VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have an IPSec VPN from site 1 to site 2.  The VPN shows up and working.

From site one, I can ping the full range over at site two.  I can ping site 2's full range of 192.168.1.0/23 from site one.

From site 2, I can only ping the first range in the subnet at site 1.  The subnet at site 1 is 10.90.20.0/22 and I can ping anything in the 10.90.20.0-10.90.20.255, but nothing higher than that.

I've verified my two address objects and made sure the mask is correct, but I'm having trouble with this final problem.

Can someone point me in the right direction please?

Thank you
0
Sonicwall Global Client VPN cannot connect to Sonicwall TZ300.
The VPN which has Spectrum as the ISP cannot connect to the Data Center on port 500 which has Comcast ISP. It attempts to connect. Sonicwall error log has Received packet retransmission. Drop duplicate packet.
It had connected with no problems until yesterday. Other VPNs on different ISP can connect without any problems.
Is there a problem between the two ISP?
There was another person with same problem down the street. Changed her ISP and cable modem and can connect without any problems now.
0
I have set up a replica DC in Azure. My boss wants to get rid of the on-prem DC and only have the one in Azure. I have transferred all the FSMO roles to the Azure Domain controller, but when I remove the Site to Site VPN connection I can't log into the Azure DC anymore. The internet access is being turned off on-prem tomorrow. Am I missing a step?
0
L2TP Connection Disconnects My Working Network Connection Each time I access the L2TP connection from my Windows 10
0
I'm working from a Windows 7 computer connected to our domain via a VPN.
I'd like to get a list of the serial numbers of ALL computers currently running in our domain.  I'm assuming this would be done from accessing information via Active Directory.
Can a powershell command be run from my Windows 7 computer or must I run the command from the Domain Controller itself?
1
I have a single Hyper-V server with two VM's running
DC01 which also does the VPN
EX01 which hosts the exchange 2016 server

My SSL Cert is a wildcard so I have been told I can use this cert for both the VPN and for the Exchange SSL but when I have the drop down box on the DC01 server it doesn't display the cert.

Any tips greatly appreciated.
0
Cisco IOS SSL VPN on 1941. Caanot access Internet

Im configuring a 1941 router at my home to provide sslVPN for myself while I travel. The main purpose is to get around geofencing. I want all traffic to go across the vpn and exit the internet interface on the same router. with the config below im able to connect to resources on my own network but cannot connect to internet resources.

login as: root
Using keyboard-interactive authentication.
Password:

MyVPNTest#sh run
Building configuration...

Current configuration : 10462 bytes
!
! Last configuration change at 02:57:00 UTC Thu Sep 26 2019
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MyVPNTest
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login sslvpn local
!
!
!
!
!
aaa session-id common
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
!
!
!
!
!
!
!
!
!

!
!
!
ip domain name vpntest.com
ip name-server 8.8.8.8
ip name-server 8.8.4.4

!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
crypto pki trustpoint my-trustpoint
 enrollment selfsigned
 serial-number
 subject-name CN=firewallcx-certificate
 revocation-check crl
 rsakeypair my-rsa-keys
!
!
crypto pki certificate chain my-trustpoint
 certificate self-signed 01
  30820291 308201FA A0030201 02020101 300D0609 2A864886 F70D0101 …
0
Hi Gents,

I am trying to do an AD cleanup of machines and need a working script I can run a query on to show last machine login or domain authentication for machines that VPN in from the field to the domain and export to a .csv file.  Thank you.
1
We have a site to site VPN tunnel which has been performing well for 4 years.  We are seeing increased traffic this week and are seeing select devices unable to reliably access the tunnel for periods of several minutes to several hours while other devices are able to connect across the tunnel.

The VPN tunnel is used to access a terminal server in a remote site using handheld computers running Windows CE.  We typcially have 12 devices deployed.  Currently we have 18 devices deployed for a 2 week project.

We are seeing that during peak times (more users connected to the RDP server) select devices will be unable to connect.  Pings from the affected device will range from 100% loss to 0%.  The ping failure rate fluctuates.  Users may sometimes connect to the RDP server for a few minutes before being disconnected again.

This problem seems to last between 10 - 120 minutes.

I have taken packet captures at the ASA and see that both ICMP and RDP packets are arriving on the inside interface - the portable computer having the problem is transmitting correctly.

My problem is how do I ensure the ASA is encapsulating these packets and sending them out the Outside interface reliably.  I have taken packet captures on the outside interface but do not know of a way to match these encapsulated packets up to those originating from the problem computer.

