Solved

remote access vpn cisco asa 5505

Posted on 2009-07-07
28
394 Views
Last Modified: 2012-06-27
Hey guys.

I've having an issue with a new Cisco ASA 5505 configuration. This is the first time I've configured a VPN on the new ASA's.

The internal address of the ASA is 10.0.0.254. I followed some steps I found on the internet to configure the VPN via the ASDM -- I'm able to successfully authenticate and connect to the VPN with Cisco VPN software.

However, I cannot access/ping anything on the internal network. Here are (I believe) the lines from the CLI:

group-policy vpn3000 internal
group-policy vpn3000 attributes
 dns-server value 199.171.27.2 199.171.27.85
 vpn-idle-timeout 30
 default-domain value trcelectronics.com
group-policy RemoteVPN internal
group-policy RemoteVPN attributes
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value RemoteVPN_splitTunnelAcl
username user1 password IzFIX6IZbh5HBYwq encrypted privilege 0
username user1 attributes
 vpn-group-policy RemoteVPN
tunnel-group vpn3000 type ipsec-ra
tunnel-group vpn3000 general-attributes
 default-group-policy vpn3000
tunnel-group vpn3000 ipsec-attributes
 pre-shared-key *
tunnel-group RemoteVPN type ipsec-ra
tunnel-group RemoteVPN general-attributes
 address-pool vpnpool
 default-group-policy RemoteVPN
tunnel-group RemoteVPN ipsec-attributes
 pre-shared-key *

Am I missing anything? do something wrong?

Do you need more of the config? Let me know!

Thanks guys!!!!
0
Comment
Question by:tamaneri
  • 14
  • 8
  • 6
28 Comments
 

Expert Comment

by:james_martin
Comment Utility
Did you make the changes in the firewall portion to allow VPN external to internal access?
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
Not sure? Can you point me in the right direction for this to occur?
0
 

Expert Comment

by:james_martin
Comment Utility
On the firewall settings you will need to make an entry for VPN to be able to access internal systems.  Give me just a few moments and I can give you a step by step.
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
I have this line in there.....:

access-list RemoteVPN_splitTunnelAcl standard permit 10.0.0.0 255.255.255.0

That look correct? 10.0.0.0 is the internal network
0
 

Expert Comment

by:james_martin
Comment Utility
That is a split tunnel, you need a single tunnel for this to work correctly.  I am working on the entry for you.
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
you are the man! thanks brotha.
0
 

Expert Comment

by:james_martin
Comment Utility
Ok.  I am having difficulties..  I am running Windows 7 and now my ADSM wont work :(
This may take a few minutes longer.
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
No problem! I await patiently :)
0
 

Expert Comment

by:james_martin
Comment Utility
I am not sure why this is the way it is, but mine works so here it goes.
I have two entries for NAT -
Type is Exempt
Source = inside-network/24
Destination = VPN IP addresses (10.x.x.x / 26)

The other entry is:
Type is Exempt
Source = VPN IP Addresses (10.x.x.x.x / 26)
Destination = any

I believe making two entries in your NAT for this will correct the problem.  As I see it you are connected to the network, but the firewall does not know how to route your traffic, once you make the NAT entries you should be good.  
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
Hi James,

I think I've added them properly... check it out... still seems to do the same thing (but i may have done it wrong)


nat.JPG
0
 

Expert Comment

by:james_martin
Comment Utility
Almost right.  When you look at my snippit notice the 10.7.0.0/26, this is my VPN addresses.

eehelp.PNG
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
I think I see what you mean..... a bit.. :)

When I go to point it to the addresses for my VPN (which I configured with 192.168.1.100-192.168.1.105) do not show in the list there for destination. It should definitely show that IP scheme in there correct? Hmph -- don't remember this being as difficult on PIX firewalls lol

i really appreciate your help!
0
 

Expert Comment

by:james_martin
Comment Utility
There is definetly some good and bad with ASA's.  PIX was somewhat easy, but the ASA have some big ones, if you know what I mean.  I would suggest using the VPN Wizard it actually does a pretty darn good job.
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
I did use the VPN wizard... hahaha! :)
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Expert Comment

by:james_martin
Comment Utility
Do you have the VPN Address Pools created?  It sounds like you do.
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
Yea for the address pools I did 192.168.1.100 - 192.168.1.105
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
is that okay? i can technically make that anything, correct?
0
 
LVL 13

Expert Comment

by:3nerds
Comment Utility
tamaneri,

It looks like James have been valiantly working with you on this problem. If you would be willing to post a scrubbed copy of your config I along with others would gladly look at this problem as well. The problem you are having is just what James has said that you are missing a nat exemption and from a cli config most of us here will be able to give you the commands to type in to fix the problem right off.

