[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Starting with Windows 2012 change for network interfaces (adding, replacing, ...) requires to uninstall and reinstall RRAS to apply those changes - purging the current RRAS setup. The following script shows how to add new interfaces without having to reinstall RRAS.
1
Challenges in Government Cyber Security
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Scenario 10
This article is about building Dynamic Multipoint VPN tunnels in Cisco CSR1000V router with IOS XE. There are two CSR1000V hub routers configured with dual hub dual cloud Phase 3 DMVPN.
0
Scenario 9
This article is about building Dynamic Multipoint VPN tunnels in Cisco CSR1000V router with IOS XE. There are two CSR1000V hub routers configured with single tier Phase 3 DMVPN Cloud.
0
Scenario 8
This article is about building Dynamic Multipoint VPN tunnels in Cisco CSR1000V router with IOS XE. There are two spoke routers connected to single tier Phase 3 DMVPN Cloud hosted on CSR1000V router.
0
Scenario 7
This article is about building Dynamic Multipoint VPN tunnels in Cisco CSR1000V router with IOS XE. There are two spoke routers connected to single tier Phase 1 DMVPN Cloud hosted on CSR1000V router.
0
I had to tackle a challenge to use Cradlepoint routers to provide backup WAN connectivity for my remote sites. This is how I did it.
0
Scenario 6
This article is about building a Route Based site to site VPN tunnels with Redundant Routers in DC (HUB) in Cisco CSR1000V router with IOS XE. There are four Route Based IPsec VPN tunnels configured on two CSR1000V routers as redundant routers pair.
0
Scenario 5
This article is about building a Route Based site to site VPN tunnels with VRF and dynamic routing protocol (OSPF) in Cisco CSR1000V router with IOS XE. There are two Route Based IPsec VPN tunnels configured on CSR1000V router, traffic from app server is with NAT and rest is without NAT.
0
Scenario 4
This article is about building a Route Based site to site VPN tunnels with dynamic routing protocol (OSPF) in Cisco CSR1000V router with IOS XE. There are two Route Based IPsec VPN tunnels configured on CSR1000V router, traffic from app server is with NAT and rest is without NAT.
0
Remote Desktop Connections and VPN Connections Fail. Starting May 9, we received many reports of Remote Desktop connections failing globally. Users received error messages on authentication when they try to remote to machines or VPN. Here's the cause, symptoms and simple workaround.
0
Exploring ASP.NET Core: Fundamentals
LVL 12
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Scenario 3
This article is about building a Route Based site to site VPN tunnels in Cisco CSR1000V router with IOS XE. There are two Route Based IPsec VPN tunnels configured on CSR1000V router, traffic from app server is with NAT and rest is without NAT.
0
Scenario 2
This article is about building a VRF-Aware site to site VPN tunnels in Cisco CSR1000V router with IOS XE. There are two VRF-Aware Policy Based IPsec VPN tunnels configured on CSR1000V router one with NAT and another without NAT.
0
Scenario 1
This article is about building a site to site VPN tunnels in Cisco CSR1000V router with IOS XE. There are two Policy Based IPsec VPN tunnels configured on CSR1000V router one with NAT and another without NAT.
0

Expert Comment

by:Isaivani Venkat
Comment Utility
ip nat outside source static 192.168.10.10 172.17.10.10 this NAT statement really required ???
0
LVL 4

Author Comment

by:Santosh Salunke
Comment Utility
Hi Isaivani Venkat

ip nat outside source static 192.168.10.10 172.17.10.10

This NAT is to change branch user IP from 172.17.10.10 to 192.168.10.10. I had used this to demonstrate how to do 'Destination IP NAT'.
0

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they worth the investment?  As someone who makes and sells SD-WANs for a living, I do love the technology. However, even I know that SD-WANs aren’t a fit for every company. Here, then, are five reasons from an SD-WAN insider why not to buy an SD-WAN.


