VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Any suggestions. Just added a site to site IPSEC tunnel from Cisco ASA running ASDM to a SonicWALL. Successfully got the tunnel live. However cannot reach anything in the cisco network from the SonicWALL. Also there was an existing Cisco AnyConnect SSL-VPN that was working and still connects. However that VPN can also no longer access anything in the network. So seems like a NAT issue or maybe an issue with the ACL? Strange that all the VPNs connect but can get to anything in the inside network... See the running-config below


ASA Version 8.6(1)
!
hostname xxxxxx-ASA
domain-name xxxxxxx.local
enable password xxxxxx
passwd xxxxxx
names
!
interface GigabitEthernet0/0
 description To Switch 1
 channel-group 1 mode on
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/1
 description To Switch 2
 channel-group 1 mode on
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 description LAN Failover Interface
!
interface GigabitEthernet0/3
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 description To TWC
 nameif Outside
 security-level 0
 ip address 47.23.x.x 255.255.255.248 standby 47.23.x.x
!
interface GigabitEthernet0/5
 description To VZW
 nameif Backup
 security-level 0
 ip address 10.1.1.2 255.255.255.248 standby 10.1.1.3
!
interface Management0/0
 shutdown
 no nameif
 no security-level
 no ip address
 management-only
!
interface Port-channel1
 …
0
Microsoft Azure 2017
LVL 19
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

I am working on making some changes on AVAYA VSP4850 switches.  This is my first time working on Avaya and I have some questions on how things work.

On the switches are multiple vlans.
vlan create  10 name "Data" type port-mstprstp 1
   vlan members 10 1/1-1/40 portmember
   vlan i-sid 101 7770010

vlan create  20 name "voice" type port-mstprstp 1
   vlan members 20 1/3-1/40 portmember
   vlan i-sid 101 7770020

vlan create 30 name "private" type port-mstprstp 1
   vlan members 30 1/41-1/46 portmember
   vlan i-sid 200 7770030

vlan create 100 name "Internet out" type port-mstprstp 1
    vlan i-sid 100 770100

vlan create 500 name "Cisco_ASA" type port-mstprstp 2
   vlan members 500 1/48 portmember
   interface Vlan 500
   ip address 192.168.10.253 255.255.255.252 2
exit

vlan create 4051 name "BVID-1" type spbm-bvlan
vlan create 4052 name "BVID-2" type spbm-bvlan

#
# ISIS SPBM CONFIGURATION
#

router isis
spbm 1
spbm 1 nick-name 10.00.10
spbm 1 b-vid 4051-4052 primary 4051
spbm 1 ip enable
exit




interface GigabitEthernet 1/48
no shutdown
isis
exit
interface GigabitEthernet 1/49
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  force-port-state enable
no spanning-tree mstp msti 62 force-port-state enable
exit
interface GigabitEthernet 1/50
default-vlan-id 0
no shutdown
isis
isis spbm 1
isis enable
no spanning-tree mstp  
0
Hi
The office has been sold to another company and we are now tenants, they’ve pulled the ISP we had with 5 static IP addresses and have now issued us with just one IP address which is shared with other companies within the building.
We have an exchange server and Vpn links to other offices, what choices would I have with this? Is there a work around?

