VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Using Windows 2012 r2 with Window Essentials configured for VPN and RWW.  Want to deploy software through Group Policy Management, but no computers are showing. Suggestions?
0
Expert Spotlight: Joe Anderson (DatabaseMX)
LVL 19
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

We are building a new AD controller to be used at a new site.  What are the best practices/steps for setting up site and promoting the server/adding to site?

Our primary concern is over building/performing dcpromo at headquarters then moving to the new location/ site. Initially the sites will be connected by a 200/20 site-site VPN over internet, later replaced by a 20/20 ELAN/fiber connection.


Experienced advice on recommended steps would be appreciated.
0
I have ordered 1 GB internet service (BW) hand off from Bell. The firewall will be the gateway for 5 offices with total 200 users. I would like to install CISCO ASA 5500 series as internet gateway. ASA will have VPN to AZZURE as well for AD and SQL sync. Can you suggest the ASA model best fit for us? Current firewall is 5508 X which handles 1 office (40 users) and 200 GB hand off but we are upgrading the circuit to 1 GB and adding 4 more offices (total of 200 users).
0
I have a VPN file that was created by our former IT group and I have no idea how. Its a windows based VPN. We recently implemented Intune in our environment and I am trying to set it up so that it installs the EXE as part of the base software configuration. Problem is i dont know the silent switch. I have tried the a few like .exe /Silent. I have attached the results of TP-VPN.exe /?. Is there a way i can find the silent switch of the VPN or create a powershell script that will just run the VPN even if its not silent. I just need it to install. If i just run the executable the first thing that pops up is a message stating " Do you wish to install Contonso VPN? Wondering how i can bypass that message. If i extract the contents of the exe. I see an executable named cmstp.exe. There also config files that might be able to examine.

 

exe-switch.jpgexe-switch.jpg
0
Just wondering if I can I deploy two VPN gateways (could be any platform - say Cisco ASA at both ends), where one location is in the USA and one is in China.

If this can't be done, where can I find more information on this restriction.  Not sure where I can find more information on the "Great Firewall" in China that may restrict this.
0
Hi, what is the correct way to tell vyatta the ports on an ipsec, we have to connect to a host that listens on two ports, is it done with space? comma seperated?

Example below:

tunnel 11 {
                    allow-nat-networks disable
                    allow-public-networks disable
                    esp-group Our-Group-Their-Group-ESP
                    local {
                        prefix x.x.x.x/32
                    }
                    remote {
                        port 7007,9005 (seperate by comma? Space? Dash?)
                        prefix x.x.x.x/32
                    }
                }

Open in new window

0
I'm getting this error message: the connection could not be established because the authentication protocol used by the RAS/VPN server to verify your username and password could not be matched with the settings in your profile.

Setup using:  SSTP on a Win10 workstation Under Security Tab for VPN connection, the protocols allowed are MS CHAP v2.

It connects, looks like it's about to connected and then I get the above error message. Tried about 10 times to no avail.

Thanks,
R
0
I have a small business office from which the following network activity occurs:
1) I provide VPN access from the outside world into a server in my office
2) I have wired devices in my home/business network.
3) I have wireless devices in my home/business network.
4) I connect from my home/business network via a VPN to a remote network.

Relative to Item 1):  My ISP supplies a COMTREND modem for internet connectivity.  I have a Static Public IP for this device.  It has been placed in full bridged mode.  Behind it I have installed a new Linksys LRT214 VPN gigabit modem.  It has a PPPoE connection to the COMTREND device and has been configured correctly with the help of Linksys support personnel.  To provide access to the server via a VPN connection, this Linksys has an “OpenVPN” setup menu.  All pertinent info that allows connectivity is entered into the correct fields and a config file is automatically created.  This, too, has been accomplished with the help of Linksys personnel.  This config file is installed on the client pc’s that will reach the server I provide to them.  This has been tested and the client pc’s reach the server on my network with no problems.
The LRT214 is distributing addresses to all devices plugged in to it with the following addressing scheme:  192.168.3.xxx.  It’s own settings are as follows:
Static IP address:  192.168.3.1
Subnet Mask:        255.255.255.0
Gateway:                72.xx.xxx.xx   (Hidden for obvious reasons, but given to me …
0
I am doing some discovery on a spoke of a DMVPN. I don't have access to the hub/hubs.
In the configuration seen below I have several ip nhrp map multicast statements and ip nhrp.
Is this indicating that this spoke has six different hubs to which it *could* register if the first one goes down? Thank you.

