Cisco VPN :: ASA 8.2 How To Allow Access To External VPN Network Via PPTP
Jul 28, 2012
We would like to have the ability to connect to a VPN of a business we recently acquired. When connecting to it directly from the Internet (no firewall), it is accessible. However, behind our firewall, there is no access. We are using Cisco ASA 8.2 (2).Currently, we have an entry as follows:
-object-group service PPTP tcp
-port-object eq pptp
access-list inside_access_in extended permit tcp any host object_name object-group PPTP. we want any device within our network to be able to access the VPN via PPTP.
View 6 Replies
ADVERTISEMENT
Jun 6, 2012
I am trying to set up a PPTP VPN connection which also provides internet access. I have the following configuration. The router named "Router1" connects 2 computers PC1 and PC2 on the LAN side with a network address of 192.168.1.0/24. It is a PPTP server and a DHCP server. It gives IP addresses to PC1 and PC2. It has a static address of 192.169.1.2 on the LAN side and a static address of 10.2.9.1 on the WAN Side. PC3 has a static address of 10.2.9.2 and is connected to the WAN port of Router1. "Router2" is connected to the LAN side of Router1 and it has a static IP of 192.168.1.1. Router2 is connected to the internet and provides internet connection to PC1 and PC2. PC1 and PC2 connects fine to the internet and can see each other. However, PC3 cannot connect to the internet even though it is connected to Router1 by PPTP VPN connection. PC3 can see PC1, PC2, Router1 and Router2 but it cannot connect to the internet because Router1 does not give it the default gateway(192.168.1.1) to connect it.
When PC3 connects via PPTP, It receives a correct IP address(10.2.9.3), correct DNS addresses but the ip4 default gateway field is left blank, and the DHCP option is not enabled on connection properties of PC3. Router1 is a DD-WRT firmware router (DLink Dir 400) and has PPTP server enabled as a service. How do I get Router 1 to give PC3 a default gateway IP? And how do I forward all outgoing packets from Router 1 to Router 2? I do not need portforwarding for some ports, I need full access to the internet from PC3 though the PPTP connection via Router2
View 2 Replies
View Related
Mar 20, 2012
Currently i am having a scenario where i have setup RV042 and which is connected to Microsoft Forefront 2010. PPTP works fine only on rv042 subnet but i am not able to access the "internal" network of TMG.RV042 (172.16.1.1) ---> TMG [external] (172.16.1.2) ---> TMG [internal] (192.168.1.1) Is there any way through static route to access the TMG internal network through RV042 pptp server?
View 1 Replies
View Related
Mar 28, 2011
Is there any way that I can connect my External USB HDD to my wireless network so that any computer on my network can retrieve files on the HDD.
I previously had a Cable router, which had a USB port on the back so I was able to do this.
But as of next week I am moving back to BT, so i will need to change my router to an ADSL version.
View 3 Replies
View Related
Dec 8, 2011
I have a Samsung TV, which I can use to stream media from my computer. I also have a Western Digital My Book Essential external hard drive connected via my router. I was wondering if it was possible to access media on that drive, even when the computer is off (that's the goal here).
View 6 Replies
View Related
May 15, 2006
Can I configure a PIX (515), as PPTP client to establish a tunnel with non-Cisco PPTP server ? Can my PIX initiate this type of connection ?Today, I use a PC with PPTP client to establish this and I want replace this with a PIX and I don´t want depends of a PC.
View 5 Replies
View Related
May 31, 2011
I am running Windows 7 Home Premium (64 bit) on a Dell Inspiron 560. I am using a DI-524 D-Link wireless router. I have an Acer Aspire One Net Book running Windows XP Home it is equipped with an internal wireless network adapter. I can connect/communicate with router and access the internet with no problems whatever. However, when I connect an external wireless network adapter e.g. Alpha AWUS036H I cannot get a connection when I disable my internal network adapter. I have also tried the Trendnet TEW-424UB USB external wireless network adapter and the symptoms are exactly the same.
View 6 Replies
View Related
Apr 6, 2013
I'm planning to create a network of wifi access points all in different locations. Those locations all have different wifi routers and networks. I'm looking for a easy solution that let easily setup those networks to ask authentication credentials (in a browser page, once a user is inside the wifi and wants access the internet) by an external server possibly without overloading too much that server.
View 1 Replies
View Related
Jan 6, 2010
my customer has a very basic LAN+WLAN configuration:
- 1 switch (not Cisco)
- 1 DSL router which is the default gateway (not Cisco)
- 2 Wi-Fi Access Points (Cisco AIR-AP1131AG-E-K9)
If he tries to establish a PPTP VPN when he is connected to the wired LAN, it works but when he tries the same from the wireless LAN it doesn't work. He says he'd tested it with Windows Firewall disabled. Is there any configuration command that can enable/disable PPTP VPN traffic pass through a Wi-Fi connection? I've never seen something like this and I use PPTP VPNs over a Wi-Fi connection every day without any particular configuration on the access point.
