control user with known to you passwords.
    2. Could you post the password, which you used during the installation.
    In the past the issue was with using passwords more as 9 symbols with Unicode MAXDB.
    If you was using, for example, "test123456" password => try to connect to the database
    with u201Ctest12345u201D password < first 9 symbols of the password you used during the installation >.
    Thank you and best regards, Natalia Khlopina

  • Connection to VPN doesn't work with exclamation mark on Network symbol

    Hello everyone,
    I'm new to this forum and not really professional in VPN stuff, though I'm an experienced computer user and programmer. I'm using Cisco VPN
    5.0.07.0440-k9-x64 from the Paul Scherrer Institute on Windows 8 64-bit. The program was working previously fine, but at some point, whenever I connect to VPN and login, I lose connection to the internet, and nothing related to my internet connection work, and I see an exclamation mark on the wireless network symbol. And when I disconnect the VPN, I get everything back to normal.
    I got almost the same problem when I installed Kaspersky Internet Security due to some suspicion on security, but then I removed it and everything was back to normal. After that, the VPN worked for some time, and again didn't work anymore at some point. First thing I tried is disabling the Windows Firewall, and it didn't help.
    My network adapter is: Qualcomm Atheros AR9002WB-1NG Wireless Network Adapter
    In my network adapter, I can't change the TCP/IP v4 Configuration. When I double click, it says something like: "For the configuration of TCP/IP, there must be a network device installed and activated" (The sentence is translated from German, my Windows is German).
    Is there like a "global reset" that would get the VPN to work again? What should I do?
    Please advise, and if you require any piece of information, let me know.
    Thank you.

    I'm using now VPNC on linux. No more cisco! Crappy program and crappy support!

  • Problems accessing 1 remote desktop when connected with VPN

    Hi everyone,
    I have an ASA 5505 and have a problem where when I connect through VPN I can RDP into a server using its internal address but I cannot RDP to another server using its internal address.
    The one I can connect to has an IP of 192.168.2.10 and the one I cannot connect to has an IP of 192.168.2.11 on port 3390.
    Both rules are configured exactly the same except for the IP addresses and I cannot see why I cannot connect to this one server.
    I am also able to connect to my camera system with an IP 192.168.2.25 on port 37777 and able to ping any other device on the internal network.
    I've also tried pinging it and telneting to port 3390 with no success.
    Here is the config.
    ASA Version 8.4(4)1
    interface Ethernet0/0
    switchport access vlan 3
    interface Ethernet0/1
    interface Ethernet0/2
    switchport access vlan 2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan2
    nameif inside
    security-level 100
    ip address 192.168.2.2 255.255.255.0
    interface Vlan3
    nameif outside
    security-level 0
    ip address 10.1.1.1 255.255.255.0
    ftp mode passive
    clock timezone EST -5
    clock summer-time EDT recurring
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network CTSG-LAN-OUT
    range 10.1.1.10 10.1.1.49
    object network CTSG-LAN-IN
    subnet 192.168.2.0 255.255.255.0
    object service RDP3389
    service tcp destination eq 3389
    description To DC
    object network SERVER-IN
    host 192.168.2.10
    object network SERVER-OUT
    host 10.1.1.50
    object network CAMERA-IN-TCP
    host 192.168.2.25
    object network CAMERA-OUT
    host 10.1.1.51
    object service CAMERA-TCP
    service tcp destination eq 37777
    object network SERVER-Virt-IN
    host 192.168.2.11
    object network SERVER-Virt-OUT
    host 10.1.1.52
    object service RDP3390
    service tcp destination eq 3390
    description To VS for Master
    object network CAMERA-IN-UDP
    host 192.168.2.25
    object service CAMERA-UDP
    service udp destination eq 37778
    object network CTSG-LAN-OUT-VPN
    subnet 10.1.1.128 255.255.255.128
    object network SERVER-Virt-IN-VPN
    host 192.168.2.11
    object network SERVER-IN-VPN
    host 192.168.2.10
    object network CAMERA-IN-VPN
    host 192.168.2.25
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    access-list AnyConnect_Client_Local_Print extended deny ip any any
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
    access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
    access-list AnyConnect_Client_Local_Print remark Windows' printing port
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
    access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
    access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
    access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
    access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
    access-list inside1_access_in remark Implicit rule: Permit all traffic to less secure networks
    access-list inside1_access_in extended permit ip any any
    access-list outside_access_in extended permit object RDP3389 any host 192.168.2.10
    access-list outside_access_in extended permit object RDP3390 any host 192.168.2.11
    access-list outside_access_in extended permit object CAMERA-TCP any host 192.168.2.25
    access-list outside_access_in extended permit object CAMERA-UDP any host 192.168.2.25
    pager lines 24
    logging enable
    logging buffer-size 10240
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    ip local pool RAVPN 10.1.1.129-10.1.1.254 mask 255.255.255.128
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    nat (inside,outside) source static SERVER-IN-VPN SERVER-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
    nat (inside,outside) source static CAMERA-IN-VPN CAMERA-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
    nat (inside,outside) source static SERVER-Virt-IN-VPN SERVER-Virt-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
    object network CTSG-LAN-IN
    nat (inside,outside) dynamic interface
    object network SERVER-IN
    nat (inside,outside) static SERVER-OUT service tcp 3389 3389
    object network CAMERA-IN-TCP
    nat (inside,outside) static CAMERA-OUT service tcp 37777 37777
    object network SERVER-Virt-IN
    nat (inside,outside) static SERVER-Virt-OUT service tcp 3390 3390
    access-group inside1_access_in in interface inside
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 10.1.1.2 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 192.168.2.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP
    -DES-SHA ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto ca trustpoint ASDM_TrustPoint0
    enrollment terminal
    subject-name CN=SACTSGRO
    crl configure
    crypto ikev1 enable outside
    crypto ikev1 policy 10
    authentication crack
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 20
    authentication rsa-sig
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 30
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 40
    authentication crack
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 50
    authentication rsa-sig
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 60
    authentication pre-share
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 70
    authentication crack
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 80
    authentication rsa-sig
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 90
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 100
    authentication crack
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 110
    authentication rsa-sig
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 120
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 130
    authentication crack
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 140
    authentication rsa-sig
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 150
    authentication pre-share
    encryption des
    hash sha
    group 2
    lifetime 86400
    telnet 192.168.2.0 255.255.255.0 inside
    telnet timeout 15
    ssh 192.168.2.0 255.255.255.0 inside
    ssh timeout 5
    ssh version 2
    ssh key-exchange group dh-group1-sha1
    console timeout 15
    dhcpd auto_config inside
    threat-detection basic-threat
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    username admin password xxxxx encrypted privilege 15
    username admin attributes
    vpn-group-policy DfltGrpPolicy
    tunnel-group CTSGRA type remote-access
    tunnel-group CTSGRA general-attributes
    address-pool RAVPN
    tunnel-group CTSGRA ipsec-attributes
    ikev1 pre-shared-key *****
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
      inspect icmp
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:0140431e7642742a856e91246356e6a2
    : end
    Thanks for your help