Regards,

3nerds
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
3nerds:

thanks for the help! here's 'scrubbed' config


ASA Version 7.2(4)
!
hostname TRCASA
domain-name trc.local
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.0.254 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xxx.xx.xxx.xxx 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
 domain-name trcelectrionics.com
access-list outside_access_in extended permit tcp any host xxx.xx.xxx.xxx eq 3389
access-list outside_access_in extended permit tcp any host xxx.xx.xxx.xxx eq pop3
access-list outside_access_in extended permit tcp any host xxx.xx.xxx.xxx eq www
access-list outside_access_in extended permit tcp any host xxx.xx.xxx.xxx eq https
access-list outside_access_in extended permit tcp 208.65.144.0 255.255.248.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.145.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.146.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.147.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.148.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.149.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.150.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.151.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.81.64.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.81.65.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.81.66.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.81.67.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 63.118.69.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host xxx.xx.xxx.xxx eq 3389
access-list RemoteVPN_splitTunnelAcl standard permit 10.0.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.1.100-192.168.1.105 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) xxx.xx.xxx.xxx 10.0.0.54 netmask 255.255.255.255
static (inside,outside) xxx.xx.xxx.xxx 10.0.0.21 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs group1
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs group1
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs group1
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map inside_dyn_map 20 set pfs group1
crypto dynamic-map inside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet 10.0.0.0 255.255.255.0 inside
telnet 10.0.0.254 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0

group-policy vpn3000 internal
group-policy vpn3000 attributes
 dns-server value 199.171.27.2 199.171.27.85
 vpn-idle-timeout 30
 default-domain value trcelectronics.com
group-policy RemoteVPN internal
group-policy RemoteVPN attributes
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value RemoteVPN_splitTunnelAcl
username user1 password IzFIX6IZbh5HBYwq encrypted privilege 0
username user1 attributes
 vpn-group-policy RemoteVPN
tunnel-group vpn3000 type ipsec-ra
tunnel-group vpn3000 general-attributes
 default-group-policy vpn3000
tunnel-group vpn3000 ipsec-attributes
 pre-shared-key *
tunnel-group RemoteVPN type ipsec-ra
tunnel-group RemoteVPN general-attributes
 address-pool vpnpool
 default-group-policy RemoteVPN
tunnel-group RemoteVPN ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:91a6f05f613af16c4d2e4bc04c5660d4
: end
[OK]
0
 
LVL 13

Expert Comment

by:3nerds
Comment Utility
tamaneri,

I believe these lines should correct your problem. Please let me know if you have any additional questions.

nat (inside) 0 access-list nonat
access-list nonat extended permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

Good Luck,

3nerds
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
okay check me out now ---- still no luck :(

TRCASA(config)# wr t
: Saved
:
ASA Version 7.2(4)
!
hostname TRCASA
domain-name trc.local
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.0.254 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xxx.xx.xxx.xxx 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
 domain-name trc.local
access-list outside_access_in extended permit tcp any host xxx.xx.xxx.xxx eq 3389
access-list outside_access_in extended permit tcp any host xxx.xx.xxx.xxx eq pop3
access-list outside_access_in extended permit tcp any host xxx.xx.xxx.xxx eq www
access-list outside_access_in extended permit tcp any host xxx.xx.xxx.xxx eq https
access-list outside_access_in extended permit tcp 208.65.144.0 255.255.248.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.145.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.146.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.147.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.148.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.149.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.150.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.65.151.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.81.64.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.81.65.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.81.66.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 208.81.67.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit tcp 63.118.69.0 255.255.255.0 host xxx.xx.xxx.xxx eq smtp
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 204.17.105.108 eq 3389
access-list RemoteVPN_splitTunnelAcl standard permit 10.0.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 any
no access-list nonat extended permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.1.100-192.168.1.105 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 204.17.105.107 10.0.0.54 netmask 255.255.255.255
static (inside,outside) 204.17.105.108 10.0.0.21 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 204.17.105.105 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs group1
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs group1
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs group1
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map inside_dyn_map 20 set pfs group1
crypto dynamic-map inside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet 10.0.0.0 255.255.255.0 inside
telnet 10.0.0.254 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0

