Cisco Routers :: RV016 VPN To Allow Remote Users To Access Network Shares Via Samba
Jul 4, 2012
My company is using an RV016 router as a gateway to our internal network. My end goal is to allow remote users to access network shares via Samba.I've been trying to create a VPN using the router with absolutely no luck. I've tried QuickVPN. I've tried creating a client-to-site group vpn. I've tried creating a client-to-site tunnel vpn. I've tried pptp. Nothing will allow me to establish a VPN connection. Sometimes there is information logged in the router but most of the time there is not.
I am having trouble accessing shares via client SSL VPN. I have an ASA 5505 running 8.4(4)1 The share is on on Ubuntu server 11.04 running Samba 3.5.8
This may not be strictly a Cisco issue and it seems to be an interoperbility issue between ASA and Samba. Or simply the smb.conf configuration.
I suspect the issue is down to the interpretation of Lanman on the ASA as I know the usernames and passwords work correctly when accesing the shares from other platforms (Windows Vista and Ubuntu desktop 12.04)
When monitoring the Samba logs I get the following errors: (amongst others)
ntlm_password_check: NT MD4 password check failed for user testuser Storing account testuser with RID 1000 check_ntlm_password: sam authentication for user [testuser] FAILED with error
I have an RV042 using Quick VPN to connect to a remote network. I have port 1723 forwarded to a static IP address on a Windows 7 Pro 64 bit PC. I can establish the VPN and ping a printer but not the Win 7 PC. I can not acccess any shares on the pc via the IP address. It has Norton Antivirus and Windows Firewall. This remote PC replaced a Windows xp PC that allowed access to the shares. I have tried access with a Windows XP Pro and Windows Vista Home Premium PC. Neither have worked.
Based on my diagram, my computer A (192.168.100.11) can ping and access my computer B (192.168.10.14). But, when i'm home and i use remote access vpn (192.168.200.x) in cisco asa 5520 to connect to my computer A is okay. But, when i try to ping my computer B is not okay. I already do the exemption for 192.168.100.x and 192.168.10.x in nat rules for inside interface (192.168.100.2) ...
Should i put routing from outside 18.104.22.168 to 192.168.10.x by using 192.168.100.1 as a gateway?
I need a way to block MAC OS X users connecting remotely to our coporate users over VPN. I know there is an option to block connections based on VPN client Version, but cant find a way to block users based on operating system.
We use Cisco ASA 5510 firewals one with v8.2(1) and other with v7.2(3). I need to do on both firewalls. They are both at diffrent sites.
We have a high availability pair of ASA 5510's in Data Centre where we have configured remote access to allow users log in via SSL VPN, now we want to add further security to our environment we are adding endpoint assessment licenses...the question I have would I need two sets of the license ASA-ADV-END-SEC ?
I learned the hardway before with ASA SSL VPN licenses breaking other failover pair as it needed identical licenses on both units! Will I need 2 separate license sets to keep my firewalls in a HA pair?
I`ll get straight to the point. I have at work a domain of computers. on one of the computers (I have admin rights) I want to share a folder that can be accessed by other computers that are not in the domain. By default accessing that share requires a user/pass. My question is: can I configure something on the computer (running windows 2008 server) to the shared folder so that other computers that are not from the domain will gain access to without user/pass requirement (like a normal share)?
I replaced my old Linksys WRT54G wireless router with the new E3000 wireless router. The installation was a breeze, but not what followed henceforth. I was able to access the internet on my wireless desktop/laptop/Netflix ROKU player/WD TV live media player, but lost access to all the network shares. I spent a lot of useless time with Linksys chat support and phone support, where they said their responsibility is only getting the internet working. They said they are not responsible for file and printer sharing issues, and suggested I use a third-party paid support package to resolve my issues. Over and above spending a hefty amount for the lates top of the line E3000 router, I was not going to shell out additional money for support.
Thinking that it could probably be due to some Windows XP firewall/anti-virus (McAfee) issues, I disconnected the E3000 and connected the old WRT54G back again. Lo and behold, everything started working fine again. I could access the shared folders of my desktop (to which my router is attached) and printer, from the wireless laptop/desktop/media player just as before without any problems. I then switched back to the E3000 and lost the shares again. So I have come to the conclusion, there is definitely some setting within the E3000 that is preventing the file and printer sharing. I just can't figure out what it could be, and am at a point of returning it back to the store as defective. The extra N-speed is useless to me if my devices can't access the network shared content.Also, I tried to set up the UPnP media server feature of the E3000 by attaching USB storage and configuring it via the Linksys web based utility, but my media player is unable to access the content.
