Cisco VPN :: ASA 8.2 How To Allow Access To External VPN Network Via PPTP
Jul 28, 2012
We would like to have the ability to connect to a VPN of a business we recently acquired. When connecting to it directly from the Internet (no firewall), it is accessible. However, behind our firewall, there is no access. We are using Cisco ASA 8.2 (2).Currently, we have an entry as follows:
-object-group service PPTP tcp
-port-object eq pptp
access-list inside_access_in extended permit tcp any host object_name object-group PPTP. we want any device within our network to be able to access the VPN via PPTP.
I am trying to set up a PPTP VPN connection which also provides internet access. I have the following configuration. The router named "Router1" connects 2 computers PC1 and PC2 on the LAN side with a network address of 192.168.1.0/24. It is a PPTP server and a DHCP server. It gives IP addresses to PC1 and PC2. It has a static address of 22.214.171.124 on the LAN side and a static address of 10.2.9.1 on the WAN Side. PC3 has a static address of 10.2.9.2 and is connected to the WAN port of Router1. "Router2" is connected to the LAN side of Router1 and it has a static IP of 192.168.1.1. Router2 is connected to the internet and provides internet connection to PC1 and PC2. PC1 and PC2 connects fine to the internet and can see each other. However, PC3 cannot connect to the internet even though it is connected to Router1 by PPTP VPN connection. PC3 can see PC1, PC2, Router1 and Router2 but it cannot connect to the internet because Router1 does not give it the default gateway(192.168.1.1) to connect it.
When PC3 connects via PPTP, It receives a correct IP address(10.2.9.3), correct DNS addresses but the ip4 default gateway field is left blank, and the DHCP option is not enabled on connection properties of PC3. Router1 is a DD-WRT firmware router (DLink Dir 400) and has PPTP server enabled as a service. How do I get Router 1 to give PC3 a default gateway IP? And how do I forward all outgoing packets from Router 1 to Router 2? I do not need portforwarding for some ports, I need full access to the internet from PC3 though the PPTP connection via Router2
Currently i am having a scenario where i have setup RV042 and which is connected to Microsoft Forefront 2010. PPTP works fine only on rv042 subnet but i am not able to access the "internal" network of TMG.RV042 (172.16.1.1) ---> TMG [external] (172.16.1.2) ---> TMG [internal] (192.168.1.1) Is there any way through static route to access the TMG internal network through RV042 pptp server?
I have a Samsung TV, which I can use to stream media from my computer. I also have a Western Digital My Book Essential external hard drive connected via my router. I was wondering if it was possible to access media on that drive, even when the computer is off (that's the goal here).
Can I configure a PIX (515), as PPTP client to establish a tunnel with non-Cisco PPTP server ? Can my PIX initiate this type of connection ?Today, I use a PC with PPTP client to establish this and I want replace this with a PIX and I don´t want depends of a PC.
I am running Windows 7 Home Premium (64 bit) on a Dell Inspiron 560. I am using a DI-524 D-Link wireless router. I have an Acer Aspire One Net Book running Windows XP Home it is equipped with an internal wireless network adapter. I can connect/communicate with router and access the internet with no problems whatever. However, when I connect an external wireless network adapter e.g. Alpha AWUS036H I cannot get a connection when I disable my internal network adapter. I have also tried the Trendnet TEW-424UB USB external wireless network adapter and the symptoms are exactly the same.
I'm planning to create a network of wifi access points all in different locations. Those locations all have different wifi routers and networks. I'm looking for a easy solution that let easily setup those networks to ask authentication credentials (in a browser page, once a user is inside the wifi and wants access the internet) by an external server possibly without overloading too much that server.
my customer has a very basic LAN+WLAN configuration:
- 1 switch (not Cisco) - 1 DSL router which is the default gateway (not Cisco) - 2 Wi-Fi Access Points (Cisco AIR-AP1131AG-E-K9)
If he tries to establish a PPTP VPN when he is connected to the wired LAN, it works but when he tries the same from the wireless LAN it doesn't work. He says he'd tested it with Windows Firewall disabled. Is there any configuration command that can enable/disable PPTP VPN traffic pass through a Wi-Fi connection? I've never seen something like this and I use PPTP VPNs over a Wi-Fi connection every day without any particular configuration on the access point.
