VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

We currently use Checkpoint VPN client on our Win7 & Win10 laptops
for about 300 laptops to connect back to office:

this client will auto pops up when it detected Internet, prompting for
2FA.  Is there any way to prevent our users from accessing Internet
unless :

a) they're on our corporate network   OR
b) if they are connected to outside (or their home Internet/Wifi),
    they can't access Internet till they've connected to this Checkpoint
    VPN (which connects to our Checkpoint blade).

Don't plan to use "Always-On VPN" yet as some of our laptops will
still be on Win 7 till end of 2020 (yes, it's beyond the MS EoSL date
but we're applying virtual patches in place of MS patches).

A batch script that detects which network is connected (if it's
Corporate network) that would alter the routing table etc will
be good.

No Powershell script as we've removed PowerShell from users'
laptops
0
How safe (from viruses, malware, etc.) is working from home (using home ISP w/Wi-Fi) on a work laptop if the employee uses a VPN client to connect to the office network resources?

If this is safe and the only time an employee operates their work laptop on a home network is for work purposes via VPN and not for personal use, how do I explain this to managers in English they can understand?
0
Hi Experts,

Request your help on a situation described below.
I'm trying to setup a gateway to gateway VPN using Cisco Routers (1841 on remote and RV082 on local). All VPN parameters on both routers are matched and VPN is up/connected.

From both ends LANs, I can ping remote LAN gateway IPs but cannot access any other device on remote LAN.

I doubt on Remote Security GW settings for both routers, as you can see on 1 end there is an additional GW router responsible for NAT.

Attaching a briefed diagram for better understanding.

Looking forward for your opinions to sort it out.

Thanks.


 Setup.png
0
I am having an issue with my remote VPN users not being able to connect to a specific network through the VPN.   Hardware involved is a Cisco ASA 5505 with users connecting using Cisco Anyconnect Client.  Once connected the ASA assigns them an IP address from a pool created on the ASA. (172.16.10.0/24), Split Tunneling is enable and the internal network and the remote network(details below) have been added to the network list for the AnyConnect connection profile.  The VPN users can access the internal network without any problems but not the remote network.  The problem is below.

Details of the issue:  There is a server on one of our vendors network that we need access to internally and also when connected through VPN.  A site to site VPN was setup connecting my internal network(172.16.3.0/24) to theirs(10.*.*.0/24) and what I believe to be all the needed ACLs and NAT entries.  All internal users can access this network without a problem but anyone connected by VPN cannot.  It seems that on the VPN users computers that any traffic destined for my internal network comes through the VPN but traffic trying to go to the vendors network is going out their regular internet connection and not through the VPN.  Looking at the settings on the AnyConnect client while connected and looking at the route details tab it shows the 172.16.3.0/24 network and the 10.*.*.0/24 network as secured routes.  Any ideas on what could be the issue?  There has to be some NAT or ACL rule I'm missing …
0
I really dislike the json way to handle multiple public IPs on USG. The edgerouter has much more friendlier use with multiple IPs but the USG has more security features I'm into for my clients.  What is the best way to set up a ipsec site to site from outside to reach any of the USGPRO LAN# spaces when it sits behind another router (ER6P)

Site1 ---> ER6P (Internet) eth0 192.0.0.1/24 --- eth1 10.1.1.1/24 ----> USGPRO WAN 10.1.1.2/24 --- LAN1 10.10.1.1/24
Site2 ---> ER6P (Internet) eth0 192.2.2.1/24 --- eth1 10.2.2.1/24 ----> USGPRO WAN 10.2.2.2/24 --- LAN1 10.20.2.1/24

