Cisco VPN :: 3000 - Internal Authentication Server

Aug 19, 2012

Problem about authentication in VPN 3000 but until now I haven't had return on neither of the post maybe those I'm more clear than others.

I have a VPN 3000 with PPTP Tunnel VPN and the first authentication option is on Server Radius:
 
Configuration > System > Server > Authentication is firstly the Server Radius and after Internal ( Authentication on Base Group Internal )
 
But, when I configure a user in User Management > User  it isn't work. I think that authentication order is firstly Radius and if it don't find the second option is processed which ( this case ) is Internal server. but don't occour the error in log is:

44 04/20/2011 00:00:08.550 SEV=3 AUTH/5 RPT=137 187.55.63.215 Authentication rejected: Reason = Authentication failurehandle = 299, server = (none), user = x1, domain = <not specified>
 
46 04/20/2011 00:00:08.550 SEV=5 PPP/9 RPT=135 187.55.63.215 User [x1]disconnected.. failed authentication ( MSCHAP-V2 )
 
how is the behavior the VPN 3000 when the firstly server ( this case a Radius ) don't be find ?? the second it's processed ??

View 4 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5510 / Add A Mail Server In The LAN And A Webmail Using Port 3000 On The Server?

Jul 24, 2011

I'am using ASA 5510 and I try to understand how PAT is working.I want to add a Mail Server in the LAN and a webmail using port 3000 on the server. ( webmail must be reachable from the WAN)This is my Configuration :actually LAN users access internet using NAT with one global IP ( 194.x.x.69) which is the ASA WAN interface.

WAN ----- ISP Router ----------     FW     ---------- LAN -------- Mail Server + Webmail
|             (25) | (3000)
194.x.x.69    192.168.1.254                     192.168.1.6
 
I need to forward port 3000 and port 25 from outside to inside.For example, from the WAN : [URL] must be redirect toward 192.168.1.6:3000 . What is the Correct Configuration ? And what about the Inside/Outside Traffic,Is there any configuration to add ?

View 2 Replies View Related

Cisco Wireless :: WLC2504 - Can Internal Web Authentication Be Used For Guest Network

Mar 18, 2012

Can we change the internal web authentication for guest network to use http instead of https?

View 3 Replies View Related

500 Internal Server Error?

Jul 20, 2012

my laptop sometimes gives a 500 internal server error when I try to go to any website. our other wireless devices such as our phones don't do this while the laptop is.

View 2 Replies View Related

Cisco :: Internal Server Is Not Accessible From Outside Static?

Mar 23, 2013

I have nated my 172.81.15.0 255.255.255.0 into my internal server 10.1.10.164 , i can ping the out side server but the internal server is not accessible from out side static (Database-Servers,interface-sms) 172.81.15.2 10.1.10.164 netmask 255.255.255.255icmp permit 172.81.15.0 255.255.255.0 interface-smsroute zemen-sms 172.81.15.0 255.255.255.0 10.131.199.201 1access-list Database-Servers-in extended permit tcp host 10.1.10.164 host 10.185.62.144 eq 9090access-list Database-Servers-in extended permit tcp host 10.1.10.164 host 10.185.62.144 eq wwwicmp permit host 10.185.62.144 interface-smsi can ping the out side server 10.185.62.144 with out a problem . from the server 10.185.62.144 i can ping untill 172.81.15.2 and it will not ping the natted server 10.1.10.164. as u seen the accesslist ping is permitted.

View 1 Replies View Related

Cisco Routers :: RV082 - Internal DNS Server

Jan 19, 2010

The RV082 is a great unit, however when VPN clients connect the QuickVPN Client has a setting to use the Remote DNS settings of the RV082. The RV082 has no way of linking or using a user-defined DNS. I have an internal DNS Server that I would like the VPN Clients to query on internal name lookups (kindof the point of having client vpn, so they can access internal network shares etc. On the diagnostic page the ping and name resolution can only check external DNS and internal IP's. Wouldn't it make sense to at least make the RV082 aware of internal DNS Servers? Then the Ping and DNS lookup would be able to test both zones? Is this something that can be looked at by Linksys Developers for this product? The WRV210 (a cheaper and lower level model) has this functionality.

View 8 Replies View Related

Cisco WAN :: 2821 / When Web Server NAT 'd Access From Internal LAN

Mar 26, 2012

For a config on a 2821 router with IOS 15.1?I've setup an internal web server and am able to acccess it from outside our network but not from inside (on a separate internal LAN - 192.168.10.0).  When on the internal LAN - DNS points to the Public IP for the web server - so we'd need to route through the Public IP to access the web server. 
 