Here's the APs config:
hostname ...!enable secret ...!aaa new-model!!aaa authentication login default local!aaa session-id common!!dot11 syslog!dot11 ssid ... authentication open authentication key-management wpa version 2 guest-mode infrastructure-ssid wpa-psk ascii ...!power inline negotiation prestandard source!!!bridge irb!!interface Dot11Radio0 no ip address no ip route-cache ! [Code] .....
I am trying to set up a PPTP VPN connection which also provides internet access. I have the following configuration. The router named "Router1" connects 2 computers PC1 and PC2 on the LAN side with a network address of 192.168.1.0/24. It is a PPTP server and a DHCP server. It gives IP addresses to PC1 and PC2. It has a static address of 126.96.36.199 on the LAN side and a static address of 10.2.9.1 on the WAN Side. PC3 has a static address of 10.2.9.2 and is connected to the WAN port of Router1. "Router2" is connected to the LAN side of Router1 and it has a static IP of 192.168.1.1. Router2 is connected to the internet and provides internet connection to PC1 and PC2. PC1 and PC2 connects fine to the internet and can see each other. However, PC3 cannot connect to the internet even though it is connected to Router1 by PPTP VPN connection. PC3 can see PC1, PC2, Router1 and Router2 but it cannot connect to the internet because Router1 does not give it the default gateway(192.168.1.1) to connect it. When PC3 connects via PPTP, It receives a correct IP address(10.2.9.3), correct DNS addresses but the ip4 default gateway field is left blank, and the DHCP option is not enabled on connection properties of PC3. Router1 is a DD-WRT firmware router (DLink Dir 400) and has PPTP server enabled as a service. How do I get Router 1 to give PC3 a default gateway IP? And how do I forward all outgoing packets from Router 1 to Router 2? I do not need port forwarding for some ports, I need full access to the internet from PC3 though the PPTP connection via Router2.
I have a PPTP VPN setup in RRAS on Windows SBS 2008.
The VPN seems to works fine, I can ping everything on the other end of the tunnel. RDP into workstations, access shares on the workstations. I can telnet into the exchange server and send mail. Get the default IIS page at http://server.
From the SBS I could even map shares I have on my local workstations, but when I try to access any of the shares on the server over the VPN using hostname or IP it fails, "The network path was not found".
Not really sure whats going on here, I've shut the firewall off without success. I reconfigured the VPN from scratch and rebooted the server and it didn't change a thing. I'm unsure how long this has been like this since no one uses the VPN to access file shares on the server. The few that use it just RDP into their workstations, no issue there. Though recently they started replacing a few desktops with laptops and they have nothing to RDP into, they only need access to a few spreadsheets while at home or on the road so I thought the VPN would work, I guess not..
I've encountered a problem when using PPTP VPN to access my network. I can connect in and able to ping the hosts connected to the RV110W. [code] On the local network, I am able to ping the hosts in 192.168.250.x from 192.168.251.x and vice versa.Static routes are configured to ensure that all networks are reachable.The problem comes when I tried to VPN (PPTP) in from a remote location using the Windows XP's built in default VPN dialer.When connected, I can ping all the hosts on 192.168.254.xxx segments, but when I tried to ping the hosts in 192.168.250.xxx and 192.168.251.xxx segments, I get a request timeout.
The routing table on the RV110W shows the gateway for 192.168.254.240 (the VPN IP address) as 0.0.0.0 and interface is WAN.What am I missing and how should I configure the RV110W so that I can access the other subnets through VPN?
I have configured PPTP Server on RV042, and created 3 accounts. I am able to connect from Windows PC without any problems.
