f



VPN - site to site

Here is my debug and config... it appears as if the tunnel is being
set up but I cannot access the remote LAN. Any suggestions? TIA.

: Saved
:
PIX Version 6.3(5)
fixup protocol tftp 69
names
access-list 102 permit tcp any any eq www
access-list 102 permit icmp any any
access-list 102 permit icmp any any echo-reply
access-list 101 permit ip 10.1.1.0 255.255.255.0 192.168.1.0
255.255.252.0
access-list 101 permit icmp any any
access-list NoNAT permit ip 10.1.1.0 255.255.255.0 192.168.1.0
255.255.252.0
ip address outside 1.1.1.1 255.255.255.248
ip address inside 10.1.1.1 255.255.255.0
global (outside) 1 1.1.4
nat (inside) 0 access-list NoNAT
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group 102 in interface outside
route outside 0.0.0.0 0.0.0.0 1.1.1.123 1
sysopt connection permit-ipsec
crypto ipsec transform-set abcd1 esp-des esp-md5-hmac
crypto map map1 1 ipsec-isakmp
crypto map map1 1 match address 101
crypto map map1 1 set peer 4.4.4.4
crypto map map1 1 set transform-set abcd1
crypto map map1 interface outside
isakmp enable outside
isakmp key ******** address 4.4.4.4 netmask 255.255.255.255
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000
: end
pixfirewall(config)#
**********************************
ISAKMP (0): beginning Main Mode exchange
crypto_isakmp_process_block:src:4.4.4.4, dest:1.1.1.1 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0
ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy
ISAKMP:      encryption 3DES-CBC
ISAKMP:      hash MD5
ISAKMP:      auth pre-share
ISAKMP:      default group 1
ISAKMP:      life type in seconds
ISAKMP:      life duration (basic) of 1000
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): processing vendor id payload

ISAKMP (0): SA is doing pre-shared key authentication using id type
ID_IPV4_ADDR
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:4.4.4.4, dest:1.1.1.1 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0
ISAKMP (0): processing NONCE payload. message ID = 0
ISAKMP (0): ID payload
        next-payload : 8
        type         : 1
        protocol     : 17
        port         : 500
        length       : 8
ISAKMP (0): Total payload length: 12
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:4.4.4.4, dest:1.1.1.1 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing ID payload. message ID = 0
ISAKMP (0): processing HASH payload. message ID = 0
ISAKMP (0): SA has been authenticated
ISAKMP (0): beginning Quick Mode exchange, M-ID of
-1581513484:a1bc04f4IPSEC(key
_engine): got a queue event...
IPSEC(spi_response): getting spi 0xa29c75de(2728162782) for SA
        from 4.4.4.4 to  1.1.1.1 for prot 3
return status is IKMP_NO_ERROR
ISAKMP (0): sending INITIAL_CONTACT notify
ISAKMP (0): sending NOTIFY message 24578 protocol 1
VPN Peer: ISAKMP: Added new peer: ip:4.4.4.4/500 Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:4.4.4.4/500 Ref cnt incremented to:1 Total
VPN
 Peers:1
crypto_isakmp_process_block:src:4.4.4.4, dest:1.1.1.1 spt:500 dpt:500
ISAKMP (0): processing NOTIFY payload 14 protocol 3
        spi 2728162782, message ID = 2387642870
ISAKMP (0): deleting spi 3732249762 message ID = 2713453812
return status is IKMP_NO_ERR_NO_TRANSIPSEC(key_engine): request timer
fired: cou
nt = 1,
  (identity) local= 1.1.1.1, remote= 4.4.4.4,
    local_proxy= 10.1.1.0/255.255.255.0/0/0 (type=4),
    remote_proxy= 192.168.1.0/255.255.252.0/0/0 (type=4)