What is the best way to allow access to the web server XX.XX.XX.231 from 192.168.10.0 network?
  
Related Config Lines to Allow Access to Web Server
NAT
ip nat inside source static tcp 192.168.1.230 80 XX.XX.XX.231 80 extendable
ip nat inside source static tcp 192.168.1.230 443 XX.XX.XX.231 443 extendable
 ACL
ip access-list extended WAN
permit tcp any host XX.XX.XX.231 eq 443
permit tcp any host XX.XX.XX.231 eq www

[code]....

View 2 Replies View Related

Cisco :: Configure NAT For Internal SMTP Server In ASA 5520

Sep 21, 2012

I need to configure my ASA 5520 version 7.3 firewall to translate our SMTP server residing in local LAN to use different IP address from the outside interface which is used by all other computers to access Internet. Under NAT section, I have NATted this internal SMTP server with different IP address(eg x.x.x.1) and also translated the remaining IP addresses in the LAN to the outside interface(eg x.x.x.2)

my problem is, Whenever i check the header for message coming from the smtp server it shows that, the SMTP server is also translated by using the same outside interface public ip address(i.e x.x.x.2) which is used by other client machine to access internet instead of the x.x.x.1. How I can get my SMTP server to use separate IP and avoid to be blacklisted by some domain.

View 4 Replies View Related

Cisco WAN :: Get Mail Server On Port 443 From Internal Network

May 24, 2012

I write here to see if some kind soul can not solve my problem (which is common to seeso many people around the world). problem: I have a mail server (192.168.1.17) configured static NAT because it is accessible byPublic IP (PPP.PPP.PPP.PPP). Everything works properly from the outside, but if I get my Mail server (on port 443) from the internal network (192.168.1.xxx) there 'verse. This configuration is called Nat inside-to-inside is done by default by some SOHO routers(such as the TPLINK from 25 euros) but Cisco did not succeed. I search on the internet for 2 days without a get nowhere. PS: I have a Cisco 1801 router. (or 1941 as another router).

View 13 Replies View Related

Cisco Firewall :: Internal DNS Server Entry ASA-5505

Jan 12, 2011

I have a client in a workgroup environment. They are a small company with perhaps twenty systems. Their infrastructure consists of a Dell Switch, a Cisco ASA-5505 which hands out the DHCP and a router. And that's that.They have been using an external IP as their DNS Server to get out to the Web. However, they now want to add an internal Linux-based DNS server.In looking through the ASA-5505 today I noticed a field for DNS enteries. Is this where the IP for this new internal DNS Server (in the secondary DNS field) would go?If so, would it be necessary to reboot the ASA-5505 for this change to take effect?

View 12 Replies View Related

Cisco WAN :: 877w Port Forward 80 And 443 To Internal Server

Feb 21, 2012

I'm new to the Cisco world and have so far got internet and VPN working (without SDM) using the IOS commands.I have hit a stubling block with port forwarding ports 80 (http) and 443 (https) to my small business server for outlook web access.I need to forward port 80 and 442 to internal LAN server 192.168.10.1.The Cisco 877 has a local IP address of 192.168.10.254. [code]

View 6 Replies View Related

Cisco VPN :: ASA 5505 Cannot Passthrough PPTP To Internal Server

Feb 10, 2013

I add a new Cisco ASA 5505 as firewall in of company network. I found the PPTP authentication did not get through to internal Microsoft Server.

ASA Version 8.4(3)!names!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1switchport access vlan 2!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip
[Code]....

View 4 Replies View Related

Cisco WAN :: ASA 5505 - Assign External IP To Internal Server?

Mar 2, 2012

I have 3 external ips from my isp:

222.222.222.221
222.222.222.222
222.222.222.223

The first one I use to provide internet access to my office. The other two I'm going to use for the following: I'm going to deploy a server in internal network which must have 2 external ips on his network interface (& one internal ip on the second,but that's ok: I cannot put an extra network switch before asa & plug this server there: this server is virtual & is on esxi host in internal network. External ips must be assigned to servers' interfacw,bot just forwarded there (ms direct access requirement).

My current config:
 
!
ASA Version 8.4(3)
!
hostname msk-office

[Code]....

View 20 Replies View Related

Cisco Routers :: Multiple Internal Web Server RV042

Aug 15, 2012

We have setup a new internal web server so now we have two internal web server and both or hosting sites on port 80. Currently we have port 80 forwarding to one of the web servers and users are able to hit it from the outside. 