Currently right now I'm seeing the USGPRO WAN (10.1.1.2 or 10.2.2.2) when sourcing on either end of the tunnel instead of the real IP from their LAN#.  That not's good when needing to restrict IP's with multiple ipsec tunnels.
0
Dear Experts
We are planning to procure Cisco Firepower 1010 NGFW Appliance for UTM, link fail over ( 2 ISP's) and vpn and our bandwidth with each ISP is 25mbps and total users behind firewall is 12 users and outside people access business application web based and vpn are 10 users and and concurrent 15 users. also MPLS connectivity to one of our site.
Please suggest is this product recommended. thanks in advance.
1
Hi Experts,

Looking for a way to activate "Launch program before Windows login" for Watchguard 12.2 VPN client? Trying to have the VPN login show up before Windows login so once Internet is connected remote users can connect to the VPN and then AD for authentication. This has to be done during first boot so looking for silent switches which would enable install of VPN as well as enabling of the feature above. Have attached the silent install switches that I am aware of

http://customers.watchguard.com/articles/Article/Connect-the-IPSec-VPN-client-before-Windows-login/?l=en_US&fs=RelatedArticle 

Thanks in advance
0
traveling abroad and using a VPN.  hi, security teams preach using a VPN tunnel when traveling abroad to secure your traffic but is actually happening via a WiFi connection w VPN?  what makes it more “secure”.   what VPN app from the App Store work?   is my sonicwall VPN from my house sufficient?
0
Connect 2 Networks that use Different Routing Protocols.

I would like to know in the case we have 2  separate Networks  , one runs OSPF and the other one runs EIGRP.  If I need those 2 networks to be able to talk to each other without using Redistribution nor MP BGP, would that be possible?  for Instance using VPN GRE Tunnel or IPSEC VPN Tunnel ..

Thank you
0
I'm having a problem with an Anyconnect SSH remote VPN setup on an ASA 5506-X.  It works, but I'm having intermittent problems with accessing shares by name.

I can connect to the ASA and access by IP works as expected.  I can map by \\IPAddress and can browse by \\IPAddress.  I can't do either reliably using the server name.  The server is a VM running Windows Server 2016.  There is another VM that runs as a DC.  The workstations have Windows 10 Pro.

Obviously a DNS problem, right?

I have it set with split tunneling so that the only traffic going over the VPN is to the subnet on which the DNS and other servers are located.  I can do NSLOOKUP servername and it shows the DNS server on the main end and properly resolves the file server's IP address.

An interesting point is that this all works fine on computers in my office that are logged into my domain.  That is, they can use Anyconnect to set up the VPN to the client's ASA and successfully map to the file server (after being prompted for login name and password).  Where this doesn't work correctly is with two computers that were on the same physical network as the servers but have now been relocated to a different location.  They still log in with their AD credentials.

I mention "intermittent" as one of the computers didn't exhibit this problem at first and the other did.  When I rebooted both, the first one started showing the symptoms and the second was "fixed".  After further reboots, both seem to be showing …
0
We are having an issue where we can only Ping machines on the opposite network of a Site to Site VPN tunnel between two Cisco devices.
Ports that are open, e.g. port 81 on 192.168.1.30, cannot be accessed using the internal IP Address, however can when using the external IP.

The Cisco in question is CLI only and unfortunately I am not very experienced with the cisco style of network management.
Is there anything obvious in the config file below that would prevent me browsing from 10.0.0.10 to 192.168.1.30:81?

please note, the config has been edited in parts for customer security reasons, e.g. external ip's show as 123.123.XX

Current configuration : 8322 bytes
!
! Last configuration change at 16:38:00 BST Wed Jun 26 2019 by X
!
version 15.6
no service pad
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no service password-recovery
!
hostname R1031232
!
boot-start-marker
boot system flash c800-universalk9-mz.SPA.156-2.T1.bin
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
!
!
logging buffered informational
logging rate-limit 1000
no logging console
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization console
aaa authorization exec default local
aaa authorization network default local
!
!
!
!
!
aaa session-id common
ethernet lmi ce
clock timezone GMT 0 0
clock …
0
Sonic Wall Configuration Help Needed
we need to setup sslvpn and site-to-site vpn configuration on two sonicwall and one cisco asa5506
we know the cisco side but we inherited the sonicwall firewalls
0
Hi,

