Wlan and VPN
We are going to deploy Wireless on our network. Beside the suggested Cisco policy for securing wireless we also want to to secure it with VPN. Has anybody done this that can point me where to start. We have a 3000 concentrator, can I user the external interface for this? THanks.
Our Wlan is on an internal network vlan 252 and our lan is the is on different vlan. internal network is 10.13.xxx.xxx/24
thanks.
i moved the AP to pub interface of 3000, on the same segment, i use a router to run as a dhcp server to provide ip to wireless client, after that, the wireless client need to vpn to 3000 to get to my inside network.
Similar Messages
-
I need to know how to configure wi-fi and VPN on m...
I need to know how to configure wi-fi and VPN on my E61i.
everytime I search for any available WLAN,I find one(in my company)and when start browsing,it gives me(WLAN not found).
What should I do?iOS: Connecting to the Internet
-
Questions regarding Outlook Web App, Remote Desktop, Remote Web Access and VPN Access
Hi there,
I want to ask a series of questions regarding Outlook Web App, Remote Desktop, Remote Web Access and VPN access and was hoping whether you could help me. Below are my questions to ask you.
Outlook Web App - What do I need to configure in order to get my Exchange account to work with the OWA app on my iPhone? Is Office 360 required on the server that hosts Outlook Web App in our organisation? When I configure the settings and
connect I get the following message "couldn't connect - We couldn't connect to the server. Check your information and make sure it's correct." I can connect with other devices using Outlook Web App.
Remote Desktop - What do I need to configure in order to connect to my computer at work using Remote Desktop on my Windows Phone? When I configure the settings and connect I get the following message "Connection error - We couldn't connect
to the remote PC. Make sure the PC is turned on and connected to the network, and that remote access is enabled. Inquiring minds may find this error code helpful: 0x204" I can connect with other devices using Remote Desktop. There are currently no
RD Server settings in the Remote Desktop app on the Windows Phone and the only way I'm to connect to my PC at work is via Remote Desktop and not to be confused with the one by Microsoft, however the app is on a trial basis and times out every 5 minutes and
can only be used once every hour unless I purchased the app for £2.99 off the App Store but would ideally like to use the Microsoft Remote Desktop app though.
Remote Web Access - What do I need to configure in order to get Remote Web Access on my Windows Phone using a URL? When I log in using a URL I get the following message "There is a problem with this Web page. Please contact the person who manages
the server" I can connect with other devices using Remote Web Access. Also how do you enable the background option for Remote Web Access? I know how to do this in Remote Desktop but not in Remote Web Access. Remote Web Access works on PCs regardless
being onsite and offsite and on my iPhone, the same issue also occurs with my Nokia 5230s regardless of whether I'm using Opera Mobile or Mini or the latest Nokia Browser.
VPN access - How do you configure VPN access on a Windows Phone using VPN? I cannot find the protocols PPTP, L2TP, SSTP and IPsec in order to configure VPN access on the Windows Phone apart from IKEv2.
Many thanks,
RocknRollTimAny help would be much appreciated.
Kind regards,
RocknRollTim -
I recently checked my internet connection on my Asus G53SW and found that it was extremely slow on both the LAN and WLAN connections. I checked with a different laptop (old HP Pavilion) and I get a steady 74mbps+ connection using the same LAN cable and
also with the WLAN connection. My ISP has checked their side and everything is fine.
To try and resolve the issue I tried uninstalling, disabling and tweaking various software and even tried safe mode with networking, all to no avail. I then decided to do a complete fresh install this afternoon. I have installed Windows 7 Ultimate (64 bit)
successfully onto my SSD and everything went smoothly. I have now only installed Nvidia video drivers and the (only) WLAN driver from the Asus support site.
My WLAN connection remains incredibly slow (amost half what it is on the HP and my MacBook Pro). Clearly this is an issue with either the Asus laptop or Windows but I don't know how to proceed in order to eliminate which it could be other than to try a different
o/s to W7-Ult.
Can anyone help who knows more about this than me? Perhaps someone who has had a similar or the same problem because this is giving me a severe headache!
Thanks in advance to all and for any advice.