Is there any way to configure the RV042 to route web traffic to the correct web server by using the site name or dns?  If a user puts in the address{URL}, be routed to one web server but if they put in {URL}, be routed to our second web server.   I've checked with our vendors and the both web servers applications need to run on port 80.  If we have forwarding setup on the RV042 to forward port 80 to web1 then users can't access web2 from the outside?

View 3 Replies View Related

Cisco Wireless :: WLC 5508 Internal DHCP Server

May 7, 2012

I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. The setup is as follows:

- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching. - I have an LWAP connected to the WLC in HREAP mode. - WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server. - Only one scope for Guest Interface is setup on the WLC. 
 
Problems:
1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the V LAN configured on the management interface.  
 
************Output from the Controller********************
(Cisco Controller) >show sysinfo
Manufacturer's Name............. Cisco Systems Inc.Product Name................ Cisco Controller Product Version................. 7.0.116.0Bootloader Version................ 1.0.1Field Recovery Image Version..................... 6.0.182.0Firmware Version..... FPGA 1.3, Env 1.6, USB console 1.27Build Type.......... DATA + WPS + LDPE
[code]...

View 12 Replies View Related

Cisco Wireless :: 5508 Internal DHCP Server

Jul 21, 2012

A client wants us to use the internal DHCP server on a 5508 instead of Windows DHCP. They will have 15 APs initially and upto 25 later. The docs on the 7.2 WLC make it sound like this is discouraged: Internal DHCP Server.

The controllers contain an internal DHCP server. This server is typically used in branch offices that do not already have a DHCP server. The wireless network generally contains 10 access points or fewer, with the access points on the same IP subnet as the controller.
 
In this case, the APs will not be in the same subnet as the Managment Internet.Is it a mistake to use the internal DHCP with upto 25 APs (3 WLANs)? 

View 3 Replies View Related

Cisco Firewall :: ASA 5505 8.4(2) Allow User To Access Internal Www Server?

Aug 2, 2011

I tried the solution posted at [URL] however it did not work on my ASA5505 8.4(2). I thought that it may be because I only have a single public address so the web server is responding to port forwarding through the one public IP already. looking in ASDM it appears to indicate that a configured access list is blocking the server from responding to the internal hosts.
 
object network Private_IP
host 192.168.1.15
object network Public_IP
host 1.1.1.1
object-group network internal_net

[code]....
 
Can I fix an access list (or something) to make this work or am I wishing for too much with only one public IP? This worked by default on my Netgear firewall.

View 4 Replies View Related

Cisco WAN :: WRVS4400N - External Web Server Can't Connect To Internal SQL Database

Jul 4, 2011

I have a hosted web server that has a website on it that needs to connect back to a database within our internal network. We have a Cisco WRVS4400N Wireless Router with 2 VLANS. VLAN 1 goes to a Watchguard Firebox which is connected to our internal network. VLAN 2 goues to our classroom network.
 
Our database is on VLAN 1. I have opened port 1433 on the Watchguard to allow SQL traffic from our Web Server. I can telnet from my workstation on VLAN 1 to the Web Server over port 1433, so I know the Web Server is not blocking anything. When I try to telnet from the Web Server to our Public IP address over port 1433, it fails.
 
I believe I have the firewall on the Cisco WRVS4400N off, so it shouldn't be blocking any traffic, but for the life of me I can't get this to work. I have been working on this for two days, and I NEED it to work. This was working up until last week, then it quit working. I am the only person making changes to our network, and there were no changes made during that time.

View 1 Replies View Related

Cisco Switching/Routing :: (10.10.50.0 / 24) - After Applying ACL / Unable To Hit Internal Web Server

Apr 7, 2013

This isn't a big deal as the rest of the ACL works fine, but this is an annoynace since the web auth redirects to our company website (internal for now) after successful login.We have a Cisco WLC that provides access to our production and guest wireless environments.  The guest environment of course is in a separate vlan (10.10.50.0/24).  So I created this ACL:
 
access-list 107 permit udp any host 10.10.2.13 eq bootpc <----internal DHCP server
access-list 107 permit udp any host 10.10.2.13 eq bootps
access-list 107 deny ip any 10.10.0.0 0.0.255.255 <---all internal networks
access-list 107 deny ip any 172.28.16.0 0.0.0.255 <----DR Network
access-list 107 permit ip any any
int vlan 50
Desc "Guest wireless network"
ip access-group 107 in
 
This ACL basically gives the wireless guests access to an internal DHCP server and full access to the internet.  For the 10.10.50.0/24 scope, the DHCP server assigns Internet DNS servers and my rationale is that wireless clients would access it via the external IP address but I suppose it doesn't work quite like that with the website being behind the same router as the client machines.

View 1 Replies View Related

Cisco Routers :: RV016 - Connecting To VPN Internal Server Not Working?