I would like to setup a VPN to allow employees nomad that connect to our network from outside. Our router is a Cisco SA520 I tried different configurations without success ...Here is the current VPN configuration:I created my users IPSec, I can connect remotely, but I do not have network access ... Unable to access network shares, impossible to ping.
I know this *should* be simple but having a devil of a time getting it to work.
I have 2 routers. Both have a static ip. Each is setup for a different private subnet. At the moment they are not connected to each other. Consider this setup (made up numbers obviously):
RV016 has 13 lan ports, 2 internet ports, 1 dmz port Internet port: 10.10.10.10
I'd like clients on the rv082 lan to be able to access the printer on the rv016 lan, and use the rv016 as an alternate internet connection (optional). I would prefer the rv016 client not be able to access the rv082.
I was trying to access some computers in network via remote desktop. All those computers had been used by other staffs.What I noticed that, for some computers I can access via remote desktop by forcing them to log off (people who were using the computers)But for some computers, I got the message similar to "user is currently logged onto the computer, you are not allowed to connect"I want to force them too and access these computers. How I can do it?
We have had our router and remote computers set up with Quick VPN for over a year. We've had our share of problems but have worked around them.
Now, out of the blue, no one can connect to the VPN. I went in to try to do some 'troubleshooting' and the ONLY thing that allows our VPN connection to go through is to completely disable the RV016 firewall. We have too many remote users to actually start and stop the firewall everytime someone needs the VPN connection.
We are having several issues with the new batch of RV016 (rebranded as cisco and with cisco firmware. The Cisco RV016’s are configured to load balance aDSL internet access from 4 Cisco 877 modems/routers. Ports used are WAN1, WAN2, WAN3, WAN4.
Issues are: WAN 1 port resets to 0.0.0.0 regularly and traffic on WAN 1 fails DNS fails regularly behind the RV016 onlyIntermittent internet connection behind the RV016Slow internet connection behind the RV016Extremely slow DNS query and reply behind the RV016 (DNS resolve takes 1min -1m30)
The issues above are reported from different deployment sites and with different scenarios.
I have five (5) sites all connected via static VPN tunnels. They are all using Cisco ASA 5510s running 8.4(4)1. Any internal IP on each site can ping any IP on a remote site, because of the static VPN tunnels. I have the external IP (routeable) addresses connecting to each other.
Site A: 10.1.0.0 /24 Site B: 10.2.0.0 /24 Site C: 10.3.0.0 /24 Site D: 10.5.0.0 /24 Site E: 10.10.0.0 /20
I have remote users who connect using Cisco AnyConnect 3.1 to Site E. They get a static IP within the 10.10.100.0 /24 subnet (vpnpool00) and can access anything in the 10.10.0.0 /20 subnet. So far, so good.No management wants users to access devices within the other sites, specifically Site A using teh same AnyConnect connection. In other words, they get an Ip address of say, 10.10.100.5 and now need to access a server on Site A's subnet or 10.1.0.5.I have checked my NAT statements and they appear to allow this, but so far when I do a ping I get the following: Routing failed to locate next hop for ICMP from outside: 10.10.100.5/1 to inside: 10.1.0.5/0 What am I missing? Is there a NAT statement that is wrong, or an access-list statement or possibly a static route?
I have a weird problem which I have already submitted a TAC ticket about. When users authenticate through AnyConnect into our HQ ASA 5510 they grab an address from 172.16.254.x. What we have been noticing intermittently is that when logged into our network through the client they are unable to access their resources at one of our remote offices which is connected over l2l to the HQ ASA. This problem just started randomly a week ago and we have been working with Cisco trying to create a solution.
My quick fix is logging into a device at the remote office which is trying to be accessed and pinging the gateway of the virtual subnet for AnyConnect users. When I ping 172.16.254.1 it goes through after a few dropped icmp packets and then the issue is resolved for about 8 hours or so.
We have an RV016 (hardware version 2, firmware version 3.0.2.01) behind a cable modem. Attached to this RV016 is a switch to which our other devices are connected. Among those is another switch, a wireless access point and our VOIP phone system.
The issue with this setup seems to be as follows:
The Mac machines at our office seem to be unable to get internet access reliably. What we have observed is that a connection to the wireless access point is made. Google will load fine, then when performing a search it comes back with either a dns lookup error or just says that the site can't be found. Sometimes sites will load just fine, sometimes they don't. Our Windows or Ubuntu machines in our office hardly ever have that issue, but they do on occasion. Essentially internet is usable on Windows and Ubuntu, but not on a newer Mac. Mainly three Macs are affected that run a newer OS. Two other Macs (older OS) seem to be fine. My coworkers (who have that issue at work) report that at home they do not.
The DNS servers on the router were set to our ISPs addresses. I have since changed them to opendns servers. The issue persists.