Here's the APs config:
hostname ...!enable secret ...!aaa new-model!!aaa authentication login default local!aaa session-id common!!dot11 syslog!dot11 ssid ... authentication open authentication key-management wpa version 2 guest-mode infrastructure-ssid wpa-psk ascii ...!power inline negotiation prestandard source!!!bridge irb!!interface Dot11Radio0 no ip address no ip route-cache !
[Code] .....
View 14 Replies
View Related
Jun 6, 2012
I am trying to set up a PPTP VPN connection which also provides internet access. I have the following configuration. The router named "Router1" connects 2 computers PC1 and PC2 on the LAN side with a network address of 192.168.1.0/24. It is a PPTP server and a DHCP server. It gives IP addresses to PC1 and PC2. It has a static address of 192.169.1.2 on the LAN side and a static address of 10.2.9.1 on the WAN Side. PC3 has a static address of 10.2.9.2 and is connected to the WAN port of Router1. "Router2" is connected to the LAN side of Router1 and it has a static IP of 192.168.1.1. Router2 is connected to the internet and provides internet connection to PC1 and PC2. PC1 and PC2 connects fine to the internet and can see each other. However, PC3 cannot connect to the internet even though it is connected to Router1 by PPTP VPN connection. PC3 can see PC1, PC2, Router1 and Router2 but it cannot connect to the internet because Router1 does not give it the default gateway(192.168.1.1) to connect it. When PC3 connects via PPTP, It receives a correct IP address(10.2.9.3), correct DNS addresses but the ip4 default gateway field is left blank, and the DHCP option is not enabled on connection properties of PC3. Router1 is a DD-WRT firmware router (DLink Dir 400) and has PPTP server enabled as a service. How do I get Router 1 to give PC3 a default gateway IP? And how do I forward all outgoing packets from Router 1 to Router 2? I do not need port forwarding for some ports, I need full access to the internet from PC3 though the PPTP connection via Router2.
View 3 Replies
View Related
Jan 4, 2012
I have a PPTP VPN setup in RRAS on Windows SBS 2008.
The VPN seems to works fine, I can ping everything on the other end of the tunnel. RDP into workstations, access shares on the workstations. I can telnet into the exchange server and send mail. Get the default IIS page at http://server.
From the SBS I could even map shares I have on my local workstations, but when I try to access any of the shares on the server over the VPN using hostname or IP it fails, "The network path was not found".
Not really sure whats going on here, I've shut the firewall off without success. I reconfigured the VPN from scratch and rebooted the server and it didn't change a thing. I'm unsure how long this has been like this since no one uses the VPN to access file shares on the server. The few that use it just RDP into their workstations, no issue there. Though recently they started replacing a few desktops with laptops and they have nothing to RDP into, they only need access to a few spreadsheets while at home or on the road so I thought the VPN would work, I guess not..
View 2 Replies
View Related
Jan 1, 2013
I've encountered a problem when using PPTP VPN to access my network. I can connect in and able to ping the hosts connected to the RV110W. [code] On the local network, I am able to ping the hosts in 192.168.250.x from 192.168.251.x and vice versa.Static routes are configured to ensure that all networks are reachable.The problem comes when I tried to VPN (PPTP) in from a remote location using the Windows XP's built in default VPN dialer.When connected, I can ping all the hosts on 192.168.254.xxx segments, but when I tried to ping the hosts in 192.168.250.xxx and 192.168.251.xxx segments, I get a request timeout.
The routing table on the RV110W shows the gateway for 192.168.254.240 (the VPN IP address) as 0.0.0.0 and interface is WAN.What am I missing and how should I configure the RV110W so that I can access the other subnets through VPN?
View 6 Replies
View Related
Nov 25, 2012
I have configured PPTP Server on RV042, and created 3 accounts. I am able to connect from Windows PC without any problems.
In the router's logging utility, there doesn't appear to be any log entries indicating either successful or failed attempts to connect to PPTP server. The only access logs I see are for access to the router's configuration utility. Is there a way to view PPTP access in the router system log?
View 4 Replies
View Related
Jun 7, 2012
how i can configure the Cisco RV042 to access PPTP VPN Server (Witopia VPn) or other vpn servers.
View 1 Replies
View Related
Apr 21, 2012
I have two offices connected with an IPSEC VPN tunnel using RV220W routers. The Tunnel works fine for local users between the two sites(Site 1:10.0.0.x; site 2 is 10.0.2.x). I have also set up PPTP users for remote access. PPTP users that connect to site 1 cannot access site 2 and vice versa. The PPTP users have no trouble accessing the resources on the site that they connect to. I have tried activating RIP and adding various static routes with no success. If I PPTP connect to site 1 and I tracert to an IP address on site 2 the route goes to the site 1 router and then goes to the internet(connected to the site 1 router) where it stops.