Jan 6, 2013

We have 3 internet links from different providers connected to configured WAN 1,2,3 in RV016. A remote client needs to connect to a internal VPN Server behind RV016, so we use one-to-one NAT to publish the internal server ip to a Valid IP from WAN3 and setup protocol binding in Multi wan to all trafic (TCP and UDP) from the internal VPN address exits with WAN3.
 
So, the remote client tries to connect to VPN using this ip Address from WAN3 and sometimes work and sometimes not. It's clear to us that the problem lies in the response from RV016 not coming always from WAN3, because if we disconnect the two other links (WAN1 and 2) Its works flawless.

View 3 Replies View Related

Cisco Firewall :: 5520 Can't Access Internal Web Server From Outside Network

Aug 23, 2011

I am using ASA 5520 with 8.2.4 IOS. I'm new to ASA/Firewall. I need to do access webserver from outside network.From Laptop (192.168.2.51), If I connect to url... it should open page from 10.10.10.50.I also need to ssh to webserver from laptop. If I ssh to 192.168.2.50 from laptop, it should connect to 10. 10. 10.50. [code]I can't get to webserver from outside network, so now, I connected laptop to directly ASA 5520 outside port with crossover cable.ASA Inside port connects to L3 switch. Webserver also connects to L3 switch. But still doesn't work.

View 9 Replies View Related

Cisco VPN :: 2811 - Static NAT Causes Unable To Access Server Via Internal IP

Nov 22, 2011

I running site-to-site IPsec VPN in Cisco 2811 IOS 12.4 both site. Here I encounter a problem to access server on  Site A from Site B
 
Site A having Leased Line connected to router with Public IP. I have done static mapping 1 web server to Public IP (NAT). This to allow external users to access the server via Public IP. At the same time, users at Site B would need to access to same server via Internal IP since they have Site-to-Site VPN established. But once I done Static Mapping (NAT), user at Site B unable to access the server at Site A using its internal IP. But external user can access server via Public IP. What went wrong here. Do i need to add extra command to get this done?

View 3 Replies View Related

Cisco Wireless :: WLC 2504 - Internal DHCP Server Not Working

Mar 25, 2013

setup a DHCP server on a WLC 2504. I'll try to resume my configuration:
 
I have 2 networks: inside users (vlan 1) and external users (vlan)
 
My controller uses the port 1 to connect to the switch, which has a trunk with WLC.
 
I have two routers, one using vlan 1 (192.168.3.0/24) and one using vlan 10 (200.X.X.X). All ports to these routers are access ports on their respective vlans.
 
I have 2 SSID, one for inside, other to outside. Inside is working very well.
 
To the outside I created a DHCP escope and already set the IP of the management interface 192.168.3.119.
 
Managemente interface (vlan 1 inside): 192.168.3.119/24
Outside interface (vlan 10): 200.X.X.195 - Default gateway 200.X.X.X.193
 
I alredy checked the DHCP Proxy in Advanced option.
 
See the output of the debug client:
 
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >

[Code].....

View 3 Replies View Related

Cisco Wireless :: Internal DHCP Server On 4402 Controller

Apr 8, 2008

I am trying to setup a guest vlan. I set up an interface for the guest vlan on my 4402 controller. I assigned the guest vlan interface an IP of 192.168.2.10 with a 24 bit subnet mask.
 
This vlan will go to my DMZ where there is no DHCP server so I need to setup the internal DHCP server. I created a new scope but I'm having trouble with what to put in the Network field for the DHCP scope. The pool addresses are 192.168.2.100-200. with a 24 bit subnet mask.
 
Every time I try to apply the configuration I get an "error in  setting DHCP scope network and netmask".
 
I've tried using:
 
192.168.2.10
192.168.2.255
192.168.2.254
 
as entries for the Network setting but no go. The docs say to enter the IP address used by the management interface with subnet mask applied.
 
I was assuming they meant the interface for the guest vlan.

View 3 Replies View Related

Cisco Firewall :: 2801 / Setting Up Static NAT To Internal Server?

Dec 15, 2012

One of my internal servers requires it to be available to the internet I am having a hard time allowing it to be NATed through my Ciscc 2801 router. It seems as though im missing something small. From what I can gather it seems as though its as issue with ACL, but im not sure. I have ran the following command: ip nat inside source static tcp 192.168.5.1 ***WAN IP Address*** 8443 extendable Then I tried to add it to the ACL via this command: access-list 150 permit tcp any host ***WAN IP Address*** eq 8443 
 
Here is a copy of my config.
 