 ip nhrp map multicast 66.66.8.129
 ip nhrp map 10.77.126.1 66.66.8.129
 ip nhrp map multicast 66.66.8.130
 ip nhrp map 10.77.126.2 66.66.8.130
 ip nhrp map multicast 66.66.8.136
 ip nhrp map 10.77.126.3 66.66.8.136
 ip nhrp map multicast 66.66.8.138
 ip nhrp map 10.77.126.5 66.66.8.138
 ip nhrp map multicast 66.66.8.134
 ip nhrp map 10.77.126.7 66.66.8.134
 ip nhrp map multicast 66.66.8.131
 ip nhrp map 10.77.126.9 66.66.8.131
0
Does Windows Server Essential 2019 include the ability to setup a VPN.  I'm upgrading from SBS 2011, users are used to connecting to their desktops via RWA. Since that will not available will they be able to connect via a VPN and then RDP to their workstation?
0
Introduction to Web Design
LVL 19
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

Which one is correct statement when comparing IKEv2 and IKEv1 ?

a. IKEv2 is more secure by requiring reauthentication for IKE SA.
b. IKEv2 is more reliable by requiring all messages to be acknowledged

Any suggestions ?
0
Hi - I need quick working tips to tweak my Mac mini - Mojave - 10.14.5 , swift 4.2 , xcode 10.2.1
processor 2.5 ghz intel core i5, ram memory 8gb , intel hd graphics , hardisk 500gb 50% free space available , desktop monitor 23 inches. using xcode or other apps takes long time and doing remote vpn connecting with vnc shows very slow refresh rates. while my ubuntu remote vpn working is faster. Kindly help.
0
Hi

We are trying to authenticate from a Cisco ASA firewall with our Domain Controller that is hosted in Azure over a site to site VPN connection.  We have this working fine from the ASA to our on premise DCs using IPSec VPN.

Azure support have said we should add a rule on the NSG to allow this traffic through (they have tweaked it too) but does not work.  It times out on the firewall console (this is externally managed).

LDAP connection over the site to site VPNs to the DC works fine using LDAP.exe and i can bind to it.  

Ideas?
0
We wish to monitor vpn dial in access, we are currently doing this using VPN Graph under diagnostics which is giving us what we need but unfortunately it only shows data for the past week or so. Is there a way to monitor long term vpn access. We have connected a usb stick to the draytek to record logs but this doesn't seem to record vpn access.
0
Hi,

I've been working on an Edgerouter X for the past week trying to get a VPN client to connect to it.  I've tried everything I can think of but I cannot get either a Windows 10 client to connect and an iPhone VPN to connect.  I'm sure that I have something set incorrectly on my Edgerouter.  Just now I upgraded the firmware from 1.10.1 to 1.10.10.  I don't dare go to 2.0.6 as I've had a lot of problems with that firmware.  Here is what I programmed into my Edgerouter (I've removed the sensitive data):

set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description ike
set firewall name WAN_LOCAL rule 30 destination port 500
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol udp

set firewall name WAN_LOCAL rule 40 action accept
set firewall name WAN_LOCAL rule 40 description esp
set firewall name WAN_LOCAL rule 40 log disable
set firewall name WAN_LOCAL rule 40 protocol esp

set firewall name WAN_LOCAL rule 50 action accept
set firewall name WAN_LOCAL rule 50 description nat-t
set firewall name WAN_LOCAL rule 50 destination port 4500
set firewall name WAN_LOCAL rule 50 log disable
set firewall name WAN_LOCAL rule 50 protocol udp

set firewall name WAN_LOCAL rule 60 action accept
set firewall name WAN_LOCAL rule 60 description l2tp
set firewall name WAN_LOCAL rule 60 destination port 1701
set firewall name WAN_LOCAL rule 60 ipsec match-ipsec
set firewall name WAN_LOCAL rule 60 log disable

Open in new window

0
Hello.  Let me first explain our problem and a brief explanation of our setup, and then I will go into details.

We currently have a Cisco Firepower 2110 and are using this for a site-to-site VPN to our other building. There are no issues here. We are attempting to set up a RA VPN, and when testing - by allowing inside interface as access - we can connect internally. The problem is we can not connect externally.

I did have a Cisco ASA 5500 series before, and we did have a S2S and RA VPN functional on it.

Now, here are the details.

Cisco FP 2110, managed through FMC, IP: 192.168.80.45, FMC .46.

Objects
     int.grp.vlans: 192.168.1.0/24, 192.168.10.0/24 ... 15, 20, 40, 60, 70, 80
     vpn.net.vpn: 192.168.110.0/24 (VPN Pool is 192.168.110.100-200)

Interfaces

Eth 1/1 - WAN / Outside / 96.x.x.17 / 255.255.255.240
Eth 1/2 - Inside / inside 192.168.1.254 / 255.255.255.0

Routing
    Routing Table
NAT Translation
    NAT Translation
Access Policy
    Access Policy
I am desperate to get this to work, as it needs to be up by November 5th. I have zero idea why this is not working, and am sure it is something very simple I am missing. I have set this up before and had no issues. We did try using a different outside port (500). When we did, we received this in the connection log:

Outside Access Port 500
Thank you in advance, and please ask for any other required information!
0
We are having loads of trouble configuring a Site2Site VPN with a pair of Watchguard T35 firewalls.
Neither is configured pretty much outside of the initial setup wizard.
The current site 2 site vpn is stock from the vpn configuration guide from Watchguard.