Thank you in advance of any help.
0
We're Trying to add another ipscheme/domain(192.168.113.xx) to our Cisco AnyConnect VPN ip-scheme. (10.111.255.xx) on our Firewall rules. Where and what are the configurations to do this? We have CIsco ASDM  7.2 and only giving access to our New York Office at 192.168.111.xx
0
three years ago this January I bought a high end Lenovo Legion Y720T-34IKH.  Model 90H5000XUS.  It had problems from the beginning, mainly in supporting two monitors.  The Amazon seller agreed to replace it.  Still had problems.  Many calls and couple months later, I finally was able to get it working.  But then it would only recognize the 1 TB SSD.  It did not see either of the 5 TB SATA drives.  Turns out there were no SATA data cables to the drives.  By this time I was burned out about it and walked away.   Recently I returned to it and put in the data cables.  It came up, but only saw one 5 TB, but that was ok.  So I installed my antivirus and VPN software.  Tried to install lightroom, but it said there was a pending reboot.   So I rebooted.  The Lenovo logo came up and the little spinner just kept going, never bringing up the computer.  After many retries, I was able to get to advanced startup options.  Nothing seemed to work, so I reinstalled.  Then I repeat the antivirus, vpn and lightroom install.   Told to reboot.  Same thing happened.  After two days, I was finally able to get to the advanced options.  This time I was able to choose the startup option where it did not run the anti-malware at boot.  It came up fine.  So I made a recovery flash drive.  I did not think to uninstall the anti-virus at that time.  So I rebooted again and I back to the same problem.  This time when I am able to tell it to not run the boot anti-malware, it still did not work.  So been …
0
Hi,

I have three Edgerouter X running site-to-site VPN (site a, b and c) .  Everything was working fine until the devices were restarted.  I've gone through all of the available troubleshooting and can't see to figure out why Site A and Site C cannot ping anything on Site B.  I've checked and double checked all of the configs and everything matches up.  I know that there are some known issues with version 2.0.6 so I'm running 1.10.10.  Do you have any ideas I can try?  Thanks!
0
Hi

We have been given Cisco Firepower 1010 firewall to use at a site and we need help with configuring site to site VPN.

Here is the current status

1. We don't have what's called the FMC, we only use FTD which is the built-in management web interface for the device. I know there is command line also available via terminal but I have no clue about how to use it. I am more of a GUI person.
2. I have managed to configure the basic settings so I can get on the Internet from behind the firewall.
3. I have also configured site to site VPN with the remote site. Remote site is using a Draytek Router and Draytek side it is showing that the VPN has been established. On Firepower side, I can't see the status in the GUI but command line (show crypto isakmp sa) is showing VPN to be up. I googled that command I don't know CLI commands for cisco.
4. So VPN is up but can't route traffic between the two sites either ways.

I am aware that in Cisco firewalls, just doing VPN isn't enough, you have to do firewall rules or policies etc. I don't know where to do it from GUI and I have a feeling it might not even be possible via GUI in this device. That's fine as long as someone can help me create those rules and policies using command line.

Need to go live next week so any urgent help will be greatly appreciated.
0
Meraki MX68 cannot get to internet, bad internet connection

I have setup an internal ip on internet 1 and have configured a nat in my ASA per meraki setup guidelines. Using as a VPN concentrator. Everything seems to be setup correclty and traffic is flowing back and forth in the ASA log monitor?
0
Which one is correct statement when comparing IKEv2 and IKEv1 ?

a. IKEv2 is more secure by requiring reauthentication for IKE SA.
b. IKEv2 is more reliable by requiring all messages to be acknowledged

Any suggestions ?
0
Hi

I currently attempting to design a network core in GNS3 for one of my clients :
https://gyazo.com/f42db69543cdf21cdfa9857beb58bbfe

The client receives customer connections forwarded to him by his telco suppliers on the TELCOS router. He also receives VPN connections (L2TP) via the VPN router

Customer connections have three destinations :

-      access to their servers (data & apps) VMs via FIREWALL router

-      access to the Internet via BGP router

-      inter-site access - TELCOS router

The one exception is the CLIENT router and SrvClt : which belongs to one specific customer but are housed in my client’s datacenter.

I Installed OSPF PtP neighborship links between the routers and enabled LDP MPLS between them. All routers can reach the Internet via the BGP router

I created a VPLS tunnel between VPN and TELCOS routers to transfer L2TP connections directly to the TELCOS router in order to provide remote access to VMs/SrvClt or to a customer’s site.

I configured a VLAN per customer/company through the VPLS trunk and addressed both ends of the VLAN tunnel so as to route the incoming L2TP connections to the other side of the VPLS tunnel. This might not be the recommended approach but it seems to work as expected. Is there a simpler or more advisable approach to transferring the L2TP connections to TELCOS ?