I have reviewed: Show crypto ipsec sa

 #pkts encaps: 9228711, #pkts encrypt: 9228711, #pkts digest: 9228711
      

Open in new window

0
We have domain controller in two site with is Singapore and Malaysia ,Last months our firewall site to site VPN is down due to hardware issue and this coming week we will replace the firewall and rebuild the IP SEC.

Due to the site to site is down i believe DC data can not replicated .After we create the IP SEC assume that we are create the new user in SG site what we need to do to avoid any issue for the replication.
0
Hi Experts, my colleagues alleges that VPN are totally untraceable.  Yet I tell them that even though one is not traced via the use of a VPN, government can request of the users VPN provider a history of sites visited.  And if the VPN is free, it's even more viable for government access their activity logs (some stuff I learn with u guys!).  So what is the experts take on this? and How viable is my colleagues statements?
0
Hello!
I have Ubuntu 16.04 (Desktop Edition) with OpenVPN server and BIND9 installed. I used a script when I installed OpenVPN. My OpenVPN client is a W10 netbook with 4G USB modem.
When I choose to use Google DNS during OpenVPN installation then I can surf the Internet via OpenVPN just fine (on my OpenVPN client W10 machine). But if I choose to use a current DNS settings (ie. my own BIND9 server), then I can connect from client to server, but DNS doesn't work. I know that I must edit config file of OpenVPN server server.conf AND to also edit client.ovpn client's OpenVPN file too. And I don't know exactly whether my DNS server (BIND9) is properly configured to play this kind of role.
When I go to W10's CMD and do ipconfig /all I do see DNS server with a correct IP of my BIND9 (it's a public IP of my Ubuntu machine, actually). Nevertheless, DNS doesn't work on a client machine and I couldn't find a complete step-by-step manual how to enable this scheme.
0
Two separate businesses using the same domain name have now merged into one.
This is the first time I've ran into this and hope someone could shed some light. We've recently acquired a new client who at one point had two domain controllers. Server 2008 and Server 2012. They moved Server 2012 over to a new location as part of a different business, but kept the same domain name. Server 2008 AD sees the 2012 as a DC, However 2012 doesn't see 2008 as a DC. They are now on different networks, but recently was configured to tunnel back to corporate to share resources.

What I'm trying to accomplish: Join a 2016 DC to their corporate to decommission 2008.

Error I'm getting when promoting 2016 to a DC: "Active Directory preparation failed. The schema master did not complete a replication cycle after the last reboot."



What I've gathered so far.

Server 2008 - DC - samedomain.local - Corporate Office

At one point was replicating to 2012.
Server 2012 - DC - samedomain.local - Remote Office

No longer replicating from 2008.
Recently a WatchGuard VPN was put in so the two locations could talk and share resources. Different IP schemes, and they don't know about each other.

My Question: Can I safely remove 2012 DC from 2008 to stop attemping replication and at the same time continue to operate both under the same domain names, but seperate?

Remote Office will still use 2012 to authenticate locally until we can sit down and plan out a migration plan several …
0
I've just bought a DrayTek Vigor2620Ln (ADSL/VDSL router/firewall with backup WAN port and 4G LTE modem built in - UK version)

I want to be able to create a site-to-site (or LAN to LAN in DrayTek's terminology) VPN via an IPSec tunnel to a Netgear ProSafe firewall I have running at another site. Simultaneously I want to be able to access a L2TP VPN Server running on Windows 2012 RRAS (behind the DrayTek at primary site), via passthrough when I'm out and about.

Having created the site-to-site VPN with a few issues along the way, I have got it working. I have also got the L2TP VPN passthrough working so I can connect from my Windows laptop when away from the main network. HOWEVER, it seems impossible to get both working at the same time. For the site-to-site to work, I have to tick the 'Enable IPSec VPN Service' under the Remote Access Control settings on the Draytek. But once I do this, passthrough of the L2TP Windows VPN fails. If I untick, it is the other way around with the Site-to-site failing and the L2TP passthrough working.

I suspect someone out there will confirm DrayTek routers simply cannot both have a site to site and L2TP passthrough connection connected simultaneously (I momentarily achieved it once, on initial bootup). I appreciate both VPN types use IPSec, however every single Netgear and Linksys router I've owned and used to date has been able to do both simultaneously with zero problems. I'm hopeful I'm missing something, but fear I'm not and the …
0
I've been experiencing this issue when logging into our network from different locations including VPN where drives and folders I normally have access to are no longer available.  Some network shares fail to connect completely and some only show me some folders but not all of them.  This is very strange behavior and I'm not sure what could be accounting for it.