I have two locations joined with a VPN using a Ubiquiti Edgerouter X both running the latest firmware v1.10.9.  Both locations have fast Internet running at 180 Mbps / 20 Mbps and I verified it using Speedtest.  I used a DOS utility called Netcps to test the speed between site A and site B and the transfer rate was 0.36 Mbps.  This is really slow and I'm wondering if there are any adjustments that I can make to the Edgerouter X or if this is normal performance on a site-to-site VPN.  I used the Site-to-site VPN tab in the GUI to configure it so I didn't use the CLI.  Have you had any experience with this and is there any adjustments that I can make or is this the expected speed from this device?  Thanks for your help.
0
Hi
I have a S2S VPN connection from our network and Azure.   Its working fine currently (testing environment only at present).
I have 2 vnets configured with VMs on.  vnet01 & vnet02.  vnet01 has the following subnets 10.0.0.0/24, 10.0.1.0/24 and the gateway subnet 10.0.200.0/29.  The vnet02 subnet is 10.1.0.0/24.  
Im trying to route traffic to vnet02 from on premise and failing.  Im assuming i had to either edit the gateway subnets or add it to the vnet02 subnet?
Not quite sure.
Ideas?
Thanks
0
Sorry for such a noob question.  We have a Watchguard T35.  Right now it has a Branch to branch VPN set up to another watchguard.

It also has the capability to make a vpn to a specific computer that's on the road, right?  What app(s) can be installed on the windows 10 computer that can do that?

Preferably free.  Does watchguard include software to do that?  Is there a standard the software needs to meet (does Watchguard have their own proprietary way of talking to endpoints?  or an vpn software works?

THANKS!
0
Dear Wizards, we are testing the VPN connection (L2TP/IPSec) from client Win10 PC to VPN Server (Synology). These are the settings:

L2TP.JPG
client.JPG
we tried to connect but could not, can you help?
0
Can you establish a VPN connection via a web browser?
Lets say you login to the a website, then it downloads a software to your desktop, can that be used in lieu  of software such as direct access?
0
Hi,

We have a Cisco ISR4331 router and have set up a site to site VPN to Azure (route based). Here's what we're seeing:

1. VPN showing as UP in Azure and on the Cisco
2. I can ping Azure VMs from the internal interface of the Cisco router and vice versa
3. I CANNOT ping anything in Azure from any LAN servers or devices and vice versa

My gut instinct is that it's a routing issue but I logged a case with Cisco and the guy was quite dismissive, highlighting this restriction: 'A crypto map on a physical interface is not supported, if the physical interface is the source interface of a tunnel protection interface.' which is in this Cisco document https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-cfg-vpn-ipsec.html

I was wondering if anyone else has a site to site VPN from a Cisco router with BOTH Azure and older style crypto maps.

The reason we haven't used a policy based Azure VPN is that from this Azure environment we need a VPN to the local network (with the Cisco) and to another network (Palo Alto firewall - which works perfectly)

Any help would be appreciated.

Thanks
0
Hi,

We have recently acquired another company, MD says 'Join them together so we can communicate and access all resources'. As a one man band looking after the existing company I am stumped.

A run down of what I have to work with.

Company 1
Caxxx.co.uk has 2 locations, hosted DC(DC1) and a production site(Prod1)

Company 2
Sezzzzzz.co.uk has 2 locations also, the hosted DC(DC2) and a production site(Prod2)


The sites are a mixture of Cisco, Sonicwall, Sophos firewalls and there is no overlap of IP ranges between each site. First thought was to create the site to site vpn connections so at least communication could be established, I set this up and am able to ping  device at each locations. Second was to add the forward and reverse lookps into the DNS records which I have done. I am able to connect using the ip address and the FQDN eg. NCL-DC01.ad.caxxx.co.uk but not NCL-DC01.

