VPN

23K

Solutions

22K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a windows 10 PC, on which I use TunnelBear as my VPN. For sandboxing reasons, I do all my Internet for sites that I don't know in a VMware Windows 10 box. Do I need a separate VPN for the VMWare box, or does the Host PC VPN do the job for me?

Thanks!
0
Create the perfect environment for any meeting
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

I have a site to site VPN mith my Sonicwall TZ205 and all hard wires PCs are working OK accessing resources on both ends, however I have some laptops using the wireless network (it is bridge to X0), however the laptops cannot access any LAN resources on the other side of the VPN tunnel, only on the local subnet.

All other PCs hard wired can access resources on the other side of the VPN, but not the laptops. The laptops are getting a DHCP and they are on the same subnet as other PCs on the local LAN.

Is there any configuration I am missing in the sonicwall, or the laptop?
0
Hi.
Previously we have a Cisco 892FSP connected to our LAN switch (C2960) in which 892FSP router is configured with xconnect interface and connected directly to our LAN switch. We established L2TPv3 Tunnel with our site office between these two. Now we added a new firewall (ASA5506) between 892FSP and our LAN switch. Here are the things that I am not sure:

1. In ASA5506, how to configure the vlan for inside and outside interface? The firewall running in transparent mode but the vlan has no IP Address. What IP address should i configured for BVI interface?
2. 892FSP router interface that will be connected to ASA5506 is configured with xconnect, how do I integrate between these two as xconnect interface has no ip address configured.

Appreciate if you guys could give some ideas. Thank you

New-Picture--3-.bmp
0
Hello.
I have configured and established site-to-site vpn on my ASA (local network 192.168.46.0/24, remote network - some public subnet).
For a few days I need all traffic destined to this public subnet to go directly through the Internet (not VPN). Default gateway to the Internet is already configured. I tried to disable vpn, but when I'm trying to ping public subnet from my local network it's not working. How can i do that without deleting VPN?
0
Hello,

Does anyone have experience with setting up QoS across a site-to-site VPN tunnel, whereby a portion of the WAN bandwidth is reserved and dedicated to the tunnel itself or certain endpoints and service ports.  I have a remote network with a Sonicwall TZ400 and also am working on setting up a Mikrotik Cloud Core router with a configuration like I have on the sonicwall.  I am looking to do QoS for VOIP traffic.  Our phones are at the remote side and our PBX is on the main side.  I am unclear on whether playing with QoS settings on the remote VPN side has an impact on the WAN traffic shaping because it is a separate interface / network than LAN to WAN traffic.  Ideally I would like to have steps on getting this working on both a sonicwall and a Mikrotik.  I don't want heavy load on my remote side WAN to impact the quality of calls across the VPN for my SIP phones.  Thank you.
0
In our office we have a 5505 ASA with about 15 tunnels to various other offices.  We use the tunnels to access the systems and servers in these offices but we also RDC into other servers not through a vpn.
We are wanting to set up QOS to prioritize the RDC traffic.  I would normally put it on the outside interface but when I tried this and flooded the network with downloads I noticed that RDC sessions that were tunneled stalled.  This makes sense since the traffic is encrypted and tunneled thru the outside interface so the QOS cannot properly prioritize it.  So if i put the QOS rule on the inside interface will it prioritize both the RDC to the internet and also the RDC to VPN tunnel.
The other alternative is to prioritize the VPN tunnel but we have like i said around 15 of them.

Any guidance is always appreciated.
0
We currently use OpenVPN, as well as L2TP over IPSec VPN on our Linux servers (CentOS 6.x mostly). Both VPN servers are running properly. However, while each of the physical servers have several IPs assigned to them, the VPN is always able to run on one IP address only.

What we need:

A user connects to our server (either via OpenVPN or via L2TP over IPsec VPN), the server picks a random server IP address instead of just one for all users.

Basically, what we need is a server side IP address rotation for the VPN.
0
We have two buildings connected with fiber.
Say
building A VLANs
192.168.1.0 – 192.168.10.0
Building B Vlans
192.168.11.0 – 192.168.15.0
ShoreTel Director is on Vlan 192.168.3.0
All ShoreTel phones are working fine between buildings.
We also have a remote users connected via VPN routers from home offices as ShoreTel will not work with any NAT translation.
VPN IP starting from 192.168.16.0 and up to 192.168.64.0
Remote office connected VPN (via remote cisco router to Building A router VPN)  can connect to any IP/Vlans from both buildings no problems.
While ShoreTel phones will connect fine between remote office and building A (when dialed by extension only) . W0hile when remote office (via VPN) will dial ShoreTel ext. in building B it will ring and connect the call, but there will be no voice head.it will ring but once call connected it ShoreTel callers do not hear each other unless they will a dial full 10 DID number.
So This routing problem is only relevant to ShoreTel phone system calls (  I believe same is for  any other IP based phone system as initially when call placed phone system acts as an intermediary between to extensions until call is connected and then two extensions should talk to each other directly)
From remote VPN location to the Building B. If I check routing between ShoreTel vlan in building B and VPN Vlan I can communicate fine.
I am looking for the answer from an Expert with strong ShoreTel experience and not looking or random - Did you …
0
Hello -

I'm looking to implement a (somewhat) cheap but reliable and secure VPN solution in a small organization. No more than 20 users at a time to connect to the main location for file sharing. It is a Windows environment(servers, laptops). I was looking into Direct Access but it seems like an overkill for such small organization (Licenses and servers). Ideally staff would use their AD credentials in order to authenticate.