<script id="ncoEventScript" type="text/javascript">function DOMContentLoaded(browserID, tabId, isTop, url) { var object = document.getElementById("cosymantecnisbfw"); if(null != object) { object.DOMContentLoaded(browserID,
tabId, isTop, url);} }; function Nav(BrowserID, TabID, isTop, isBool, url) { var object = document.getElementById("cosymantecnisbfw"); if(null != object) object.Nav(BrowserID, TabID, isTop, isBool, url); }; function NavigateComplete(BrowserID, TabID,
isTop, url) { var object = document.getElementById("cosymantecnisbfw"); if(null != object) object.NavigateComplete(BrowserID, TabID, isTop, url); } function Submit(browserID, tabID, target, url) { var object = document.getElementById("cosymantecnisbfw");
if(null != object) object.Submit(browserID, tabID, target, url); }; </script>Thank you for responding. As I stated in my original post the reason I went through this process was because of an extremely slow internet connection from both the WLAN and LAN connections on my G53SW. At that time I had all of the correct drivers on the
machine. Whilst I would agree that with the machine only having a video and WLAN driver it may well not be working 'optimally', the rationale for doing this was to get the machine working with the minimum of processes to show that it was not anti-virsu software,
Steam or the like causing interference.
I have changed out both of the HDDs this evening (a primary SSD and a secondary 1Tb HDD) for a clean hybrid 1Tb Seagate drive. Once I have installed all of the Asus drivers (and nothing else) I will try the speed test again and report back.
I can now report that with a fresh install of Windows 7 Ultimate SP1 and ONLY Asus drivers as supplied the issue remains. On a connection where I should see around 75mbps I am actually getting around 18mbps, sometimes considerably slower. This only affects
my Asus machine.
<script id="ncoEventScript" type="text/javascript">function DOMContentLoaded(browserID, tabId, isTop, url) { var object = document.getElementById("cosymantecnisbfw"); if(null != object) { object.DOMContentLoaded(browserID,
tabId, isTop, url);} }; function Nav(BrowserID, TabID, isTop, isBool, url) { var object = document.getElementById("cosymantecnisbfw"); if(null != object) object.Nav(BrowserID, TabID, isTop, isBool, url); }; function NavigateComplete(BrowserID, TabID,
isTop, url) { var object = document.getElementById("cosymantecnisbfw"); if(null != object) object.NavigateComplete(BrowserID, TabID, isTop, url); } function Submit(browserID, tabID, target, url) { var object = document.getElementById("cosymantecnisbfw");
if(null != object) object.Submit(browserID, tabID, target, url); }; </script> -
I need to know how to open the laptop to replace the card that controls the wlan and treble. I tried to find a manual to show how to get the laptop open and then be able to get the card number so I can order one. I have removed the screws but can't get it appart. Can you tell me the type of card that I would need to resolve the problem so I don't loose the wireless conection every 5 minutes.
Thanks
highdiverThe Maintenance and Service guide, which you can find here, can show you how to replace your wlan card.
I am an employee of Hewlett Packard.
- - Please mark Accept As Solution if it solves your problem so others can more easily find the answer - -
- - Please click the Kudos star if you would like to say thanks - - -
Belle: No WLAN and Packet Data log.Filter options ...
In Nokia N8, with Symbian Anna, WLAN and Packet Data logging wasn't possible, even though there were options in the log filtering settings.
See below:
http://i44.tinypic.com/9kxbfa.png
After updating to Belle, log isn't still working, and both WLAN and Packet Data options were removed from filter options.
http://tinypic.com/r/6dxwgg/5
Will it be implemented in a further time?
Best RegardsHi,
quick update on this one as we now have a FAQ online.
Q: How can I get a WLAN/Wifi and packet data filter with Nokia Belle?
A: There is no data filter included in Nokia Belle by default, but you can download specific apps from Nokia Store.
BR,
yvonne -
I'm setting up a new mac mini server with Yosemite and I was wondering if there are any advantages or disadvantages to not using the open directory service? The only services I'm planning on using are File Sharing and VPN.
You don't need Open Directory unless you want to manage user accounts centrally on the server.
-
With Namit Agarwal and Rahul Govindan
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Cisco Adaptive Security Appliance (ASA) version 9.x (Context Aware Security and VPN Features) with experts Namit Agarwal and Rahul Govindan.
This is a continuation of the live webcast.
Cisco ASA CX (Context-Aware) is a next generation firewall service that serves as an extension to the Cisco Adaptive Security Appliance (ASA) firewall platform. In addition to the proven stateful inspection firewall capabilities, it provides us with next-generation capabilities and a host of additional network-based security controls for end-to-end network intelligence and streamlined security operations.
Namit Agarwal is a customer support engineer at the Cisco Technical Assistance Center in Bangalore, India. He has more than four years of experience in the security domain. His areas of expertise include ASA firewalls, IPS, and ASA content-aware security (ASA CX). He has been involved in various escalation requests from around the world. He holds CCIE certification (number 33795) in security.
