VPN

23K

Solutions

22K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

OK hope I can describe this properly, have a general question I'd like to ask.

We look after 2 companies, "Company 1" have 2 staff who need to access information on both their own server and on the server at Company 2.  Unfortunately at the moment both companies have a single DC (SBS 2011 at Company 1 and Server2012 at Company 2)  both of these servers happen to have the same local IP address and their default gateway LAN address is also the same.  In order for Company 1 staff to access the Company 2 server I've set up a VPN connection so that they can dial in as and when they need access, I've also got a batch file set up which swaps the hosts files around so that the PC's know which server to point to despite them having the same IP address.

The problem with this is that they are now saying that they need to have mapped drives open on the Company 1 server and on the Company 2 server and want to be able to drag and drop between the two (at the moment they are dragging to the desktop, swapping host file, disconnecting from VPN then copying into the other server mapped drive).  

I'm toying with the idea of just advancing the IP address of the DC at Company 2 by 1 digit so I can do away with the need to host switch but what I wanted to ask is how can I be able to access a mapped drive on Company 1 server while connected to Company 2 server via VPN? Is there any easy way to do this at all?

Many thanks

Adam
0
On Demand Webinar: Networking for the Cloud Era
LVL 9
On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Hi Sir,

Would like to ask for your help about the problem listed below,

[Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xccb797a8) not found (maybe expired)

Hoping that you can help me resolve this matter.


Thank you in advance.
0
Hi All

 I have had the Cisco ASA5505 setup as the firewall for my company for about 3 Years, without issue I have been able to use CISCO ANYCONNECT to connect remotely to my network etc.. For some reason, I now get a message stating " anyconnect not enabled on the vpn server".. my sh run webvpn is below

Free memory:        71697768 bytes (27%)
Used memory:       196737688 bytes (73%)
-------------     ----------------
Total memory:      268435456 bytes (100%)
5505ASA# sh run webvpn
webvpn
 enable outside
 anyconnect-essentials
 svc enable
 tunnel-group-list enable
5505ASA#
If I go through the ASDM wizard and attempt to install the SSL VPN via anyconnect, I get an error as shown in screenshot below. ( File write error check disk space)  which I am not understanding as the cache-fs they say to use does not exsist.

its a small office, with only anyconnect , asdm, and asa.bin files on it, small running config,  so I am lost as to why I cannot add Anyconnect especially when its always worked.  

sh disk 0 is also shown below.

5505ASA# sh disk
--#--  --length--  -----date/time------  path
    3  4096        May 17 2013 13:51:48  log
   13  4096        Aug 13 2017 15:29:23  coredumpinfo
   12  4096        Aug 29 2009 07:33:22  crypto_archive
   97  16459776    May 17 2013 13:47:00  asa822-k8.bin
   98  11869456    May 17 2013 13:49:32  asdm-625-53.bin
   99  35167466    Mar 03 2014 10:04:32  anyconnect-win-3.1.05152-k9.pkg

127111168 bytes total …
0
Hi again everyone -

So sorry to be a pest. Now that I have my ASA 5505 up and running with successful Internet access by devices on my LAN, I can't seem to get my DMZ to gain internet access. Nor can I get a simple IPSec site-to-site VPN to work.  This is really frustrating as the ASA on the other side already participates in another separate site-to-site VPN (setup by me) which works just fine.

I have looked at NAT rules and access rules and can't seem to find the difference. The only thing I did differently on this VPN was try Diffe-Hellman Group 1 as group 2 settings didn't work.

Below is the sanitized config of the ASA that has a working DMZ and a working VPN as well as the non-working VPN.  I have replaced my static public IP with xx.xx.xx.xx and the peer IPs in the VPNs are vv.vv.vv.vv for the one that works and ng.ng.ng.ng for the one that doesn't work.

I will return to this post momentarily and add a comment with the running configuration of the ASA at the other site.

Thanks in advance for any help.

Result of the command: "sh run"

: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password /zzzzzzzzz encrypted
passwd zzzzzzz.zzzz encrypted
names
name 192.168.1.0 dmz_outside
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.0.0.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xx.xx.xx.xx 255.255.255.252
!
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 
0
So the current system used stores users "My Documents" and other files in a personal drive and on a server. We use Microsoft's Sync Center to ensure both "My Documents" and the personal drive contain the most current data.