We tried a number of different configs, but have currently deleted them to restart fresh.
Also we are trying to set the connection to initiate from SiteB to SiteA just to limit randomness, but can set bidirection or SiteA to SiteB as initiator.  Doesn't really matter to us

My theories may be off, so I'll just throw out the logs from each to see what you may think is happening.

Thank you in advance.


Site A
*** WG Diagnostic Report for Gateway "AA-to-TC-Gateway" ***
Created On: Tue Oct 29 09:22:49 2019

[Conclusion]
	Error Messages for Gateway Endpoint #1(name "AA-to-TC-Gateway")
		        Oct 29 09:22:35 2019 ERROR  0x02030015 Message retry timeout. Check the connection between local and remote gateway endpoints.


[Gateway Summary]
	Gateway "AA-to-TC-Gateway" contains "1" gateway endpoint(s). IKE Version is IKEv1.
	  Gateway Endpoint #1 (name "AA-to-TC-Gateway") Enabled
		Mode: Main
		PFS: Disabled 	AlwaysUp: Disabled
		DPD: Enabled 	Keepalive: Disabled
		Local ID<->Remote ID: {IP_ADDR(A.A.A.A) <-> IP_ADDR(B.B.B.B)}
		Local GW_IP<->Remote GW_IP: {A.A.A.A <-> B.B.B.B}
		Outgoing Interface: eth0 (ifIndex=4)
			ifMark=0x10000
			linkStatus=0 (0:unknown, 1:down, 2:up)
		Stored user messages:
		        

Open in new window

0
I have two sites connected by a IPSec VPN.  I have conditional forwarders at each site for the other site so I can resolve computer names using the FQDN.  I can ping and resolve between the two sites.

At site one, I have about 50 Hyper-V hosts and they all live in Hyper-V manager on my management PC.  These hosts are managing a domain there at site 1.

At site two, I have about 25 hosts and they live in Hyper-V manager on my management PC at site 2.  The hosts in site 2 are not on a domain.  The hosts are standalone.

Thinking myself clever, I decided to add the hosts from site 2 to the site 1 Hyper-V manager.  It's not working, even when I try "manage as" so I was wondering is it's even doable....adding workgroup based servers to a Hyper-V manager that manages hosts on a domain.

I was thinking that they are just Hyper-V hosts and they should add just fine, but I'm not finding that to be the case.

Thoughts?

It's not working.

OH yeah, site 1 hosts are all 2012 R2 and site 2 hosts are all 2016.  I'm adding to windows 10 enterprise machines.  On MS site, they say that should work.,
0
How to configure VPN using Cisco RV016. I did it, but can´t connect using Quick VPN. Sometimes it works and sometimes doesn´t.
0
Angular Fundamentals
LVL 19
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

Hi experts,

I have a question regarding file share and VPN.

I have users, when they connected into the company to LAN they can open the share and create a new folder.

BUT...when they connected to VPN they can open the share and not create a new folder.

Do you have an idea ?
0
Hi,

I have a couple of remote user with laptop around the world. All are domain computers and use roaming profile
Their profile are synchronized to the server when they are connected in VPN, else they have a cache copy on their computer
We have OneDrive Business licenses and I need to migrate their roaming profile to Onedrive Business

Any idea how I can achive this?

Thks
0
Hi,

I am using 1.1.1.1 Application  WARP apps in iPhone.  I just got this message; do any expert knows what it means? Help please.

Warp message
0
HI I have a client that is going to china.  He needs his gmail and remote deskop there.   Question does vpn stuff like  turbo VPN and Express VPN work there.  They have a rv042 router that has a vpn clinet and pptp, not sure if they work.
0
I have placed some test servers in AWS as a DR solution.

I have setup a site to site VPN from my HQ to my AWS VPC. I have having an issue that I can "telnet server A 445" but I cannot \\ServerAIPaddress\c$\.

I have looked at this issue with my firewall vendor and they do not see any issues with the traffic leaving or coming into the firewall. I have opened a case with AWS and they do not see any issues with the configuration in AWS. They are seeing that my local machines are resetting the TCP handshake.

There is only 1 server at my HQ which connects without fail. My primary Domain Controller. My secondary DC cannot connect either. I am not sure what I may be missing. Any help is appreciated.
0
As you can see from the picture below, My Speedtest results are fine,
my VPN connection is fine .... in fact, everything is fine with my internet connection
except that Windows 10 (1803) reports that I have no internet connection.
(Troubleshooting suggests a "Network Reset")

This isn't a really a problem and I'm ignoring it.

Can some experts speculate as to why Win10 is reporting incorrectly?

NO-INTERNET.jpg
0

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.