I will bridge the VLAN ends on the TELCOS router to either ethe6 or ether7 to transfer these connections to the desired destination (SrvClnt/VMs)

0
OWASP: Forgery and Phishing
LVL 19
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

Hello Folks
We are an healthcare organisation with multiple branches geographically located. hence we are looking forward to a offsite DR.

What is the best offsite disaster recovery solution ?
- Colocation
- Private Cloud.

In both above cases, what connectivity is best ?
- IPSec VPN
- MPLS
- SD-WAN
0
Hi

We are trying to authenticate from a Cisco ASA firewall with our Domain Controller that is hosted in Azure over a site to site VPN connection.  We have this working fine from the ASA to our on premise DCs using IPSec VPN.

Azure support have said we should add a rule on the NSG to allow this traffic through (they have tweaked it too) but does not work.  It times out on the firewall console (this is externally managed).

LDAP connection over the site to site VPNs to the DC works fine using LDAP.exe and i can bind to it.  

Ideas?
0
I have a VoIP phone with an OpenVPN client.   There is an issue when used on OpenVPN, so I want to inspect the data, SIP trace etc to help find the problem (fast then then the vendor)

My problem is the data I want to see is wrapped/encrypted with OpenVPN.   I have the private key and client certificates, therefore I thinking it must be possible to decrypt the capture and find the information I'm looking for?

How can I use Wireshark (or other opensource/free tool) to achieve this?

I have reasonable experience with Wireshark, used not used it to decrypt traffic before.


Many thanks


OpenVPN pcap
0
I want to build site to site VPN with Windows servers as routers. Is that possible ? I have 6 places to connect togehter.
0
I have two SonicWalls configured with a site to site VPN. Last night the VPN gateway was updated with a new IP address and now the VPN is not forwarding traffic. I have looked over the settings so many times and they are correct. The VPN is showing up on both sides.

Site1 has multiple VPN's that are working with the exception of the one to Site2. The firewall shows the connection is up on both ends

I did a packet capture and outgoing icmp packets show "consumed."

What would cause the packets to be "consumed" and not forwarded?
0
I have a client who's server I connect directly to via RDP (no VPN involved).

Now when I connect via my office's desktop PC to the client it works perfectly.

When I RDP from my office's desktop PC to the office server A and then RDP to the client it works perfectly.

When I RDP from my home PC to my office's server A and try RDP to the client it fails !

Since once I have connected to my company's server I am a) inside my company network and b) am using the same RDP settings - why does it fail ?

Of course I am using a VPN to connect to my company's server from home but still once I am connected tp my office's server.

The RDP from server A does not fail in any other circumstance.

Suggestsions welcomed.
0
I'm trying to manually add a remote printer from one our branch offices to my Windows 10 computer over VPN.

I can both Ping the printer and as well as login to the printers Built-in web interface via Chrome browser.

My issue is that the add printers wizard does not find the printer. I am using the option "Add a printer using a TCP/IP address" and I input the valid IP.  The wizard tries to connect by Querying the printer but gets no response. I don't understand.Add Printer Wizard by IP Address


I don't understand why this cannot
0
Dear Experts

Our customer would like to connect to our network from external network, when they are in office they would like to connect our network and access the network and similarly when they are working from home/mobile they still want to access.
1. have suggest site to site vpn connection while they work from office
2. have suggested point to site vpn connectivity when they are travelling/from home. this is through vpn client software.
Please suggest is this best practice and secure .
0
Hi Experts, I would like to get some help with troubleshooting a Site-to-Site VPN connectivity between two ASAs. I need to NAT the internal subnet on both sites to a pubic IP address in order to avoid overlapping subnets. I can establish a VPN tunnel as long as I ping the NAT address (the tunnel does not come up if I ping any host on the internal subnet). The issue I am having is that I am not able to ping any hosts on the subnet from either end after the tunnel is established.