IP    172.19.3.x
sub 255.255.255.128
GW 172.19.3.129
Ciscso 2801 Router

[code]....

View 5 Replies View Related

Cisco Wireless :: Clear DHCP Lease In WLC Internal Server WLC 6.0.199

Jan 12, 2012

How to clear dhcp lease in WLC 6.0.199 from the IP leased from internal server?

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Connecting To External IP Of Internal Server

Sep 25, 2012

I was just wondering if it's possible with an ASA 5510 to connect to the external IP address of an internal server from inside the network.  I have already set up dns doctoring for dns lookups, and everything is working fine there.  We have an application inside the network that tries to connect straight to the external Ip of another internal server.  where to look in the ASDM 6.4?

View 2 Replies View Related

Cisco Switching/Routing :: 1921 Cannot Access Internal Web Server

Oct 31, 2011

i cant resolve one problem in may 1921 isr router, i have a web server in my internal lan , i set up static nat for accessing that web server from outside and it woks fine but i cannot view that site from internal workstations can you suggest me what to do. as i know when request gets to router it performs static nat and sends packet to the web server, but the server responds with its private source  address instead the public address  witch workstation expects and connection cannot established.

View 3 Replies View Related

Cisco Wireless :: WLC CT2504 / Interface IP Cannot Be Used As Internal DHCP Server IP

Apr 5, 2012

I've got a new CT2504 controller with software version 7.0.220.0 Regarding to [URL]I've tried to configure the internal DHCP on a dynamic-interface, but this is not possible:(Cisco Controller) >config interface dhcp dynamic-interface vlan401 primary 172.16.x.3 vlan401 Interface IP can not be used as internal DHCP server IP It works, if I use another IP (aka DHCP server) in the same subnet or in another subnet. It works also for the management interface.
 
(Cisco Controller) >show interface detailed management
 
Interface Name................................... management
MAC Address...................................... d0:c2:82:xx:xx:xx
IP Address....................................... 10.2.x.135
IP Netmask....................................... 255.255.255.240
IP Gateway....................................... 10.2.x.129

[code].....

View 1 Replies View Related

Cisco Wireless :: WLC 5508 Not Able To Activate Internal DHPC Server

Sep 27, 2012

I recently installed 2 wlc 5508 with the latest software 7.3.101.0. I am not able to activate the Internal DHPC Server. The following message appears: "Error in setting dhcp scop leasetime".

View 5 Replies View Related

Cisco Firewall :: 5505 ASDM Location Is Using Same IP As Internal Server

Oct 27, 2011

I have a server that I need to open up some ports on to allow access to the new internal Sharepoint server we're setting up. I've been having some issues getting the ports open like once I put the commands in and save them that server suddenly stops allowing outbound traffic. After looking at a few things I noticed while I was looking at the config file that the ASDM location is showing 2 IP's, both are the same as the server I'm trying to open ports for one being the private IP and the other is the public IP I'm trying to use. Is this the reason I'm having problems when I try to open those ports to my server? Do I need to use both a different private and public IP for this server so I can get my ports to work? The programmers selected these IP's so if I need to change them I'll let them know in case they need to make changes for the Sharepoint setup. This is on an ASA 5505.

View 12 Replies View Related

Linksys Wireless Router :: WRT320N And Internal VPN Server

Dec 14, 2009

I just bought a Linksys 320N router to replace another competitors router. I am trying to connect to my VPN server from outside my network. I have the external ip to my network. I setup the new 320N router just like the old router. set dmz ip to internal ip of vpn server, set port forwarding to 1723, both, internal ip of vpn server, I have a way to test the vpn while i am inside my network. So, I can watch the VPN server log and see the request come into the server and it times out with the Linksys 320 N hooked up. If I have the old router hooked up, the vpn establishes a connection.

View 9 Replies View Related

Cisco Firewall :: 5505 Configure Internal Router And DNS Server - No Internet

Dec 23, 2011

Currently I have an ASA setup as a Firewall with 1 outside interface and 2 inside interfaces. Initially, the Guest interface was setup to receive DHCP from the ASA and everything was working. I'm adding router and a server for the guest interface and what I'm trying to accomplish now is the following: ASA 5505 > Airport Extreme with a public static IP (69.xx.xx.6), handling DHCP and NAT  > Mac Server as DNS Server.Right now, when I connect to my Airport Extreme with any computer, I don't have internet. I don't understand what's wrong. My DNS Server has a reserved IP address: 192.168.226.2 and it's pointing to itself and forwarding the ISP DNS servers, the Airport Extreme is handling the DNS Server IP and the ISP DNS Server IP but I can't connect to the internet from the server.  [code]

View 31 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved