[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More







A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Does anybody know of any good links that give step by step guidance on setting up a new client VPN in NPS ? We have purchased a new SSL wildcard cert along with a domain name for VPN clients to connect to but we are unsure of the next steps to get this deployed to users.
Determine the Perfect Price for Your IT Services
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

I need to be able to share a printer when a computer is connected to the VPN.
My theory is that  the printer will need to be shared, before it can be printed to, when a VPN connection is established.
The OS is Windows 10
My other ideas is to uninstall the printer and install it when I am connected to the VPN.
I imagine there is a solution to this challenge.
I do not recall the other steps I tried, but I believe the one solution to the problem is to configure a Cisco ASA.
I was also thinking that I will have to enable the wireless printer's IP as an exception on the firewall.

Maybe I need to create a script with Powershell, to first configure the printer to print to a file then send it directly to the print queue.
Can someone please help me understand how a certificate works on a firewall. The concept and how the firewalls authenticate certs.
The scenario is a Fortigate 100d with a cisco ASA (3rd party) Certificate based VPN.

We have setup a tunnel however i don't see many logs due to firewall in shared datacentre managed external. However they do not support certificate based VPN tunnels.
We initially setup on pre shared key and was fine. So we know all the other settings are correct.

We have created a CSR on the fortigate and completed this with a CA "Digicert" we have loaded the cert into the firewall (Fortigate using web gui) We have received the Certificate Authority (Go Daddy from external 3rd party and installed these. Now remote_Cert1 2 etc.
We have setup the VPN tunnel to use the Peer certificate and pointed to 1 of the Go Daddy Remote-Certs. No option on a Fortigate to use 2 certs.

The info we are getting from the Cisco side debug is as follows

IPSEC An inbound LAN to LAN SA xxx between IP and IP (user==IP has been created
same and outbound LAN to LAN created
AAA retrieved default group policy IP for user =IP
local remote connection established. then it say an IPSEC inbound/outbound LAN to LAN has been deleted.

The CIsco (3rd party side have no experience on Fortigate( they are seeing a message saying our certificate has been successfully validated SN x subject name CN = company etc.

The tunnel won't come up on the fortigate. So any info on …
Hi. Got a cisco ASA 5505 that we need to set up a VPN to another site (SITE2). The issue is that Site2 already has a VPN to another site that has the same subnet as ours. We have been advised that SITE2 will allow our external IP address through the VPN tunnel instead of our local subnet. We need to NAT out local clients pcs (172.16.1.x) to our external IP address.

What commands will we need to do this? Running v9.2

We are currently using a Meraki MX84 for VPN.  It connects to our Active Directory to authenticate users.
I am setting up a Duo Authentication Proxy to tie into my Meraki MX84 so I can have Multi-Factor Authentication on my VPN.  The Duo Auth Proxy is asking for a Radius Secret from the Meraki.  I am not sure where to setup the connection on the Meraki side.  Am I setting up sign in with my Radius Server under Access control?
We have a client that has a Checkpoint 700 appliance on the perimeter and then a Cisco 1941 connected to its LAN ports.
The Cisco handles the routing for the internal networks. There are various VLAN's setup with the Cisco NATting on the internal networks.

Ive configured the Checkpoint to handle the VPN remote access client connections with Office mode
I can successfully connect with the Checkpoint VPN client, receive an IP address but can not access the internal networks. It seems like the the traffic is not returning to the client.
I can ping the WAN interface of the Cisco but not any of the internal networks.
I believe it is due to the NAT on the Cisco and tried configuring NAT exemption for the VPN network with access lists but I'm not a Cisco expert so I'm unsure if it's configured correctly.
The required routes seem to be in place.