The problem is since users files are also available offline sometimes remote users don't connect to our server(they need to access our VPN to do so). This causes a problem with synchronization. It's very time consuming to check one person at a time on Microsoft's Sync Center.

Is there a way to automate detection? Maybe a Cmdlet?
0
as in my scenario our fortigate is configured for ssl VPN but the problem is it can connect but is not able to access the network resources and is unable to ping any internal network servers or switches.
0
Hello,

I need to configure a site to site VPN between 2 sonicwalls. I need to allow subnets 10.1.10.10. /24 (LAN) and 10.1.10.20 (WIFI) interfaces over the tunnel to the other side and vice versa.

Whats the easiest way to acheive?
0
I would like to understand the difference of persistent connection and keep alive. Is it only applicable to HTTP protocol? Thanks!
0
Anyone have any deperience with VPN performance issues
0
Hello,

Trying to create a Site to Site between our TZ215 and Azure:
VNET1 - Address Space     = 10.1.0.0/16
               Subnet  range      = 10.1.0.0/24

GatewaySubnet                  = 10.1.1.0/24

Virtual Net Gateway           = VPN
                                               = Policy-based
                                               = VNET1
                                               = VNET1GWIP  (created Public IP)

Local Net Gateway             = RP_OFFICE
                                              = Public IP address of SonicWALL
                                              = 192.168.250.0/24 (LAN network on SonicWALL)

Connection                          = Site-to-Site (IPsec)
                                               = Virtual Net Gateway
                                               = RP_OFFICE
                                               = Shared key that matches what's configured in the SonicWALL

SonicWALL:
 General Tab                         = Site to Site, IKE using Preshared , IPsec Primary = Public IP of Azure, IPsec Secondary = 0.0.0.0, Local & 
                                                   Peer IKE ID = IPv4 address
Network Tab                         = LAN Subnets, Azure LAN network
Proposals Tab                       = Main Mode, Group 2, AES-256, SHA1, 28800, ESP, AES-256, SHA1, 3600
             
Seeing the following in the SonicWALL log:
  SENDING>>>> ISAKMP OAK INFO …
0
What does it mean to be "Always On"?
LVL 4
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Anyone has experience connecting Chinese office to US?  One of the options is going through Hong Kong but the connection if very poor we heard.

Any other vendors or solutions we should look into?  Fiber connectivity?   Just need to have a reliable connection to one of our US data centers.  Please advise.  Thanks!
0
Hello - we recently installed a new ASA5516 firewall, and have been having our US users access the ASA's public address in order to install the new AnyConnect software - which has been working.  We have a user in France, however, who is being blocked apparently due to the server not being trusted and a missing security certificate.  We do not have a security certificate for the ASA yet, so we're wondering if theres a way around this without having to install a certificate - like we do with the other US users?
0
What is the best VPN solution , that helps in connecting 2 remote sites with a data-center , i am talking About Software VPN
0
I have an old CallManager (4.3). it works great and no one wants to upgrade it. I have several small offices and individuals working from home offices and in order to have working phones in their locations I have to do site-site VPN's to each location.
Is there way to create some port forwarding and avoid VPN? Which ports? Any downsides?
The firewall is Cisco ASA5510 and they have Cisco 7941 and 7970 phones if that matters.
Thanks!
0
Hi,

I am trialling a Cisco CSR 1000v (2 nic) in Azure. I have setup VPN's to the external interfaces and these are up and running and I can ping the internal IP of the 1000v.

Office A: 192.168.1.1/24  (can ping 172.16.31.1 and 172.17.31.1. Cannot  ping 172.17.31.4 )
1000v WAN interface internal IP: 172.16.31.1
1000v  LAN interface: 172.17.31.1
VM IP: 172.17.31.4 (firewall Disabled and can ping 172.16.31.1 and 172.17.31.1. Cannot ping internal IP of office firewall)

I have set up a test VM and connected to the internal interface and I can ping the VM from the 1000v. I can't seem to ping the VM from the office. I can ping the 1000v from the office and if I run a traceroute I can see the traffic for the VM being sent to the 1000v so I know the route is setup correctly.

