Solved

Can't ping DNS names through a PIX 506E VPN

Posted on 2006-11-08
37
442 Views
Last Modified: 2012-06-21
HELP!!!!!

I have just sent up a simple VPN through a PIX 506E and I am able to connect and ping by IP but not by DNS names, which I need to be able to do for the exchange server and an access database.... HELP!!!!!

Thanks

Elizabeth
0
Comment
Question by:Iamagrump
  • 15
  • 10
  • 8
  • +1
37 Comments
 
LVL 8

Expert Comment

by:saw830
ID: 17903609
Hi Iamagrump,
how is your DNS setup on the remote PC?  it needs to have it's DNS settings pointing to you internal DNS servers so that it can resolve the names of things into addresses.  Normally, in such situations, I set the primary DNS server to be my internal DNS server and the secondary DNS to be whatever internet based or external DNS server.  The idea is to have your remote PC always use your internal (active directory integrated if you have it) DNS server if it can reach it, and fall back to a vanilla internet based DNS server when it can't reach the internal server.

Hope this helps,
Alan
0
 

Author Comment

by:Iamagrump
ID: 17903641
Alan,

  The DNS is pointed to the internal DNS server through the PIX VPN setup. I can ping by IP and when I try to ping the FQDN it comes back with the external IP of the mail server but still wont ping.

Elizabeth
0
 
LVL 8

Expert Comment

by:saw830
ID: 17903696
Hi,

The DNS should be resolving to the internal mail server address.  I suspect that either your internal DNS is handing out the external mail address or your PC is asking an external DNS server.

It is also possible that the external address has been cached on the PC.  If so, or if not sure, do an IPCONFIG /FLUSHDNS from a command prompt and try the ping again.

Alan
0
 

Author Comment

by:Iamagrump
ID: 17903743
I did a dnsflush just to check. Doing the ipconfig /all when reading the VPN connector shows the internal DNS server. I think there is a configuration issue with the PIX and VPN setup. Someone suggested doing an IP helper-address command but I don't think the PIX 506E supports that.

Thanks

E
0
 
LVL 8

Expert Comment

by:saw830
ID: 17903754
when you do an ipconfig /all, where is the physical connector's DNS pointing?
0
 

Author Comment

by:Iamagrump
ID: 17903802
My wireless is pointing to the DNS servers of my ISP.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17903809
Post a sanitized configuration of your PIX ?

Cheers,
Rajesh
0
 
LVL 8

Expert Comment

by:saw830
ID: 17903814
Betcha a nickle it will work if change the primary dns setting on  your wireless connector to your internal DNS server it will fix it.  but leave the secondary to an external DNS server for when the vpn is not connected....
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17903837
Yes it would, that is exactly what happens when you provide a dns server through vpn configuration.

Always the internal dns server should be queried for and if it fails only then the external dns, when you are connected through VPN. But if we were to hardcode that, the author has to do that for all of the vpn users.

So there is a problem lying in the vpn configuration probably, if we find that out, it should solve all the problems.

Cheers,
Rajesh
0
 

Author Comment

by:Iamagrump
ID: 17903838
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password mo42DDJaOb4c0.th encrypted
passwd Hhaverford2006!! encrypted
hostname HaverfordPix
domain-name ehaverford.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
no names
name 192.168.1.160 Sales_Profiler
name 192.168.1.111 Exchange
name 192.168.1.104 Hhfile1
name 192.168.1.150 Newstar
name 209.171.43.27 Hacker
name 192.168.1.254 Router
name 216.36.122.94 router
object-group service GroupChatServicesTCP tcp
  port-object eq 5100
  port-object eq aol
  port-object range 5000 5001
  port-object eq 5050
  port-object eq 1863
  port-object eq irc
  port-object range 6665 6669
object-group service GroupMailandWeb tcp
  port-object eq www
  port-object eq pop3
  port-object eq https
  port-object eq smtp
  port-object eq imap4
object-group service GroupMailOnly tcp
  port-object eq pop3
  port-object eq smtp
  port-object eq imap4
  port-object eq 993
object-group service GroupWebOnly tcp
  port-object eq www
  port-object eq https
object-group service FullExchangeTCP tcp
  port-object range 3397 3399
  port-object range 1071 1072
  port-object range 135 netbios-ssn
object-group service Games tcp
  port-object range 28800 29000
port-object eq 11999
object-group service RealWan tcp
  port-object eq telnet
  port-object eq ssh
  port-object eq ftp-data
  port-object eq sqlnet
  port-object eq domain
  port-object eq whois
  port-object eq ftp
object-group service SQL tcp
  port-object eq 1433
object-group service StreaminVideoTCP tcp
  port-object eq 7070
  port-object eq 18888
  port-object eq 1755
  port-object eq 554
  port-object eq 7000
object-group service TerminalServices tcp
  port-object eq 3389
object-group service VNCandRadmin tcp
port-object eq 3389
  port-object eq 4899
object-group service WebOnly tcp
  port-object eq www
  port-object eq https
object-group service OutboundTCP tcp
  group-object WebOnly
  group-object RealWan
  group-object GroupChatServicesTCP
  group-object TerminalServices
  group-object VNCandRadmin
  group-object Games
  group-object SQL
  group-object StreaminVideoTCP
  group-object GroupMailOnly
  port-object eq 3101
object-group service AllowableOutboundUDPServices udp
  port-object eq tftp
  port-object eq domain
  port-object eq 1604
port-object eq ntp
object-group service ChatServicesUDP udp
  port-object range 5000 5010
  port-object range 5190 5193
  port-object eq 4000
object-group service FullExchangeUDP udp
  port-object range 135 139
object-group service GamesUDP udp
  port-object range 28800 29000
  port-object eq 39123
object-group service StreaminVideoUDP udp
  description 6970
  port-object range 6970 7170
  port-object eq 1755
  port-object eq 1558
object-group service UDPOutbound udp
  group-object ChatServicesUDP
  group-object StreaminVideoUDP
  group-object GamesUDP
  port-object eq tftp
port-object eq ntp
object-group network VNCServers
  network-object 192.168.1.150 255.255.255.255
  network-object 192.168.1.160 255.255.255.255
object-group network TerminalServers
  network-object 192.168.1.150 255.255.255.255
  network-object 192.168.1.160 255.255.255.255
  network-object 192.168.1.104 255.255.255.255
object-group network MailServers
  network-object 192.168.1.111 255.255.255.255
access-list inside_access_in permit icmp any any
access-list inside_access_in deny tcp any host 209.171.43.27
access-list inside_access_in permit udp any any eq domain
access-list inside_access_in permit tcp any any
access-list inside_access_in permit tcp any any object-group WebOnly
access-list inside_access_in permit tcp any object-group OutboundTCP any
access-list inside_access_in permit udp any object-group UDPOutbound any
access-list inside_access_in deny ip any any
access-list outside_access_in permit tcp any host xx.xx.xxx.xxx eq www
access-list outside_access_in permit tcp any host xx.xx.xxx.xxx eq https
access-list outside_access_in permit tcp any host xx.xx.xxx.xxx eq imap4
access-list outside_access_in permit tcp any host xx.xx.xxx.xxx eq pop3
access-list outside_access_in permit tcp any host xx.xx.xxx.xxx object-group Grou
pMailandWeb
access-list outside_access_in permit tcp any host xx.xx.xxx.xxx eq 3389
access-list outside_access_in permit tcp any host xx.xx.xxx.xxx eq 3391
access-list capture permit udp any any eq domain
access-list outbound permit ip any any
access-list nonat permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list vpn3000 permit icmp any any
access-list 101 permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list 101 permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 10
icmp permit any outside
mtu outside 1500
mtu inside 1250
ip address outside xx.xx.xxx.xxx 255.255.255.248
ip address inside 192.168.1.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool ippool1 172.16.1.1-172.16.1.254
pdm location 192.168.1.104 255.255.255.255 inside
pdm location 192.168.1.111 255.255.255.255 inside
pdm location 192.168.1.150 255.255.255.255 inside
pdm location 192.168.1.160 255.255.255.255 inside
pdm location 209.171.43.27 255.255.255.255 outside
pdm location 192.168.1.254 255.255.255.255 inside
pdm location xxx.xx.xxx.xxx 255.255.255.255 outside
pdm location xx.xx.xxx.xxx 255.255.255.255 outside
pdm group VNCServers inside
pdm group TerminalServers inside
pdm group MailServers inside
pdm logging informational 100
pdm history enable
arp timeout 300
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
alias (inside) 192.168.1.111 69.33.22.195 255.255.255.255
alias (inside) 192.168.1.104 69.33.22.196 255.255.255.255
alias (inside) 192.168.1.150 69.33.22.197 255.255.255.255
static (inside,outside) xx.xxx.xxx.xxx 192.168.1.111 netmask 255.255.255.255 0 0
static (inside,outside) xx.xxx.xxx.xxx 192.168.1.104 netmask 255.255.255.255 0 0
static (inside,outside) xx.xxx.xxx.xxx 192.168.1.150 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 xx.xxx.xxx.xxx 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt noproxyarp inside
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
crypto map outside_map 30 ipsec-isakmp dynamic dynmap
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup vpn3000 address-pool ippool1
vpngroup vpn3000 dns-server 192.168.1.104
vpngroup vpn3000 wins-server 192.168.1.104
vpngroup vpn3000 default-domain ehaverford.com
vpngroup vpn3000 split-tunnel 101
vpngroup vpn3000 idle-time 1800
vpngroup vpn3000 password ********
telnet 192.168.1.104 255.255.255.255 inside
telnet 192.168.1.111 255.255.255.255 inside
telnet 192.168.1.150 255.255.255.255 inside
telnet 192.168.1.160 255.255.255.255 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 60
management-access inside
console timeout 0
dhcpd address 192.168.1.50-192.168.1.100 inside
dhcpd dns 192.168.1.104 4.2.2.2
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd domain ehaverford.com
dhcpd enable inside
username haverford_admin password hWTFwju0HYZfa.ox encrypted privilege 15
username HaverfordVPN password vkED6dK2G3A.b5p1 encrypted privilege 2
username msimone password SCQdC/o9XmwTgntq encrypted privilege 15
terminal width 80