Can I be pointed in the right direction so I cn read up on what I need to do to get this to work, apart from creating a new forest as this will be done a later stage.

Thanks
0
We are a small 20-30 person software development company that I've run IT for since 2000.  I moved our VPN services from Intel Shiva to Windows RRAS ~2003 I believe and it has worked great for us.  However, ~1 month ago I started to get reports from *SOME* users of issues - mainly either failure to connect or significantly degraded bandwidth.  At that time we were Windows 2016 RRAS and had been for a couple of years.

I ensured that every conceivable MS update was installed on the W2k16 RRAS server, bumped the memory from 4GB to 8GB (yes, this was a "what the heck, maybe it will help" effort) and reset the RRAS configuration.  Did not resolve the issue.  I then went ahead and built a brand new W2k19 RRAS VM with  8GB as well and made sure it had the latest updates - still had reported problems.

As an example - I can throw a test machine on our public guest network on Xfinity Business (which is an entirely different ISP than our main ISP) and it functions perfectly.  Connects quickly and there is no bandwidth degradation (i.e., speeds with no VPN connected ~300 Mbps, speeds with VPN connect ~280 Mbps).  I can take that same machine home and connect to my home ISP (a small country broadband company) and I have significant bandwidth degradation (i.e., speeds with no VPN ~150 Mbps, speeds with VPN ~2 Mpbs).  I have a user on Google Fiber with no degradation, a user on AT&T with significant degradation.  Some users on Xfinity have no problems, others do. Someone on T-Mobile …
0
I have a security question regarding laptop users entering sensitive data for our company.  We mainly will keep data in Salesforce, but it doesn't begin there.  We have an interim period in which sensitive data is entered into Excel sheets on Dropbox.  The data is manually entered by a team into that excel sheet. The team uses MS 365 Business and then at a later point, the data from the Excel sheet will be migrated to Salesforce, and the team will use only Salesforce.

As a remote team, we do not have a VPN or remote-controlled computers. I am wondering about data security and customer data protection during this interim period.

My primary question is this: What we should put into place for the employee who will be receiving the customer data and inputting it into Excel? What kind of security or protocol should we put in place for that interim? There will likely be temporary storage of data on the users hard drive while this sensitive data goes into Excel and then into SalesForce later.  Any suggestions?
0
Hello,

One of our users is getting the attached  error after login to her  Cisco Anyconnect client.  

Using other Active Directory account to login to her Cisco Anyconnect client is okay.

Do you think this could be something in her AD account is corrupted?  

Please advice if you know what might be wrong.  

Thanks.
VPN-error.png
0
I wish to set up a SonicWall VPN.  Part of the procedure is to click on VPN | DHCP over VPN.

Will this VPN over DHCP setting interfere with my domain controller's DHCP Server service?
0
Dear Experts
We have windows AD and also Fileserver for the directories share everything is working fine within local network.  we recently started office in remote location and they are allowed to access the web-based application via VPN  ( their system is installed with VPN client software configured with login credentials this login credentials ( the firewall fortigate has windows AD sync option).

Requirement
1.      would like to enable solution where the remote user should be able to access the shared directory to store his worked documents.
2.      At present in the local network file server shared directories are set with appropriate NTFS permission based on users and groups, but for the remote user who logs in via vpn as at the firewall (gwateway level) users are created and this user credentials are configured in remote systems vpn client.  Would like to facilitate the shared folder to remote user so that once they connect to the VPN they should be able to save their documents or take the documents from these folders.
Please suggest the solution.

Additional information
the firewall fortigate has windows AD sync option).

Thanks
0
I have Server 2019 Standard.
Installed Remote Access Role -  VPN only.

After standard installation and configuration it does not seem top work.
One of the interfaces shows status Non-Operational.
Loopback - Operational
Internal - Non -operational
Ethernet - Operational.

Tried to remove and re-add the role , restarted etc. - stillthe same issue
0

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.