View 2 Replies
View Related
Nov 1, 2011
My network consists of the following:
Office-RV042 with static IP ->SBS2003 (10.10.10.5/ 255.255.255.0)
Remote: BEFSR41 with Dynamic -> XP sp3 VPN client (192.168.3.x/ 255.255.255.248)
Within the RV042 I have enabled the PPtP server and assigned a user. No port forwarding enabled. All VPN passthroughs and firewall is enabled. DHCP server is disabled.I can establish a connection to the rv042 and ping PCs including the sbs domain server on the office side but am unable to browse any folders. When I attempt to access a network folder located on the office server I am prompted for a username/ password. Upon entering my domain credentials I get an error stating: "the user name you typed is the same user name you logged in with. That user name has already been tried. A domain controller cannot be found to verify that user name"
View 2 Replies
View Related
Jan 31, 2012
My use case is very simple I want to connect iPhone/iPad using pptp to my home network. I purchased the 180W and looks like I am not able to connect mobile devices to it. My Setup is simple I have ST536v6 (firmware 7.4.4) modem in bridge mode and Cisco RV 180W connect to my ISP using Ppoe. I followed the Admin guide and created the pptp user. If I connect from internal network it connects but when I try to connect the device from WAN it just does not work.
Cisco RV 180W
Firmware Version:1.0.1.9
View 7 Replies
View Related
Jan 24, 2011
I cannot connect to a PPTP on the outside of my network.We have a RV082, port 1723.It says verifying username and password but then disconnects.The error log says Blocked IP Spoofing.
View 1 Replies
View Related
Jul 25, 2011
I have a web server on 192.168.1.2 and adsl modem/router on 192.168.1.1 when i access my computer from external ip by i get popup login window of adsl modem. Now how can i acess 192.168.1.2 or what changes in settings i have to do ?
View 1 Replies
View Related
Mar 12, 2012
my configuration of Cisco 1841.
I was able to configure the cisco to accept VPN connections from clients. But when i am connected i can not access the VPN LAN. My cisco VPN client shows all the time Packet Decrypted: 0 when connected. I tried the split tunneling configuration based on the example on cisco.com for split tunneling.
I include config for better understanding. The outside interface is fa0/1 with ip 10.0.0.2 w LAN 10.0.0.0 Inside interface fa0/0 with ip 192.168.10.9 w LAN is 192.168.10.0
IP for VPN clients 192.168.20.100 - 105
View 5 Replies
View Related
Sep 8, 2011
There is VIP that is used by ACE for load balancing web servers. Internal users succeed to this VIP. ASA (connected to Core 6509 switch) is performing static NAT (VIP-to-External IP). External users cannot open web page while requesting for this IP. ASA is allowing request for any port. Also there is such string when issuing "show nat" on ASA: Untranslated hits . What can solve that problem?
View 1 Replies
View Related
Jan 24, 2011
I recently setup a Camera (DVR) system for a good friend of mine who just opened a restaurant. We are able to access the cameras just fine internally (LAN), but not externally (WAN).
I port forwarded, or 'pinholed' as this router uses, ports 9000 and 80 (changed the routers web port to 81 so there would be no conflict). I grabbed the external ip for the network and immediately tried connecting from home (I was doing everything remotely), and could not access the cameras, neither with the dvr software, nor with internet explorer.
EDIT: I believe he has a dsl line. I wonder if we'd need to change the configuration in the modem itself?
View 2 Replies
View Related
Apr 25, 2011
I have several drives that are accessed through a LAN but as soon as I connet to another drive through VPN all the drives get disconnected. According to the IT people this is a feature of VPN for security reasons and there is no way to access those drives.Anyone knows if there is a way to connect to the VPN drive and the local LAN drives without getting the LAN drives disconnected?
View 8 Replies
View Related
Dec 26, 2012
I am having an issue where I cannot access certain files on websites. It looks as though the files are accessed via ftp. Could my router be blocking it. I have a Cisco 2801 router acting as a firewall.
View 13 Replies
View Related
Nov 15, 2012
So, i have set up a working Anyconnect solution, (see attached picture)
Firewall is a 5585-x ssp20 running 8.4.3
Core is cat 6500
Anyconnect client version: 3.1.00495
Configured vpn with a tunneled default route to 172.19.16.1 (Core - cat6500) No split tunnel is configured, everything has to be tunneled and monitored by WCCP in Firewall. Authorization is by Certificate Only.
I can reach inside servers (for example 172.18.254.37) i can reach DMZ server (for example 192.168.138.36) i can surf the internet on regular HTTP (port 80)
but, i cannot surf the internet or DMZ servers using HTTPS (port 443) also, ftp does not work. i have tried to reach external ftp servers who are open to all.
both https and ftp works from the INSIDE network.
I have tried to change the port for Anyconnect, to 444 (for dtls as well) and i can see that all the vpn traffic is going over 444, so 443 should be undisturbed.
but this is not working.. could it be a certificate problem, or am i missing something? NAT/PAT?
This is my NAT configuration:
nat (DMZ,INSIDE) source dynamic NET-VPN-DMZ-PORTWISE-NATED-BOTK HOST-172.18.254.69 destination static NET-VPN-REMOTE NET-VPN-REMOTE
nat (DMZ,INSIDE) source static NET-DMZ NET-DMZ destination static NET-ALL-INSIDE
[Code].....
View 6 Replies
View Related
Oct 20, 2010
Basically we have different customers using the same 5510 firewall. We have created one sub interface for every customer on the inside interface. There are differed NAT rules for every customer all using the same block of public IP addresses on the outside interface. They do not have access to each other’s network so I cannot make any exemption rules between two sub interfaces. The problem is for all our customers that they cannot communicate with each other over Internet, Email, Applications etc. using the external IP address. A work around is to use a proxy server, but they do not agree with that. I cannot make exemption rules between sub interfaces for security reasons.
View 8 Replies
View Related
Jul 11, 2011
I'm trying to setup my home network so that I can access it when away from home but I've ran into problems and I can't figure out what is causing the problem.I've setup the router to forward incoming requests on port 80 to be directed to my PC running WAMP. The PC has a static IP and if I access it from another PC on my network I get the WAMP page load as expected.I've also setup an account with no-ip.com to resolve my (dynamic) ip. If I use the address they have setup while I'm on my network I get the login page for the router, again this is what I expect.The problem begins when I try and access my home address (whatever.no-ip.biz) from outside my network. I've tried it from 2 different locations and via a dial-up account and I get nothing.
View 6 Replies
View Related
Jul 17, 2012
Our secondary site accesses the internal intranet via a link, which is basically:
[URL] where externalip is the IP address of my router.
* This used to work fine before we migrated from ADSL (6mb up / 0.5mb down) to Fibre(70mb / 20mb) *
Internally, I access the same link, but via [URL] Internally it loads in 2 seconds, externally it is taking 68seconds(ish)..
I can't work it out, the fibre shouldave made things loads quicker but is infact very slow. I'm wondering if something network wise is going on.
The intranet is a php intranet sitting on apache, and using postgresql as the database. Other pages load fine, this specific index.php page does quite a lot of DB connections and so on, but as I say before, it worked fine before the migration.
View 1 Replies
View Related
Feb 6, 2011
I have WAG320N. I attached External HDD to Router's USB.I don't know how to access to HDD and other users also..(not via internet)
View 1 Replies
View Related
Jun 9, 2010
I'm looking to setup AnyConnect VPN with no split tunneling. ASA 5505 v8.2. It seems this should be really easy. I must be missing something.
I can get the AnyConnect users to connect fine and they can access sites internal and at other IPSec-tunneled sites. But no access to the internet.
Internal is 10.1.1.x, VPN pool is 10.1.1.251-253 (Temp list for testing). I issued the following tracer: packet-tracer input outside tcp 10.1.1.253 12345 69.147.125.65 80 detailed
The last reported point (where it fails) is:
Phase: 7
Type: WEBVPN-SVC
Subtype: in
[Code].....
View 10 Replies
View Related
May 6, 2013
I've set up a remote access group for Anyconnect on a 5510 running 8.4.5. Our company security policy prohibits split tunneling, but this particular location has no internal DNS (so I have to use a public DNS like google or something). How do I get this to work, I'm assuming I need to do a NAT exemption but I'm not sure how this would look, especially under 8.4.5.
View 1 Replies
View Related
Dec 31, 2012
I am aware that we can allow external admins to telnet over a custom port to the internal router. Even i was allowed to connect to a remote router via the remote firewall. The way i was accessing the router is by telnet to the remote ASA address on port 8023.I am not sure how exactly we can configure this on a ASA.
View 2 Replies
View Related
Apr 5, 2011
i'' ve one appliance ASA 5510, v8.X and asdm 6X here u have my configuration :
interface Ethernet0/0 description Link To WAN nameif outside security-level 0 ip address 212.96.23.186 255.255.255.252!interface Ethernet0/1 description Link to LAN(forefront) nameif inside security-level 100 ip address 10.20.80.1 255.255.255.252!interface Ethernet0/2 description Link to CoreSW (DMZ) nameif DMZ security-level 50 ip address 10.70.70.254 255.255.255.0
i have on server ssh (10.70.70.10) on my DMZ .
I wan to enable my external user, i mean outside user to be able to access to this server which is in my DMZ for this port ( ssh)
View 4 Replies
View Related