Thanks for all the HELP!!!!
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17904116
Also when you're connected to the vpn, from the client machine paste these;

ipconfig/all

route print


This would give a clear picture on what exactly is vpn delivering.


Cheers,
Rajesh
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17904140
>>access-list 101 permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0

you don't need that line; so do this;

no access-list 101
access-list 101 permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0

Then create an identical access-list like above for nat 0, don't use the same access-list.

access-list nonat permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0

>>nat (inside) 0 access-list 101

change the above to;

nat (inside) 0 access-list nonat

Cheers,
Rajesh

0
 

Author Comment

by:Iamagrump
ID: 17905648
Hi, these are the results after I made the changes you suggested.  Though when I went to create this line >>access-list nonat permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0>>> it wouldn't because it said it was a duplicate.. Thanks for all the HELP!!!!



Ethernet adapter Wireless Network Connection 2:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Dell Wireless 1470 Dual Band WLAN Mini-PCI Card

        Physical Address. . . . . . . . . : 00-14-A5-80-1C-6C

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : No

        IP Address. . . . . . . . . . . . : 192.168.1.101

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 68.87.73.242

                                            68.87.71.226

        Lease Obtained. . . . . . . . . . : Thursday, November 09, 2006 7:15:34 AM

        Lease Expires . . . . . . . . . . : Friday, November 10, 2006 7:15:34 AM



Ethernet adapter Local Area Connection 2:



        Connection-specific DNS Suffix  . : ehaverford.com

        Description . . . . . . . . . . . : Cisco Systems VPN Adapter

        Physical Address. . . . . . . . . : 00-05-9A-3C-78-00

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : 172.16.1.3

        Subnet Mask . . . . . . . . . . . : 255.255.0.0

        Default Gateway . . . . . . . . . :

