VPN

23K

Solutions

23

Articles & Videos

22K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

I've set up RRAS on the server using the Wizard for VPN only.

I've opened up port 1723 in the router pointing to the server. 1723 is also open in Windows Firewall.

Trying to connect a Windows 10 client and it attempts the connection then fails with "a connection to the remote could not be established so the port used for this connection was closed"

I can't find anything relevant googling this error.

Anybody had a similar experience & fixed it?
0
Flexible connectivity for any environment
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Good day,

Recently deployed two Dell SonicWall NSA 3600s with High Availability configuration. Between our two sites, our ISP provides us with an MPLS link (primary connection). We also have a VPN connection between the sites.

I would like to have the VPN kick in when the MPLS link goes down.  I have tried to follow SonicWall's guidance, but based on what I've read, the monitoring requires certain information.

I am seeking guidance with implementing this fail-over.  Any guidance will be appreciated.  Network diagram attached.
MPLS-VPN-Diagram.pdf
0
I have a bit of a challenge with a site-to-site VOIP situation.
We are using a Avaya system - PBX hosted on-site - in a 5 location business. They use a SIP trunk provider outbound and that's not a problem. But they also use the system as a sort of "intercom" to communicate between the sites. To make it work, we have setup VPN over the public internet in a "star" pattern, with one of the sites acting as the "hub" - the others as the "spokes". Traffic flows between the sites through the hub, or from the sites TO the hub, depending on who is being called.

Call quality is the problem. Choppy, dropouts or bad voice quality happen but NOT consistently. Just occasionally enough to be a pain. The business uses the "intercom" feature quite frequently, it's becoming a problem.

We use SonicWALL TZ300's at the spokes and a TZ400 at the "hub". We have QoS and Bandwidth management configured and that has helped. We have spoken to Sonic About it and they have put their 2 cents in.

Any suggestions would be appreciated.
0
hello, anyone familiar with RouterOS? I'm trying to passthrough PPTP to my VPN server. Unfortunately I'm not well versed in this particular firewall and its setup.. At the moment I have accept for 1723 and GRE setup but it also requires a NAT command as well.. Any help would be appreciated.
0
please advise
I need to be able to run the executable (installer for cisco anyconnect)
security-warning.PNG
0
I've got a Watchguard 500 series at the main office and a 2 series at a home office.  I've needed to setup a VPN between the two devices to get an IP phone to function properly.  

With the current home office setup I have one interface set as 'external' and connect the cable modem directly here.  Then I have a 2nd interface as 'trusted' which connects to the users home router.  The phone and computer connect to the home router and the VPN works fine.

At the new home office location however the home equipment is a cable modem/router combo - so I have no dedicated WAN port - just 4 LAN ports.

Maybe I'm over thinking this but I'm stumped on how to configure this with the different home router/cable modem combo.

I've been using 'mixed' mode and am wondering if I need to be using 'drop in' mode - ?
0
Hello Cisco Experts,

I am learning how to setup the site to site VPN between two locations but it's NOT working for some reason (it's failed when I pinged the 172.16.1.1 from 172.16.2.X network .... I also tried to hit a web server (172.16.1.xx at port 80) and no luck ... it seems some sort of settings is missing?  I configured the site to site VPN with the ASDM wizard and it didn't give me any error message.  So I hope someone can shed some lights here for me?  Thanks in advance.

Following is configuration for ASA5505

sh run
: Saved
:
: Serial Number: xxxxxxxxxxxxx
: Hardware:   ASA5505, 1024 MB RAM, CPU Geode 500 MHz
:
ASA Version 9.2(4)
!
hostname 325RC-CASA5505
domain-name xxxxxxxxxxxxxx.com
enable password Yxxxxxxxxxxxxe encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2xxxxxxxxxxxxxxxxxxxU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
 shutdown
!
interface Ethernet0/4
 shutdown
!
interface Ethernet0/5
 shutdown
!
interface Ethernet0/6
 shutdown
!
interface Ethernet0/7
 shutdown
!
interface Vlan1
 nameif inside
 security-level …
0
how to setup VPN for my company. send me steps to configure vpn
0
Hello,

I have Checkpoint Firewall, trying to route traffic for a remote user to the office then to another subnet in a different location to access RDP. Static routing is on the FW to this subnet, a policy is also set for that user to access that network and the subnet is in the Encryption domain.
In the office the access is accessible over MPLS. Can the traffic be routed to the FW over the Internet and forwarded over the MPLS link.

Thanks in Advance
0
Hello,

There are multiple users that connect to our VPN from various location.
Mine stopped working today.
Others are still able to connect.
I've tested trying to VPN to another server (that I know works) and am unable to.
I've turned off my AV and my firewall - but still can't log in.
Frustrating - it's worked fine until today!