In the router's logging utility, there doesn't appear to be any log entries indicating either successful or failed attempts to connect to PPTP server. The only access logs I see are for access to the router's configuration utility. Is there a way to view PPTP access in the router system log?
I have two offices connected with an IPSEC VPN tunnel using RV220W routers. The Tunnel works fine for local users between the two sites(Site 1:10.0.0.x; site 2 is 10.0.2.x). I have also set up PPTP users for remote access. PPTP users that connect to site 1 cannot access site 2 and vice versa. The PPTP users have no trouble accessing the resources on the site that they connect to. I have tried activating RIP and adding various static routes with no success. If I PPTP connect to site 1 and I tracert to an IP address on site 2 the route goes to the site 1 router and then goes to the internet(connected to the site 1 router) where it stops.
Office-RV042 with static IP ->SBS2003 (10.10.10.5/ 255.255.255.0) Remote: BEFSR41 with Dynamic -> XP sp3 VPN client (192.168.3.x/ 255.255.255.248)
Within the RV042 I have enabled the PPtP server and assigned a user. No port forwarding enabled. All VPN passthroughs and firewall is enabled. DHCP server is disabled.I can establish a connection to the rv042 and ping PCs including the sbs domain server on the office side but am unable to browse any folders. When I attempt to access a network folder located on the office server I am prompted for a username/ password. Upon entering my domain credentials I get an error stating: "the user name you typed is the same user name you logged in with. That user name has already been tried. A domain controller cannot be found to verify that user name"
My use case is very simple I want to connect iPhone/iPad using pptp to my home network. I purchased the 180W and looks like I am not able to connect mobile devices to it. My Setup is simple I have ST536v6 (firmware 7.4.4) modem in bridge mode and Cisco RV 180W connect to my ISP using Ppoe. I followed the Admin guide and created the pptp user. If I connect from internal network it connects but when I try to connect the device from WAN it just does not work.
I have a web server on 192.168.1.2 and adsl modem/router on 192.168.1.1 when i access my computer from external ip by i get popup login window of adsl modem. Now how can i acess 192.168.1.2 or what changes in settings i have to do ?
I was able to configure the cisco to accept VPN connections from clients. But when i am connected i can not access the VPN LAN. My cisco VPN client shows all the time Packet Decrypted: 0 when connected. I tried the split tunneling configuration based on the example on cisco.com for split tunneling.
I include config for better understanding. The outside interface is fa0/1 with ip 10.0.0.2 w LAN 10.0.0.0 Inside interface fa0/0 with ip 192.168.10.9 w LAN is 192.168.10.0
There is VIP that is used by ACE for load balancing web servers. Internal users succeed to this VIP. ASA (connected to Core 6509 switch) is performing static NAT (VIP-to-External IP). External users cannot open web page while requesting for this IP. ASA is allowing request for any port. Also there is such string when issuing "show nat" on ASA: Untranslated hits . What can solve that problem?
I recently setup a Camera (DVR) system for a good friend of mine who just opened a restaurant. We are able to access the cameras just fine internally (LAN), but not externally (WAN).
I port forwarded, or 'pinholed' as this router uses, ports 9000 and 80 (changed the routers web port to 81 so there would be no conflict). I grabbed the external ip for the network and immediately tried connecting from home (I was doing everything remotely), and could not access the cameras, neither with the dvr software, nor with internet explorer.
EDIT: I believe he has a dsl line. I wonder if we'd need to change the configuration in the modem itself?
I have several drives that are accessed through a LAN but as soon as I connet to another drive through VPN all the drives get disconnected. According to the IT people this is a feature of VPN for security reasons and there is no way to access those drives.Anyone knows if there is a way to connect to the VPN drive and the local LAN drives without getting the LAN drives disconnected?
I am having an issue where I cannot access certain files on websites. It looks as though the files are accessed via ftp. Could my router be blocking it. I have a Cisco 2801 router acting as a firewall.
