Cisco VPN :: 2911 / Getting Simple Remote Client-initiated VPN For Employees To Access Corporate Resources?
Nov 24, 2011
I want a simple remote client-initiated VPN for employees to access corporate resources from home simultaneously with being able to access the internet. I am using CCP and seem to have several options including Easy VPN server, SSL VPN. I also can choose "Full Tunnel" or not.I have a 2911 router. I have a static range of internet IP addresses. The router is already functioning with inside to outside and outside to inside NAT, etc.
View 1 Replies
ADVERTISEMENT
Feb 2, 2011
After trying to configure remote client VPN access to a Cisco 2911 ISR using the CLI I tried to use the Cisco Configuration Professional. However, either way I have the same problem. A client can successfully connect and access servers but just once. When the client disconnects and tries to connect again there is no access to the servers even though the VPN tunnel appears to be up. I've tried multiple versions of the Cisco vpn client SW and all behave the same: 1st connection can access servers, subsequent connections can't. I've also tried a second (different) client after the original connection and still no luck. If I reload the router the client can get the vpn connection and access the servers but if the client disconnects from the vpn and tries again there is no access to the servers.
I've also tried it with and without NAT but it doesn't seem to make any difference.
The config generated using CCP is as follows:
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
[Code].....
View 4 Replies
View Related
May 24, 2011
I have 3 networks coming from the DMZ (VPN) and only one works:10.132.24.0/24 Not working10.132.25.0/24 Not working10.132.26.0/24 Working The thing is, the one that works is on the same network as the DMZ(VPN) interface. The other two do authenticate and they get an IP from the VPN Pool. but they just cant access anything.
View 11 Replies
View Related
Feb 24, 2011
I am having an issue with my Cisco VPN Client. I am new to VPN setup, so this is probably something easy I am missing. I have a 2611XM router acting as my internet gateway for my local lan, and my VPN Server. I am doing all my testing from a company laptop with a mobile broadband card. The VPN will connect, but anytime I ping anything within the inside network, it comes back with the public IP of the outside interface. I have NAT overload configured so everything on the inside network can access the internet, which it looks like might be causing my problem.
When i remove the nat overload on my fa0/1 interface, the vpn will connect to any resource on the inside.
View 9 Replies
View Related
Dec 6, 2011
I have setup a VPN connection on a 891 router. I can connect to the VP both but am unable to ping or access any resources on the remote network.
Here is my running configuration:
[code]...
View 5 Replies
View Related
Jun 18, 2012
I have a Cisco 881 setup with the following VPN config.
[code]...
The client is able to connect just fine to the network via VPN, but I am unable to gain access to any of the local resources. I know 192.168.1.1 has SSH running and 192.168.1.50 has telnet running but if I try to connect to either using the correct program they just timeout. I am really at a loss on why the vpn connection connects but I can not gain access to any of the resources on the VPN network.
View 3 Replies
View Related
Oct 22, 2009
After I change my router, I recently found out that I cannot access remote network resources after VPN tunnel is established. I use CISCO System VPN client. I can see the connection is successful. I cannot ping server on the remote network
View 2 Replies
View Related
May 24, 2011
I am working with an ASA5505. I have configured a Remote Access IPsec Connection profile. This profile is configured to give clients a virtual ip address via DHCP as shown in this configuration example: url...When the DHCP request is sent from the ASA to the DHCP server, the hostname in the request is set to the name of the IPsec connection profile and a number. Is it possible to have the hostname set to the host name of the client that initiated the connection?Does the ASA support receiving a hostname as part of a IKE Mode Config Request?
View 9 Replies
View Related
Aug 12, 2010
I am trying to configure L2TP Client-Initiate Tunneling on a cisco 1941 with C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(2)T0a, RELEASE SOFTWARE (fc1).
I have two 1941 and trying to tunnel the VLAN's across a point to point T1 connection. The reason for this is because one of the vlans on the remote end needs to be in a DMZ. The problem that I am having is that is allows me to setup the l2tp class but the pseudowire-class command is not available. Is there somthing I am missing? According to Feature Navigator L2TP Client-Initiate Tunneling is available in the IOS I am using
View 5 Replies
View Related
Mar 4, 2012
I am having cisco 2911-sec-k9 router.
