Improve company productivity with a Business Account.Sign Up

x

VPN

23K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello,
We recently moved from watchguard to fortigate . We previously had a vpn configured to a remote site through a domain user id (user@xyz.com) .So instead of remote ip address, it was configured as user id @ domain.
 
Could any one explain steps to configure this sort of vpn in fortigate. snapshot of previous firewall config attached
 
Thanks in advance.
0
NEW Internet Security Report Now Available!
LVL 1
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Youtube, asking me to accept that ALL i look at and ALL my computer/IP and other information will be sold to third parties......
Google trying me to sell stuff, instead of giving me honest non-commercial search results.......
Facebook cookies, banners, advertisements and so on.......

How can I just browse over the internet and find what I am looking for WITHOUT being tracked, stored and sold to companies I dont like or know...

Is there a way to use a VPN connection (already have one) and a VM setup on a NAS in order to hide my computer specs and serial number etc, in order to just look on the internet without being haunted by datacollecters??

Kind regards to all!
0
On Mac OS High Sierra, I use VPN through the tunnelblank program. When I turn on the VPN, the Internet stops working inside the virtual machine. I have Ubuntu and Windows via Parallels.

What could be the problem ?

The problem does not occur in vmvare
0
Hey Guys,

My Active Directory server, ADFS01 is running into IP address conflict.  My AD server also has the role of Routing and Remote Access.  In DNS, I see a second ADFS01 entry with RAS IP address.  I deleted the one with RAS IP address.  And, it shows up again after few days.  Has anyone experience this problem?
0
Hello all,

We're looking for a solution that would give us the ability to monitor all employees that are working from a remote site.
We know that there are multiple ways to give users access to in office server files (VPN, RDP, etc.) but we would like to also be able to see if the users are "ACTUALLY working" when off site.
Ideally we'd like to monitor the following:

-How long user is "actually" working (not just logs that have when user logs in and out).
-What documents/items the user accesses during work and for how long.
-whether the user is just idle when accessing office network.
-granularity view all user actions logging into office network.

Is there a "Magic Bullet" solution for this or is this one of those "Use multiple existing options"  scenario where we'll have to use logs from various places (VPN logs, server logs, GPO, etc.) to gather the info about whether the employee actually does work from home?

Network consists of:
-Windows server 2012 (DC, DHCP, DNS, Storage)
-30 Client computers with windows 7. 8. 8.1 and 10
-TZ-500 Firewall
-2ea 48 PoE port managed Switch.

Any recommendation is greatly appreciated!
Looking forward to your responses.

Seb
0
I built DMVPN in cisco 1941, 2851 and 2821, but a strange thing happened, when the traffic through the GRE tunnel, the routers' CPU is very high, at least 90%, I adjust the MTU, but CPU still very high. I found the same question on internet, they said ospf use more CPU, but this I can't understand,what's the meaning of  ospf and dmvpn existence? improve CPU?

this is test, but I need to do it in reality, I don't want to build many site to site VPN in Firewall,

only buying an encryption module  could solve the problem ?
anyone give me some suggestion?

Thanks,
Kai
0
We need to setup a cisco router at a remote location with a new wireless card. This wireless card will access the internet through an AT&T wireless internet card at this location. This router needs to access the network at our central office.

At the central location we have a vpn connection.  

Is it possible to configure a wireless ethernet connection in the remote router to connect to the central connection via our vpn. If so, please provide configuration steps to setup this connection ( in the remote router and firewall).
0
Good Monday morning

Is there a way to check event logs on a domain controller for Cisco Anyconnect VPN logins which are LDAP integrated?  I am hoping there is a way to do this without setting up some kind of Syslog server for the ASA.

Thanks for any insight.
0
Hello,

We have a cisco 5510 asa.  interfaces outside and outside2 are for wan.  We have a failover setup where if outside goes down outside2 comes up.  We also have site to site vpn setup, and for outside2 interface to  renegotiate with our other site automatically.

The issue we are having is that once or twice a day our main wan (interface outside)  looses site to site vpn with our other office.  Internet stays up but the tunnel breaks.  When we put it on our backup wan (interface outside2) everything runs fine.  

I have to manually disable the interface outside then re enable the interface and then site to site starts to work.  I have already spoken to our isp and they didnt find any issues.  I have also swapped with a space 5510 and still the same issue.  I have attached copy of the configuration.  Please help
ciscoconfiguration.txt
0
Sonic firewall configuration I'm looking over that I'm unfamiliar with. I've always opened the ISP device (in this case Time Warners modem) up in bridge mode and passed everything straight through to the firewall. The network I'm researching now was configured with the Time Warner device not setup in bridge mode which has created two LAN's. Please see diagram for further details.
networkIf the configuration with the Time Warner modem were in bridge mode I would create NAT's for X0 and X1 however in the network above it's obvious more configuration is needed on the SonicWall.