ISAKMP (0): beginning Quick Mode exchange, M-ID of
261357499:f93ffbbIPSEC(key_en
gine): got a queue event...
IPSEC(spi_response): getting spi 0xb32cc8cf(3006056655) for SA
        from 4.4.4.4 to  1.1.1.1 for prot 3

crypto_isakmp_process_block:src:4.4.4.4, dest:1.1.1.1 spt:500 dpt:500
ISAKMP (0): processing NOTIFY payload 14 protocol 3
        spi 3006056655, message ID = 776872853
ISAKMP (0): deleting spi 3486002355 message ID = 261357499
return status is IKMP_NO_ERR_NO_TRANSIPSEC(key_engine): request timer
fired: cou
nt = 2,
  (identity) local= 1.1.1.1, remote= 4.4.4.4,
    local_proxy= 10.1.1.0/255.255.255.0/0/0 (type=4),
    remote_proxy= 192.168.1.0/255.255.252.0/0/0 (type=4)

pixfirewall(config)# show crypto isakmp sa
Total     : 1
Embryonic : 0
        dst               src        state     pending     created
 4.4.4.4   1.1.1.1    QM_IDLE         0           0
pixfirewall(config)# show crypto isakmp sa
ISADB: reaper checking SA 0x34e025c, conn_ipsec sa


interface: outside
    Crypto map tag: map1, local addr. 1.1.1.1

   local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/1/0)
   remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/1/0)
   current_peer: 4.4.4.4:0
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress
failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 1.1.1.1, remote crypto endpt.: 4.4.4.4
     path mtu 1500, ipsec overhead 0, media mtu 1500
     current outbound spi: 0

     inbound esp sas:
     inbound ah sas:
     inbound pcp sas:
     outbound esp sas:
     outbound ah sas:
     outbound pcp sas:

   local  ident (addr/mask/prot/port): (10.1.1.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (192.168.1.0/255.255.252.0/0/0)
   current_peer: 4.4.4.4:0
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress
failed: 0
    #send errors 4, #recv errors 0

     local crypto endpt.: 1.1.1.1, remote crypto endpt.: 4.4.4.4
     path mtu 1500, ipsec overhead 0, media mtu 1500
     current outbound spi: 0

     inbound esp sas:
     inbound ah sas:
     inbound pcp sas:
     outbound esp sas:
     outbound ah sas:
     outbound pcp sas:

**************************

0
nedtrilby (36)
8/28/2007 2:14:28 PM
comp.dcom.sys.cisco 25313 articles. 0 followers. Post Follow

1 Replies
1008 Views

Similar Articles

[PageSpeed] 26

NAT-T !
"Ned" <nedtrilby@hotmail.com> wrote in message 
news:1188310468.223568.124420@57g2000hsv.googlegroups.com...
> Here is my debug and config... it appears as if the tunnel is being
> set up but I cannot access the remote LAN. Any suggestions? TIA.

NAT-T !

(isakmp nat-t)

