VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a Cisco 890 Router that is connected to a broadband connection. Internet is up, all services appear to be operational. There is a VPN tunnel to a smaller office in town that shares the internet with the device. We have a scale that just got installed. This scale is on the IP address 192.168.35.115.
I can ping it from the router, I can telnet to it on port 4660 on the internal LAN. When I goto setup a rule that would allow any IP to telnet to the port from the internet, it doesn't appear to be routing.

ip nat inside source static tcp 192.168.35.115 4660 interface Dialer1 4660
access-list 106 permit tcp any any eq 4660

Those are the commands I typed in to allow the traffic on port 4660 through the WAN interface.
Are there any other commands I need to type to allow the traffic to route?
0
Become a Certified Penetration Testing Engineer
LVL 12
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

I have a SonicWall SMA 200 VPN appliance that accepts client connections on port 443.

If I access my VPN address (vpn.company.com) using a browser, there is a portal login page (see attached image).

Login page
Can I disable this external login web page?  If so, how?

I only want the SonicWall VPN client app to be able to connect to vpn.company.com.  I do not want a login web page publicly visible.
0
Hi all,

I'm looking for "firewall" software which I can install on my Windows 2008 server so clients can securily connect to this server.
Is this possible and which is a trustworthy vendor for this. I know I can also use the built-in but more and more systems like Apple do not really support it anymore and because this server is behind a shared connection a hardware firewall is not possible.

Thanks for your advice in this matter.

Best regards
0
I VPN into work and then from there occasionally remote into a network server. I can easily copy files back and forth from the remote server to my local directory on my laptop. This works great for most files, however right now I have a file which is very large. When I try to copy that file from the network server to my local drive, I am informed that the approximate time to copy the file is two hours long. Well the file never copies, because after about 30 minutes the connection seems to time out, and the file is not copied. Our server currently is not set up for ftp file transfer, so I am wondering how I can copy the file over. Does anyone have any ideas? A
0
Hello looking for some experts to provide some feedback on an odd issue I'm trying to pin down.

Laptop - on board Verizon SIM - VPN SW Client back to office* - Able to ping resource on local office LAN by IP and Name and also 182.13.x.x traffic by IP and Name
*Note: Also a vendor specific router off in-office firewall interface that certain and all 182.13.x.x data gets routed to/through.

Connection via on board SIM connection - CANNOT resolve a https:\\listenerpage.domain.com site.
Connection via Hot-spot on cell phone - CAN
Connection via a external Verizon Jet-pack newer or older model - CAN
Connection via hard wire/LAN connection within the LAN - CAN

Tested on two different same manufacturer Laptops, Panasonic, and same behavior (success vs unsuccessful HTTPS address resolution) outlined above.

Packet Monitoring shows drop on successful HTTPS resolution attempt but nothing really that can denote why other than its not getting a response back it seems.  Wire-shark shows packets can be no bigger than 1378 when being transmitted, but it's same when successful using another method to get out to internet by Verizon.  Of course all vendor support says 'not them'.

Any thoughts on what else to look at consider, angles to approach would be greatly appreciated.
0
hello Experts
i have a Cisco ASA 5510 soft version is 8.4(7), i have IPSEC VPN(Cisco VPN Client) and SSL VPN(Cisco Anyconnect) configured, i want to configure L2TP VPN on this as well, after read some article i have to using the default tunnel-group which named DefaultRAGroup, but after that not only new configured L2TP not works, but also affect other VPN, the symptom is VPN could connected but no any network connection, once i remove the DefaultRAGroup, L2TP could not connected any more and other VPN works well then.
could you suggest it is possible have all above types VPN configured on one ASA firewall?

thank you
0
Can fortinet firewalls (50d) be setup to monitor an ipsec vpn connection and switch to another if one is down?
0
I have set up a VPN tunnel between a Fortigate 140D (running 6.0.3) and a Sonicwall NSA240 (running  5.9.1.7-2o).  The tunnel is up and running.  The Sonicwall can ping devices in the Foritgate network, but the Fortigate cannot ping anything in the Sonicwall network.

I have the route correctly set on the Fortigate and the logs show that the pings are going out, but nothing is coming back.  I enabled Debug on the Sonicwall and it's not seeing the pings at all.  I've followed a bunch of Forti to Sonic VPN tutorials and guides without any success.

Any suggestions?  (if there's specific screenshots that you'd like to see, let me know)
0
Hi, I have a friend who is traveling in Europe soon.  They'll be on public WiFi all the time, wherever they go, and they're concerned about doing things like online banking.

