A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

I am wanting to set a user up with a roaming profile. they have a surface they use at the office. When they are out they vpn in to connect to resources. I am setting them up a hyper v machine that I want to look and feel like there current desktop. Any ideas on this one.
Improved Protection from Phishing Attacks
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

user trying to access an internal system via chrome, system is hosted on Azure VM, VPN set up to connect to server from HQ. User is in another location which has a VPN tunnel connected to HQ. The other location has no VPN tunnel to the Azure server, this is not possible.

System can be accessed externally using normal web address however because the user is in an location that is connected to HQ via the VPN chrome is trying to use the VPN tunnell to connect.

Can a batch file be created to route the traffic for this address out through the internet connection instead of the VPN tunnel
Hi experts,

I connect to VPN to a clients environment via Cisco AnyConnect Secure Mobility Client.  Once connected I then remote desktop into the machine at the client and I can work etc.

Whenever I do this I lose all internet access from the laptop I connect through at my home.  So I can't have an email client running locally as it will not connect to email server.  I can't minimize the remote desktop and browse internet with a local browser.  It's like it completely takes over my internet for some reason.

So I created a new VM via VMWare and thought I would just use the VM to vpn into the client as the VM should share the internet connection.   To my surprise, even when I do that, the internet will not work on my local machine.  The VM completely takes over my entire internet once I connect to Cisco AnyConnect.

I figure this is probably security related but is there anywhere or any setting I can do so it shares the connection?

Or in VMWare something where it won't allow it to take over entire connection?

Thanks for any inisight.
In our datacenter we have a ASA pair (failover active/standby) which are connected to 2 ISP's. We are currently migrating from ISP1 to ISP2 and are using Policy Based Routing (PBR) on the ASA to make the transition smooth. We can pace the migration and move services step by step to the new ISP.

Everything seems to be working pretty well with PBR except for a problem with some site-to-site VPN-connections. We have a couple of site-to-site connections coming in on the ASA, for some we have access to both endpoints, for others the endpoint is managed by a third party. So originally the site-to-site connections are terminated by the ASA on ISP1, the remote end is connecting to the WAN IP of ISP1. To migrate we want to terminate the VPN on ISP2 on the ASA. So we reconfigure the remote endpoint to connect to the WAN IP of ISP2.

During the migration we use ISP1 as default (lowest metric in static route). With PBR we make sure that VPN traffic from and to ISP2 is routed correctly.

For Site-REMOTE1 and site-REMOTE2 this is working flawlessly, the remote endpoints are now connecting via ISP2 and are setting up a tunnel where we can see traffic TX and RX on both endpoints. Services at both ends working and tunnel is functioning.

For Site-REMOTE3 we see incoming and outgoing traffic on the ASA in the datacenter, but the remote endpoint is not receiving traffic (RX = 0). The tunnel is online and counter for RX datacenter ASA = counter TX REMOTE ASA.

If I switch
Hi Guys

I am looking for the experts in the security field that could help me with this one.
What would be the pros and cons when it comes to open source firewalls and commercial firewalls?

IE support / costs etc.

What would be the best to use, that would be compatible with Azure VPN Route base and policy based routing for site to site / remote branch connectivity?
We are looking to set up a point to point vpn with sonicwall on our end and watchguard on the clients end. We'll be using that to set up crashplan backup on virtual machines. Two questions.
1. Is it pretty straightforward to set up the point-to-point between sonicwall and watchguard?
2. Once that is established, would we need a backup device for each VM (say we have 3) or would backing them up to one device with designated partitions work ok?
I migrated from a 2003 server to a 2016 server.  After the fact, the client informed me that they were using PPTP to connect remote users.  I have gone through the RRAS setup and have installed the necessary role.  The server manager says all is running correctly.  I am using the same IP address in the 2nd NIC of the new server so I do not have to modify the firewall.  This is the same NIC I selected when I setup RRAS, so the binding appears to be correct. When I attempt to connect from a client, I am getting a 807 error code.
How can I confirm the settings on the server to verify the CHAP settings and so on?
Got called in to look at a very strange network the other day...  They were running a business off a (A) Linksys E2500 home wireless router.  Now off of this router is one cable going to a (B) Mako dual wan appliance, which then goes to a (C) Cybera appliance which hosts a VPN connection as well as a (D) Cisco RV042 router.  Now the other cable off the original router goes to another (E) E2500 Linksys router which only has a laptop and provides wireless to a printer and cell phones for employees.  

Now router (A) is controlling PPPoE from a bridged DSL modem.  Router (A) IP is and servicing everything via DHCP (This will change in near future).  Router (E) acting as an access point is also LAN IP of and handing out DHCP.  The laptop connected to (E) also has a secondary NIC via USB that connects to some point in the other side of the network.  The Mako fails over to secondary ISP (Cellular) after only a few minutes and generally won't return.  I believe either the laptop router (E) is creating the problem.  Router (A) is experiencing over 2,000ms latency and over 5% packet loss.  So I removed router (A) and reconfigured the DSL modem to handle the PPPoE and this now becomes router (A) in the equation.  This router is set to and has around 25ms latency with less than 2% packets loss and everything works great!  We are keeping an eye on this for a week or so, before any more changes are made.

