VPN

23K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

ipsecvpn.JPG




We  have  a network similar  to the diagram  shown above ,,
And  we  want  to configure IPSEC  IKv1 VPN between 2  sites .  we  have  A cisco  4321 Router at Branch A and  A Palo Alto firewall on  the  other end  …

After  doing  the well known configuration provided by Cisco at

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/119425-configure-ipsec-00.html

we found  that  we  still could not  form  a successful a tunnel  between sites ,,   ..  
we  think that  there  a hope or a firewall somewhere in the  WAN path  blocking or  filtering
the  IKEv1  traffic  and  ICMP

so  the Questino consist of  two  parts :-

First :-   Kindly  provide  us  with  your suggestion regarding the proper an optimim configuration for the
Devices  at  both ends

Second :-   In  the  WAN  how  could  we  specify  the hop that  filter that traffic exactly ?
                          We  want  to prove that one hop is blocking or filtering IKv1 and ICMP traffic
              Then how could we find and prove that it  prevents specific data traffic  ?
0
Cloud Class® Course: Microsoft Windows 7 Basic
LVL 12
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

Hi, I have a L2TP VPN server set up on a windows server 2012 R2 box. For some reason the transfer speed to clients are capping out at 10mbps although we have an unthrottled internet link of 100/100. Is there any way of increasing the max speed of the vpn connection? The client is connecting from a 100mbps connection as well.
0
For Cisco AnyConnect VPN access to work, I'd prefer not to buy a 2nd computer and keep it fully patched.

I considered maybe making a separate "Work User" on my home pc and only use it for VPN access.

However, theoretically,  because my everyday windows user profile has admin rights, should it become infected, it could write startup items for other users on the same machine.  And, I suppose it could infect the boot loader.  (I'm not sure how likely that scenario is).

Because Cisco AnyConnect VPN has lots of system requirements, I'm guessing I couldn't boot from a BART_PE flash drive.  (Does AnyConnect verify windows patch level and anti-virus status - stuff that wouldn't be up to date on a windows flash drive)

What's my best option?

Thanks in advance for all thoughts and opinions.
-Mike
0
Dear Experts, we  have  these devices, can you design a network diagram that provide HA, security, VPN and reliability ? We have 500 users, 30 servers VM in 4 physical hosts, would like to separate server farm and user LAN. It can separate Internet connection as well

3 x Firewall sophos XG310
3 x Core Switch Cisco 3850 48ports
2 x Access Switch Cisco 2960 24ports
20 x Access Switch Cisco SF200 48ports
All connection is CAT6

Many thanks in advance!
0
I have a Always on VPN in Server 2016 setup and am having issues with the remote clients accessing the production network through the VPN . Here is an example of my setup:

Prod network - 10.1.1.*

DMZ Network - 172.10.1.*

RAS VPN Static pool - 10.10.1.*

VPN server is on domain, has a prod network address, and DMZ address.

The VPN is currently working in the aspect that when i connect to the VPN from my Windows 10 machine(On external network), the Win 10 machine gets a 10.10.1* address. But that 10.10.1.* subnet cannot access the prod network. Do I need to setup Static routes on the VPN server to be able to get to the prod network?
0
Problems Configuring Cisco ASA to service Windows Client VPN and Cisco Client VPN.

The ASA has an existing Cisco Client VPN that works well, we are trying to configure a new profile to allow the built in Windows Client to connect, we have followed the link below but can't seem to get them to both work at the same time.

https://www.cisco.com/c/en/us/support/docs/ip/layer-two-tunnel-protocol-l2tp/200340-Configure-L2TP-Over-IPsec-Between-Window.html
0
Local network using Windows Server 2016 with Essentials. Have need to login remotely on almost a daily basis. Have successfully setup the built in VPN. However, it is very unreliable. Frequently it stops working and then I have to run the Anywhere Access repair application in the Windows Server Essential Dashboard. That often ends needing to have me reinstall the certificate for the remote access. This whole problem is very irritating. When I was using Small Business Server 2011 the VPN never stopped working but now with Windows 2016 it occurs almost weekly and almost everytime a windows update is installed. Any help available? Or can you recommend a more reliable VPN service that I can install on my network than the built in VPN?
Thanks in advance for any help you can provide.
Rick Cowperthwaite
0
I have an network with 200 users. we have 5 branch offices connecting through VPN. I have Cisco WAP571. I think it will be difficult to change the password across the users. Can i do this with GPO? Any ideas how this will work. I want to set up a radius server as well. what are the benefits of having a radius server?
0
On a Fortigate I wish to send traffic from an internal subnet through an IPSec VPN rather than straight out to the internet.

I have created a Policy Route as follows, but traffic still goes out the internet interface and not though the VPN.