They asked me if they got a good VPN (I use StrongVPN), if that would be secure, because the connection between them and the outside world would be encrypted.

I didn't know the answer, so I am coming to the experts. What's the safest, most secure way for them to connect to online banking while on a public WiFi?

Thanks!
0
Dear All, I am having an issue getting all of my Branch Site to Site connected ASA's to be able to be able to utilise Main Site Radius Server for 2FA.  All of these Branch sites have been connected and operational for hundreds of days and everything still works fine, with exception of this issue.  The issue I have is trying to get the AAA server of 192.168.1.8 to working at any of the branch site ASA's.  Now every server/PC on each of the Branch sites are able to ping and even web browse to the Radius server, but none of the ASA's themselves can communicate.  I naively assume this is something to do with it seeing this as data being treated as from the outside interface?

When I initiate the AAA test, this is the error from the log file. Routing failed to locate next hop for UDP from identity:192.168.3.254/36903 to inside:192.168.1.8/1812
Basic topology
0
Big Business Goals? Which KPIs Will Help You
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

is there a proper way to establish connectivity between remote offices that are connected by VPN (SW SOHO) to the main branch that is using Sonicwalll NSA 2400. Each remote office has connectivity to the main branch, but need each remote office connectivity with each remote office via VPN.
0
I am installing a new Meraki firewall in our organization.  I would like to be able to keep the ability to have SSL VPN that we currently have on our Cisco ASA firewall.  Would anyone have any knowledge of what I would need to do in order to put the Cisco ASA behind the Meraki, open ports on the meraki to point to the ASA so I can still use it for client VPN access only.  Meraki would handle everything but the VPN.
0
I need to be able to share a printer when a computer is connected to the VPN.
My theory is that  the printer will need to be shared, before it can be printed to, when a VPN connection is established.
The OS is Windows 10
My other ideas is to uninstall the printer and install it when I am connected to the VPN.
I imagine there is a solution to this challenge.
I do not recall the other steps I tried, but I believe the one solution to the problem is to configure a Cisco ASA.
I was also thinking that I will have to enable the wireless printer's IP as an exception on the firewall.

Maybe I need to create a script with Powershell, to first configure the printer to print to a file then send it directly to the print queue.
0
Slow Performance while VPN to the network.

Does anyone know why VPN performance is so slow when running speedtest (80MB directly to the internet and only 10MB while through VPN).  There is no split tunneling enabled so all internet traffic goes through the VPN tunnel.

Thank you in advance,
0
Hi All,


I am having an issue with my Azure subnets (10.210.0.0/16, 10.211.0.0/16) being able to access my prem subnets over a S2S VPN tunnel.  So currently everything is work fine from my inside internal range (10.1.1.0/24).  As an example when I try to access say ports 88,53,389 etc from the Azure controllers (10.211.20.10, 10.211.20.11) to the Prem Controller (10.1.1.159) it is fine, but when I try to access them from the same Azure controllers to say another local controller 10.1.90.14 I get the following error in the log:


FILTER:srcIP=10.211.20.10;dstIP=10.1.90.14;

%ASA-5-305013: Asymmetric NAT rules matched for forward and reverse
flows; Connection protocol src interface_name:source_address/source_port [(idfw_user)] dst interface_name:dst_address/dst_port [(idfw_user)] denied due to
NAT reverse path failure.


When not on the same interface as the host using NAT, use the mapped address instead of the actual address to connect to the host. In addition, enable the inspect command if the application embeds the IP address.


Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside:10.211.20.10/57160 dst ED:10.1.90.14/53 denied due to NAT reverse path failure


Now this is the current NAT:


nat (inside,outside) source static OnPremisesNetworks OnPremisesNetworks destination static Azure-Networks Azure-Networks no-proxy-arp route-lookup


The OnPremisesNetworks group object has the inside networks …
0
We are currently using a Meraki MX84 for VPN.  It connects to our Active Directory to authenticate users.
I am setting up a Duo Authentication Proxy to tie into my Meraki MX84 so I can have Multi-Factor Authentication on my VPN.  The Duo Auth Proxy is asking for a Radius Secret from the Meraki.  I am not sure where to setup the connection on the Meraki side.  Am I setting up sign in with my Radius Server under Access control?
0
Using Windows 7 I utilised a number VPN connections.

Following successful connection the connection properties were viewable and showed the IP address of the server and a secondary IP address I then used to connect VIA RDC.

Having now replaced my system with a Windows 10 PC whilst I am able to create a VPN connection and successfully connect the connection properties are not visible.