Rahul Govindan has been an engineer with the Security Technical Assistance Center team in Bangalore for more than three years. He works on security technologies such as VPN; Cisco ASA firewalls; and authentication, authorization, and accounting. His particular expertise is in Secure Sockets Layer VPN and IP security VPN technologies. He holds CCIE certification (number 29948) in security.
Remember to use the rating system to let Namit and Govindan know if you have received an adequate response.
Because of the volume expected during this event, Namit and Govindan might not be able to answer every question. Remember that you can continue the conversation in the Security community, subcommunity VPN shortly after the event. This event lasts through November 1, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
Webcast related links:
Slides from the live webcast
Video Recording of the live webcast
Introduction to Cisco Adaptive Security Appliance (ASA) version 9.x (Context Aware Security and VPN Features): FAQ from live webcastHello Namit and Rahul,
Here are few questions that came in directly during your live webcast hence posting them here so that users can benifit:
1) How is ASA CX different from other UTM solutions ?
2) How is dynamic application inspection of CX better than other inspection engines ?
3) What features or functionalities on the CX are available by default ?
4) what are the different ways we can run or install CX on the ASA platform ?
5) What VPN features are supported with multi context ASA in the 9.x release ?
6) What are the IPv6 Enhancements in the ASA version 9.x ?
Request you to please provide your responses to them individually.
Thanks. -
Hi,
I am configuring 2 ASA5540 for internet trafic inside to outside ,
outside to inside (web,smtp) but also vpn load balancing for client to site , site to site and webvpn.
In the doc I can configure them for internet trafic as Active/Standby or Active/active.
for vpn : I can use vpn load balancing
But no information if I want to use the active/passif and vpn load balancing together.
Any thoughts on which way to go? what is the best thing to do ?
RegardsHi,
I think that you cannot use an Active/Active configuration for VPN connections as it is stated on Cisco's documentation: "Note: VPN failover is not supported on units that run in multiple context mode as VPN is not supported in multiple context. VPN failover is available only for Active/Standby Failover configurations in single context configurations" available at http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml
Hope it helps -
Guest WLAN and Web Auth?
Hi Guys,
Maybe someone can help me out?
I just finished setting up a trial "Cisco Virtual Wireless Controller" with nearly the same configuration as our Physical
"Cisco Wireless Controller" with the exception of having 2 ports. Anyhow, I managed to get everything working except for the WEB AUTH on the Guest WLAN. When a client connects, he gets a DHCP address from our ASA but when we try to get to a website, we never reach the WEB AUTH page.
What I tried so far is..
add a DNS Host Name to the virtual interface and assign it to our internal DNS server.dns name was resolving but we were unable to ping 1.1.1.1
changed the virtual ip from 1.1.1.1 to 2.2.2.2 and modified the DNS entrydns name resoved but still could not ping 2.2.2.2(I think this is normal)
changed the virtual IP to a private address of 192.168.102.1 and modified the dns entrysame result
I've attached some screenshots of our configuration.Troubleshooting Web Authentication
After you configure web authentication, if the feature does not work as expected, complete these
troubleshooting steps:
Check if the client gets an IP address. If not, users can uncheck
DHCP Required
on the WLAN and
give the wireless client a static IP address. This assumes association with the access point. Refer to
the
IP addressing issues
section of
Troubleshooting Client Issues in the Cisco Unified Wireless
Network for troubleshooting DHCP related issues
1.
On WLC versions earlier than 3.2.150.10, you must manually enter
https://1.1.1.1/login.html
in
order to navigate to the web authentication window.
The next step in the process is DNS resolution of the URL in the web browser. When a WLAN client
connects to a WLAN configured for web authentication, the client obtains an IP address from the
DHCP server. The user opens a web browser and enters a website address. The client then performs
the DNS resolution to obtain the IP address of the website. Now, when the client tries to reach the
website, the WLC intercepts the HTTP Get session of the client and redirects the user to the web
authentication login page.
2.
Therefore, ensure that the client is able to perform DNS resolution for the redirection to work. On
Windows, choose
Start > Run
, enter
CMD
in order to open a command window, and do a nslookup
www.cisco.com" and see if the IP address comes back.
On Macs/Linux: open a terminal window and do a nslookup www.cisco.com" and see if the IP
address comes back.
If you believe the client is not getting DNS resolution, you can either:
Enter either the IP address of the URL (for example, http://www.cisco.com is
http://198.133.219.25)
♦
Try to directly reach the controller's webauth page with
https:///login.html. Typically this is http://1.1.1.1/login.html.
♦
Does entering this URL bring up the web page? If yes, it is most likely a DNS problem. It might also
be a certificate problem. The controller, by default, uses a self−signed certificate and most web
browsers warn against using them.