Amber
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

So if my understanding is correct from what I have managed to discover, the problem here is that any device connected to a cell phone hotspot, that has an active VPN, will simply route through the public ip connection on the hotspot and not go through the VPN.

Is there a way to 'route' through the VPN any device connected to the cell hotspot?  I have heard that possibly rooting the cell phone may allow this, but I have never rooted a phone before.

Or, is there another way to make this happen?  I am trying to create a secure VPN from our remote offices back to our main office using a cell phone...without having to step up to a LTE router.
1
Hi guys, we a small remote site with a PC and printer there, we have a firewall there just for the VPN for Printing. Is there anyway we can set this up to work without needing vpn?
0
We have a corporate wide area network. The main site is using tmg 2010, and uses 192.168.0.0/22. Also we have two more site connected to the main site via a vpn tunnel provided by the ISP. The external sites are 172.16.32.0/24 and 172.16.64.0/24

Traffic between the nodes worked just fine until we implemented the tmg 2010 at the main site. We connect to the ISP via a public IP. Also the ISP provides the traffic coming from the other sites, but we have not been able yet to configure the tmg properly  to allow the incoming traffic from those external sites.

Any suggestions?

Here is the network topology.

WIN_20170622_12_16_26_Pro--2-.jpg
0
Odd one. We installed a Meraki MX 84 firewall in our office. We have successfully connected via VPN from at least 5 different remote locations. However, my Windows 10 machine WILL NOT connect.  We have connected a couple different Win10,Win7,Ipads, Mac books just fine. My windows 10, using exact same set up as other Win 10 machine fails to connect, giving error of "L2TP Connection attempt failed because the security layer encountered a processing error during inial  negotiations"

I started a case with Cisco, who had me do a packet capture. They confirmed that my PC was sending packets to Meraki. We checked IKE and AuthIP IPsec Keying service was set for "automatic" and running.  It was...

We added correct registry key for "AssumeUDPEncapsulationContextOnSendRule." Done...no luck

At this point, CISCO suggested I call ISP to see that my cable modem was set to enable VPN Passthrough. It is....

I then successfully added my Android tablet to connect VPN via the same wireless router/ ISP connection from my home.  that worked fine.

Set my Windows 10 box to use 8.8.8.8. DNS...still no luck

Not sure what else to check

We are using Layer 2 Tunneling Protocol with iPsec(L2TP/IPsec)

Require Encryption (disconnect if server declines)
Encryped Password (PAP)
Using a preshared key.

These setting have worked seamlessly with all others EXCEPT MINE !
Verified username and password. Verified Preshared Key.

Any suggestions ?
0
Dear experts

My situation is quite complicated.
Generally, I m creating an VPN server.
For different client connect to the VPN Server from different country, I would like to provide different dhcp-range.

I understand that dnsmasq support multiple network.
My question is how I can use the tag indicator and the client will collect the correct dhcp-range in the VPN connection situation.

e.g.
------------------------------------------
# Address range for country1 clients
dhcp-range=tag:country1,192.168.1.10,192.168.1.19,255.255. 255.0,1h

# Address range for country2 clients
dhcp-range=tag:country2,192.168.1.20,192.168.1.29,255.2 55.255.0,1h

# DHCP options given to known clients

# Subnet mask
dhcp-option=1,255.255.255.0
# Default gateway
dhcp-option=3,192.168.1.1
# DNS server
dhcp-option=6,192.168.1.3
# Broadcast address
dhcp-option=28,192.168.1.255
------------------------------------------
0
Hi Experts,

I notice of recent that my end users that are connected by a site to site VPN connections are reporting that their Outlook clients are not staying updated and they are seeing a lot of lost connections and re-connections.

I am running Exchange 2013 server and 2010 and 2013 Outlook clients.

Any thoughts?
0
All, I have a user that continues to complain that they become disconnected from a remote "Terminal Server".  I have multiple users, even from the same network, that are connecting to and using the server daily without disconnect issues.  The user (All users), connect to the RDS through an IP-Sec VPN. I am stumped as to what may be the casue or where I could look?

I have already replaced/tested cabling to the users PC. The cable tested clean.
I have reviewed logs on both the PC, and the server and no errors.
I have verified connectivity from firewall and up time, no issues.
I've eliminated the possibility that there is interference on the network somehow, possibly from a rogue device or second DHCP server.
I've had the user connect through a second account to the server to eliminate possible profile corruption.

I am truly at a loss here and would like some guidance.
0
How can I completely hide my current location, using a VPN, for the website owner when I am logged into this website?