If Anyone can provide any assistance it would be greatly appreciated!
Secondary VPN Connection Help Needed
We have a location that we are using for data processing
It has a current vpn to our location, they are setting up a failover connection to another ISP
How to setup a second vpn connection to the failover ip on the Fortigate
the Fortigate side does NOT have a secondary wan connection only the head end at this time
Do not need someone else to configure it for me just trying to find where to get more detail we have begun working on the Fortinet side, but keep falling into trouble when trying to setup the backup vpn on the Fortigate site
Just a gentle nudge towards to where to find this solution been scouring the net for hours so far
I have open vpn server and all client work fine
I have also setup a new open vpn client config on it and its connect to the other servers.
I want when the client request a specific ip to route through vpn client connection that is established on server
so what I have to do in this case.
Inherited a Cisco ASA and I have an IPSec tunnel configured and working great, however, I am trying to figure out which hosts are using this tunnel

Since the tunnel is encrypted, I can not seem to capture any packets

I see the peer ip for the tunnel, and the destination being the outside public ip of the ASA,  it need to the the host that is initiating this tunnel

Appreciate any insights, thanks
How simple is it to implment Azure MFA extensions to an existing NPS platform ?
Virus Depot: Cyber Crime Becomes Big Business
Virus Depot: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. View our webinar recording to learn how to best defend against these attacks!

Is there a quick and simple way with minimal impacts to migrate Users from Microsoft Internet Authentication Services (Windows RADIUS, Server 2003) to Network Policy Server (NPS, Server 2012)?
All - going through a security audit and that are asking us to implement controls to  prevent bridging, multi-homing and split tunneling.

we have lots of engineers both on Macs and PC's using VirtualBox and VMWare with network bridging and NATing also, has anyone ever deal with a request like this?
We've had a working Azure VPN (classic) and VM (classic) for three years. On the last day of November we exceeded the predefined spending limit for the first time and our service was suspended. (I've since removed the spending limit.) The VM itself was fine the next day when the new month started, however, the VPN is no longer working and I haven't been able to restore it to operation. The fundamental problem appears to be that the Gateway has disappeared and I've been unable to reconfigure it.

I've attached a document that shows four things:
1) the dashboard view of the VPN basics
2) the address space for the VPN
3) The address spaces for two subnets, including the GatewaySubnet
4) the CIDR block that appears when I attempt to configure the Gateway.

I've tried configuring the Gateway with CIDR blocks within the GatewaySubnet, e.g.,, as well as in the overall address space but not in either subnet block.

What should the address range be for the Gateway?

Or did service suspension cause some other issue that is preventing me from configuring a Gateway?

I have a cisco ASA 5506-x and when I connect to the vpn via anyconnect, I am able to get to the internal servers but I cannot get out to the internet via name URL.  However, I can ping external ip to yahoo and google but once I use the ping by URL such as yahoo.com, I get a "Ping request could not find host yahoo.com. Please check the name and try again."  Have anyone gotten similar issues?  I've attached a copy of the config file.  Let me know if I missed something.

We have a head office and a satellite office, connected through a VPN, for network traffic. This is working fine. We have an Avaya IP Office telephone system in head office and would like to use 5 x IP phones in the satellite office that connect to it. The phone network in head office is on a separate IP subnet  / VLAN to the main network. We are struggling to get the phones to work over the VPN.

Setup is as follows:

Head Office
Watchguard XTM330 Firewall (Main Network, VLAN1) (Phones, VLAN 5)

Satellite Office
Draytek 2860 (One Network

We have our VPN configured as a LAN to LAN on the Draytek with both subnets added under Network settings, and their diagnostics show that traffic destined for the phones network in head office does route through the VPN. I don't think that we have the Watchguard (uses BOVPN) set up properly to get the phones to connect. The Watchguard acts as a DHCP server for the phones network. IP phones in head office work fine.

Any help to get the phones connected would be appreciated.
Hey all, we have a user with a Windows 10 PC who is having a weird VPN issue....when she goes to Settings--VPN (windows VPN) or to Network Connection and right clicks on the VPN and clicks connect it connects to VPN without any issues....but if she goes to the bottom wifi connection in the taskbar and click on the VPN and then connect, it never connects! I'm pretty sure this is just a shortcut to the VPN connection under settings --VPN (I verified it by trying to change the name of the VPN and it matched in both places), but it still didn't work, creating a new connection didn't work either.
I now have several Windows 10 pro computers that I am not able to set up a simple VPN network on.

I fill in the required info in settings, then go to the adapter to change the security settings. After I fail to cooect, if I look at the advanced properties of the VPN connection,the user name and password in settings changes to General Authentication Method, which I then change back to User Name and Password.

After failing to connect again, I check the VPN adapter settings and Win 10 has checked CHAPS again or other changes. Around in circles I go.

