VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have a machine running Server 2012 R2 with the Essentials role.  The SSTP VPN that is set up by the Anywhere Access wizard is configured and working fine for Windows clients.

We want to make VPN connections from several Android smartphones also.  How can we achieve this?

I'm looking for confirmation of a working app from experience please -  I can find several apps that say they support this, but I'm after evidence of something working well from someone who's actually tried this in person.  Thanks!
0
I had this question after viewing Best strategy for set up a VPN from Windows 10 to a work network. Bonus if windows 7 also can connect..

A Cisco ASA (or other hardware) running  HTTPS/SSL based VPN connecting an external user to an office network, can that work without limits so in practical terms the external user will be just another internal user in the network, not limited to only WEB or some other limit?
0
I have a firewall connected to the internet which doesn't have an inside interface.  The firewall has 2 public IP addresses.  The first public IP address is used for the firewall's outside interface.

I'd like to use the second public IP address to forward traffic to and from a Cisco AnyConnect client.  The client would VPN into the firewall and use the public IP address to communicate with the internet and the internet should be able to initiate connections to the client on port 443.

Right now my VPN works but something's wrong with the NAT rules because I can't access the internet.  After figuring this part out, I'd also like to make sure internet hosts are able to talk to my VPN client on the firewall's public IP address.

ASA.txt
0
Hi,
 
 I have a VMWare virtual machine running Windows Server 2008 with public static ip address assigned.
 I am looking for a VPN software that I can install on this VM so that Apple iPhone or iPad users can connect to this server to surf the internet.
 Again the purpose is to allow iPhone or iPad users to establish secure VPN connection ONLY to surf the internet, nothing else. This VM/W2008 Server has no files to share and it is NOT connected to any other computer or network. It is completely standalone computer in VMWare box.

Thanks.
0
We have an HQ and 4 remote sites.  Each has a sonicwall.  HQ has 4 VPN's setup pointing to each remote site and they are working great.  Each remote site's sonicwall has a single VPN pointing to HQ.

But now they want to send traffic from remote <---> remote for a new phone system  (currently remote sites can only talk -traffic-wise-  to HQ, they cannot talk to each other)

Do i just need to setup Route policies?  
Or change the current VPN's, but keep the same number of VPN's?  
Or do i have to now add 3 more VPN's to each remote office sonicwall?


thanks
0
Hi Guys,

We are in a situation where we are going to be moving to a different ISP and therefore, we would need to change our external IP addresses to 4 of our Cisco 1921 routers. Those routers are used only for VPN tunnels for our clients. Is there any suggestion how can we change our current public IP address given below references from our sh run:

interface GigabitEthernet0/1
ip address 78.154.104.3 255.255.255.240
ip default-gateway 78.154.104.14
ip route 0.0.0.0 0.0.0.0 78.154.104.14

can you direct me what are the commands to change the current IP address + gateway IP? Also, apart from sh run, do you think there is anything else I need to check in the router in relation to the external IP change?
0
I have a XTM535 and I tried to setup a mobile Ipsec tunnel to replace the not longer supported PPTP tunnel for IOS 10 for my Ipad but even when I see the user connected I can not reach any machines in the network and when I go to the WSM there are not packages sent.

My config is
Phase 1 SHA1 and 3DES, key group 2
Phase 2 SH1 and 3DES without PFSCapture.PNGForce al traffic to any-external and 0.0.0.0/0
0
Hello.    We running quite a few virtual machines to manage the many VPN clients we have to connect to our customer networks.   We do not control the setup of these VPN's and they are locked down.    Once connected to the VPN you loose all local network connections.     Therefore connecting to the VM through RDP drops.   Using remote tools like Bomgar or Teamviewer drop.    The only connection that does not drop is the console session run from hyper-v manager.    This has its limitations therefore we are looking for another solution.     Is there a solution to this to allow another way to connected other than Hyper-V manager.    Another tool perhaps to get the console session?


Thanks in Advance
0
Good Afternoon,

I have a client that uses VPN on a 2012 R2 server which is a VM running on a Hyper-V 2012 R2 server.  For some reason it will randomly stop working and basically time out while connecting to VPN and the only fix is to completely remove the External Virtual Switch and then Create a new one from scratch which basically means I need to be onsite to do it since it disconnects my remote session when I remove the virtual switch.

The bigger problem is that we now have a client that wants VPN setup with the same 2012 R2 Hyper-V and 2012 R2 server setup but they aren't local, so I need a fix for this before I set them up with VPN since I won't be able to get onsite.

If any of you have advice on the matter that would be great!