And I got 2 internet connections from isp one is static ip leased line and the other one i dsl dynamic ip one.
What I want is i need to configure internet load balance between these 2 internet and also i need to use static ip for remote access vpna and for my exchange port forwarding.
My dsl line in 100 mps and my leased line 2mb dedicated.
I configured the router as with some example config i got on internet my internet is fine but load balancing not happening and i configured the REMOTE ACCESS VPN . I am able to connect the remote access vpn but no communication through remote access . i cannot reach any device through remote access.
Note: if load balancing is not possible how i can configure for internet traffic use dsl line and for remote access vpn and live exchange port forwarding through leased line.
I am attaching my configuration and also debug crypto isakmp status
View 1 Replies
View Related
Nov 22, 2012
I am the CEO of a small company with 5 divisions, 2 of which are remote. There is also my home office that I wish to be on the company VPN.We can't afford an IT department, so it is up to me to ask for a network diagram (as specific as possible) that lays out all the hardware required.My plan is to eventually have an intranet web server, file server, and database server all for internal use. Our external webserver is hosted by a well-known company. Growth must be considered both in hardware and network.
View 4 Replies
View Related
Sep 4, 2011
I recently purchased a Cisco 2911 to replace my Cisco 1711 router. I copied the configuration from the Cisco 1711 router to the Cisco 2911 router. Everything seemed to work correctly except when I VPN tunnel into the Cisco 2911 router using Cisco's VPN client version 5.0. I can ping the router LAN interface from my PC that is VPNed into the router but I can no longer ping or access the devices on the LAN side of the router as I did on the Cisco 1711 router. I don’t see errors in the log or hits blocking anything in the acls. It’s using the same configuration that I had on the Cisco 1711 router, and this did work on the Cisco 1711. The Cisco 2911 router is running IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1).
Here is the VPN clinet portion of the configuration: The LAN is addressed as 192.168.0.0/24. The router LAN interface is 192.168.0.1, which I can ping and access. I can't ping or access anything on the LAN (192.168.0.0/24) beside the router.
aaa authentication login vpnclientauth local
aaa authorization network vpngroupauth local
!
crypto isakmp client configuration group remote-clients
key 6 xxxx
pool clients
[Code]....
View 11 Replies
View Related
Aug 17, 2011
I need information about the Aironet 600 access point.I got a customer who want to deploy a guest WLAN on branch office with an authentication with a captive portal that is centralized. I would like to use the OfficeExtend functionnality with Aironet 600 Acces point & WLC 5508 or 2504 to centralize the traffic from all access points on the controller.
On those branch offices, there were a few "free access desktops" that need a copper link. I want those devices to be also authenticated by captive portal, so I want to connect them on the four 10/100 port of the access point. But it seems that we can only use one port as "corporate remote LAN", the threee others are just for "home LAN". Is it correct ? Is there any solution to configure the four ports as remote LAN interface ?
View 3 Replies
View Related
Sep 12, 2011
i have two WAP4410N wireless router. with software version (2.0.1.0) , here i have a problem on SSID broadcast and access.i have created Two ssid's WC72 and SREE with same security configuration WPA2-personalmixed . i cant see the broadcasted SSID of name SREE where i only view WC72 and get connected to it..
where i initially want is separate SSID and internal network access for internal employees and Guests (shouldn't connect to internal network).
View 9 Replies
View Related
Nov 22, 2012
I have a VPN server set up behind a home router in my apartment. I'm able to connect to it from other locations, and have verified that internet traffic is going thru the connection (ipchicken.com reports the IP address of the VPN network). But I can't seem to connect to other machines on the router subnet. For example, 192.168.1.1 connects me to the local gateway rather than my apartment router. Also, I can't connect to known good static IPs for other machines on the remote subnet, including the machine I'm VPN'd thru!
Note that in connection properties, the setting to 'use remote default gateway' is checked.