Site A outside IP is 50.50.50.2 (Internet G0/0 is 50.50.50.1)

Site B outside IP is 60.60.60.2 (Internet G0/1 is 60.60.60.1)

Site A and Site B can ping each other outside IP.

Site A inside subnet is 10.16.0.0/24 and is NAT to 50.50.50.3

Site B inside subnet is 10.10.0.0/24 and is NAT to 60.60.60.3

 Simple nework diagram
vpn-pat-overlapping-subnets.jpeg.jpg

 

ASA Site A:

ASA Version 9.7(1)4
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 50.50.50.2 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.16.0.1 255.255.0.0
!
object network obj-siteA-real
subnet 10.16.0.0 255.255.0.0
object network obj-siteA-map
host 50.50.50.3
object network obj-siteB-real
subnet 10.10.0.0 255.255.0.0
object network obj-siteB-map
host 60.60.60.3
object-group service ogs-srv-icmp
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute

access-list acl-outside-in …
0
OWASP Proactive Controls
LVL 19
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

I have placed some test servers in AWS as a DR solution.

I have setup a site to site VPN from my HQ to my AWS VPC. I have having an issue that I can "telnet server A 445" but I cannot \\ServerAIPaddress\c$\.

I have looked at this issue with my firewall vendor and they do not see any issues with the traffic leaving or coming into the firewall. I have opened a case with AWS and they do not see any issues with the configuration in AWS. They are seeing that my local machines are resetting the TCP handshake.

There is only 1 server at my HQ which connects without fail. My primary Domain Controller. My secondary DC cannot connect either. I am not sure what I may be missing. Any help is appreciated.
0
How can I restrict VPN access to only authorized corporate computers?
0
I have a WatchGuard M370 Firebox with L2TP and IPSec.  My users login to the firebox and then to a terminal server or in some cases their desktops. It's basically a 2 factor system, they login to the firebox and then to the server - I want to keep that.   I have a bunch of users who take home laptops and work at home and I'm wondering if there's a way to have my Group Policy enforced while they are on VPN.  My VPN is a dmz so it's not actually part of the network,  however, if you type and IP address chances are you'll get where you need to go.  SO for example my home users connect to a terminal server in the DMZ.  They are using Laptops we created here, but if they are not acknowledged on the domain after 60 days I'm having to put them back on the domain because the trust relationship fails.  I want to try to avoid this.  Is there a way to do it?
0
I am having the issue that up to last week my remote employees were able to connect to the VPN and RDP into the office computers. However, as of this week, they are able to connect to the VPN but when the RDP the host computer continuously disconnects them and reconnected them every 30 seconds (again and again) constantly.
I thought it was related to the windows updates but I need assistance figuring out which update causes it and how to repair it.

The three updates install on all my PCs were "KB4512576, KB4516058, and KB4516115" I had attached a screenshot of the updates installed including the two extra updates that were installed on only four computers but they have not experienced the issue yet.

I have also started by deleting the updates one at a time to see if I can narrow it down and use the RDP again on my environment but with no luck.
I have uninstalled the KB4516115 which pretends to Flash and the issue continues.
I try to uninstall the KB4512576 but it does not allow me, there is no uninstall for it.
I uninstall the KB4516058 but a KB that this update superseded take is place and installs itself on the computer upon restart. And upon the restart, the issue continues.
udates.png
0
I regularly connect to my customer network for remote work.
So I start the VPN stuff, ok
And then the remote desktop sofware (Windows 10).
Since a couple of days (nothing has been changed apparently in the customer network), I can't connect
Message (french translation) is "the remote desktop can not find the computer "here the computer name". This means etc etc ..."
My colleague uses the same procedure to connect to our customer and he has no problem
0
Our router has a VPN selection. I turn on the VPN and follow the instructions to install the OPEN VPN application. I have configured and so far it is fine.  The VPN says the it is connected. My question is how to access my office computer from the laptop  which has OPEN VPN installed.

Thank you!
0

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.