Or will there always be a way for the website owner to find out my current location, even when using a VPN, for example if they use a script?
0
HI, I have a windows 2008 server.
I have recently setup RRAS to allow incoming windows client VPN's.

when I connect an external client machine via windows VPN adapter (windows 10), it connects fine, I get an IP address from the server for the VPN. But cannot ping an resources at the office or any external IPs, such as google DNS.
Whats even more wierd, is that the 20 client machines in the office lose there internet connection. I know this, as we all use cloud based apps/databases and I get shouted at. Love my job.

I've researched plenty of forums, but none cover the issue.

I have setup a scope with in IPv4 tab
setup as LAN and demand-dial routing in the general tab under IPv4
WAN miniport PPTP is setup to remote access connections (inbound only), it did have demand dial routing inbound/outbound, but i unticked this.

any ideas
0
Retailers - Is your network secure?
Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

I have a watchguard M400 (Fireware XTM 11.10) Firewall/Router with about 14 Branch Office VPN'c coming into it. We have a new software these BOVPN's need to access. There are two application servers running the software. I would like to load balance the connections to these servers. Can someone point me in the correct direction?
0
Knowing public access to our Internal CA is a HUGE security risk, is there a way to perform this in a more secure manor?

Is the best practice to up a known public CA?

We are in the process of setting up RAS for remote vpn
0
Hi All,
We currently manage and maintain a SMB that consists of;

Main Site
---------------
-2x ADSL2+ Connections totaling approx 32Mbps download and 1.6Mbps Upload running through a client side network load balancer.
-Ethernet Smart Switches. No VLan. No Jumbo.
-HP ML350P Hyper-V consisting of 4 VMs. Domain Controller, Exchange, Files, RDS.
-Backup Physical DC server
-Currently we have rules in place to minimize the use of the primary ADSL connection from staff at the main site to keep the bandwidth available to staff who remote in via SSL gateway RDP.

3x Remote Sites
------------------------
-Each site has its own ADSL2+ connection with varying bandwidth from 16Mbps download and 0.8 Mbps Upload.
-Users connect remotely using SSL gateway RDP access.


Current Issues
----------------------
-Remote user experience is poor and impacted by staff internet use.
-Remote user experience can be impacted by users at the main site and remote sites internet access habits. Example. If a user downloads via web browser on the RDS this effects the available bandwidth for RDS remote connections. We have rules in place to prevent this but as per all router bandwidth rules these are best effort and only in place when 80% load is placed on the connection.


Suggested Changes
------------------------------
-Add a 10/10Mbps connection to the main site. (Only recently become available)
-Add a further ADSL2+ connection to any remote sites with more than 5 staff. This …
2
Dear experts

Background:
- Softether VPN Server (Fixed public up say: located in Singapore)
- Using Dnsmasq for DHCP
- In Dnsmasq,
           dhcp-range x 2
           Interfaces x 2

Which dhcp-range will be used when VPN client connects to the VPN Server?

Is it possible for me to select dhcp-range when I initiate the connection from different country?
e.g. from Singapore                            --> Singapore, I am getting IP Range192.168.2.10-192.168.2.50
       from Country out of Singapore --> Singapore, I am getting IP Range 10.10.2.10-10.10.2.50

Any idea how I can achieve the above?
I appreciate you advises & ideas in advance.
0
Hi All... I posted a message yesterday evening, under a closed account I havent got access to, but not had a response. I forgot to give a little more information.

I have one Server 2012 DC, (AD Domain is set to a private domain, domain.local).
The server is already running IIS for a call logging software, and there is an SSL cert issued from a ZyXEL firewall at port 443 for VPN purposes. I've tried to change this port but it breaks the firewall.

I've installed the Work Folders Role. I've added the Domain Local Security Groups and added the users to the group. I've also added the directory and also shared it out on the network to domain users. Now the problem I have is that I cannot set local users to connect (Windows 10), not can I get Ipads to connect.

A few other pieces of information.
NO SSL certs were issued. CAnnot find information on how to generate a local cert.
I believe I need a class A record on the host for a particular name (workfolders.domain.com) to point to WAN IP.
Do I need a local DNS records to point the workfolders.domain.com to workfolders.domain.local to the server?

If anyone can help out to close this off I would be grateful.
0
I have a SBS 2011 Standard server.

The VPN is enabled and I can connect to mapped folders on the server. ( Showing the VPN is Active)

How ever my Exchange mail box will not connect. ( It used to untill I had to reload my Laptop)  It remains disconnect no matter what I do.

Can anyone assist me to sort this out. Please I am stuck and I need to get my email when I am out of the office.
Exchange works perfectly when I am in the office and connected to the network.
0

VPN

23K

Solutions

23

Articles & Videos

22K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.