HTH
Martin


>
> : Saved
> :
> PIX Version 6.3(5)
> fixup protocol tftp 69
> names
> access-list 102 permit tcp any any eq www
> access-list 102 permit icmp any any
> access-list 102 permit icmp any any echo-reply
> access-list 101 permit ip 10.1.1.0 255.255.255.0 192.168.1.0
> 255.255.252.0
> access-list 101 permit icmp any any
> access-list NoNAT permit ip 10.1.1.0 255.255.255.0 192.168.1.0
> 255.255.252.0
> ip address outside 1.1.1.1 255.255.255.248
> ip address inside 10.1.1.1 255.255.255.0
> global (outside) 1 1.1.4
> nat (inside) 0 access-list NoNAT
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> access-group 102 in interface outside
> route outside 0.0.0.0 0.0.0.0 1.1.1.123 1
> sysopt connection permit-ipsec
> crypto ipsec transform-set abcd1 esp-des esp-md5-hmac
> crypto map map1 1 ipsec-isakmp
> crypto map map1 1 match address 101
> crypto map map1 1 set peer 4.4.4.4
> crypto map map1 1 set transform-set abcd1
> crypto map map1 interface outside
> isakmp enable outside
> isakmp key ******** address 4.4.4.4 netmask 255.255.255.255
> isakmp identity address
> isakmp policy 1 authentication pre-share
> isakmp policy 1 encryption 3des
> isakmp policy 1 hash md5
> isakmp policy 1 group 1
> isakmp policy 1 lifetime 1000
> : end
> pixfirewall(config)#
> **********************************
> ISAKMP (0): beginning Main Mode exchange
> crypto_isakmp_process_block:src:4.4.4.4, dest:1.1.1.1 spt:500 dpt:500
> OAK_MM exchange
> ISAKMP (0): processing SA payload. message ID = 0
> ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy
> ISAKMP:      encryption 3DES-CBC
> ISAKMP:      hash MD5
> ISAKMP:      auth pre-share
> ISAKMP:      default group 1
> ISAKMP:      life type in seconds
> ISAKMP:      life duration (basic) of 1000
> ISAKMP (0): atts are acceptable. Next payload is 0
> ISAKMP (0): processing vendor id payload
>
> ISAKMP (0): SA is doing pre-shared key authentication using id type
> ID_IPV4_ADDR
> return status is IKMP_NO_ERROR
> crypto_isakmp_process_block:src:4.4.4.4, dest:1.1.1.1 spt:500 dpt:500
> OAK_MM exchange
> ISAKMP (0): processing KE payload. message ID = 0
> ISAKMP (0): processing NONCE payload. message ID = 0
> ISAKMP (0): ID payload
>        next-payload : 8
>        type         : 1
>        protocol     : 17
>        port         : 500
>        length       : 8
> ISAKMP (0): Total payload length: 12
> return status is IKMP_NO_ERROR
> crypto_isakmp_process_block:src:4.4.4.4, dest:1.1.1.1 spt:500 dpt:500
> OAK_MM exchange
> ISAKMP (0): processing ID payload. message ID = 0
> ISAKMP (0): processing HASH payload. message ID = 0
> ISAKMP (0): SA has been authenticated
> ISAKMP (0): beginning Quick Mode exchange, M-ID of
> -1581513484:a1bc04f4IPSEC(key
> _engine): got a queue event...
> IPSEC(spi_response): getting spi 0xa29c75de(2728162782) for SA
>        from 4.4.4.4 to  1.1.1.1 for prot 3
> return status is IKMP_NO_ERROR
> ISAKMP (0): sending INITIAL_CONTACT notify
> ISAKMP (0): sending NOTIFY message 24578 protocol 1
> VPN Peer: ISAKMP: Added new peer: ip:4.4.4.4/500 Total VPN Peers:1
> VPN Peer: ISAKMP: Peer ip:4.4.4.4/500 Ref cnt incremented to:1 Total
> VPN
> Peers:1
> crypto_isakmp_process_block:src:4.4.4.4, dest:1.1.1.1 spt:500 dpt:500
> ISAKMP (0): processing NOTIFY payload 14 protocol 3
>        spi 2728162782, message ID = 2387642870
> ISAKMP (0): deleting spi 3732249762 message ID = 2713453812
> return status is IKMP_NO_ERR_NO_TRANSIPSEC(key_engine): request timer
> fired: cou
> nt = 1,
>  (identity) local= 1.1.1.1, remote= 4.4.4.4,
>    local_proxy= 10.1.1.0/255.255.255.0/0/0 (type=4),
>    remote_proxy= 192.168.1.0/255.255.252.0/0/0 (type=4)
>
> ISAKMP (0): beginning Quick Mode exchange, M-ID of
> 261357499:f93ffbbIPSEC(key_en
> gine): got a queue event...
> IPSEC(spi_response): getting spi 0xb32cc8cf(3006056655) for SA
>        from 4.4.4.4 to  1.1.1.1 for prot 3
>
> crypto_isakmp_process_block:src:4.4.4.4, dest:1.1.1.1 spt:500 dpt:500
> ISAKMP (0): processing NOTIFY payload 14 protocol 3
>        spi 3006056655, message ID = 776872853
> ISAKMP (0): deleting spi 3486002355 message ID = 261357499
> return status is IKMP_NO_ERR_NO_TRANSIPSEC(key_engine): request timer
> fired: cou
> nt = 2,
>  (identity) local= 1.1.1.1, remote= 4.4.4.4,
>    local_proxy= 10.1.1.0/255.255.255.0/0/0 (type=4),
>    remote_proxy= 192.168.1.0/255.255.252.0/0/0 (type=4)
>
> pixfirewall(config)# show crypto isakmp sa
> Total     : 1
> Embryonic : 0
>        dst               src        state     pending     created
> 4.4.4.4   1.1.1.1    QM_IDLE         0           0
> pixfirewall(config)# show crypto isakmp sa
> ISADB: reaper checking SA 0x34e025c, conn_ipsec sa
>
>
> interface: outside
>    Crypto map tag: map1, local addr. 1.1.1.1
>
>   local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/1/0)
>   remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/1/0)
>   current_peer: 4.4.4.4:0
>     PERMIT, flags={origin_is_acl,}
>    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
>    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
>    #pkts compressed: 0, #pkts decompressed: 0
>    #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress
> failed: 0
>    #send errors 0, #recv errors 0
>
>     local crypto endpt.: 1.1.1.1, remote crypto endpt.: 4.4.4.4
>     path mtu 1500, ipsec overhead 0, media mtu 1500
>     current outbound spi: 0
>
>     inbound esp sas:
>     inbound ah sas:
>     inbound pcp sas:
>     outbound esp sas:
>     outbound ah sas:
>     outbound pcp sas:
>
>   local  ident (addr/mask/prot/port): (10.1.1.0/255.255.255.0/0/0)
>   remote ident (addr/mask/prot/port): (192.168.1.0/255.255.252.0/0/0)
>   current_peer: 4.4.4.4:0
>     PERMIT, flags={origin_is_acl,}
>    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
>    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
>    #pkts compressed: 0, #pkts decompressed: 0
>    #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress
> failed: 0
>    #send errors 4, #recv errors 0
>
>     local crypto endpt.: 1.1.1.1, remote crypto endpt.: 4.4.4.4
>     path mtu 1500, ipsec overhead 0, media mtu 1500
>     current outbound spi: 0
>
>     inbound esp sas:
>     inbound ah sas:
>     inbound pcp sas:
>     outbound esp sas:
>     outbound ah sas:
>     outbound pcp sas:
>
> **************************
> 