You might not save as much money as you thought

Numerous surveys show that a driver, if not the major driver, for SD-WANs is reduction in monthly spending for bandwidth. Proponents will point to the 90 percent difference between MPLS and Internet bandwidth. You will reduce costs, but often actual savings are much more conservative than the quoted 90 percent number. Many locations will require dual fiber links for reasons of resiliency, increasing costs. Service provider management, an inherent part of any MPLS service, must be assumed by the enterprise with SD-WAN -- another cost center. There are also security costs that need to be calculated, if branch offices are to use local Internet to improve cloud application performance.


So, where will cost savings come from? Depending on the SD-WAN selection, you can save the cost of replacing end-of-life routers at branch offices. Bandwidth costs will almost certainly reduce when replacing MPLS with Internet, unless you happen to be in a region where Internet availability is limited. SD-WANs offered by some Firewall-as-a-Service providers allow you to eliminate or reduce security as well as networking costs. You’ll also reduce your operational costs through the use of centralized configuration and management.


You might not be able to replace your MPLS networks

To be MPLS-free is the wish of any WAN manager, but there’s an excellent chance that with most SD-WANs, you’ll remain tied to the MPLS umbilical cord. Companies depending on latency-sensitive and loss-sensitive applications will not be able to deliver the kind of consistent, quality experience, day-in and day-out, with the Internet. As I mentioned, routing dynamics and Internet economics are such that there’s very little incentive for providers to deliver the kind of consistent latency and loss statistics needed by enterprise-grade application. This is particularly true when delivering services in underserved areas or between Internet regions. For those applications, organizations should retain MPLS or replace it with another SLA-backed backbone.


It will not make everything faster

The quality of experience (QoE) of some applications will improve with an SD-WAN when compared with MPLS, but not for all applications. SD-WANs are not WAN optimization, which applies a variety of compression, caching and protocol optimization, as well as link correction techniques to improve application efficiency, reduce latency, and minimize loss. SD-WANs are about controlling the overall network; WAN optimization improves one path across the network. SD-WANs may include WAN optimization techniques, but that’s the exception -- not the rule.

All SD-WANs can help improve application performance in three ways:


  • Applications requiring a lot of throughput (think: data replication or backup) will benefit from SD-WAN’s ability to leverage high-bandwidth Internet links.
  • Cloud and Internet application performance will improve by being able to access the Internet directly (direct Internet access, DIA) from a branch office, assuming secured Internet connection is provided. By contrast with MPLS, Internet traffic is commonly backhauled to a secured Internet portal. This can introduce significantly more latency into the connection through the so-called trombone effect.
  • Voice, video and other latency sensitive applications, in particular, benefit from the SD-WAN’s ability to select the path with the least latency.  Normally, Internet routing is application agnostic, routing traffic based on a combination of the number of hops and peering economics. By contrast, SD-WANs monitor the characteristics of the underlying transports and use that information, along with policies describing business logic, to select the optimum path to a destination.

 

Networking will not become easy

SD-WANs go a long way to making wide area networking more plug-and-play, but I don’t think anyone who’s deployed an SD-WAN will say it’s easy. Zero-touch deployment does make deployment far more rapid than configuring dozens of individual routers, but someone still needs to understand routing, policy configuration, network performance and more. Some vendors give you GUIs for those deployments, in which case large scale deployments may be tedious. Other vendors rely on CLI, in which case you’ll certainly want to retain the expertise of a networking engineer. Adding a multi-tunnel environment that’s used in overlay makes troubleshooting more challenging. Now you need to worry, not just about L3 and routing issues, but the SD-WAN, as well.

 

Security problems will not be solved

SD-WANs do not provide advanced security. They encrypt traffic, like any other VPN, which protects against wiretapping and man-in-the-middle attacks, but they provide none of the advanced security services needed to defend against malware penetration, advanced persistent threats and more. This is particularly important because SD-WANs rely on DIA to improve cloud and Internet performance. But direct internet access is only possible if those Internet connections can be secured against Internet-borne threats. You’ll still need to invest in IPS, malware protection, next generation firewall (NGFW) and other advanced security services, increasing the cost of an SD-WAN deployment.


As with any new technology, there are more than a few misconceptions around the value of SD-WANs. But there’s also real value to the technology around operational savings, end-to-end performance, and more. Understanding those benefits will help you get the most from you SD-WAN.