May be worth noting they're not configured with a static IP either. I plan to use Dyn DNS or something similar to address this.

Ultimate goal is configure L2TP VPN server to allow VPN access. I have everything configured for VPN and the users as well, error message just reports can't reach the VPN server.
0
Keep up with what's happening at Experts Exchange!
LVL 12
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Hello! Please, can anyone help me?
My problem is that I want to create a VPN between two sites which both uses windows server 2012 r2.
My question is that can we use MPLS over Windows Server 2012 ??
Thank you for your answer!!
0
Hi, This site has helped me out a few times in the past, so thought id post here!

So, I need to deploy an RDP file to 12 different computers via a GPO.
The credentials need to be dependant on the computer the RDP file is deployed to and the credentials need to be saved in the file.
It has to be like this due to the way that our business and licencing of this software in particular works.

There is also a logoff script that deletes said RDP file. Why? This is a shift based call centre, the user logs on to whichever computer is available, and their desktop follows them.
If the user logs on to another computer and the RDP file which was generated from a different computer is still there, they will open it and kick the user out of another session. It becomes messy very quickly.

I already have this working via a GPO and a logon script, however it can take forever to run!
A user could be sitting there for sometimes up to 30 minutes before the RDP file will appear and they can start working.

We also have a remote site that is part of the same domain, just extended across a VPN tunnel. The computers at the remote site seem to take much longer to run the script than the ones on the LAN, even though there is a secondary domain controller running at the remote site processing the same logon script and the RDP file itself is only Kb's.

This is what i have in the Logon Script currently (minus sensitive info):

<code>
@echo on

Set res=0

If …
0
Regarding CVE-2018-0151 and apologies if this seems like a newb question but....

Is it still advisable to disable UDP port 18999 if your not using the the Adaptive QoS for Dynamic Multipoint VPN (DMVPN) feature?  Or should we only be concerned with this if the feature set is enabled and in use?  Our network engineers are clamoring over the fact that they would have to disable the port on over 600 devices in order to address this given we're not utilizing the feature.

Thanks in advance
0
I have a mikotik vpn configured with location A which has a sonicwall, and B with pfsense. All of them use IKV2 it was connected fine, however once we changed ISP on the mikotik vpn, we also changed the ip on pfsense and sonicwall, and lan ips on mikrotik but no matter what i do it wont connect and it keeps getting authentication error, i have countless times now check pre share key and key id tags to match complely but it still gives me "Authentication, Errro"

http://prntscr.com/j4qngx


Kindly advise what to do

Thanks
0
Hello, my customer has a medium sized network that has multiple remote locations as well.  These remote locations are connected via persistent site-to-site VPNs. Within the last few months none of the computers in the remote location can map a network drive or access shared folders from the main office file server or any other member servers or workstations.  But they can access the NetLogon shares from both DCs and the DCs can open shares on the remote office workstations.  None of the member servers or workstations in the main office can access shares on the remote office workstations.  You can ping by name (including FQDN) and by IP both ways through these tunnels as well as access the servers through Remote Desktop.  In the main office this is not an issue.

Windows firewall is disabled on all devices in the network and remote offices. Doesn't matter is AV is installed or not.  NSLookup shows exactly what it should when queried.  There are no errors in the DNS event viewer on either DC.

The servers are a mix of Windows 2012 R2 and Windows 2016.  The workstations are Windows 7 Pro or above.

I am stumped as to what can be causing this.  Any help would be appreciated.
0
I have AT&T Uverse Fiber and about a week ago my VPN stopped working it connects and drops after about 3 minutes then I get error 807 nothing’s changed in the configuration and AT&T says the only issue they see is too many Nat sessions what should I be looking for? Public ip set up as default server to the Windows server
0
I wanted to know how PCI works...
More so for in an example of working at Starbucks and knowing how PCI would work.  Is it a matter of encrypting credit card information by having a VPN from a Starbucks back to a HQ office or place?
0
I have an OpenVPN virtual machine installed at version 2.5.  I have for some time successfully been using a TUN vpn however I would like to try tap.  Pretty much everything online I am seeing requires some level of cli usage (not my forté).  Is there anyway I can do this via the web GUI for the VM or do I have to do some CLI work?  Which is the best guide you would recommend please?
0
So I am trying to get a new VPN solution up and running here, using a Draytek 3900 router.
The clients connect using the built-in VPN client on W10

I would like the set-up to work in such a way that when a user tries to connect to the VPN, our on-prem AD is checked to confirm that the user is a member of the relevant group.
The client should also be set up to receive a DHCP address from the same on-prem domain controller.