Thank you very much!
0
The user is a photographer and presently has an 8 TB RAID, which is physically carried between two locations every few months.

They now have a decent cable modem connection in the remote connection they use, with an upload speed of 10-15 mbs

Their activity consists of loading in 2-15 gigabytes every week or so, cataloging and adjusting the photos with Adobe Lightroom.  Computers are MacOS X, maintained to the latest version of the operating system that supports Lightroom.  

What's the best way to keep two copies of the RAID in sync over the Internet?  I can set up a VPN.

Thanks
0
Portable, direct connect server access
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Cannot seem to find the answer to this anywhere.. Does Google Authenticator require a RADIUS server linked to Active Directory? If not how does it authenticate against the domain\user?

Thanks in advance,
0
Hi All,

I'm working for a company who are currently using VASCO hard tokens for two-factor authentication. They want to switch over to a soft token (e.g google authenticator) however after reading this (https://www.wikidsystems.com/blog/5-issues-enterprises-should-consider-before-using-google-authenticator-for-ssh/) I've been slightly put off. Also nobody can seem to 100% confirm whether a RADIUS server in Active Directory is required for Google Authenticator or whether Google provide one. I've spoken to Barracuda who said it should be as simple as creating a new authentication scheme on the VPN and selecting Google Authenticator as the option however I wanted this confirmed by Google before beginning.

What are other two factor authentication methods that are best used in Enterprise environments? And was a RADIUS server required etc?

Thanks in advance,
0
HP RAS Tools crashes on an HP Elitebook 8470P running Windows 7 Enterprise
RAS Tools will not install successfully on this laptop.  Its been reimaged at least 3 times.
how do I locate the missing file and determine what it is that needs to be installed for it to work?

Failed to connect to an IPC Port: The system cannot find the file specified.

Source: mscorlib
Exception: Failed to connect to an IPC Port: The system cannot find the file specified.
 
Stack Trace:

Server stack trace:
   at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)
   at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout)
   at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at EDS.RasTools.RasToolsService.RemoteableClass.get_NewConnectState()
   at EDS.RasTools.RasTools.RasMain.OnProxyRepairTimer(Object sender, …
0
Hi

Reading a bit into this, but not getting far really, even speaking with sales.

We have 3 sites.  Using mix of cisco/juniper connected over VPN.  Works well.  No HA in place.  Backup internet links.   All managed by 3rd party.  SIP/Voip terminates at HQ so need continuity of this.

Has anyone migrated from MPLS/SD-Wan.  Any suggestions internally managing or 3rd party co?

Thanks
0
I have 4 VPN connections, all Windows XP computers, one Windows 10 computer.  I've been able to access computer shared files by computer name... then one day on the Windows 10 computer I couldn't but can by IP address.  The XP computers on the VPN are working fine.  There has not been any network configuration changes, NETBIOS is enabled in the router's VPN setup and in the Windows 10 TCP/IP configuration.

Before I resort to editing my host file to make names work again, I would like to resolve why it all of a sudden stopped working.  I feel like editing the host file is not the proper solution given all other XP computers are working AND this windows 10 computer was working.

Suggestions are greatly appreciated.
0
It frequently happens that when I try to use PAN Global Protect for work VPN that the authenticator token doesn't arrive until after the Global Protect connection attempt has given up/timed out. If I try to connect a second time then the token for the first attempt will often arrive during attempt #2, the second during attempt 3 and so on.

What is likely the problem? And is there anything I can do as an end user to fix this? Anything that IT could do to fix the delays of the token?
0
Hello team,

We have created a vpn tunnel (VPC) from our physical office to Amazon. The tunnel is active but I can't connect to any of my Ec2 machines using the private ip address. Is there anything additional that needs to be done in the amazon side to make this work? I'm not sure if there's a firewall or something I will need to configure as well.

Thank you!
0
I am looking for inputs on a routing issue that we are having. We had to replace a failed ASA after a hard failure without the benefit of a saved config anyplace.The Circuits is a CenturyLink IQ circuit. There are two other locations in the CUG.

After doing a base configuration including default route to our Public IP of our Circuit ( a constraint for PPTP VPN traffic that is legacy)  we are unable to move traffic from a remote site with the same Public/Private port set up. A brief layout.