View 2 Replies
View Related
Oct 13, 2011
I have a (central) ASA5510 acting as a EasyVPN server and a number of (remote) ASA5505 as EasyVPN client. All the communication works fine between the different networks. The issu is the ASA itself. The remote ASA can ping the central ASA on it's internal IP-adress, but it can't ping any other resoruces at the central network. If I ping the DC at the central network from the remote ASA I get a deny in the central ASA with source address as the public IP-adress of the remote ASA and destination of the internal address of the DC. If I from the remote ASA do "ping inside ip-of-central-dc" it work's like a charm, but "ping ip-of-central-dc" dosen't work.
View 3 Replies
View Related
Jan 22, 2011
I have A setup in different location with the the ASA Firewall with VPN enabled and a Print server. on Network B i have a server with 2008 installed and its my NAT server, DNS and File server.Now the Client on Netwrok B wants to access the Server in Network A Remotely through VPN they could connect to but cannot user Remote Desktop either its Ip translation issue or i dont know.
View 2 Replies
View Related
Mar 10, 2013
I have an ASA 5505 that is on the perimeter of a hub & spoke vpn network, when I connect to this device using the VPN client I can connect to any device across the VPN infrastructure with the exception of the sub net that the client is connected to, for instance:
VPN client internal network connects to 192.168.113.0 /24 and is issued that ip address 192.168.113.200, the VPN client can be pinged from another device in this network however the client cannot access anything on this sub net, all other sites can be accessed ie. main site 192.168.16.0/24, second site 192.168.110/24 and third site 192.168.112/24. The ACL Manager has a single entry of "Source 192.168.113.0/24 Destination 192.168.0.0/16 and the "Standard ACL 192.168.8.8./16 permit.
View 14 Replies
View Related
Jun 18, 2011
I am having asa 5520 in my head office and in branches 2811 routers.i connected two branches with my HO through VPN.now i configured remote vpn client in HO asa . now i need to access all the branches using this remote client.how i create route in HO ASA.
View 7 Replies
View Related
Oct 26, 2010
I am using Cisco configuration professional to set up one easy vpn server on 887-K9,vpn client can dial up the server successfully but can only ping router but on other lan. Looks like there is a nat issues between lan and vpn client?
View 5 Replies
View Related
Jul 26, 2011
I'm configuring ASA 5510 Remote Access VPN, I can connect from Cisco VPN Client to the ASA VPN. I obtain from ASA some routes to inside networks, but I can't do any ping to those inside hosts. I have got those error in ASDM log file: [code]
View 1 Replies
View Related
Feb 22, 2011
Recently i have received one of my collegue's laptop that is running windows 7.I have installed cisco VPN client version 5.0.07.0290 on it and VPN client appears to connect to our ASA5540, but we are unable to connect (remote desktop) to any machines on our network as it does on our XP laptops. Furthermore, we cannot ping any as well. Also, while connected the Windows 7 machine is still able to access internet site as if split-tunneling was configured, which its not.
But after some searching , i found from "routeprint" output (shown below ) that my local internet gateway is prefered over the VPN gateway which is 10.10.4.1.Here 10.10.4.19 is the IP address assigned for VPN adaptor.
Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25 0.0.0.0 0.0.0.0 10.10.4.1 10.10.4.19 100
But after i manually add the below route on windows 7 laptop , it started connecting to remote desktop successfully.
route change 0.0.0.0 mask 0.0.0.0 10.10.4.1 metric 20
But aftersome time of idle state , it is again going back to original route state of prefering the local gateway of 192.168.1.2 and thus unable to connect to Remote Desktop again.
View 3 Replies
View Related
Apr 3, 2013
I´m tring to configure ASA 5505 with VPN Cleint, to access a remote network over a L2L with another ASA 5505, but no sucess. Is there any special feature to this work?
View 2 Replies
View Related
Mar 27, 2011
I have successfully installed and configured VPN Client - Version 5.0.07 to connect to ASA 5510 from a remote workstation. Here is the problem, I cannot ping any of the servers or workstations after I successfully connect. I can ping the ASA 5510 using its internal LAN IP, but no other nodes will respond on the remote LAN.