        DNS Servers . . . . . . . . . . . : 192.168.1.104

        Primary WINS Server . . . . . . . : 192.168.1.104


===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10004 ...00 14 a5 80 1c 6c ...... Dell Wireless 1470 Dual Band WLAN Mini-PCI Card - Packet Scheduler Miniport
0x20002 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.101        25
     69.33.22.194  255.255.255.255      192.168.1.1   192.168.1.101        1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1        1
       172.16.0.0      255.255.0.0       172.16.1.3      172.16.1.3        10
       172.16.1.3  255.255.255.255        127.0.0.1       127.0.0.1        10
   172.16.255.255  255.255.255.255       172.16.1.3      172.16.1.3        10
      192.168.1.0    255.255.255.0    192.168.1.101   192.168.1.101        25
      192.168.1.0    255.255.255.0       172.16.1.3      172.16.1.3        1
      192.168.1.1  255.255.255.255    192.168.1.101   192.168.1.101        1
    192.168.1.101  255.255.255.255        127.0.0.1       127.0.0.1        25
    192.168.1.255  255.255.255.255    192.168.1.101   192.168.1.101        25
        224.0.0.0        240.0.0.0       172.16.1.3      172.16.1.3        10
        224.0.0.0        240.0.0.0    192.168.1.101   192.168.1.101        25
  255.255.255.255  255.255.255.255       172.16.1.3      172.16.1.3        1
  255.255.255.255  255.255.255.255    192.168.1.101   192.168.1.101        1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None



0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17905726
Check the binding order on your machine.  Post what order your adapters are listed.  If remote access connections is listed on top then move it down and look at this article:  http://support.microsoft.com/kb/311218

How to change the binding order of network adapters
1. Click Start, click Run, type ncpa.cpl , and then click OK.
You can see the available connections in the LAN and High-Speed Internet section of the Network Connections window.
2. On the Advanced menu, click Advanced Settings, and then click the Adapters and Bindings tab.
3. In the Connections area, select the connection that you want to move higher in the list. Use the arrow buttons to move the connection.
 
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17905913
Ok, so you have the nonat access-list already. So I would assume that you have made these changes as well ?

nat (inside) 0 access-list nonat

now, on the client machine, do this;

nslookup yahoo.com and post it here.

Cheers,
Rajesh
0
 

Author Comment

by:Iamagrump
ID: 17907112
Hi, here is the result of the nslookup for yahoo.com

Server:  hhfile1.ehaverford.com
Address:  192.168.1.104

DNS request timed out.
    timeout was 2 seconds.

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17907546
Other than the changes I asked to make your pix configuration looks okay to me. But on your VPN virtual adaptor I don't see the ip address as the default gateway. Typicall it should be like this;

Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . : ehaverford.com

        Description . . . . . . . . . . . : Cisco Systems VPN Adapter

        Physical Address. . . . . . . . . : 00-05-9A-3C-78-00

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : 172.16.1.3

        Subnet Mask . . . . . . . . . . . : 255.255.0.0

     >>>>   Default Gateway . . . . . . . . . : 172.16.1.3

        DNS Servers . . . . . . . . . . . : 192.168.1.104

        Primary WINS Server . . . . . . . : 192.168.1.104


So is this the only machine that is having problems with ? Or if this is the *only* machine you're trying with? Would it be possible to try with another client machine? If not then I would suggest you to do this;

1. Uninstall Cisco VPN Client
2. At the command prompt run these;

netsh int ip reset reset.log
netsh winsock reset
3. Reboot the machine.
4. Install the latest vpn client available (4.8)

and then see if it makes any difference.

Cheers,
Rajesh
0
 

Author Comment

by:Iamagrump
ID: 17907634
THanks for the suggestion.... but I have tried it with 2 other machines and one is running the newest client version available and still the same issue.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 4

Expert Comment

by:Smacky311
ID: 17908005
If you have a computer named computer1 and you can't ping it, but you can ping it by FQDN (computer1.mynetwork.com) then add mynetwork.com to your DNS suffixes and this should resolve the issue.

