[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello,

I have users connecting utilizing CiscoAnyconnect through our Cisco ASA 5515, this is the setup;

User initiates a connection with CiscoAnyconnect
The ASA asks the user for active directory credentials and is then authenticated through our FSMO PDC
The ASA assigns the remote PC an ip address from the pool we have set on the ASA
The user then is logged in and can access our network as if they were in the building on the LAN
All of which functions fine.

My problem is, since I upgraded our domain servers to 2012r2 everyone with a login on our network can connect. Ticking off “access denied” on the dial in tab of an active directory account doesn’t stop a user from being able to log in. This used to function.

I didn’t originally set this up and I have been unable find how to restrict this,  and after spending 2 hours with a Microsoft support tech yesterday he clearly has no idea either.

I suspect that my DC thinks that this outside subnet is just another WAN on our network so it just lets anybody that has an AD account to connect. How do I make my DC understand that this is an outside subnet so the “access denied” on the “dial in” tab of the active directory account works again and actually restricts user from connecting via our VPN tunnel?

Thanks for any help
0
Challenges in Government Cyber Security
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

I am running server 2012 on 2 physical servers. I had RRAS installed and configured on the secondary DC as VPN (vpn server only option) and all was working fine when users connected via vpn they had access to shares on the primary DC and RDP access to both servers. Suddenly in the past week RDP on the secondary DC was not accessible to VPN users but was still available to local area users. I tried configuring RRAS on the primary DC and users could connect to the VPN but they could not access the shares or RDP on the Primary DC.  I need to be able to connect via VPN and have access to RDP on both servers and the network shares on the primary DC. Also I am running terminal services on the secondary DC for multiple users.
0
I have a T70 device I'd like connect up via BOVPN with a XTM2 device (with wireless) at a home office location.  In front of the XTM2 I will have an AT&T uverse router in bridged mode.

I'd like all of the data from one port on the xtm2 to go back and forth over the BOVPN.  I'd like all of the wireless traffic to travel out to the internet.  

Can someone please tell me if this is possible and point me in the right direction for accomplishing this?   I've setup BOVPN's between two devices before but it was moving all traffic between both devices and I need to keep the wireless (home users) traffic off the VPN.
0
Internet (ISP) ----> CISCO 891 ----> Ubuntu Server [Another Country/City] (IPSec or smthing) ------]
                                                                                       Internet (ISP) <------ CISCO 891 <---------------------]

Can i configure the my home CISCO router to connect to another VPN Server and give access to my home computers to the internet from this Server?
0
We have some remote users that are getting disconnected from remote desktop session rather frequently.  

So a little more details here.
User connects from remote office over VPN.
They run a remote desktop session to a virtual machine, 1 still XP, 1 Win 7.
From time to time, sometimes 10 times a day, sometimes 2 or 3 times a day the remote desktop session drops off.  It looks like it was closed.  The VPN connection is still working fine, but the RDP session drops.  It will either reconnect and start working again or reconnecting is fine.  I cannot see anything in any of the event viewers, I'm looking for some suggestions on how to trap what is going on.  Any suggestions on tools to see what is dropping the connection and why?

Thanks.
0
Hi,

Background
Netgear ProSafe FVS336Gv3, Firmware 4.3.5-3
Cisco ASA 5505, ASA V 9.1(4)

Trying to set up a site to site VPN. have used the wizards on both devices but will not connect.

Anything I need to alter to make them work together?

Thanks
Gareth
0
Moving away from an on premise Exchange 2010 Standard server to O365 mail.  We currently have SonicWall 2nd factor VPN authentication, copier scan to email working.  So, for now, I created a free gmail account and have setup Sonicwall second factor authentication without issue.  Before I start setting up scan to email on our Kyocera copiers, I need to make sure I do not need to deal with security issues going this route.

The gmail account is setup using port 465 (SSL/TLS).  I tried setting up the gmail account with google two factor authentication, but doing so caused issues/broke the SonicWall 2nd factor authentication.  So, I disabled the google 2 factor authentication.

I wanted to use relay.appriver.com port 2525, but it did not work and kept failing.  

I just want to ensure I do not create security issues.
0
Is it possible to force Tunnel 192.168.1.0 /24 except a single IP?  Our head quarters has a LAN network of 192.168.1.0 / 24.  It’s silly and was done years ago.  At this point changing it would be too hard.  With that said..  I can probably fix my IP overlapping issues by force tunneling all traffic destined for 192.168.1.0 / 24 except one IP.  This one IP will be allocated for users that have home printers they need to print to.  I’ll set their printer to this IP.  Is this doable ?
0
Hello,
I have open vpn access server, I disabled the compression  but still see in log
comp-lzo present in local config !
so what I have to do to disable it !
thanks.
0
Hi,

I need my client to be able to access their WAN IP while overseas. This is so they can have access to a particular website in our country whereby the user has to be licensed and access is provided only to that person's office IP address. I've tried Teamviewer VPN but no luck their but I can't seem to find a free solution for this. I was in the middle of setting up vpn the proper way but ran into an issue regarding port forwarding. That is when I chose to seek out a free option. Which I'm still in search of. Can anyone recommend anything ?
0
Big Business Goals? Which KPIs Will Help You
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Hello,
how I can run multiple OpenVPN access server instance ?
for example a profile work on port 443 and the other work on port 445 with deferent configurations ?
thanks.
0
Hello,
can I have multiple profile on OpenVPN server ? with deferent configuration ?
for example one with cert auth and second with user name password auth ?
any example about that ?
thanks.
0
Background:
I have SSG140 routed based VPN connected to multiple SSG5.