These sites are networked through a wan connection and has DC's at both sites that are trusted.
0
ASA 5508 failed.
Received a new ASA 5508.
via ASDM I've restored from my latest backup config.
Everything looks great with the exception of the VPN Certificates.

Shouldn't these have restored as well?
I was careful to check the "all ssl vpn config" on the restore options.

VPN users receive "No Certificate" when attempting to log in.
0
Setup: PepLink Balance One router, using LogMeIn Hamachi for remote access VPN.
Goal: Replace LogMeIn Hamachi VPN with PepLink's built in Remote User Access.
Anyone has experience using PepLink's own Remote User Access, is it worth the while, secure?
Need detailed instructions please.
0
Has anyone successfully set up an Open VPN connection with a Windows 10 PC and a Grandstream GWN7000 acting as an Open VPN server?  If so, can you share the configuration file that works?
0
Have a client running Server 2016 Standard R2 with Essentials Role. They were purchased by a larger company and are in transition. As part of the change, they are now using the new Owners VPN Solution, so the remote access feature of Server 2016 is not required (and is sometimes confusing users).

Not sure of the best way to remove it - just remove the Remote Access role? Will that remove the Network Connection link and the VPN Adapter from Network Connections (without causing any other  problems)? Or is there a better way of accomplishing this?

I don't care if the Remote Access solution stays in place (as it doesn't work anymore), I just don't want users to see the Link and Adapter.

See screenshot for details.

VPN Screenshot
0
hi,
in srever 2016,
configured pptp vpn.
when i try            telnet ipaddress(of the pptp vpn sesrver) 1723 - telnet isn't working. as a result vpn also not working
i checked windows firewall with advanced features. i got the 1723 port allowed for inbound connections.

what other things i can check to see why port 1723 is not open ?
0
Hi All,

I've got myself into a bit of a problem, I've purchased a Cisco 867VAE (I'm already using these around the company) and unfortunately it came with image c860vae-ipbasek9-mz.152-4.M1.bin

This image doesnt support VPN isakmp I need the advanced security ios.

I downloaded c860vae-advsecurityk9-mz.154-3.M4.bin and flashed it to the FLASH booted up and now I get:

System Bootstrap, Version 15.1(4r)M2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2011 by cisco Systems, Inc.

C860VAE ipbase platform with 256 MB of main memory


Booting flash:c860vae-advsecurityk9-mz.154-3.M4.bin
boot: Launch entrypt: 0x80800000
Self decompressing the image : ################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################ [OK]

Wrong IOS image on IPBASE Router

I can goto ROMmon and boot back into the old image but how do properly upgrade this router to the new firmware I downloaded?

Another idential model router on another site is running:
System image file is …
0
I am trying to secure access to our Azure environment by limiting IPs on the Azure firewall to the IP indigenous to our office.

For remote users, we use a Cisco AnyConnect VPN hosted from a Cisco ASA 5525 firewall on ASA version 9.1(7). Since we have split tunneling enabled, is there a way to route access to the Azure environment through our firewall so that Azure would identify users coming from the IP tied to our office?
0
Many of our employees perform consulting work for various companies at a time. Usually the customer provides our employee with a logon to their company and a VPN client or RDP login to their network. Our employees become confused with the logins and print services and other issues.  From a security perspective, we have to make exceptions for non-standard software to download the customer's VPN software if they do not have a clientless connection for our employee to use.

I am wondering how other handles companies handle this use case or if you have any recommendations to simplify this. The only thing I can think of is placing each customer's VPN connection on an encrypted USB and have our employee work off of it or if it would be worth the $$ and effort to invest in thin clients and create a desktop image for each client?

As always, your thoughts and expertise are greatly appreciated.

Steph
0
We have 2 network policies set for our Radius clients;
1) Allow VPN connections (to VPN user group)
2) Grant priv 15 access to Cisco devices to admin group


Our issue is that if we have is that only the first policy is being processed - the VPN policy is first then we are unable to get to privileged mode on our Cisco devices, if Cisco is first then users cannot authenticate over VPN as this is being rejected by the Cisco rule.


I believe this was working in the past, so am unsure whether this is a configuration problem or the issue lies elsewhere. Nothing has changed that might explain this problem.


Thanks in advance.
0
I am using PFsense2.4.4 with 3CX 16 and Everything (inbound and outbound calls) are  working fine but I am not able to register the phones over the VPN ( other end firewall is fortigate) I have done everything as https://www.3cx.com/docs/fortigate-firewall-configuration/  . The interesting part is I am able to work with softphone but not with IP phones( tested with yealink,polycom).
0

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.