View 2 Replies
View Related
Jan 17, 2011
We have configured site to site VPN tunnel from offshore to client location using ASA5510 and accessing RDP from client location. Also configured remote VPN access at offshore location. But using remote VPN client we are able to get RDP from officeshore location but not able to access RDP from client location. Is there any additional changes required ?
View 4 Replies
View Related
Apr 1, 2012
I want to ping ip dslam, which is in another subnet
The connection is like this:
MyPc-----Rj45----------Adsl2+ Modem---------Rj11-------Dslam
192.168.1.4----192.168.1.1---172.80.1.3-------------172.80.1.2
-----------------LanSide-----------WanSide---------------------
The modem is set to Static Ip Address Encapsulation.
How can I ping ip dslam with this setup, or what do I need to change about the architecture?
View 1 Replies
View Related
Sep 28, 2011
We have two sites connect with an IPSec L2L VPN.
-Site A: 192.168.13.0/24
-Site B: 192.168.2.0/24
On both sites we have a ASA5505(Base license) to terminate the tunnel.On Site B we also got a remote access vpn to which we can connect using the vpn client.The lan2lan tunnel works fine and so the remote access vpn.Now i want to connect to Site A using my vpn client connected to Site B. [code] There are no vpn-filters or other special policys in place..If tried to ping from my vpn client to Site A while i was debugging ipsec 255 on site B: the asa matched the l2l-tunnel for traffic sourced from 192.168.25.x to 192.168.13.x but when im doing a show crypto ipsec sa detail there are no packets getting encrypted..so of course no packets reaching my asa on site a.
View 9 Replies
View Related
Feb 13, 2013
I have one user who is unable to Access Remote Network resources when connected to the VPN on his home network. VPN shows connected and he is given a remote IP from the VPN Pool, but he cannot ping any IP on our network. When connected using Sprint Wi-Fi card he is able to connect and access remote network from the same laptop. Maybe there is some network overlap that I am missing.
see attached firewall config (zzz... being firewall public IP) and remote user route table. ASA 5505 VPN Client 5.0.07.0290
View 5 Replies
View Related
Jul 7, 2012
i have two public IPs on ASA5510 + Remote Access VPN Client, what i want to achieve is, i want VPN client users to be able to login using any of the two ISP's IP to remote connection to the ASA. what is the command to use to achieve this.
Secondly, i have setup the primary link VPN through ASDM but thinking i should do the same thing and add the "backup" interface.
View 1 Replies
View Related
May 29, 2011
In my Cisco PIX-515E Version 6.3(5), I have a IPSec VPN tunnel and also to the same firewall home users connect through VPN client. I am unable to find a solution that allows my home users to connect to office network and again access the remote network through the IPSec tunnel.
View 1 Replies
View Related
Oct 4, 2012
I am configuring remote access vpn on ASA5505.Everything is working fine so far, except when the client got connected, it still used the local DNS server provided by the ISP. How do I force the client to use the DNS server configured on ASA?
View 7 Replies
View Related
Mar 6, 2011
We have ASA5500's deployed for remote access concentration.We use Cisco IPsec vpn client with a group policy the chacks for Network ICE BlackIce ersonal firewall.The powers-that-be wish to change to McAfee presonal Firewall ok..Now the Group Policy allows you to check for several pre- configured Firewalls, Cisco Integrated, Sygate, Zone Labs etc.So as McAfee are no listed then I am to assume we go for "Custom Firewall" and this is where I am struggling.To configure checking for a Custom Firewall I must have the Vendor ID and the Product ID.McAfee haven't the faintest idea what we're talking about when we ask them for these details.Or is there a way to extract them from the registry of a machine with the McAfee product installed?
View 3 Replies
View Related
Oct 9, 2012
I am trying to configure RV082 router with Mac Native VPN Client for my remote access. However, no matter what I did, I am not able to make it works. Can any one can give me an example of how to conguration my RV082 router and Mac Book Pro(Mountain Lion)?
View 2 Replies
View Related