Site A IQ Circuit - 10.10.8.0\24 Trusted LAN, Public IP of 208.115.1.10  Private IP of 65.65.65.65
Site B IQ Circuit (HQ)- 10.10.10.0\24 Trusted Lan, Public IP of 210.120.1.10 Private IP of 66.66.66.66
Site C Private Circuit ( Data Center ) 172.28.16.0\24 Connects via IKEv2 VPN Tunnel

Traffic flows from B to A , B to C , A to C , C to A and C to B.

The missing piece is what I believe is a route issue.When Site A attempts to ping traffic ( 10.10.8.0 to 10.10.10.0 ) that traffic expires in transit. Looking at a tracert I see that the last successful hop is the Juniper Device ( The Centurylink Serial ) which has a x.x.x.37. as there is no route into the ASA currently.

I recalled a route on the failed device, however not being ours at that point i foolishly did not make a copy of that running config.Does someone have a good example of what this route would look like for ASA 8.2?Currently I have a default route of 0.0.0.0. (EXTERNAL INTERFACE IP) as well as the VPN Traffic …
0
The 5505 was working fine before migration, two new ISP providers been used and I had to reconfigure all tunnels. 50% of them came up just fine, but other half is down. I would appreciate the assistance. I can post the config shortly, Thank you
0
Bringing Advanced Authentication to the SMB Market
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Good Morning Experts,

I have a user in AU who works for us here in Maryland.
She has a laptop that she set up there with windows 10 home.
Is it possible to upgrade her laptop (using logmein) to Windows 10 Pro and join our domain through VPN to properly manage her system?

Myself and my team want to configure a laptop here on our domain and send it over like we have done in the past and never had issues and that is our recommendation but management is not supportive of our recommendation so before I go further, I wanted to just check with others to see if setting it up properly on our domain from Australia is even possible.

Thank you,

Karen
0
We have two sites each with a SonicWall on the perimeter.

I have written out the site settings for each location.  In the document I have prepared they are referred to as Main Site and Remote Site.
Every now and then the VPN will stop working.  We go in and check it, change nothing then check the other end, check and change nothing, then at some point it will start working again.
We could be down for a long as 30 minutes.  We are getting frustrated with SonicWall support as they cannot tell us what is causing this problem.    

Would anyone be able to review our setting if I attach them to this question?
Is there an alternative to VPN?  

HELP!

Kevin
0
Here is my scenario:
Site 1:
•      Data Subnet: 10.200.0.0/21
•      Voice Subnet: 10.200.200.0/24
•      Cisco ASR 1001: 10.200.1.254 – gateway
•      Meraki MX400: 10.200.1.1 (separate Internet connection)
Site 2:
•      Data Subnet: 10.205.0.0/21
•      Voice Subnet: 10.205.200.0/24
•      Cisco ASR 1001: 10.205.1.254 – gateway
•      Meraki MX400: 10.205.1.1 (separate Internet connection)

My primary Internet connection (at each site) comes from the Cisco ASR 1001 at each location.  This is an MPLS connection with Internet access (this is connected directly to the local core switch at each site).  In the event that the primary circuit fails (BGP), there is a route built in that sends all traffic to the local Meraki MX400, which has a VPN tunnel into our MPLS network for site-to-site connectivity – if necessary, we can disconnect this VPN if there is a better solution.

I can manually initiate a failover (disconnecting the primary circuit from the ASR 1001) and when I do, we have Internet and voice access but no site-to-site connectivity through the MX400.  Not sure how to get site-to-site connectivity while in a failover scenario.
0
I have a Microsoft Server 2016 Standard with Essentials installed. I have the VPN access enabled through the Setup Anywhere Access wizard. But when I try to connect via Windows 10 VPN connection I keep getting the following error: "The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.
0
I am looking into DMVPN issue. My tunnel keeps dropping, isakmp and ipsec is OK. If I shutdown my dmvpn tunnel interface and bring it back up, it all comes back up. Any ideas?

- I have 300 some sites with literally identical tunnel set up and config, none are doing this.
- all interfaces are UP and UP. Including tunnel int, outside and inside int's.
0
See the attached figures.

I have a current configuration that links sites with Point-to-Point (P2P) or MPLS kind of "private" links.
The implementation also provides internet access through the main site for all sites.
(We happen to be using RV042 routers for interfacing with the P2P links).

Now we want to implement VPN tunnels over the links for added security.
(I'm rather sure the RV042s won't support doing this .. for reasons I could get into but need not here and now)

So, the question is:
What simple interfacing routers can I use on the links that will implement the VPN tunnels AND support the intended internet access?
This would end up looking like a NON-split VPN to the linked sites .. i.e. with internet access over the VPN / P2P link.
Point-to-Point-Simplified.pdf
Planned-Point-to-Point-with-Internet.pdf
1

VPN

23K

Solutions

22K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.