Eventually the Mako should be the router and…

I have setup SSTP via Windows 2016 Essentials.
Everything works fine: connection is ok. However, when the connection is made and I try to rdp to the (domain joined) machine which is making the VPN connection, it says
"specified domain either does not exist or could not be contacted"

Please advise.
Dear Experts,

I'm having an impossible time trying to VPN to a  Cisco Meraki Firewall with a LInux Ubuntu MATE desktop.

I only need to setup the secret key the username and password. I do not need to have a certificate.

The Linux VPN clients are not working. Is there a script I could use from somewhere?

Thank you!
Protect Your Employees from Wi-Fi Threats
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Need some help with remote users and QuickBooks database manager. I am running QB database manager on a Dell PowerEdge and using a TZ300 SonicWall for the vpn. remote users are connecting to the network via NetExtender. They are connecting great, they see all the network files and folders. They even see the QB database files fine. The problem is when opening QB it freezes after entering the password. QB opens you can select the company to open but after password, nothing. Anyone have any ideas? I'm sure its a setting on the SonicWall that needs set. A firewall access rule or something. Any ideas would be greatly appreciated.
I have a Windows 2016 server(Domain Controller and Certification Authority).  I am running Hyper-V.  I have two virtual machines.  The first virtual machine is I have installed and configured Remote Access Server(setup for VPN only) role.  The second virtual machine I have installed the NPS (radius server).  I the needed certificates enrolled.
My goal is to have the Remote Access Server function as a VPN server.  I want to have a BRANCH office have the ability to:
1.      Connect to the VPN server
2.      Use Remote Desktop Connection to connect to a domain computer at the MAIN office.
Both offices have the Xycel VMG4325-B10A routers sitting on the edge of the network.  
Both offices have access to the Internet through the Xycel router.
I have VPN ports(UDP and TCP) on an ACL list and I have Port Forwarded.
When I set up the client for VPN I am using the FQDN name of the VPN server. I am unable to connect
I am missing something?  Asking for assistance.
Hi all,

I'm considering an Internal CA to facilitate a more secure VPN Remote Access for a handful of users who mainly work away from the office. They will need access to Exchange email and possibly some shares on a file server.

Can I publish CRL and Delta CRL to a web server which is NOT domain joined and resides in a DMZ or even a standalone Azure VM?

If it's possible any chance of some basic instructions or steps I would need to take to get the Issuing CA to talk to the Web server?

Alternatively, is SSTP enough with a public trusted cert?

Or is there a better way altogether?

Thanks for your time, as always, it's appreciated

our company switched from using the native windows VPN to Cisco Anyconnect.
the ssl cert that was being used for our old VPN expired and now people are getting regular security alerts.

"Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate."

Every user i checked with removed the old VPN configuration.

is there something else that needs to be changed?
So my sonicwall 3600 went down. Sonicwall sent a replacement. I uploaded the saved configuration into the replacement and didn't notice any problems.

The next day, users say they can't access the VPN. After a half day talking to Sonicwall support, we figured out that users cannot access the VPN using their UPN as they used to on the old 3600 but can access it using their SAM.

L2TP / IPSEC with RADIUS (NPS) authentication. Funny thing is, the RADIUS server shows success (reasoncode 0) with both the UPN and SAM. Sonicwall's "Test" area in RADIUS shows Success when testing with UPN.

Thanks in advance!
Youtube, asking me to accept that ALL i look at and ALL my computer/IP and other information will be sold to third parties......
Google trying me to sell stuff, instead of giving me honest non-commercial search results.......
Facebook cookies, banners, advertisements and so on.......

How can I just browse over the internet and find what I am looking for WITHOUT being tracked, stored and sold to companies I dont like or know...

Is there a way to use a VPN connection (already have one) and a VM setup on a NAS in order to hide my computer specs and serial number etc, in order to just look on the internet without being haunted by datacollecters??

Kind regards to all!

We are setting up a new VPN to a Cisco ASA.  Its using a new SSL cert rather than self signed cert.  The url is like this remoteaccess.domain.co.uk
We have split DNS internally and added this to internal DNS.
I now need to do this on 123reg DNS, but unsure of particulars.


I am thinking of purchasing a Windows server (2016 Essentials) for our small office. Among other things, it would serve as a central file repository, accessible to PC users in the LAN, as well as outside PC users that VPN into the office network.

The files would be in username/password-protected folders. To further protect data in case of physical theft of the server (somewhat unlikely but just in case….), I would like to encrypt the server using Bitlocker.

Given the above, is it possible to set up things so that VPN users (using Windows 10 Pro PCs) can access the encrypted drive and protected folders without having to type in encryption key, and folder username / password every time ?

I’d appreciate comments from anyone who has experience of this.

Thanks in advance !
Hello all,

We're looking for a solution that would give us the ability to monitor all employees that are working from a remote site.
We know that there are multiple ways to give users access to in office server files (VPN, RDP, etc.) but we would like to also be able to see if the users are "ACTUALLY working" when off site.
Ideally we'd like to monitor the following:

-How long user is "actually" working (not just logs that have when user logs in and out).
-What documents/items the user accesses during work and for how long.
-whether the user is just idle when accessing office network.
-granularity view all user actions logging into office network.