3.
For web authentication using customized web page, ensure that the HTML code for the customized
web page is appropriate.
You can download a sample Web Authentication script from Cisco Software Downloads. For
example, for the 4400 controllers, choose
Products > Wireless > Wireless LAN Controller >
Standalone Controllers > Cisco 4400 Series Wireless LAN Controllers > Cisco 4404 Wireless
LAN Controller > Software on Chassis > Wireless Lan Controller Web Authentication
Bundle−1.0.1
and download the
webauth_bundle.zip
file.
These parameters are added to the URL when the user's Internet browser is redirected to the
customized login page:
4.
ap_mac The MAC address of the access point to which the wireless user is associated.
♦
switch_url The URL of the controller to which the user credentials should be posted.
♦
redirect The URL to which the user is redirected after authentication is successful.
♦
statusCode The status code returned from the controller's web authentication server.
♦
wlan The WLAN SSID to which the wireless user is associated.
♦
These are the available status codes:
Status Code 1: "You are already logged in. No further action is required on your part."
♦
Status Code 2: "You are not configured to authenticate against web portal. No further action
is required on your part."
♦
Status Code 3: "The username specified cannot be used at this time. Perhaps the username is
already logged into the system?"
♦
Status Code 4: "You have been excluded."
♦
Status Code 5: "The User Name and Password combination you have entered is invalid.
Please try again."
♦
All the files and pictures that need to appear on the Customized web page should be bundled into a
.tar file before uploading to the WLC. Ensure that one of the files included in the tar bundle is
login.html. You receive this error message if you do not include the login.html file:
Refer to the Guidelines for Customized Web Authentication section of Wireless LAN Controller Web
Authentication Configuration Example for more information on how to create a customized web
authentication window.
Note:
Files that are large and files that have long names will result in an extraction error. It is
recommended that pictures are in .jpg format.
5.
Internet Explorer 6.0 SP1 or later is the browser recommended for the use of web authentication.
Other browsers may or may not work.
6.
Ensure that the
Scripting
option is not blocked on the client browser as the customized web page on
the WLC is basically an HTML script. On IE 6.0, this is disabled by default for security purposes.
7.
Note:
The Pop Up blocker needs to be disabled on the browser if you have configured any Pop Up
messages for the user.
Note:
If you browse to an
https
site, redirection does not work. Refer to Cisco bug ID CSCar04580
(registered customers only) for more information.
If you have a
host name
configured for the
virtual interface
of the WLC, make sure that the DNS
resolution is available for the host name of the virtual interface.
Note:
Navigate to the
Controller > Interfaces
menu from the WLC GUI in order to assign a
DNS
hostname
to the virtual interface.
8.
Sometimes the firewall installed on the client computer blocks the web authentication login page.
Disable the firewall before you try to access the login page. The firewall can be enabled again once
the web authentication is completed.
9.
Topology/solution firewall can be placed between the client and web−auth server, which depends on
the network. As for each network design/solution implemented, the end user should make sure these
ports are allowed on the network firewall.
Protocol
Port
HTTP/HTTPS Traffic
TCP port 80/443
CAPWAP Data/Control Traffic
UDP port 5247/5246
LWAPP Data/Control Traffic
(before rel 5.0)
UDP port 12222/12223
EOIP packets
IP protocol 97
Mobility
UDP port 16666 (non
secured) UDP port 16667
(secured IPSEC tunnel)
10.
For web authentication to occur, the client should first associate to the appropriate WLAN on the
WLC. Navigate to the
Monitor > Clients
menu on the WLC GUI in order to see if the client is
associated to the WLC. Check if the client has a valid IP address.
11.
Disable the Proxy Settings on the client browser until web authentication is completed.
12.
The default web authentication method is PAP. Ensure that PAP authentication is allowed on the
RADIUS server for this to work. In order to check the status of client authentication, check the
debugs and log messages from the RADIUS server. You can use the
debug aaa all
command on the
WLC to view the debugs from the RADIUS server.
13.
Update the hardware driver on the computer to the latest code from manufacturer's website.
14.
Verify settings in the supplicant (program on laptop).
15.
When you use the Windows Zero Config supplicant built into Windows:
Verify user has latest patches installed.
♦
Run debugs on supplicant.
♦
16.
On the client, turn on the EAPOL (WPA+WPA2) and RASTLS logs from a command window, Start
> Run > CMD:
netsh ras set tracing eapol enable
netsh ras set tracing rastls enable
In order to disable the logs, run the same command but replace enable with disable. For XP, all logs
will be located in C:\Windows\tracing.
17.