0
Martin
8/29/2007 6:36:32 PM
Reply:

Similar Artilces:

VPN from Cisco to VPN
Does anyone know how to create a VPN (ANy type) from a Cisco 1601 to a Netscreen 100? Or where to get the information. I have emailed you a stepthrough Dave Sinclair NCSA NetScreen Certified Security Associate NCSI NetScreen Certified Security Instructor Equip Technology.com NetScreen Authrorised Training Centre in the UK ...

VPN Connection Problems between Cisco PIX 506E and Cisco VPN Concentrator 3005
Hello all, I got a problem with a vpn connection from a cisco pix 506E to a cisco 3005 concentrator. The problem is that the lan on the pix is also used to another remote side. so I tried to activate NAT on the pix to translate the ip adresses of the network. after that I entered the information at the concentrator which are nessassray for the lan-to-lan connection. But I did not get a connection. I tried to ping the outside address of the pix but I did not get a reply. I post the output of the logfile for that connection below: 29437 02/15/2005 14:25:21.890 SEV=4 IKE/41 RPT=43758 213.183...

Trying to access the PDM of a Cisco pix over a Remote Access VPN with Cisco VPN Client
I am trying to configure the cisco pix (501) to allow access to the PDM over a Cisco VPN Client IPSEC tunnel. I found a situation for accessing the PDM ove a site-site tunnel but am not able to configure it for remote access VPN http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/products_configuration_example09186a0080094497.shtml I setup VPN by the wizard and enable split tunnel and excempt complete LAN from nat, so not the outside interface ip. Tried with management-access none, inside and outside I am running Cisco PIX Firewall Version 6.3(5) Cisco PIX Device Manager Version 3.0(4)...

CISCO VPN client blocks DCOM communication
Hi I installed the CISCO VPN client on my windows 2000 professional edition. After that, the applcation using DCOM communications is not working any more. I uninstalled the VPN but afterwards, the DCOM application is still not working. Just wonder if you can provide any advise on how to fix that problem. Thanks a lot ...

Cisco 1750 Router Cisco QoS Device Manager Cisco VPN Device Manager
Hello can my tell who can find the installfiles for 1750 Router Qos Device Manager and Cisco VPN Device Manager!!! thanks R. Kuhn ...

Netscreen VPN and Cisco 1601 VPN
Can anyone tell me if it is possible to connect to a Netcreen VPN server with the standard Windows 2000 or XP client. This is without using the Netscreen client. If it is possible, does anyone now how. Also is it possible to create a VPN peer to peer network from a Netscreen 100 to a Cisco 1601? (The 1601 has VPN caperbilities) Regards, Henry henrybilljones@hotmail.com You can connect a Windows 2000 or XP client VPN client with Netscreen box BUT: The MS client doesn't support aggressive mode VPN and therefore, when using preshared key authentication, each IPSec peer must use the same preshared key or authentication will fail. You can find the details in the IKE_Windows2000_Paper.PDF from Netscreen. I never tried if it really works because I don't want to configure and troubleshoot all the PC's of my home users. When using NS-remote, I give them a default..default..default install procedure and a configuration file they can click on. Every time they want to reinstall their PC, they can easily repeat this procedure. -- regards, -.-@@-.- -- "Henry" <henrybilljones@hotmail.com> wrote in message news:ea61d44f.0312160337.7e83e62@posting.google.com... > Can anyone tell me if it is possible to connect to a Netcreen VPN > server with the standard Windows 2000 or XP client. This is without > using the Netscreen client. > > If it is possible, does anyone now how. > > Also is it possible to create a VPN peer to peer network f...

Cisco vpn client to Cisco 837 problem
hi, I have trouble to solve this issue and would like to get your help. I try to set up remote access vpn with cisco client software to a cisco 837 vpn server but I can only get the tunnel up but d'ont be able to ping router ethernet interface nor all computer in the LAN site. cisco client 4.0.2b--------Internet--------ADSL_Cisco 837_vpn_server-------LAN_Windows2003_terminal_server Building configuration... Current configuration : 3499 bytes version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ho...

Cisco 831 VPN to Cisco 3030 Security
I'm planning on deploying Cisco 831 VPN routers and having them connect to the Corp office over a DSL connection to a Cisco 3030. I'm curious how others handled security to keep unwanted users out. This of course assumes you have split tunneling off and there is a branch office type setup. I'm trying to figure out how to have some sort of login/password challenge to keep one of our remote users family members from plugging in a laptop or similar system and connecting to our network. The DHCP will only serve up one usable IP address from the 831 but you never know. Any help is m...

ASA5510 with Cisco VPN client. No traffic over VPN tunnel
Hi all, In the hopes anyone sees my error in my config (I'm almost sure it's a config error on my part but i can't find it). I'm trying to get the Cisco VPN client to work with an ASA 5510. Tried the manual config way and the ASDM way through the wizard. The problem is not that i can't get any ipsec connection. That works. But when the VPN connection is established i can't get any trafic from my Client VPN IP segment (172.16.101.0/24 to the internal network (172.16.100.0/24). The logs in the ASDM keep giving me the same error (this is another error but the error ...

VPN router-cisco vpn client routing issue
Hello I have problem with VPN connection. My configuration is: client (XP with Cisco VPN CLient 4.0.5)--->:Internet-->router 2621 with 12.3 Everything with VPN connections looks very good. I can succesfully establish new connection, but after that I can reach by ping only cisco router. PC gets static default route through the router, router adds static route to the PC (RRI - revers route), but I can reach only router from PC (from router PC is accessible too). I am waiting for some clue..... regards, Michal Below is attached current configuration. Pings between router and PC are ...