Network1--------------SSG5(1)---VPN----SSG140-----VPN------SSG5(2)-------------------Network2

My question is that
I am using PC in network1 if I want to access application server in Network2.
What should I do?
0
We are setting up our new fortigate 60e and ran into a problem accessing our local printers while in Remote Desktop via the vpn. The Interfaces are setup us as split tunneling. Could we of setup the DHCP server (Fortigate 60e) incorrectly?

Our printer's IP is 192.168.1.144. The 60E is set with the inside gateway 192.168.1.99 netmask 255.255.255.0 with a ip range 192.168.1.110 to 192.168.1.210

Thank you
0
Hi,

Im trying to configure a Draytek 2925 Router VPN to Azure, with the help of Microsoft, I have created the VPN setup on the Azure side but Im not able to quite get the VPN Lan to Lan setup working on the Draytek side. I have followed numerous articles online including the official one on the draytek site but have yet to succesfully connect. Has anyone here had any experience on doing this?

Thanks
SycamoreIT
0
how to configure VPN connection from windows server 2012 to a firewall/router. Looking KB to help with setting up a L2L VPN

I have a cloud server with a real real world IP that I want to connect to my local office that has a Sophos SG135 UTM firewall. How do I configure the server to connect to my firewall with VPN IPsec?
0
We have installed a PBX on AWS and connected it to our on-prem Router via VPN.

My on-prem router is connected to the SIP provider via a physical connection with another on-prem MUX device (device given by sip provider).

All connections are working fine, EXCEPT, my SIP provider has a condition that all connections to their server must originate from a specific IP that they have assigned to us.

Since AWS machine is connected via VPN, all calls from PBX are picking up the IP of the AWS machine as "source IP".

For resolving this, i need to replace / masquerade / NAT / change the IPs of all connections from AWS machine's IP to SIP provider's assigned IP. Someone suggested i need NAT loopback/reflection for this. Someone also suggested packet forwarding. someone suggest IP masquerading.

Please guide how can this be done?

Regards.
Network-Diagram--1-.jpg
0
Background (Set up VPN)
SSG5 to Fortigate Tunnel

For SSG5 Netscreen
Issue:
It is noticed that
Method1
1. IKE - No bind to tunnel
Policy-Tunnel-1.png2. When I create policy, I select tunnel VPN as IKE
Policy-Tunnel-2.png(Result: The VPN established successful but it is unstable for this case.
unstable-VPN.png-3.pngI have other connection it works this way.

Issue handled this way:
Method2
1. When I create IKE, I bind it to tunnel.
Bind-to-Tunnel.png2. Do select Action and VPN when I create Policy.
(Result: The VPN is established and it is stable)

My question is
What is the technical different of establish VPN these 2 ways?
0
I have an ASA 5506 that has a VPN configured to authenticate against an Active Directory domain controller. I'd like to add a second point of authentication, local to the ASA, in the event there is an AD outage I would like to be able to connect over the VPN using a local point of authentication.

For the setup, it would be preferred if you could suggest or provide CLI commands.

Thank you
0
Discover the Answer to Productive IT
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Dear Exchange Experts,
I am looking for a Home VPN solution. I need physical router that i can VPN into my home network while i am away and access internal network devices. I looked all over the web and can't seem to find a solution home/small business router that supports client to site VPN. Any recommendations? I
0
I have a Sonicwall Firewall that is currently working with 2 WAN connections in failover with a VPN. It is working fine, however, I need to add a 3rd WAN connection to this and that is not an option in the VPN. What is the best process for this and this new connection must ONLY be activated when the others go offline as it is a cellular backup.
0
Banging my head on this one. Some of our remote users connect to their work PC's (Windows 10 Pro)  by connecting through Sonicwall vpn using netextender.  They connect to the sonicwall fine, but once they try to connect to their PC, they get "An internal error has occurred". If I try to RDP into their computer from within the office I get the same error, however if I walk over and log in to their pc as them to unlock their screen,  I can rdp in within the office from my computer, however if the user tries again remotely they kick off the error again. They say they get in then get immediately bumped out with that error. I turned off network level authentication at their office pc but does not help.  HELP
0
Hi guys,

I am very new to DCHP and NAT stuff so please forgive me for my ignorance.

I am facing the same problem with supporting larger user groups on one server.

I think I am running out of ips for my users. However, I don't know how to configure the DHCP or NAT correcctly to provide them more ips.

Attached is my current config but it seems only a small portion (about 63) of the IPs can be used.

Any input will be much appreciated.

Don

P.S. Some thread says Virtual NAT and local bridge doesn't work together, so I have deleted local bridge.

0
I have a working L2TP server on my Sonicwall TZ. The problem is if I try to connect a 2nd VPN client from the same remote address (ie the clients are all behind the same router/nat/firewall so Sonicwall sees same origin address) the connection is rejected. The first one works fine and if I disconnect that client the other can connect so it's not a client configuration problem.

Any way to get the TZ to allow multiple L2TP connections from the same remote address?
0
Running Server 2012 r2.  Static IP set on server - 10.2.8.10.  Establish a VPN connection to the server (no problems).  Start a remote desktop session to the server using the server name - no resolution, no connection.  Start a remote desktop session to the server using 10.2.8.10 works on the first connection but not after that.  Run a tracert to 10.2.8.10 shows 10.2.8.109 as the first hop.  Remote desktop connection to the server using 10.2.8.109 works fine every time.  I look in DHCP and 10.2.8.100 - 10.2.8.109 are assigned to the server with the unique ID of RAS.  Cannot add this IP to reservation because the unique ID is not unique.  Stumped as to what I have misconfigured and what the solution is.
0

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.