So far, I can make the following work:

User account set up on the Draytek, I can get DHCP to work and assign the client laptop an address on the local network correctly.
Trying to use LDAP to query the AD, log files show (I think) that AD is queried and approves the user, but no DHCP address is given.

I cannot see anything wrong with the settings, could really use some assistance from anyone who knows Drayteks better than me or has the same setup and can compare settings!

Thanks in advance for any assistance
0
Free Tool: Path Explorer
LVL 12
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Cisco RV320 to RV320 Gateway to Gateway

Config is fine tunnel never connect

Site A Log

2018-04-09, 22:15:45      VPN Log      [g2gips0] #1: [Tunnel Established] sent MR3, ISAKMP SA established
2018-04-09, 22:15:45      VPN Log      [g2gips0]: cmd=up-client peer=79.173.X.X peer_client=192.168.2.0/24 peer_client_net=192.168.2.0 peer_client_mask=255.255.255.0
2018-04-09, 22:15:45      VPN Log      ip route add 192.168.2.0/24 via 10.50.253.15 dev ppp1 metric 35
2018-04-09, 22:15:45      VPN Log      iptables -t nat -I vpn -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      iptables -t nat -I vpn -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      iptables -t nat -I vpn_postrouting -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      iptables -t nat -I vpn_postrouting -o eth0 -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      [g2gips0] #2: [Tunnel Established] IPsec SA established {ESP=>0xc9f16ce4 < 0xcb1f6958 AH=>0xc4790703 < 0xc9d7ed2c}
2018-04-09, 22:15:45      VPN Log      [g2gips0]: cmd=down-client peer=79.173.X.X peer_client=192.168.2.0/24 peer_client_net=192.168.2.0 peer_client_mask=255.255.255.0
2018-04-09, 22:15:45      VPN Log      ip route del 192.168.2.0/24 via 10.50.253.15 dev ppp1 metric 35
2018-04-09, 22:15:45      VPN Log      iptables -t nat -D vpn -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      iptables -t nat -D vpn -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      …
0
Hi Guys and Gals,

I have a problem that I am banging my head and can't seem to get work.

I have 2 locations
Location 1
IP 10.10.10.0/24

Location 2
IP 20.20.20.0/24

There is a Site to Site IPSec VPN connection between them with all ports wide open..Location 1 has the active directory domain server for MYDOMAIN.com...I want to add a second server at location 2 as a domain server as well, but I can't get it to find the domain.  The server in location 2 has the AD DNS server in Location 1 as the DNS server and I can ping the domain without problem but when I go to join the domain it camn't find the domain controller it says...all ports are open so I am lost...HELP!!!!
0
Hello Experts,

I have a RDS server set up in Azure.  We have external users who need to do secure searchings from that server.  Their pretense can't be known to the websites they are visiting.  We previously used HMA VPN for this but this does not work on a RDS server nor do we want to use that on the RDS server.

Is there any other program or VPN or proxy recommended that I could manage for this group of users?

Thank you,

Karen
0
Hi Guys,

I've setup a VPN connection on a server (Windows Server 2012), but I am unable to establish a connection from external.
Connecting internally to the local IP of the server works just fine ;-)

The error I am receiving is:

"The remote connection was denied, because the username and password combination you provided is not recognised, or the select authentication protocol is not permitted on the remote access server"

When I try to Telnet into the server, I get an initial black green, then the connection has timed-out message

Could this error relate to our router not allowing connections through from the internet, or is this error specific to username / password and authentication issues?

Trying to connect externally, I am using Windows 10, but also tried from another external server with Windows 2016 Standard edition.
0
Good Evening Experts,

We are looking to implement a site-to-site VPN between two networks that are both running a 255.255.254.0 or /23 subnet and have the following questions:

Is this against Cisco or any other hardware providers Best Practices in terms of security?
Do Cisco have a recommend way of dealing with site-to-site VPN's between networks larger than 256 devices at each?
What is the largest pair of netmasks that can be established within a site-to-site VPN?

I appreciate you taking the time in answering this question!

Kind regards,

Plokij5006
0
We have several locations. Each location has several DNS servers, all replicating to each other. In DNS we have several Conditional Forwarders. At all locations except one I can ping and RDP into any of the servers in the Conditional Forwarders list. However in one of the locations I am unable to ping to any of the Conditional Forwarder IPs. All locations are connected using a Watchguard firewall using a VPN. When I do a tracert from the location that is unable to get to any of the Conditional Forwarder locations, it goes to the local DNS server, then out to local ISP DNS server. I have been reading and searching for articles that might help however I am unable to find a solution.
0

VPN

23K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.