xp vpn client setup for cisco vpn server
Preamble... I'm a newbie, sorry if this is a repeat, blah blah blah Part 1: I would like to use the Windows XP VPN client to connect to a Cisco server. 1. Is this possible? 2. What are the settings? Part 2: I have a Cisco Client installed on a Dell Latitude D500 laptop. It will not connect over a wireless connection. Any thoughts? Any pointers on these questions are greatly appreciated. Doug Part 1 1 - yes 2 - if you mean as XP VPN Client a PPTP connection, you can configure the router as a PPTP server with latest firewall IOS or the firewall PIX with latest...

asa 5505 + l2l vpn + cisco client vpn
Hi, I'm trying to replace PIX 506[working ok] with asa 5505. But just after swaping them some of the vpn links doesn't work. I can't ping sites. Cisco vpn client access doesn't work too. I was following few cisco manuals but I can't figure out what is missing in my config. Could you pls have a look at my config maybe sth obvious - I hope so. Many thanks. : Saved : Written by enable_15 at 01:48:02.989 UTC Tue Jan 13 2009 ! ASA Version 8.0(4) ! hostname pb domain-name zzzzzzz enable password zzzzzzzzzzzzzz encrypted passwd zzzzzzzzzzzz encrypted names ! interface Vlan1 nam...

cisco asa 8.4 + cisco vpn client
explain that I did not do so. need to arrange a remote connection, for those who do not know, much has changed in 8.4. this configuration of the docks from the site cisco.com hostname(config)# interface ethernet0 hostname(config-if)# ip address 10.10.4.200 255.255.0.0 hostname(config-if)# nameif outside hostname(config-if)# no shutdown hostname(config)# crypto ikev1 policy 1 hostname(config-ikev1-policy)# authentication pre-share hostname(config-ikev1-policy)# encryption 3des hostname(config-ikev1-policy)# hash sha hostname(config-ikev1-policy)# group 2 hostname(config-ikev1-policy)# lifetime...

Cisco VPN client through a Hotbrick VPN 600/2
Hi If i setup a vpn using the Cisco client on a pc behind the Hobrick it's not possible to start a remote desktop session. If i setup a vpn using the Cisco client on a pc NOT behind the Hobrick it is possible to start a remote desktop session. If i setup a vpn using Microsoft Windows XP network connection on a pc behind the Hobrick it is possible to start a remote desktop session. What could be the problem? Why isn't it possible to run a remote desktop session on a Cisco vpn behind the Hotbrick firewall? Thank's Perry ...

Using Apples implementation of VPN on a Cisco VPN implementaton.
Hi folks, I've got a question regarding VPN client usage. I was wondering if anyone knew if Cisco VPNs needed the Cisco VPN client. Is it possible to use the Tiger VPN client on a Cisco VPN? I don't know what details I need to provide to help answer this, but if you need more information I should be able to find out. Thanks. Pete In article <1134858494.806254.289230@f14g2000cwb.googlegroups.com>, <Pete.Voorhees@gmail.com> wrote: > Hi folks, > I've got a question regarding VPN client usage. I was wondering if > anyone knew if Cisco VPNs needed the Cisco VPN c...

Cisco 837 and Cisco VPN client wierdness.. any ideas?
With my current configuration I can VPN connect from anywhere on the web and authenticate as a local user with an 837 router. Once auth'd the VPN client is allocated an IP from the vpn pool. From a VPN connected laptop I can ping any address on the LAN and any other machine on the LAN can ping the IP the VPN client has been allocated. However I can't access all resources via all protocols on all machines. This part is inconsistent and has me baffled. e.g. from a VPN client I can mount SMB shares on 192.168.16.250 but I can't see the webserver (:80) on the same IP). From a LAN connected laptop I can see the webserver running on the VPN client (192.168.17.x:80). However the VPN client can't see a webserver on the same LAN connected laptop (192.168.16.10:80). This is my first ever contact with Cisco gear and while i'm quite chuffed with getting as far as I have on setting this box up.. i'm now way out of my depth on working out what the problem is. Any suggestions would be greatly appreciated! Client s/w is v4.6 (0045) on Mac OS 10.3.9 sh version reports: IOS (tm) C837 Software (C837-K9O3Y6-M), Version 12.2(13)ZH4 Router config (security edited) is cut/pasted below: ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname xxxx ! logging queue-limit 100 no logging buffered enable secret 5 xxxx ! username xxxx password 7 xxxx username xxxx password 7 xxx...