So, i have set up a working Anyconnect solution, (see attached picture)
Firewall is a 5585-x ssp20 running 8.4.3 Core is cat 6500 Anyconnect client version: 3.1.00495
Configured vpn with a tunneled default route to 172.19.16.1 (Core - cat6500) No split tunnel is configured, everything has to be tunneled and monitored by WCCP in Firewall. Authorization is by Certificate Only.
I can reach inside servers (for example 172.18.254.37) i can reach DMZ server (for example 192.168.138.36) i can surf the internet on regular HTTP (port 80)
but, i cannot surf the internet or DMZ servers using HTTPS (port 443) also, ftp does not work. i have tried to reach external ftp servers who are open to all.
both https and ftp works from the INSIDE network.
I have tried to change the port for Anyconnect, to 444 (for dtls as well) and i can see that all the vpn traffic is going over 444, so 443 should be undisturbed.
but this is not working.. could it be a certificate problem, or am i missing something? NAT/PAT?
Basically we have different customers using the same 5510 firewall. We have created one sub interface for every customer on the inside interface. There are differed NAT rules for every customer all using the same block of public IP addresses on the outside interface. They do not have access to each other’s network so I cannot make any exemption rules between two sub interfaces. The problem is for all our customers that they cannot communicate with each other over Internet, Email, Applications etc. using the external IP address. A work around is to use a proxy server, but they do not agree with that. I cannot make exemption rules between sub interfaces for security reasons.
I'm trying to setup my home network so that I can access it when away from home but I've ran into problems and I can't figure out what is causing the problem.I've setup the router to forward incoming requests on port 80 to be directed to my PC running WAMP. The PC has a static IP and if I access it from another PC on my network I get the WAMP page load as expected.I've also setup an account with no-ip.com to resolve my (dynamic) ip. If I use the address they have setup while I'm on my network I get the login page for the router, again this is what I expect.The problem begins when I try and access my home address (whatever.no-ip.biz) from outside my network. I've tried it from 2 different locations and via a dial-up account and I get nothing.
Our secondary site accesses the internal intranet via a link, which is basically:
[URL] where externalip is the IP address of my router.
* This used to work fine before we migrated from ADSL (6mb up / 0.5mb down) to Fibre(70mb / 20mb) *
Internally, I access the same link, but via [URL] Internally it loads in 2 seconds, externally it is taking 68seconds(ish)..
I can't work it out, the fibre shouldave made things loads quicker but is infact very slow. I'm wondering if something network wise is going on.
The intranet is a php intranet sitting on apache, and using postgresql as the database. Other pages load fine, this specific index.php page does quite a lot of DB connections and so on, but as I say before, it worked fine before the migration.
I've set up a remote access group for Anyconnect on a 5510 running 8.4.5. Our company security policy prohibits split tunneling, but this particular location has no internal DNS (so I have to use a public DNS like google or something). How do I get this to work, I'm assuming I need to do a NAT exemption but I'm not sure how this would look, especially under 8.4.5.
I am aware that we can allow external admins to telnet over a custom port to the internal router. Even i was allowed to connect to a remote router via the remote firewall. The way i was accessing the router is by telnet to the remote ASA address on port 8023.I am not sure how exactly we can configure this on a ASA.
i'' ve one appliance ASA 5510, v8.X and asdm 6X here u have my configuration :
interface Ethernet0/0 description Link To WAN nameif outside security-level 0 ip address 188.8.131.52 255.255.255.252!interface Ethernet0/1 description Link to LAN(forefront) nameif inside security-level 100 ip address 10.20.80.1 255.255.255.252!interface Ethernet0/2 description Link to CoreSW (DMZ) nameif DMZ security-level 50 ip address 10.70.70.254 255.255.255.0
i have on server ssh (10.70.70.10) on my DMZ .
I wan to enable my external user, i mean outside user to be able to access to this server which is in my DMZ for this port ( ssh)