 Can someone tell me what I need to do to allow access. I have added both interfaces to the Crypto Map (below)

Cisco1000v#show crypto map

Crypto Map IPv4 "OfficeMAP" 102 ipsec-isakmp
        Peer = XXX.XXX.XXX.XXX
        Extended IP access list 102
            access-list 102 permit ip 172.16.31.0 0.0.0.255 192.168.1.0 0.0.0.255
            access-list 102 permit ip 172.17.31.0 0.0.0.255 192.168.1.0 0.0.0.255
        Current peer: XXX.XXX.XXX.XXX
        Security association lifetime: 4608000 kilobytes/3600 seconds
        Responder-Only (Y/N): N
        PFS (Y/N): N
        Mixed-mode : Disabled
        Transform sets={
                T1:  { XXXXXXXXXXXXX} ,
        }
        …
0
I am trying to setup MS outlook to connect to exchange server over the VPN connection to the office. When I add account to outlook it fails. The FQDN is mail.companyname.com which resolves. I am running exchange 2007 on SBS2008. should the FQDN be remote.companyname.com or mail.companyname.com.
0
Hello Experts,
I have installed the tunnelbear extension on Opera, but am not finding a way to set the destination country. Please let me know if it is possible to do.

PS: I do not want to install the tunnelbear application on my machine.
0
I set up a Linksys LRT224 router about a year ago
it does some pass-throughs ti the following
-security camera NVR only two users can access

-Windows Server 2012 running an SQL database about 10 users

-VPN connection so users can get to all servers and appliances
This was suppose to be for only two users, but now they want all 10 users to be able to use VPN

Question?
should I continue to use this router? will is start to degrade in speed
some users say the VPN is starting to slow down

any suggestions are appreciated
0
On premise I have 20 Virtual Machines running in Hyper-V, these VM's are replicated into Azure. I have a VPN tunnel setup from On premise to Azure. If i carry out a test restore of a server 2016 Server, I can connect to it fine, via SQL, RDP etc however I cannot connect to my Server 2003 VM's either via RDP or SQL

(I know 2003 is no longer supported and plans are in place to upgrade the Databases on these servers, but that will take another 12-18 months)

Windows Firewall/Internet Connection Sharing (ICS) Service is disabled, so I don't know if this needs enabling and then configuring for the relevant ports on prem or if there is another issue ?
0
Need protection from advanced malware attacks?
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Hi EE,

I have a problem with one of my servers not replicating to an OFF-SITE location. I am able to replicate ON-SITE to the same host without a problem or even to another host in the same environment. Replicating via VPN to our data center give me the following error

"processing configuration Error: The operation is not allowed in the current state."

I would like to add that I am able to replicate a different server from a different location to this same host without any problems via VPN.

Thanks
0
I have a TZ105 and i setup SSL VPN with NETBIOS enabled. I configured the Client Settings DNS Server address for our internal dns server. So i can now ping hostname.domain.local but cant ping hostname. Any Suggestions?
0
Setup: Laptop connected to our network via public WiFi over a VPN encrypted connection.

Trying to map a network drive so laptop user can save files to the server.

This worked one time:
net use k: \\xxx.xxx.xxx.xxx\transfer /u:
Prompted me for my username and password and mapped the drive

Subsequent attempts after rebooting yields a System error 53 network path was not found.

If I do the same command less the /u: parameter it maps the drive just fine but of course I cant get into the drive because of permission issues.

The username on the laptop is not the same as what the user would use if they were on site and actually logging into our network thus the reason for the /u switch.
0
I am fan of making vpn connections using injector apps my friend give me this kind of codes 616170323031372e73736864622e7573 use to put in a payload settings. Then i try to use it! And it was success and valid.. In payload settings, i can only put subdomain, domain and valid ip addresses then how come this is valid?? Anyone could explain?
Thanks
0
Hello,

SonicWALL NSA routers

I have a network with 10 site to site vpn's. We switched providers on two of our sites. The buildings are on the same street and I got these IP's

Site A -   X.X.49.53
Site B -  X.X.49.52

I was able to recreate all of the tunnels with the exception of Site A to Site B. I'm wondering if it has to do with the fact that they are on the same .49 network. Any idea if this is the case?

Thanks in advanced
0
Client is looking to have 3 separate locations connect to FileMaker databases.  Sometimes 2 users will want to access the same file.

Can they set up FileMaker Pro on a Virtual Private Server and use that copy to serve files?   What is the limit of open files for non-server FileMaker at the moment?
IF they purchased FileMaker Server, would that work?

Could they remotely run FileMaker on a VPS?

Is there a way to do this?

Thanks.
0

VPN

23K

Solutions

22K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.