VPN

23K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Sonicwall NSA 2600 intermediately blocking certain PCs from Internet Access.  Just started a couple days ago and nothing has changed on the Sonicwall.  Randomly 2 PCs (that I know of) will be blocked from Internet & site-to-site VPN access until the main Sonicwall is rebooted.  Then connectivity will be restored until the Sonicwall blocks them again.
0
Hey MSSPs! What's your total cost of ownership?
LVL 1
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

What are some good books that discuss how to set up and configure Direct Access within a Server 2016 network?

If there aren't any good books that deal solely with Direct Access then what are some Server 2016 books that go into the Direct Access subject in good detail?
0
We have a site-2-site VPN setup between onprem and Azure and able to access all Azure resources on our internal network without issue. One of the VM's is a DC which replicates with our onprem DC's. I have noticed sporatic RPC connection errors between the partner DC for replication. The onprem firewall and Azure NSG have all ports open for the VPN connection. When I ping between the onprem DC to Azure and reverse, the average ping times are ~13 - 15ms. It this ok for the site-2-site VPN link? When I run a continues ping for hours at a time and log the result to a files, I do not see any ping drops.
0
Dear Experts

We would like to restrict users from internet (though they have login for the application server)  our objective is  users who have application login access  should still be allowed based on their mac address,  first level at our firewall check mac id allow or reject then second level application level authenticate , we are completely okay to allow the users who work from remote office which has strong firewall but the same users from their home or internet then mac id to be checked and it is not from the accepted mac id then it should deny the access . application is webbased linux , apache and mysql .below are my doubts
  I have been as asked this to implement however I am not sure the users who access this application is from their office  behind the firewall and they will have to pass their firewall in this case will it be still possible to validate user mac addess and grant or reject access from our firewall,  is this possible ,  through vpn is fine but what if vpn details are known to others and if they access from their systems hence mac restriction is been asked, can you please suggest control based on mac is it good to go or is there better solutions , thanks in advance.
0
Set up L2TP VPN on Server Essentials 2016

PPTP is currently enabled. However, we need to change this to L2TP. As RRAS is now in legacy mode (which I have enabled via Powershell), Clients still can not connect via L2TP on a Windows 10 machine
0
Hi,
I have 2 Active Directory controller (both Window Server 2008 Standard).
They are both physical server, in same LAN network.
My goal is to setup an AD replica on a third (virtual) server, which resides on some cloud provider, for redundancy.
I can arrange some VPN between physical servers and cloud provider.
I mean: the 2 AD controller are 192.168.100.1 and 192.168.100.2
I can setup a routed VPN to cloud provider, with a different netwok, eg. 192.168.200.3
This third server should have Windows Server 2012 os.
How can I manage this?

Thank you
0
Speed test shows 80 down, 6 up.  When I VPN it is 19 down, 5 up.  When another computer that is on the same switch as me tests, it shows 13 down 2.6 up.  Why would that unit be so much slower when are both on same switch?

Path is cable modem>router>switch> my computer and other users computer.  My speed is twice as fast on upload.  So, she is crying about her VPN speed, but I have no idea why mine is quicker.

What to look at? We are both Ethernet connected to the switch.  Both are WinPro7 machines, mine is a desktop, her's is a laptop.
0
Hi,

We have a couple of cloud servers which we use to VPN in to and share files/folders.

Both are hosted with the same company, both are setup using routing and remote access using PPTP. One server is working, the other is connecting but we have no LAN access.

The IP addresses used on both servers are public WAN IPs, and they are connected directly to the internet rather than being on a private network using a gateway. So for the working server we configured a range of IPs to be given out under RRAS - Right click Server name - Properties - IPV4 - Static Address Pool. When we connect the VPN, it assigns an IP from the range we set here, and we can then access the server shares using \\IPADDRESS.

We have done exactly the same on the second server. When we connect this VPN it assigns an IP from the set range, we can ping the server IP no problem however when trying to access the shares it cannot see the server. I have tried the \\IPADDRESS and also \\SERVERNAME.

I have tried disabling the firewall to make sure nothing on here is blocking the connection, and it had the same issue.

Both servers are running Windows 2012 R2 Standard, but for some reason I have an extra tab in RRAS on the non working server under IPV4 called IGMP? I am not sure what this is used for but it isnt visible on the working server.  

Any suggestions?
0
I have a couple of machines that are not able to browse to HTTP sites at a remote site where that I have established a PPTP VPN to that site (via the OS). I can ping the respective IP address fine however HTTP browsing does not work. I am of great suspicion that this is something in our Sophos UTM as I can browse to the HTTP sites on my laptop via cellular connection fine (effectively bypassing the Sophos UTM).

I am not using 'use default gateway on remote network' yet I am unable to packet capture (in the Sophos UTM) any traffic going via the PPTP VPN to the remote site.

I've worked with Sophos UTMs (ex Cyberoam) for a number of years now and I cannot see anything obvious where anything would be being blocked or dropped. Everything is open. Nothing has been modified recently that would prevent this, and it only stopped in the last few months (yes I've been slack).

Has anyone experienced similar issues?
0
Hi,

i have a Domaincontroller on the network 10.1.1.x
on my home network i have the range 192.168.0.x

i have a vpn tunnel over my routers so that i can see both lan's.

how can i install a second domaincontroller on the network 192.168.0.x and let that sync with the first one.

the reason is that i want to add my home computer tot the same domain then on the office.
0
Ultimate Tool Kit for Technology Solution Provider
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Trying to set up a VPN between Tunnelblick on an iMac Pro  and an Araknis Router.

The Araknis has the same subnet as the iMac's Verizon router:   192.168.1.0

Would the fact that both the VPN host and VPN client have the same local addressing cause errors or disconnections?
I did get the VPN client to connect to the Araknis VPN host, but now I get the "Apparent public IP address was not different after connecting to client"  error

Tunnelblick error message
I can certainly download the config file again if it would be that easy.

Thanks.
0
hello experts
i have two sites, which there is a IPSEC VPN tunnel via two Cisco ASA firewall, i have no problem to access from site A to site B or B to A, but i can't access the inside interface for the other site, for example from site A can't ping to ASA-B inside interface and the same from site B can't ping to ASA-A inside interface, so how can i configure a policy so that such access available.

thank you
0
Hi,

I'm looking for a really good wifi router (like Ubiquity?) which has ssl vpn (preferrably also openvpn) , parental control and a much of those features as possible (like bandwith limitation etc, alerting etc) for home use.

Have the Synology 2600 now but wifi is really bad and looks like Internet connection not stable either.

Please advise.
J.
0
Hi,
I have put in place a new Domain (2016) at my compagny and I have one sales man that needs to have his computers switch from the old domain to the new one and he is a remote person so no physical connection to the office: just VPN connection.

How can I switch him from my old domain to my new one?
tx
0
Sonicwall site-to-site VPN speed.  We have a main site - Site A, and 2 remote sites - B & C.  Site A has internet speed of 20M/300M.  The remote sites have 10M/100M.  From site A we can only "upload" data to the remote sites at 10M.  Shouldn't we be able to push data to the remote sites at closer to the 20M upload speed of the main site?  Sonicwall support says it's limited by the slowest speed, but that doesn't make sense to me.  Are they correct?
0
Is there anything I can do to increase our VPN speed?  We use the built in VPN Microsoft has in Win7Po and SBS 2008. The SBS 2008 is at a data center with 100/100 speed and the Win7Pro machines have 100/10 connection speed.  However the VPN speed tests at 18/5 speed.  If I disconnect from VPN and speed test again, the speed is 65/9 roughly.  When I VPN connect again, speed tests at 18/5 again. So, why is VPN so slow and how can I increase the speed?

Another point is this: not long ago the Win7Pro machines where on a connection speed of 50/5 and when we VPN"d to the SBS 2008 that is on the 100/100 speed network, the speed was still roughly 18/5.

So, seems like the internet connection speed is not causing the limitation.  What should I look at?
0
I've just moved from a Windows 7 Pro laptop to a Windows 10 Home laptop.
I have a Draytek 2860 at a remote location and I have configured Dial In access (just PPTP for now). On the Windows 7 laptop I installed and configured Drayek SmartVPN and with that I could establish a VPN connection and it would set the DNS address so that I could ping devices on the remote network (as you would expect).
Since moving to Windows 10 and installing and configuring SmartVPN again using the same settings, I can establish a connection but the DNS IP address is not set so that although I'm connected to the remote network I can't do much by device name.
So in summary, the only difference between the two scenarios is Windows 10. Exactly the same configuration that did work at Windows 7 now doesn't at Windows 10.
0
Has anyone got the CIsco Packet tracer, ver 7.1.1,  to work setting up a Ikev1 VPN tunnel site-to-site using 2 Cisco ASA 5505 with the default IOS of 8.4(2) . If so, I sure would like to see a sample config.
The debug command is not built into the ASA for 7.1.1, which makes things tougher to correct the issue.
The 2 firewalls are pingable to each other on the outside, but no SA's even when I try to ping inside either host

Here is my sample with the other ASA being mirrored other than IP's and reversed access lists.
PA-ASA#show run
: Saved
:
ASA Version 8.4(2)
!
hostname PA-ASA
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 96.93.17.170 255.255.255.240
!
object network MD_Network
 subnet 10.0.2.0 255.255.255.0
object network PA_Network
 subnet 10.0.0.0 255.255.255.0
!
route outside 0.0.0.0 0.0.0.0 96.93.17.169 1
!
access-list MD_Traffic extended permit tcp object PA_Network object MD_Network
access-list MD_Traffic extended permit icmp object PA_Network object MD_Network
access-list Enterprise_Traffic extended permit tcp object MD_Network object PA_Network
access-list Enterprise_Traffic extended permit …
0
I'm looking for some guidance on how to allow Remote Users to access system applications. We currently are running a phase 1 setup where users are sent home with company equipment and use Sonicwall Global VPN software and Remote Desktop to remote into their own computers, located on site.

This is not, however, ideal, as it requires equipment on both ends.

Ideally what I'm looking for is to have a way for a user to have equipment at home, use a secure VPN connection with the Sonicwall Global Client, and then have the user access a desktop that is not in use. One way, obviously, is to have a bank of PC's with one dedicated to each person, but this seems cost prohibitive. So my thought is a virtual desktop.

I currently have two Windows 2016 Servers running my main system, including DNS and Active Directory, among other, core services. Is there a way I can build virtual desktops within that server? Should I have a separate server dedicated just to this task? What would be my starting point? Would I use Microsoft's built in Hyper-V? Would I use VMWare in some way?


The first group will probably be only 5-10 users, though this number may go up. I know there are options like Citrix which would provide a web interface but the way our applications are setup they would require a direct connection and so I don't know if Citrix and the like would work, though I am looking into this as well.


We have hundreds of available DHCP over VPN connections through our …
0
Introducing the "443 Security Simplified" Podcast
LVL 1
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

Dear Experts,

I am about to do a VPN entry in an ASA firewall ASA5515.

The thing I don't remember how to do is create a copy n the nvram in case I need to reboot the ASA  so it restarts with the saved configuration.

I mean if need it reboot the firewall so it goes back to the previous configuration.