Is there a "Magic Bullet" solution for this or is this one of those "Use multiple existing options"  scenario where we'll have to use logs from various places (VPN logs, server logs, GPO, etc.) to gather the info about whether the employee actually does work from home?

Network consists of:
-Windows server 2012 (DC, DHCP, DNS, Storage)
-30 Client computers with windows 7. 8. 8.1 and 10
-TZ-500 Firewall
-2ea 48 PoE port managed Switch.

Any recommendation is greatly appreciated!
Looking forward to your responses.

Worried about phishing attacks?
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

I need some help. I am having trouble wrapping my head around a firewall nat issue, in terms of how to accomplish a setup between my Production site and a DR Site. Both have the same internal subnet of  Here is my issue:

I have a server with an address of at my DR Site. Nothing will ever use that address in either Production site or DR Site other than that server, this is the only difference between networks. I need the ability to do a VPN to that one server. For instance if a user in my production site needs to go to that ip I need it to go across the VPN to my DR site and access that server.
I know I need to NAT that IP to another IP and I get the concept but when I start mapping it out I'm confusing myself or whatever. I need help on this logic. There is a Cisco ASA at both locations
Dear Experts

We have 03 locations  one head office + 2 branch offices, application server  web based is hosted in head office and branch offices to access the head office applications, all the 03 locations are having broad brand internet connection and each of the location having static ip, is it possible to setup IP-sec VPN so that branch office users can access the application server of the head office,  if possible please suggest what type of router to be procured and steps please
Dear Experts

please let me know if remote users access the hosted applications which is on site through the internet of connection types: DSL/broad band connection or data cards/dongle with the security layer of VPN client access and with YubiKey enabling if this two are taken care will it be within the compliance of ISO27001 standards please suggest,  I want to understand without the MPLS VPN and leased line (site to site vpn)  will it be still possible to meet the iso27001 standards  please suggest.
Hello Experts. In my staging env, i have Exchange 2013 CU18, with AD 2012R2, and Outlook 2016. I am testing enabling MAPI protocol, currently on-prem exchange is enabled to accept RPC over HTTP via NTLM. I have used the following powershell command to enable MAPI HTTP on a few mailboxes: Get-CasMailbox -identity "User name" -MapiHTTPEnable $true. The users Outlooks are able to connect to on-prem Exchange via MAPI over HTTP with nego* authentication. However, the users machines need to be connected to VPN. if VPN is not connected, then Outlook prompts the user for credentials, after which it connects successfully.

Obviously, I do not want the users to have to input any credentials. Outlook should automatically connect via MAPI over HTTP weather VPN is connected or not. I believe the issue is that MAPI over HTTP is unable to connect using auth NTLM. However, prior to this, we allowed connections using RPC over HTTP via NTLM, and Outlook was successfully able to connect via RPC over HTTP via NTLM without prompting for creds, even if VPN is connected or not. Why is MAPI not able to connect via NTLM auth without VPN. in between, we have a NLB, which has been configured to accept MAPI connections.

Also, what settings need to be enabled in IIS authentication for MAPI virtual directory?, currently i have Windows Authentication enabled for MAPI virtual directory in IIS authentication. Also i have set for MAPI virtual directory for its IISAuthenticationMethods the following: …
Dear Experts

We have hosted application server which is web based in the head office and this application has to be accessed from remote site’s which are located at a distance, the remote site 1 and remote site 2 users to login to the application and work but they have to be limited to use this application only from within the remote site office premise network, should design the network extremely highly secured, following options I think of and as well few challenges and suggestion
1.Connect the Head office and two remote sites with MPLS VPN network with reputed service providers so that remote site users will access the application server within mpls vpn network
2. If in case service provider says mpls vpn connection is not feasible at remote sites then we have to go for the leased line circuit at all the three locations that is head office where the application server is hosted and at the remote site office 1 and at remote site office 2 and install strong firewall and connect all the 3 locations as site to site vpn connectivity we can go for cisico firewall or sonic.
3.If mpls vpn and also leased line both are not possible due to non-feasibility from service providers and we have left with an option broad band connectivity OR data cards/Dongle then how to achieve the extremely high security,  below is what I can think but I request an experts inputs and suggestions and possibility and recommendation
a) in this case users from the remote sites to be allowed to …
I am trying to install Sonicwall SSL  VPN and the install fails with the following error.

Starting to connect RDP...

RDP ActiveX Control appears to be disabled or not installed.

If it is disabled, goto 'Tools->Manage Addons...', and enable 'XTSAC Control'.Please wait while the Remote Desktop ActiveX Client loads ...

Protected Mode WarningcloseDell SonicWALL Secure Remote Desktop Client has detected that Internet Explorer is running in Protected Mode. Security warning may popup during launching the client under Protected Mode. You can add the SSL VPN web address into the browser's trusted sites list to avoid this.
Click 'Yes' to continue and 'No' to cancel launching the client.NoYes

'XTSAC Control does not appear in the add ons






A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.