0
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
0
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to only use certain services on your network?  Furthermore, what if you want to use the same OpenVPN server to allow yourself or employees full access to the network while giving your customers restricted access?  I’ve got a solution for you!

My example comes from the need to provide a group of customers with access to our MSSQL Database Server without exposing that server to the internet and potential attacks.  We also have a need for myself and other network administrators to be able to use a VPN to gain full access to this network.  My solution is the following OpenVPN configuration:

Assuming that OpenVPN installation is completed and working with defaults and using PAM authentication on an Ubuntu Server.

CREATE USER ACCOUNTS ON THE SERVER
From a terminal session add the users you will be granting VPN access to.  There is no need to assign groups or permissions, only the username and password are needed.

#sudo useradd username
#sudo passwd username

Easy enough, now let’s log on to the web interface for our OpenVPN Server

CONFIGURE OPENVPN SERVER

    VPN Settings
        Dynamic IP Address Network
            Create a network to be assigned to administrative users.*
            *Users or Groups marked as …
0
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance.

A concise guide to the settings required on both devices
1
Let’s list some of the technologies that enable smooth teleworking. 
0
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
1
LVL 17

Author Comment

by:William Fulks
Comment Utility
Thanks! My first attempt was using Windows Update. I should make a quick edit to specify that. I went through all the usual measures and they all failed until I removed NetMotion. I wasted a whole afternoon on that machine!
0
Discover the Answer to Productive IT
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my methods over that time frame.
5
LVL 67

Expert Comment

by:Jim Horn
Comment Utility
Very well written chronology, and exactly the type of 'lessons learned from experienced experts' style of writing we need around here.  Voting Yes.
0
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP).

Here is the basic setup of DMVPN Phase 3. I'll not go into an in-depth discussion of DMVPN; rather, this article will focus more on the features that will enable a DMVPN with both hub and spokes having a dynamically assigned NBMA IP. The setup has been simulated using IOS version 15.4(2)T.
DMVPN-network-diagram.png
**************************************************************************************
(R1 configuration)
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
 ip address 10.0.0.1 255.255.255.0
 ip nhrp authentication NHRP_KEY
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip nhrp redirect
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
!
interface Ethernet0/0
 ip address 15.0.0.1 255.255.255.0
!
router eigrp 1
 network 1.1.1.1 0.0.0.0
 network 10.0.0.1 0.0.0.0
!
ip route 0.0.0.0 0.0.0.0 15.0.0.5
**************************************************************************************
(R2 configuration)
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
 ip address 10.0.0.2 255.255.255.0
 ip nhrp authentication NHRP_KEY
 ip nhrp map 10.0.0.1 15.0.0.1
 ip nhrp map multicast 15.0.0.1
 ip nhrp network-id 1
 ip nhrp nhs 10.0.0.1
 ip nhrp shortcut
 tunnel source Ethernet0/0
 tunnel 

Open in new window

1

Expert Comment

by:shahed Israr
Comment Utility
Dear learner,
If you don’t know anything about DMVPN configuration,
check out these links: <a href="http://gponsolution.com/dmvpn-configuration.html">DMVPN Configuration</a>
0
Secure VPN Connection terminated locally by the Client.
 Reason 442: Failed to enable Virtual Adapter.
If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry fix.

To fix:
1. Click Start and type regedit in the Search field and hit enter.
2. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\CVirtA
3. Find the String Value called DisplayName
4. Right click and select Modify from the context menu.
5. In Value data, remove @oemX.inf,%CVirtA_Desc%; . The Value data should only contain Cisco Systems VPN Adapter for 64-bit Windows.
6. Click Ok.
7. Close Registry Editor.
8. Retry your Cisco VPN Client connection.