When connecting a MacBook directly to the cable modem, everything works fine. Since we are using NAT, I do need to use the router. There are devices attached to it that these users need to be able to get to.
I run a home private server on Centos 5.5 I believe. A while ago, a surge destroyed a different computer with pictures on it that my parents would like to access. The hard drive itself is just fine, and I've backed up those files on an external hard drive. What I would like to do is allow my parents to access them through Samba. Samba has already been in long time use, but it is configured to only allow access in a jail inside each user's home folder on the root hard drive. I have a suitable hard drive already formatted and mounted that can fit all the pictures that they wish to have access too. What I'd like to do, is change the path that one of my users use to the mounted hard drive.
we have two ASA 5510s one in 8.4(4) and one in 8.2(5) in a site-to-site VPN setup. All internal traffic is working smoothly.Site/Subnet A: 22.214.171.124 - local (8.4(4)) Site/Subnet B: 192.260.0.0 - remote (8.2(5)) VPN Users: 126.96.36.199 - assigned by ASA When you VPN into the network, all traffic hits Site A, and everything on subnet A is accessible.
Site B however, is completely inaccessible for VPN users. All machines on subnet B, the firewall itself, etc... is not reachable by ping or otherwise.There are also some weird NAT rules that I am not happy with that were created after I upgraded Site A ASA to 8.4
Site A internal: 192.160.x.x External: 55.55.555.201(main)/202(mail) Site B (over site-to-site) is 192.260.x.x External: 66.66.666.54(all)
I pretty much just have the basic NAT rules for VPN, Email, Internet and the site-to-site.What do I need to add for the VPN to be able to access the site-to-site network?
Remote-access users aren't able to reach our remote network through a site-to-site VPN tunnel between two ASA 5505's.
I've seen several threads about that here, I've run through the walkthrough at [URL] I've taken a stab at setting split tunnelling and nat exemption, but it seems I'm still missing something. Remote-access users can reach the main site, but not the remote site.
Remote-access (vpn-houston) uses 192.168.69.0/24. The main site (houston) uses 10.0.0.0/24 The remote site (lugoff) uses 10.0.1.0/24
I have a RV042 and have set it up for VPN Client access using the QuickVPN client to connect my remote users. I discovered today that I cannot have two users connect in at the same time. Both users are in the same remote office. They can connect individually with no problem but if one is connected and the other tries connect also the second user gets a message the gateway is not responding. They are both running Win XP PRo SP3.
I have a RV042 and have set it up for VPN Client access using the QuickVPN client to connect my remote users. I discovered today that I cannot have two users connect in at the same time. Both users are in the same remote office. They can connect individually with no problem but if one is connected and the other tries connect also the second user gets a message the gateway is not responding. They are both running WinXPPRo SP3.
I have two offices connected with an IPSEC VPN tunnel using RV220W routers. The Tunnel works fine for local users between the two sites(Site 1:10.0.0.x; site 2 is 10.0.2.x). I have also set up PPTP users for remote access. PPTP users that connect to site 1 cannot access site 2 and vice versa. The PPTP users have no trouble accessing the resources on the site that they connect to. I have tried activating RIP and adding various static routes with no success. If I PPTP connect to site 1 and I tracert to an IP address on site 2 the route goes to the site 1 router and then goes to the internet(connected to the site 1 router) where it stops.
I have the Apple Time Capsule connected to my ISP using PPPoE and it is working just fine creating a wired and wireless network. The IP address of TC is 192.168.1.1 and I have set it's DHCP range between .100 to .200Next, I wanted to add VPN to the router as I live outside the US and wanted to access some services in the US. So I got an ASUS router and flashed it with Tomato firmware.I assigned the ASUS as IP address of 192.168.1.10, connected this it to a LAN port on the Apple and used a DHCP type Internet connection to set it up. I then created a second WiFi Network and gave the DHCP range between .11 to .20Now using any Wi-Fi device, I can connect to either of these networks and browse the web just fine. The ASUS is all setup as a VPN client so any traffic going through the ASUS is through a US based VPN.
How does one configure the router so that Internet users can access internal company websites? The only thing that appears is the Cisco router login. Also I need to configure Terminal Services and its not on the list under Service.
Two computers on the home network:Dell desktop running Vista (computer name PJ) is wired to a Belkin routerThinkPad laptop running Win7 (computer name ThinkPad) connected wirelessly to routerThe desktop (PJ) can see the laptop (ThinkPad) and access it's shares.On the laptop the desktop name (PJ) shows up under NETWORK but clicking on the computer name shows: "Windows cannot access \PJ"I have turned off Windows Firewall and AVG anti-virus on PJ but CANNOT ping PJ from ThinkPad[CODE]