If you still have no login web page, collect and analyze this output from a single client:
debug client
debug dhcp message enable
18.
debug aaa all enable
debug dot1x aaa enable
debug mobility handoff enable
If the issue is not resolved after you complete these steps, collect these debugs and use the TAC
Service Request Tool (registered customers only) in order to open a Service Request.
debug pm ssh−appgw enable
debug pm ssh−tcp enable
debug pm rules enable
debug emweb server enable
debug pm ssh−engine enable packet -
GPS not available only WLAN and Basestations
Hello,
in my iPhone 4s GPS is not available, only WLAN and Basestations are used to show location on Maps. On my iPhone 4 everything works fine. Both on iOS 6.0.1
Device already reseted.
What else do I have to do.
Best regards
ReinerI've had limited success using G spot (App from the Apple store) which seems to find my location by using my WIFI which is also registered with Skyhook and then using it to launch maps. Even though G spot works, google maps still doesn't locate me, but luckily G spot will place a pin drop on your location within maps at the touch of a button.
Thus this may be a workaround for now. G spot also seems seems to work with my wifi off, but I don't know if it's just using a cache of my last known location. I haven't tested in places aside from my flat yet, but will do so very shortly and I will report back whether using a third party app, such as G spot works at obtaining your location which can then be feed into google maps.
Gspot is not free (though it's not expensive). Luckily I had it due to the compass it provides. However one can test whether 3rd party apps work for you or not in obtaining your location for free by downloading either of the 'here i am' apps from iTunes and having it email your location to yourself and then opening the link from the email, which launches maps and pin drops your location. Though this will not provide live GPS on the 3G, but it will atleast give you a general location and a map if you're lost until Apple sorts out their ****! -
Using 802.1x and vpn on t-mobile hotspot
hi all,
how do i configure 802.1x and vpn to enhance security on t-mobile hotspot?
thanx for your help.Multi-Host is not the right option for you. In this Multi-Host only one device has to successfully authenticate to authenticate all device on that port.
You need to set host-mode to "multi-auth" -
Guest WLAN and a Office WLAN on 1242AG
Hi All,
I have managed to add two WLANS, one for the Office Wireless clients(Staff laptops) and another one for Guests. I have bassicaly created two SSIDs, one broadcasting, other one not(Staff one).
The AP is a 1242AG and is going to connect to a Catalyst 3750 48T, which is connected to Cisco 877. How can I make the DHCP assignments to both Guest WLAN and Staff WLAN and also do I have to create trunk port in the Switch ( I am thinking like this as I got Two VLANs.)
Does anyone know or got a sample running config ( in a Switch and in a similar AP)...really appriciate it. Time is running out for me!!!
Reg
NDHi,
here is a config example for exactly you are looking for:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665ceb.shtml.
HTH,
Tiago -
Vista x64 drivers for Broadcom BCM4311 wlan and touchpad
Hello!
Where to download a Vista x64 driver for a Broadcom BCM4311 wlan and touchpad for a Lenovo 3000 G410m-mm? A Windows update wlan driver allows a two times slower speed.
Regards,
DmitryTry this.
//help will save the world -
No wlan and bluetooth after recovery
WLAN and Bluetooth is lost after I took my ipod touch through a receovery procedure
Here is Apple's article for that symptom. You may end up making an appointment at the Genius Bar of an Apple store since sometime the steps do not fix the problem.
Unable to use Wi-Fi or Bluetooth with iPhone or iPod touch because there's no address listed for the device
Maybe you are looking for
-
Can i set up a second itunes account on my laptop?
I have just managed to set up an account for my iphone, but would like to set up another on the same laptop for my husbands very old ipod and let's just say we don't share the same taste in music! Thank you!
-
Why can't Disk Utility wipe my old iMac in Target Disk Mode?
I want to donate my old iMac G3 with all my personal data removed. As all my old start up disks are long gone I went online and followed advice to wipe it remotely. I connected the G3 via FireWire to my 15" MacBook Pro (late 2008, running OSX Lion 10
-
Losing relationship public names when updating from 10.3 to 10.4
Hi Pretty much as the subject line says! When creating a rulebase in 10.3 OPM automatically creates public names (for containment relationships) when you name the forward and reverse relationships. When you open the project in 10.4 and run the upgrad
-
Text messages do not send or takes too long to send
When i try to send a text they wont send at all or they will take forever to send. i'll also receive texts 30 minutes after they were originally sent.
-
Hi! What do I have to do to deploy my jar-archives that are packed with pack200? Do I have to change the jnlp files? Do I have to change any server settings? At the moment I successfully deploy our software using Java Web Start and simple jar files.