group-policy vpn3000 internal
group-policy vpn3000 attributes
 dns-server value 199.171.27.2 199.171.27.85
 vpn-idle-timeout 30
 default-domain value trcelectronics.com
group-policy RemoteVPN internal
group-policy RemoteVPN attributes
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value RemoteVPN_splitTunnelAcl
username user1 password IzFIX6IZbh5HBYwq encrypted privilege 0
username user1 attributes
 vpn-group-policy RemoteVPN
tunnel-group vpn3000 type ipsec-ra
tunnel-group vpn3000 general-attributes
 default-group-policy vpn3000
tunnel-group vpn3000 ipsec-attributes
 pre-shared-key *
tunnel-group RemoteVPN type ipsec-ra
tunnel-group RemoteVPN general-attributes
 address-pool vpnpool
 default-group-policy RemoteVPN
tunnel-group RemoteVPN ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:7b88d09258188dd300ecc3badfd22c2d
: end
[OK]
0
 
LVL 13

Expert Comment

by:3nerds
Comment Utility
Why do this line in you config have a no infront of it?

no access-list nonat extended permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

3nerds
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
my bad.. it shouldn't... i think i added that by mistake.  That line is in there properly:

access-list nonat extended permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0
0
 
LVL 13

Expert Comment

by:3nerds
Comment Utility
Just to confirm you are attempting to remote access VPN via the cisco VPN client from the outside. You can connect and are issued and IP address. But you are unable to access the remote lan which uses an IP subnet of 10.0.0.0/24.

What is the IP subnet of the network you are connecting to the VPN from?

3nerds
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
Correct, I am issued the first address "192.168.1.100" when I successfully connect, with a subnet mask of 255.255.255.0. I am using the Cisco VPN software version 5.0.02.0090.

That's correct. The network I am connecting to is a 10.0.0.0 network with subnet mask 255.255.255.0

ie. one of my servers information is as follows:

10.0.0.21
255.255.255.0
10.0.0.254 for gateway (firewall)

I am indeed connecting to a remote LAN. The machine in my office (which has the cisco VPN software installed) is on a completely different network. It's a 10.1.1.0 network with subnet mask of 255.255.255.0.
0
 
LVL 13

Expert Comment

by:3nerds
Comment Utility
Ok you are attempting to test this from your inside network? Do you have the ability to test this from the outside?

There are a couple possible problems with you testing it from the inside, do you have the ability to test it from the outside. I assume this is your final goal? If it isn't please elaborate.

3nerds
0
 
LVL 3

Author Comment

by:tamaneri
Comment Utility
3nerds,

i'm testing this from outside of the network. Since I'm outside of the network, my personal computer settings are irrelevant, correct?

The inside of network "A" has a 10.0.0.0 - 255.255.255.0 network. I configured the VPN with a 192.168.1.0 -- 255.255.255.0.

I'm connecting to network A from network B (my personal computer outside of the network) utilizing Cisco VPN software.

Again thanks for the help! Please let me know if you would like me to clarify anything.
0
 
LVL 13

Accepted Solution

by:
3nerds earned 500 total points
Comment Utility
I'm testing this from outside of the network. Since I'm outside of the network, my personal computer settings are irrelevant, correct? ===> Sorry no. If you have a 192.168.1.0 address on you laptop from the location you are testing at and then get a 192.168.1.0 (which is a very common home network subnet) from the VPN then you will have issues.


I try to stick to odd ranges for my vpn pools to keep from running into overlap.

Could easily change this to an odd range.

no ip local pool vpnpool 192.168.1.100-192.168.1.105 mask 255.255.255.0
ip local pool vpnpool 192.168.155.100-192.168.155.105 mask 255.255.255.0

no access-list nonat extended permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list nonat extended permit ip 10.0.0.0 255.255.255.0 192.168.155.0 255.255.255.0

But it is not mandatory just a suggestion.


Regards,

3nerds

0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now