Thank you!
0
I have two locations. Both locations currently have DSL connection from the ISP to a Zyxel VMG4325-B10A.  My project is to allow VPN connection between the two locations.  I have ZyXel USG20W-VPN for both locations.  
Question 1: The ZyXel VMG4325-B10a on allows connections for RJ11 connection.  Thus, to make the configuration work the ZyXwl VMG4325-B10A will need to be configured in Bridge Mode.  I need some direction on the steps to configure the VMG4325-B10A in Bridge Mode (right now, I cannot ping the ZyXel USG20W when it is connected inside the network, I am thinking ICMP is not activated)
Question 2: Does anyone know how I can accomplish this task without shutting down the network?  
Question 3: Has anyone had experience setting up the ZyXel USG20W-VPN with Microsoft Active Directory?
I totally understand the best situation would be to have the ISP drop off a fiber connection with an SFP or RJ45 interface.  However, working with our ISP is a difficult task.
If anyone can send me links or help in this situation I would appreciate it.
FireCon--1-.pdf
0
Hi,

I have five locations that have Sonicwalls and all five locations are connected by VPN.  The contract is up with the five Sonicwalls and the contract is up for renewal.  The owner wants to consider installing a different VPN firewall at each location.  He's has not been very happy with the Sonicwalls and doesn't want to renew the contracts for the Sonicwalls.  I've used Sonicwallls in the past and don't have any problem with them but the boss wants a change.  Each location has 4-5 Windows 7 or Windows 10 computers.  The owner wants to know if the Ubiquiti Edgerouter would be a secure solution using site-to-site VPN.  I've used the Edgerouter before but never in a situation like this so I don't know if it would be a good solution.  I was thinking about looking at a Fortinet VPN router to replace the Sonicwalls but I want to see what your suggestions are.  Why or why not would you recommend going with a Edgerouter for a site-to-site VPN between 5 locations?  Would Fortinet or Ubiquiti be a better (better value--same level of security) solution as a Sonicwall replacement?  Is there a better (better value) solution?  Thanks in advance for your help!
0
Hello Experts,

Does anyone  know of either a paid or free service that lists high-risk private VPN services? We would like to see if there is a good one to use to integrate with our firewall. BTW, my suggestion was to put a WAF up I have been asked to explore IP intelligence services first.

Thank you,
Steph_M
0
I have a Cisco ASA 5506 that I am trying to configure VPN Access.  I am able to connect using CIsco VPN Client but I cannot access or ping any devices on the network when connected.  Please see config below.  



es)
:
ASA Version 9.8(1)
!
hostname ciscoasa
enable password
names
ip local pool vpnpool 192.168.1.212-192.168.1.216 mask 255.255.255.0

!
interface GigabitEthernet1/1
 description Outside
 nameif outside
 security-level 0
 ip address 75.xxx.xxx.xx 255.255.255.252
!
interface GigabitEthernet1/2
 bridge-group 1
 nameif inside_1
 security-level 100
!
interface GigabitEthernet1/3
 bridge-group 1
 nameif inside_2
 security-level 100
!
interface GigabitEthernet1/4
 bridge-group 1
 nameif inside_3
 security-level 100
!
interface GigabitEthernet1/5
 bridge-group 1
 nameif inside_4
 security-level 100
!
interface GigabitEthernet1/6
 bridge-group 1
 nameif inside_5
 security-level 100
!
interface GigabitEthernet1/7
 bridge-group 1
 nameif inside_6
 security-level 100
!
interface GigabitEthernet1/8
 bridge-group 1
 nameif inside_7
 security-level 100
!
interface Management1/1
 management-only
 no nameif
 no security-level
 no ip address
!
interface BVI1
 nameif inside
 security-level 100
 ip address 192.168.1.252 255.255.255.0
!
ftp mode passive
same-security-traffic permit inter-interface
object network obj_any1
 subnet 0.0.0.0 0.0.0.0
object network obj_any2
 subnet 0.0.0.0 0.0.0.0
object network …
0
Dear Experts,

 We are setting up a Site2Site VPN between Meraki Firewall MX64W and an ASA 5510 firewall.

First time I do this.

I am not sure how to add the Meraki network peer address in the ASA firewall. All the VPNs I have here are pointing to public static IP addresses. The Meraki is DHCP. I only see that dashboard address that I wonder if I could use.

Any useful documents you know of for this task?


Thank you
0

VPN

23K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.