Here's the config - testing traffic coming from IP 172.16.1.59 goes to the VPN 'test2'

Thanks

Capture.PNG
0
A customer of mine is moving their people from Office A to Office B, but is leaving the servers at Office A.

There are 5 networks in 3 different security zones that need to exist at Office B for the users, but the companies procurement department has vetoed using a Layer 2 type service because it's not in the current contract with their Telco provider.  :/

Net 1 - 100mb - Security Zone 1
Net 2 - 100mb - Security  Zone 1
Net 3 - 100mb -  Security Zone 2
Net 4 - 10mb -  Security Zone 3
Net 5 - 10mb - Security  Zone 3

The nets are all class C.  All the systems at Office B are new, and having different IP addresses is (amazingly / apparently) not a problem.

The Telco provider has sold them a pair of diverse 300 MB Ethernet MPLS circuits with three private VPNs which will be connected to two new Cisco 4431's at Office A and Office B that will both connect to all 5 network switches at Office A.  These routers will not directly route any packets between the 5 nets / 3 zones (there are other existing routers and firewalls at Office A that will do those tasks if needed), they are purely for connectivity between Office A and Office B.

Within the order notes for the circuits, I see the wording "Each MPLS CE router will utilize the Multi-VRF feature to segment traffic by application.  A total of 3 VPN's will be utilized."

I have no problems with routing protocol features (EIGRP or BGP) on high availability networks, and although I have never configured it …
0
The Ultimate Tool Kit for Technolgy Solution Provi
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Two organizations (ORG1 and ORG2) have merged. Each of the two has branches connected by MPLS VPN. I have connected the two HQs by MPLS VPN through same MPLS Service Provider. Now I need to make branches of ORG2 to access information on ORG1. Is it possible to accomplish this without creating a straight VPN link from branch on ORG2 to ORG1?
0
Over the past week users with Windows 10 on their home machines have not been able to connect to the VPN.  The tunnel itself enables without issue and if I look on the log of the firewall it says they are connected but they cannot RDP to their desktop.  I tried pinging from one of their home laptops once connected to the tunnel and it does not work by IP or by name.  I tried disabling IPv6 on their laptop, made no difference.  We are using the Shrew VPN client on the home machines.
0
We want to update our backups and restore process.  Currently we use external drives and use 3-2-1 method (or try at least because sometimes we justa backup and that’s it); also using differential where once a year  a we clone the server and sometimes the computer.  For the computers daily backup we use synchronization where a copy of  my documents are sync to a certain area of the server.  As for restore, it gets tedious and tricky because we have to search by area since it’s “differential”.

Reading uo on the subject, we found we can use something called VDR or even the cloud for backups.  We like would to know if there an updated process to what we do in backups/restore to current techonoly times
0
How to create a revers VPN?
0
I'm trying to setup a IPSEC VPN tunnel between a Draytek 2860 and a Cisco ASA 5520.

I did manage to establish the VPN connection before but now I am unable to connect. Here are the logs from Draytek Syslog

2018-08-13 01:41:29	 [IPSEC][L2L][5:WMH_PXP1][@xx.xxx.x.xxx] IKE link timeout: state linking
 2018-08-13 01:41:26	 IKE <==, Next Payload=ISAKMP_NEXT_N, Exchange Type = 0x5, Message ID = 0x0
 2018-08-13 01:41:20	 IKE <==, Next Payload=ISAKMP_NEXT_N, Exchange Type = 0x5, Message ID = 0x0
 2018-08-13 01:41:16	 IKE ==>, Next Payload=ISAKMP_NEXT_KE, Exchange Type = 0x2, Message ID = 0x0
 2018-08-13 01:41:16	 Accept Phase1 prorosals : ENCR OAKLEY_AES_CBC, HASH OAKLEY_SHA
 2018-08-13 01:41:16	 IKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
 2018-08-13 01:41:16	 IKE ==>, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
 2018-08-13 01:41:16	 [IPSEC/IKE][L2L][5:WMH_PXP1][@xx.xxx.x.xxx] Initiating IKE Main Mode
 2018-08-13 01:41:16	 Initiating IKE Main Mode to xx.xxx.x.xxx
 2018-08-13 01:41:16	 Dialing Node5 (WMH_PXP1) : xx.xxx.x.xxx

Open in new window

0
Dear Experts
We have hosted SugarCRM application on premise and for external users we have configured firewall that is hardware appliance fortigate 60C to function as SSL Web VPN where the users login to the firewall appliance portal and from here they access CRM application, they are able to login to the CRM through the  web VPN portal but the dashboard reports are not showing up, it shows blank dashboard but when we access directly to the CRM application we are able to see the dash board reports, please help me understand to where things are going wrong and how to fix it please.
0
I have been asked to configure two new ASA5506X for two sites to replace the two which currently are in place and working and are ASA5505’s.