Go to your network adapter - properties - highlight tcp/ip - properties - advanced - DNS tab - Select "Append these DNS suffixes (in order) - Click add - add your domain name(s) (mynetwork.com)  - Save changes
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17908034
I noticed your connecting by way of VPN.  If the above solution I posted does not work check your binding order and put Local Area Connection 2 on top to see if that fixes it.  If it does then your computer was using the wrong DNS server b/c of your binding order.
0
 

Author Comment

by:Iamagrump
ID: 17908036
I can't ping any DNS names I can only ping by IP.
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17908064
Still try the binding order thing I posted.
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17908273
Did you open port 53 TCP and UDP for DNS?
0
 

Author Comment

by:Iamagrump
ID: 17908295
Would that show in my router config? and if not how do you do that..
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17908453
I believe the command is

>fixup protocol dns 53
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17908472
from

pixfirewall(config)#
0
 

Author Comment

by:Iamagrump
ID: 17908642
When I try that command I get this error

>>HaverfordPix(config)# fixup protocol dns 53
Usage: [no] fixup protocol dns [maximum-length <length>]
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17908735
Ah, I think I might have found an answer online:  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/intro.htm

Try  

fixup protocol domain 53
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 17908820
I'm believing to suspect there is probably a bug. With this configuration it should work for 6.3(5) code. My advise would be to open up a case with Cisco and show them all these details.

Present all the information here to the bug description, including the outputs I had asked.

By the way, fixup has nothing to do here since it is working for PIX to internet from Corporate.

Cheers,
Rajesh
0
 

Author Comment

by:Iamagrump
ID: 17909047
Thanks I will try that, though I don't think I have a support contract with them.
0
 

Author Comment

by:Iamagrump
ID: 17909455
OK, for the time being if I set the DNS to the internal DNS server on the wireless, how will that afffect the internet when it usually is set dymantically through a router with the ISP?


Betcha a nickle it will work if change the primary dns setting on  your wireless connector to your internal DNS server it will fix it.  but leave the secondary to an external DNS server for when the vpn is not connected....
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17911575
You can have your users statically configure their dns servers on their adaptors as mentioned by Saw830. Keep the internal as primary and keep the ISP's as secondary. But the bad part is that every user will have to be doing this.

This shouldn't be happening infact. This is the second incident with PIX 506E I believe in this forum itself about DNS. There is something wrong with this. Configuration wise, I had even checked line by line on what I used to have in my PIX.

If you don't have a support contract, Cisco won't support it. I guess you need to talk to them anyways, also search the bug database if possible (I haven't been doing that for almost an year now so I wouldn't know)

Cheers,
Rajesh
0
 

Author Comment

by:Iamagrump
ID: 17911726
Rajesh,

  Thanks I will check the bug database. I have tired putting in the the IP address of the internal DNS and external and still no luck.
0
 

Author Comment

by:Iamagrump
ID: 17911777
Whats strange about this whole thing is, there is no gatway listed for the VPN. Also, I still can't ping DNS names even when putting in the DNS server IP.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17911785
What is the OS version ? If XP, I wouldn't load anything less than 4.8

Can you do the sequence as I asked some posts back just to see if there is any problem ?

1.Uninstall Cisco VPN Client
2. At the command prompt run these;

netsh int ip reset reset.log
netsh winsock reset
3. Reboot the machine.
4. Install the latest vpn client available (4.8)

Also along with that, is this a production pix right now ? If so, would it be possible to get a 5 minute window to restart the firewall ? Try that, so many time that have fixed problems.

Cheers,
Rajesh
0
 

Author Comment

by:Iamagrump
ID: 17911791
where can I get the latest version of VPN? When I go to the cisco site I am only a visitor and was not able to download it.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17912189
Yeah, unfortunately you can't get it from there since you need to have a Cisco Service Contract.

Cheers,
Rajesh
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now