Where  can I find them.
0
I have a new Cisco ASA 5506x and am having difficulty setting up remote management.

SSH on the outside address will work, and is set to accept connection from only specific IPs.  However, I would like to be able to use ASDM from outside as well. (My IOS skills suck.) Using the same IPs as the ssh command does not work, and the client gets a "unable to launch device manager from ..."  

I have Anyconnect VPN working as well, and when connected, I can ping all addresses on the inside network, including the management IP. (same as gateway address) Device is configured to use inside address 10.0.12.0/24, and VPN pool is 10.0.13.0/24.  

I have ' management-access inside'  entered in the configuration, and yes when a PC is connected to the inside ports, the ASDM will come up and run as expected.

I think what is killing this is the default configuration now comes with all the ports on the device (less 'outside') are joined to a bridged network that is by default BVI1. All remaining interfaces are given the nameif of 'inside-1' thru 'inside-7'. To make http work on the inside ports requires adding lines 'http 10.0.12.0 255.255.255.0 inside-1' thru ...inside-7.  If I add 'http 10.0.12.0 255.255.255.0 inside' or http 10.0.13.0 255.255.255.0 inside' it barks at me that this is an 'ambiguous command'.  (same thing if trying to add BVI1) So clearly it wants to reference something that is a physical connection instead of a virtual object.  Problem is that the only other options …
0
Are there instructions somewhere for setting up VPN on Ubuntu via command line?

Anyone can provide any reference please?  Thank you!!
0
Python 3 Fundamentals
LVL 12
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

We have a site to site VPN setup between Site A and B using Sonicwall's.  Site A is the main site which also is setup with an SSLVPN.  The users need to access the SSLVPN from within the LAN as well because we have a bunch of RDP and VNC bookmark's that they use.  We have remote.domain.com:4433 setup for this SSLVPN access.  This works fine when outside of the network and when at Site B.  Site A would not connect because it was hairpinning.  Sonicwall support said we could not setup a hairpin NAT rule for the SSLVPN.  To get around this, I setup a DNS zone for domain.com and create an A host record within the local server DNS to point remote.domain.com to the LAN IP of the sonicwall.  Now Site A can access the SSLVPN portal page from within the LAN.  BUT, now site B cannot because that DNS record is forcing the connection over the site to site VPN which the Sonicwall does not allow.  Sonicwall support said there was no way to get it to work over the site to site VPN.  I know I could create RDP and VNC shortcuts for all remote users on their desktops, but that would be messy and much more difficult to maintain.  Does anyone have any tricks to get this to work?
0
Secondary VPN Connection Help Needed
We have a location that we are using for data processing
It has a current vpn to our location, they are setting up a failover connection to another ISP
How to setup a second vpn connection to the failover ip on the Fortigate
the Fortigate side does NOT have a secondary wan connection only the head end at this time
Do not need someone else to configure it for me just trying to find where to get more detail we have begun working on the Fortinet side, but keep falling into trouble when trying to setup the backup vpn on the Fortigate site
Just a gentle nudge towards to where to find this solution been scouring the net for hours so far
0
Allow multiple users to login and use the same application at the same time.
0
I got the following error While trying to install Cisco AnyConnect Secure Mobility Client Version 4.7.00136 predeploy. "There is a problem with this Windows Installer package. A program run as a part of the setup did not finish as expected. contact your support personnel or package vendor".

i am trying to install this on Windows 10 Version 1803 OS build 17134.441

Your help is greatly appreciated.
0
Hi,

I would like to connect my laptop to our business network when I'm outise the office.
for doing this, I'm using the software Schrew to connect to the modem Lancom whose adress is 192.168.0.254
Behind the lancom there is a Win 2008 R2 sp1 server for the dhcp. its adress is 192.168.0.246
The VPN server is the Lancom.
Connect VPN is OK and i can ping whole the network.
The issue is when i want to get e-mail. Outlook can't connect to the Exchange Server running on the 192.168.0.246.

Can some help.
0
Hi experts.  My question is regarding the Ubiquiti Unifi AP-AC-LR.   I have 2 plants.  Plant 1 I have 5 of these devices installed.   Plant 2 I need to install 6 of them.  There is a vpn between the 2 sites.  Plant 1 is on 192.168.1.xxx.  Plant 2 is on 192.168.5.xxx.   Am I ok to install and configure the new AP's for Plant 2 thru my PC that is at Plant 1 that I configured the 5?  Will they cross the IP schema and configure properly or do I need to configure thru a PC at Plant 2?
0

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.