Thanks,
Adam
0
Windows 10 64bit pc.
I was testing a RDP connection for connectivity through a VPN tunnel. All was good until I wanted to check a new user account I had just put in AD controller. When I tried to log in with their crendentials I got the following error message.
RDP Error
I Googled this error and found that if I go in the registry to \HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MSLICENSE\Store and delete the License00 folder then I can again login into the RDP. However the next time I attempt to go into the RDP I get the error again and have to go back into the registry and delete the offending key. I don't have this issue with my Windows 7 laptop, just Windows 10 desktop.
0
I have a productions network with a Cisco ASA5512x at the headend. There are various site to site VPN's connected to the network, all from ASA's (5505/6). I implemented "jump" servers at several of my larger customers to try and cut down on SSH attempts from unknown sources. This has worked great, but now, my ability to access those jump servers from the other end of the tunnel (my remote office, etc) does not work. I have to RDP to a session at the head end and then use Putty from there to get to the jump server. I have tried various way of routing the traffic, but I am not being particularly successful. What I would like is:
Remote Site 172.20.170.x --> Site to Site to Headend (172.20.x.x)
SSH to REAL_INTERNET_IP --> Route through tunnel to hit site.

FWIW, I am using VanDyke SecureCRT and / or Putty.

I am split tunneling and I do not want ALL internet traffic to go through the tunnel. Thoughts?
0
Try this example in Packet Tracer 7 but it never worked, hope some experts can point me where the problem is. Here is my 2 sites configurations.

ASA1:

ASA Version 8.4(2)
!
hostname F1
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 172.16.1.2 255.255.255.252
!
!
route outside 0.0.0.0 0.0.0.0 172.16.1.1 1
!
access-list LAN_Traffic extended permit tcp 10.0.1.0 255.255.255.0 10.0.2.0 255.255.255.0
!
!
!
!
!
!
class-map inspection-default
class-map inspection_default
 match default-inspection-traffic
!
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect icmp
  inspect tftp
!
!
telnet timeout 5
ssh timeout 5
!
dhcpd auto_config outside
!
dhcpd enable inside
!
!
!
!
crypto ipsec ikev1 transform-set L2L esp-aes esp-sha-hmac
!
crypto map L2L 1 match address LAN_Traffic
crypto map L2L 1 set peer 172.16.2.2
crypto map L2L 1 set ikev1 transform-set L2L
crypto map L2L interface inside
crypto ikev1 enable inside
crypto ikev1 policy 1
 encr aes
 authentication pre-share
 group 2
!
tunnel-group 172.16.2.2 type ipsec-l2l
tunnel-group 172.16.2.2 ipsec-attributes…
0
Cisco ASA5508-X vs Barracuda X200 I am considering moving to one of these solutions. My main concern is VPN speeds which one would be faster and work more reliably.
0
is there any performance issues for setting up a vpn using static ip versus using dynamic ip with dyndns? heard vpn does not work very well in the dyndns and normal off the shelf vpn routers cannot perform at 100 Mbps. Please share your experiences on using vpn with static or dynamic ip. Thanks!
0
I have a remote site for which I have configured a Cisco router with internet access and an L2L IPSec VPN.

The remote site are running a subnet that is also present on the main site (although the remote site do not to access the same subnet at the main site).  To allow the main site to route to the remote site, I have therefore configured a source NAT from the remote site to a second private range when destined for the main site.  All other outbound traffic should be translated using the overload.

Remote site users can currently access the internet and NAT to the overload IP correctly.  However, when a user contacts the main site across the VPN  (which they can), all subsequent address translations from that user then get made to the private range only (even for internet)  This immediately cuts off outbound internet access (as users source IP is from the private translated range instead of the overload)

You can see this occurring in the output from show ip nat translations...

Internet access (NAT) working correctly...

RTR-01#sho ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
icmp 82.x.x.x:1    192.168.1.99:1     8.8.8.8:1          8.8.8.8:1

Internet access (NAT) not working...

RTR-01#sho ip nat translations | inc 192.168.1.99
icmp 192.168.54.66:1    192.168.1.99:1     8.8.8.8:1          8.8.8.8:1
icmp 192.168.54.66:1   192.168.1.99:1     10.4.0.55:1        10.4.0.55:1

This…
0
hi all,
i have a site to site issue where, whenever the dsl line goes down and comes back online, my site to site tunnel does not get re established automatically.  i had to reboot the asa5506 and ping a device at the other end then, then the tunnel re establishes.
0
Hello Experts. My local home printer, to which i am connected wirelessly shows as offline as soon as i connect to my companies VPN. My company does allow split tunneling, but i still cannot use my local printer while on vpn. Does anyone know how to fix this. Please let me know.
0
We have a need for a satellite office that can function just like it is local.  A VPN point to point would be the normal way, but the caveat is that the remote office location is serviced with wifi connections only. We have Cisco anyconnect available and that works great for the PC, but the phone is another story.  I need to find a IP phone that can use wifi connections, and be able to establish a VPN tunnel back to the office.  The cisco phones can do this, but only IF you are using Cisco connection manager.  We have an Avaya system instead.  
Another option would be to find a way for a PC or device that can establish the VPN tunnel, and then share the connection to a mini network at the remote office. Windows used to be able to 'share this connection', but I don't know if that is still available on win10.
An additional desire is that the remote network be wifi.
So I'm looking for ideas and possible hardware suggestions.
0
What is a good Resource or place to start when looking to Synchronize or move Active Directory to Windows Azure?
0
Hello,