Before the changeAfter the change.Originally published on my Blog : www.supertekboy.com
As : http://supertekboy.com/2013/10/19/cisco-vpn-on-windows-8-1-reason-442-failed-to-enable-virtual-adapter/
0
Imagine you have a shopping list of items you need to get at the grocery store. You have two options:
A. Take one trip to the grocery store and get everything you need for the week, or
B. Take multiple trips, buying an item at a time, to achieve the same feat.
Obviously, unless you are purposefully trying to get out of the house you’d choose “A”. But why do we so often times choose “B” when it comes to our data transmission performance? The key metric here is efficiency.How many trips do you want to take?

MTU…says you need to buy Milk in 1 Gallon containers rather than by the ounce!

MTU is an acronym that stands for the Maximum Transmission Unit, which is the single largest physical packet size, measured in bytes, a network can transmit. If messages are larger than the specified MTU they are broken up into separate, smaller packets also known as packet fragmentation or “fragmented”, which slows the overall transmission speeds because instead of making one trip to the grocery store you are now making multiple trips to achieve the same feat. In other words, the maximum length of a data unit a protocol can send in one trip, without fragmentation occurring is dictated by the MTU value defined.

Do I Really need to Manually Correct the MTU Value?

The correct MTU value will help you select the correct shopping cart size in order to be the most efficient in your grocery shopping so that you don’t have to take multiple trips. Shouldn’t I just leave…
20

Expert Comment

by:Jason Shaw
Comment Utility
Would changing the MTU on on-side of VPN tunnel cause any issues with VPN ?
0
LVL 32

Author Comment

by:Blue Street Tech
Comment Utility
Hi Jason, I assume you are only changing it on one side of a VPN tunnel. If I am correct, then it would only benefit one side of the connection. So if that connection is having the issues then it may remedy the problem, however for greater efficacy I'd do both ends (they most likely will not have the same MTU).
0
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app.

First off you need to download the app from the App Store; just search for "SonicWALL" and you will see the SonicWALL Mobile Connect app.
 App Store
Once installed you need to setup your connection profile. Choose "Create a new connection" on the Connections Menu. You need to enter a few details including a name you want for this connection, the server IP or FQDN you want to connect too ( this is the public IP or URL for your device ) and your username and Password which are optional ( you will be prompted for them if you do not enter them here, there fields are also dependent on the settings of the VPN server ). The domain field will pre-populate based on the domains offered through the SSL VPN device.
 Connections Tab 1 Connections Tab 2
Once you enter the connections information the app will put you back to the main screen, select your newly created connection and press the green "Connect" button. You will be prompted for your username/password if not already stored and once connected the green "Connect" button will turn red and now become a "Disconnect" button. To disconnect the VPN just press this red "Disconnect" button.
 Disconnect
Once connected there are a few information menus for…
1
LVL 1

Expert Comment

by:sunnylowe
Comment Utility
for instance, is this setup like an L2TP, or a SSLVPN or what?  Any ideas?
0
LVL 8

Author Comment

by:amatson78
Comment Utility
I have not written one but here is a link to the official SonicWALL setup for Firmware 5.6+ depending on the device you are using. This client is only for SSL VPN, will not work with L2TP.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6461
0
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140.


What and Why of FIPS 140
Federal Information Processing Standard (FIPS) 140 is a US Federal Government standard for information systems security and protection. Vendors submit their products for testing and once they pass testing, the product is FIPS 140 certified. However, the FIPS 140 certification stipulates a specific configuration and operating system. If you are working on a governmental project or have data that requires US governmental classification, FIPS 140 is usually required.  Outside of required use, FIPS 140 can be used to provide advanced information security. Read more at http://en.wikipedia.org/wiki/FIPS_140.

Juniper has several models and versions  of ScreenOS that are FIPS compliant. See their web site  http://www.juniper.net/techpubs/hardware/netscreen-certifications.html for details.


Juniper Configuration Guide
If you are new to setting up Junipers using ScreenOS, I recommend getting the Concepts and Examples Guide for your ScreenOS version at http://www.juniper.net/techpubs/en_US/release-independent/screenos/information-products/pathway-pages/screenos/product/index.html.
 
Chapter "Site-to-Site Virtual Private Networks" and section “Route-Based Site-to-Site VPN, AutoKey IKE”  covers the basic setup for site to site…
1

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.