    Ok,
    So you basically have configured the router so that you can connect directly to the ASA using the Cisco VPN Client. And also the objective was to in the end only allow traffic to the LAN through the VPN Client connection ONLY.
    It would seem to me to achieve that, you would only need the following NAT configurations
    VPN Client NAT0 / NAT Exempt / Identity NAT
    object network LAN
    subnet 192.168.2.0 255.255.255.0
    object network VPN-POOL
    subnet 10.1.1.128 255.255.255.128
    nat (inside,outside) source static LAN LAN destination static VPN-POOL VPN-POOL
    The purpose of the above NAT configuration is simply to tell the ASA that dont do any kind of NAT when there is traffic between the LAN network of 192.168.2.0/24 and the VPN Pool of 10.1.1.128/25. This way if you have any additional hosts on the LAN that need to be connected to, you wont have to make any form of changes to the NAT configurations for the VPN client users. You just allow the connections in the ACL (explained later below)
    Default PAT
    object-group network DEFAULT-PAT-SOURCE
    network-object 192.168.2.0 255.255.255.0
    nat (inside,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
    This configurations purpose is just to replace the earlier Dynamic PAT rule on the ASA. I guess your router will be doing the translation from the ASA "outside" interface IP address to the routers public IP address and this configuration should therefore allow normal Internet usage from the LAN.
    I would suggest removing all the other NAT configuration before adding these.
    Controlling VPN clients access to internal resources
    Also I assume that your current VPN client is configured as Full Tunnel. In other words it will tunnel all traffic to the the VPN connection while its active?
    To control the traffic coming from the VPN Client users I would suggest that you do the following
    Configure "no sysopt connection permit-vpn" This will change the ASA operation so that connections coming through a VPN connections ARE NOT allowed by default to bypass the "outside" interface ACL. Therefore after this change you can allow the connections you need in the "outside" interface ACL.
    Configure any rules you need regarding the VPN client connections to the "outside" interface ACL. Though I guess they already exist since you are connecting there without the VPN also
    I cant guarantee this with 100% certainty but it would seem to me that the above things should get you to the point where you can access the internal resources ONLY after when you have connected to the ASA through the VPN client connection. Naturally take precautions like configuration backups if you are going to do major configuration changes. Also if you are remotely managing the ASA then you also have the option to configure a timer on the ASA after which it will automatically reload. This could help in situations where a missconfiguration breaks you management connection and you have no other way to connect remotely. Then the ASA would simply reboot after the timer ran out and also reboot with the original configuration (provided you hadnt saved anything in between)
    Why are you using a different port for the other devices RDP connection? I can understand it if its used through the Internet but if the RDP connection would be used through the VPN Client only then I dont think there is no need to manipulate the default port of 3389 on the server or on the ASA.
    Also naturally if there is something on the actual server side preventing these connections then these configuration changes might not help at all.
    Let me know if I have understood something wrong
    - Jouni

Maybe you are looking for

  • Syncing

    I have an IMac, an IPhone and a Macbook Pro.  I use Mobile Me.  The Macbook and Iphone are my primary computers.  I receive email on all devices, but I cannot send email from my IMac.  This does not work for a .Mac account or an AOL account.  Is ther

  • How do I open a Crystal Report from Microsoft Access?

    I'm looking for step-by-step instructions on how to launch a Crystal Report from a Microsoft Access application (for a dummy like me). My Crystal Report uses a connection to the Access database as the data. I have Microsoft Access 2002 with Microsoft

  • Can an iPad Air 2 battery be used to recharge it's wireless Bluetooth keyboard?

    Can the battery of an iPad Air 2 be used to recharge it's bluetooth keyboard ? I have a female-female USB adapter to connect the 2 male USB cords

  • Difference between Routine & Formula

    Hi All, What is the difference between writing formula in Routine & in Formula for an InfoObject in Transfer Rules Thanks Learner

  • No TV Shows menu

    For some reason when I go to the Videos menu on my iPod, there is no TV Shows option. I have a couple of videos listed as TV Shows but they don't seem to be available on my iPod. I know that his is a minor problem and one that is easily worked around