I have verified user name and passwords in Win 7 all is good. It just appears that the settings don't stick when entering.

 authentication method had changed from User name and password to General Authentication.

Any ideas?
Hi, I have a sonicwall running sonicOS 6.5 and I can not seem to delete some unused VPN interfaces. I am receiving the following error:

VPN Network Interface:
Error: Index of the interface.: Tunnel Interface is in use by Route Policy

VPN Policy:
Error: Unable to delete VPN Policy used by VPN tunnel interface

I tried to delete the routing policies associated with both however it is not letting me, the sonicwall says they were auto added and can not be modified.

I am not running OSPF or any dynamic routing, all of that is disabled.

I am running firmware version

Any help would be greatly appreciated!
I have google wifi with the ISP connection going straight to my google device.  I want to setup a VPN.  I only want to route specific websites traffic through the VPN.  What would I need to do to make this happen.
Big Business Goals? Which KPIs Will Help You
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Hi all,
I need your help!
A new company supplier needs a VPN LAN to LAN with our Office. Remote router it's maybe a Cisco router (I don't know), and on my site, we use a Cisco ASA firewall. The requirement is that a public IP address is used as the encryption domain instead of our private subnet. That's ok, I did it, and it's working with a static NAT between a single server private IP address and a free Public IP address. But now I have to do the same with a private IP server address that is not on my local network, but I access remotely via a static route (it's a server in a branch office). I tried to do the same configuration with a static NAT, but it's not working, obviously.

I appreciate your suggestion.
Later I'll try to draw a schema.

Thanks you all
We have an IP sec tunnel setup between two locations, Once side is Cisco and the other a Fortigate. The ACL is setup to allow all traffic between the two locations. Most traffic does work but we found we are unable to pass SSH traffic through. We can see the SSH traffic leaving the Fortigate.  We have no problem connecting with SSH through the NAT statements on teh Cisco, so we know its the tunnel that is causing this. What am I missing?

crypto map chi-map 10 ipsec-isakmp
 description Tunnel to Chicago office
 set peer
 set security-association lifetime kilobytes disable
 set security-association lifetime seconds 43200
 set transform-set chi-ipsec
 set pfs group20
 match address 100

access-list 100 permit ip
A customer is deploying a cellular Internet solution that will provide site-to-site VPN services from remote locations back to a single central location. The cellular network will be deploying sites using dynamic IP addresses vs. fixed IP's.

This dynamic IP VPN solution can easily be handled by either Meraki or Cisco Easy VPN, whereby the clients connect to a fixed/predictable head-end device, and negotiation figures everything else out. This assumes that the head-end device is at the network edge, vs. on a DMZ segment behind another firewall layer. The problem (I believe), is that the recommended design for a VPN head-end would be behind an edge firewall. If so, then traffic from the VPN endpoints with dynamically assigned IP addresses would have to be permitted through this layer, and how would (or could) that be handled?

I think the basic questions would be:

  • Are Internet carriers that provision sites with dynamic IP addresses able to provide ranges which could be configured on edge firewalls to permit traffic sources? (Obviously, the ACL entries would also include the destination IP of the VPN firewall and be restricted to IPsec traffic.)
  • If the above isn't possible, how is this design/deployment handled?

I'm basically trying to determine if we can handle the above design (dynamic IP VPN clients connecting to a head-end beyond another firewall layer), or would this require the clients to have fixed IP's?

Thank you
how I can make the same user on OpenVPN make a two sessions not more ?
I tried:
duplicate-cn  2 

Open in new window

but I see that the same user can make 3 connection !
Working to establish IPsec Site-to-Site VPN, the local network is 192.168.0.x behind a Cisco RV130W and far end has a Cisco NSA 2600 and also has a pre-existing VPN with the 192.168.0.x subnet. The tunnel needs to support a single host on each end.

Is it possible to assign a 2nd IP Address to the PC in my network, say, and use this for the VPN?
So we currently have a Cisco ASA 5512-X, v9.2.

We are currently on split tunnel for VPN, however, we want to move away from split tunnel as it causes routing issues for us to AWS.

Is there a good way for me to build out another VPN interface and apply new profiles/rules to test?






A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.