My main network is 10.0.92.0 MASK: 255.255.252.0 GW: 10.0.92.11. and we use ipaddresses in the range 10.0.92.0, 10.0.93.0, 10.0.94.0 and 10.0.95.0.
We have a other side with ip range 10.1.2.0 MASK 255.255.255.0 gw 10.1.2.1

On my workstation (10.0.92.45) i did: "Route -p add 10.1.2.0 MASK 255.255.255.0 10.0.92.254" on the other site is added "route -p add 10.0.92.0 MASK 255.255.252.0 10.1.2.9".
This is working fine.

But when i want to connect from a workstation (10.0.95.5) i did: "Route -p add 10.1.2.0 MASK 255.255.255.0 10.0.92.254" on the other site is added "route -p add 10.0.92.0 MASK 255.255.252.0 10.1.2.9".
This didn't work.

Can someone help me what route i have to add?

Thanks,

Edward
0
Are there any specific protocols, etc?  Pertaining to VMware that must be configured in order to address sluggishness over the VPN?  A large part of the situation may be that the environment is on another side of the hemisphere where the team trying to access it is located.  Any recommendations would be greatly appreciated.
0
For several years, I have connected to a remote server by establishing a VPN connection [remote server has a static IP] , and then connecting with remote desktop.  A few days ago this quit working.  There were no changes to the server, but the workstations were replaced with Windows 10 work stations.
The only change on the server was to upgrade Symantec Endpoint  12.1.4 MP4 to 12.1.6 MP6.  The VPN connection connects but when Remote Desktop is deployed, it times out with the attached error.
The Endpoint Firewall is open for VPN connections, and I do not see an error in  the windows logs.
I am able to connect with a trial version of Team Viewer, but prefer remote Desktop.

Any thoughts as to where I should look for the block?
remote-desktop-conn-error.jpg
0
hi,

I have cisco SA540 firewall purchase around 6 years ago. now seems dying, I need to change a new one. budget is around $700-$1000/ea, I need to get 2 to setup branch office and head office by VPN. any recommendation?

thanks
0
I'm trying to connect a site-to-site IPSec VPN between a Cisco ASA5505 and RV320.  The same basic settings are being used on both sides but the tunnel is not connecting.  When pressing Connect on the RV320 it fails to connect.  Clearly, there is advanced settings that need to be adjusted.  Anyone know of a tutorial on connecting these particular units?  Any help would be appreciated. Thanks! Setting are:
RV320:
Gateway to Gateway
Interface:WAN1
Keying Mode: IKE with Preshared Key
Enabled: checked

Local Group Setup
Local Security Gateway Type: IP Only
IP Address: Local WAN
Local Security Group Type: Subnet
IP Address: 192.168.1.0
SM: 255.255.255.0

Remote Group Setup
Remote Security Gateway Type: IP Only
IP Address: Remote WAN
Remote Security Group Type: Subnet
IP Address: 192.168.3.0
SM: 255.255.255.0

IPSec Setup
Phase 1 DH Group: Group 1 – 768bit
P1 Enc: DES
P1 Auth: MD5
P1 SA Lifetime: 86400
PFS: checked
P2 DH Group: Group 1
P2 Encr: DES
P2 Auth: MD5
P2 SA Lifetime: 3600

Advanced: the only thing checked is Dead Peer Detection Interval 10 sec

ASA 5505:
Stepped through site-to-site wizard with same settings as above
0
I've been asked by management to look into this and see if it is possible.
I've never used Google Authenticator myself but was aware you could use it for secure access to google apps and some other third party sites.

I wasn't aware it could be used instead of VPN to access an enterprise network.
Management got this idea because they are using Google Authenticator for secure access to a third party site for a business service they use.

Their question is if we could use it to authenticate for remote access to our network. This would give them the same access they have now i.e to all PCs and servers in the network they need for their work.

I came across this article while looking into this: https://www.wikidsystems.com/blog/5-issues-enterprises-should-consider-before-using-google-authenticator-for-ssh/

#5 is listed as a serious concern. We have many, many servers so I imagine this would be a concern for us as well if true.

Our VPN access is currently managed by a Cisco ASA 5510.

Is this feasible to implement this on an Enterprise network? Where can I find documentation on getting this configured?
0

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.