The ASA 5506’s software version is 9.8(2) - The ASA 5505’s software version is 8.2(5)59

I am completely out of my depth configuring the ASA 5506X to the same configuration as the ASA 5505’s

One site is in London and the second site is 150 miles away and both sites are connected using a Site to Site VPN tunnel.  There is a third site which both ASA’s in the UK connect to via VPN in the USA which I have no control over although I did originally configure the ASA and send it out, but it has been replaced since.  So, there is a three-way VPN connection between all three sites.

I have managed to setup the internal IP addresses on the new ASA’s and can connect to them via ASDM and console.

I am looking for help in taking the configuration from the existing ASA 5505’s and making it work in the two new ASA 5506x’s

I am not Cisco trained and it must work first time when someone goes to site to replace the ASA’s and the VPN’s MUST work between all three sites, two in the UK and one in the USA.
0
Need help on SonicWALL inter VLAN routing and Huawei switch port configurations.

Scenario:

We have two sites - HQ and Site office!

HQ:-
Hardware at HQ:

Sonicwall -> Cisco 2960 sw

Details:
Sonicwall VLAN configured with VLAN DHCP pool created!

Sonicwall IP 10.10.10.254
- VLAN 100 10.10.10.0 (LAN)
- Cisco Voice Vlan - 10.1.1.0
    -- (UC540- 10.10.10.1 Also 10.1.1.254)


Site:-
________
Hardware at the site:
Sonicwall -> Huawei core switch -> Huawei switches (need help here)

Sonicwall VLAN configured with VLAN DHCP pool created!

Sonciwall IP 192.168.10.254(Default VLAN)
- VLAN100 (LAN) - 192.168.20.0
- Vlan10 (Voice) - 10.10.1.0 (alcatel voip gw- 10.10.1.254)
- VLAN50 (Guest wifi) - 192.168.50.0
- VLAN60 (CCTV)


Issues:

At the site:
1) Inter VLAN is not pinging

Both Office:

2) Even though Site to site connection is up, only SonicWALL IP can ping, not UC540 IP which is even same LAN)

3)
0
Hi guys,
i'm looking for a decent, preferably free, VPN in the UK for a friend of mine. He says he's not bothered about downloads or porn but is looking to reduce the amount of info Big Brother is collecting about him. All suggestions are much appreciated.
Cheers,
Steve.
0
Choose an Exciting Career in Cybersecurity
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

I have uncommented the all VPN detection rules and also for pptp protocol but still my snort not detecting vpn connections
0
Hello! I’m having trouble routing when connected via VPN to a Cisco ASA 5540 device.

I am unable to ping/connect to any LAN node.

My ASA is using a 192.50.x.x that gets NAT’d by a 2951 series router to 192.168.x.x.

The VPN addresses are assigned 10.x.x.x.

There is an ACL to route the 10.x.x packets on the 2951 router. I believe the issue is on the ASA. I did use the VPN wizard for CiscoAnyconnect.. I’m thinking it could be something to do with tunneling? I’m unable to post a config at the moment- any things to check on without having the config posted?

Thanks in advance!
0
I've just migrated from SBS 2008 to Server 2016 Standard with Essentials Experience installed.
I've configured the server for remote access including VPN connections and this works fine with the exception that the server has to be restarted every 24 hours or VPN stops working but this is to do with GoDaddy Certificates when using the remotewebaccess.com domain and isn't really the subject of this post.
What I'm looking for assistance on is this: I have a remote site which has a Draytek 2860n Router and I would like to create a site to site VPN connection between the two sites and I can find guides on doing this from Draytek to Draytek router but wondered if anyone has done it from Draytek Router to Windows Server 2016?
0
Hello All

I hope someone can help.

We are trying to set up a Site to Site VPN between two Cisco ASA Firewalls. One 5515x and one 5545x.
Followed several steps online but it just does not seem to work. We don't seem to even get as far as the tunnel being up but traffic failing to pass.
Debugging does not report anything it is as if they are not even trying to talk to each other.

Each firewall is the outside barrier on each network with its inside interface connected to a central network switch.

Does anyone have any good step by step guides that may be able to help?

It has been a long time since I last did Site to Site and never on Cisco.
0
As an MSP, I look to find good services to provide to my clients, that are manageable, and frankly, profitable. I'm seeing clients who have "road warriors", who often connect to the Internet using public wifi, which could leave corporate data exposed. They would benefit from the current breed pf VPN service, that's intended more to protect the endpoints, than to provide remote access to their internal networks. (Hell, so many are using cloud-based storage services, that there's basically no need for them to connect to the internal networks anymore.)

What I don't see, are VPN companies coming to the fore with that sort of offer. They'll offer it for personal use, but not for protecting business mobile devices.

Does anyone know of a VPN company that does?
0
I want to monitor in my network system if any one using a VPN, on my system how can i do that, and also want to know the IP address of the VPN server
0

VPN

23K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.