Cisco VPN Client <-> XP VPN
Hello, I'm a little bit confused about the differences between Microsoft's build-in VPN Client (for XP) and Cisco's VPN client. I wanna set up a connection to a network using Cisco's client (which I'm using for other networks as well). For the new network detailed instructions for the XP client are given, but nothing for the Cisco client. I thought - please correct me, if I'm wrong - that XP and Cisco both use the L2TP technique, so I should be able to use any client for those connections. But Cisco's client needs much more information than the IP of the...

W2K vpn client to Cisco 3005 VPN concentrator
I've got a project to configure a Cisco 3005 vpn concentrator to allow connections from the w2k builtin vpn client. The concentrator currently has users connecting via the Cisco client using IPSec, and authenticating against an Active Directory server. The way I understand things is, PPTP is supported, but only without encryption when authentication against Active Directory. And the only other option is L2TP/IPSec, which is mutually exclusive with the IPsec-only that's currently in use. (Have I got this all correct?) So, the only option open here is PPTP without encryption, correct?...

Cisco VPN Client vs MS VPN Client
I have to install vpn clients on 6 laptops. They will connect to PIX 515. What is the difference, whether I use Cisco or MS vpn clients ? regards Jarek Carnowski ...

VPN to ASA from Cisco VPN Client Getting Error
Hi, I am trying to set up remote access VPNs and am having trouble. I used: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_example09186a00806de37e.shtml as a guide as was recommended by someone in a previous post. When I connect from the Cisco VPN client I am getting an error: "Secure VPN Connection terminated locally by client. Reason 412: The remote peer is no longer responding." My network looks like this. Router-----ASA----LAN I can see the traffic getting through my router when I attempt to connect. The IP connecting to is my outside inter...

Recommendation: Microsoft VPN vs. Cisco 871 Easy VPN
We are switching over from a Linksys Cable/DSL Router to a Cisco 871. We currently have it setup through Microsoft VPN on our Windows 2000 Server. Would we be better off using a VPN solution (Easy VPN) through the Cisco Router or opening ports for the Microsoft VPN to work? We typically have 5-7 users that need remote access through VPN, rarely would they all be on at the same time. abright52@gmail.com wrote: > We are switching over from a Linksys Cable/DSL Router to a Cisco 871. > We currently have it setup through Microsoft VPN on our Windows 2000 > Server. Would we b...

Comparing Cisco VPN concentrator and a Cisco 2800 router with SDM
Hi! I am thinking about buying something that will handle a lot of vpn tunnels and my cisco connection said that instead of bying a 3020 Concentrator I should buy a 2800 router with a vpn accelerator card. He said that it would be both cheaper and faster that the 3020. How do the 2800 router compare to the 3020 concentrator? Is it alot more difficult to administer? Any difference in licensing? /Bq In article <1115734110.285875.224790@o13g2000cwo.googlegroups.com>, <balroq@gmail.com> wrote: :I am thinking about buying something that will handle a lot of vpn :tunnels and my cis...

Cisco VPN Client not working. Strange VPN Adapter behavior.
I am working with an ASA running 8.x and a Cisco VPN client running 4.6.03.0021. The client connects fine (passes phase 1 and phase2 and traffic flows downstream of the ASA which I have sniffed. It appears as though the traffic it not returned to the client as all sessions timeout. I have other clients using this same profile without issue. It appears that the clients having the problem all have the following in common: Physical NIC IP Address. . . . . . . . . . . . . : 192.168.2.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Cisco Systems VPN Adapter IP Address. . . . . . . . . . . . : 172.16.1.25 Subnet Mask . . . . . . . . . . . : 255.255.255.240 Default Gateway . . . . . . . . . : 172.16.1.25 You will notice that the Cisco VPN Adapter is given an IP Address and Mask from the ASA via a configured address pool, but you will notice that virtual adapter is using the same IP address for its interface and gateway. I have other Cisco VPN client running version 3.6.x and 5.x that do not have this issue. I ruled out the common issues NAT-T, MTU, etc. I was hoping some one could confirm or deny whether this IP addressing issue may be the culprit and whether this is a known issue for this version of the client. My search of Cisco Bugtraq show no. Reply Reply to author Forward dnash wrote: > I am working with an ASA running 8.x and a Cisco VPN client running > 4.6.03.0021. The client connects fine (passes p...

VPN over VPN?
Hi, i hope someone may help ... For internet i have to connect to our server at my place via VPN. --everything is fine -- And now my question: Is it possible to connect to an server in the internet via VPN too? Do i need some additional tools for that or is this impossible? Thanks in advance, Otto In article <3F17B586.4040102@domain.invalid>, Otto <user@domain.invalid> wrote: :For internet i have to connect to our server at my place via VPN. :--everything is fine -- :And now my question: :Is it possible to connect to an server in the internet via VPN too? :Do i need so...

VPN through VPN
I apologize if this question has been asked before. I have searched and the results did not lend what I was looking for, I have connected to my office VPN, the office is connected to the colo vpn. Is it possible to connect to our colo vpn from my current connection at home? I would think it is... perhaps I need some fancy routing/firewall rules? Anyone willing to field this one? Background info: Home to Office is 3des ike preshared key Office to Colo is aes ike preshared key Home & Office are different types of hardware Office & Colo are the same type of hardware All VPN access is being performed by network devices and not software on a PC/Server. Thanks in advance for your assistance, -james Does this Help ? Spoke to Client VPN: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml In article <1146930840.782412.189990@v46g2000cwv.googlegroups.com>, <james.p.carter@gmail.com> wrote: >I apologize if this question has been asked before. I have searched and >the results did not lend what I was looking for, I have connected to my >office VPN, the office is connected to the colo vpn. Is it possible to >connect to our colo vpn from my current connection at home? I would >think it is... perhaps I need some fancy routing/firewall rules? Anyone >willing to field this one? It depends on the hardware and on the network topology, and on how it is all configured. For example, the Cisco P...

Web resources about - VPN - site to site - comp.dcom.sys.cisco

John Moltz's Very Nice Web Site
John Moltz's Very Nice Website

Nevada National Security Site - Wikipedia, the free encyclopedia
November 1951 nuclear test at Nevada Test Site. Test is shot "Dog" from Operation Buster , with a yield of 21 kilotonnes of TNT (88 TJ). It was ...

Fears unauthorised Maitreya Festival could damage Aboriginal heritage sites
... could be damaged. Organisers of an alternative music festival in remote Victoria have been ordered to stop all works on the festival site over ...

1 dead, 2 missing after tugboat sinks near Tappan Zee construction site - abc7ny.com
Around 5:20 a.m., a tugboat struck a construction barge near the site where the new Tappan Zee Bridge is being built.

NY Times to Launch TV and Film Site ‘Watching’
Good news for people like us who can never seem to figure out which TV or movie to watch next: The New York Times is launching Watching, a site ...

6 Quick SEO Fixes to Boost Your Site
We all know how important SEO is to ranking a site, but we don’t all have the time to implement every small-detail SEO trick in the book. Do ...

​Military to check for water contamination at 664 sites
Defense Department says chemicals from foam used to fight fires may have contaminated groundwater and spread to drinking water supplies

How Renewable Sites can Prepare For El Nino
Originally published on the ECOreport The last four years of drought have left many Californian renewable sites unprepared for the return of ...

Shamans using sites like Facebook for black magic, says Malaysian official
A communications officer with a government ministry has reportedly warned people against posting pictures of themselves on social media, lest ...

Canada-U.S. state dinner site of border dispute over maple syrup - CNNPolitics.com
A long-simmering transborder dispute between the United States and Canada isn't expected to be resolved during Prime Minister Justin Trudeau's ...

Resources last updated: 3/14/2016 12:15:55 AM