Cisco VPN :: ASA5510 - Windows 7 Connects To It But Not Remote Desktop
Mar 15, 2010
we just got several laptops that came with Windows 7 Pro 32bit installed, and we have installed the VPN Client 5.0.06.0110. The VPN client appears to connect to our ASA5510, but we are unable to connect to any machines on our network as it does on our XP machines.
Furthermore, we cannot ping any as well. Also, while connected the Windows 7 machine is still able to access internet site as if split-tunneling was configured, which its not! I've seen alot of people posting on the internet about the same issue, but I have not run into any resolutions that work.
Just recently we replaced our HQ Cisco-Pix with Cisco-ASA 5510. where we have many branches connecting to our HQ through site-to-site vpn. Since putting this new ASA5510 at HQ , while we are getting a Remote-Desktop session into our branches clients, and at the time when even a single TIMEOUT occurs on the vpn-link so the remote-desktop session gets completely lost. then we have to re-connect the session.This issue happens as i said above when a single timeout occurs on the vpn link. What is the issue with the ASA5510. because with pix we didn't have this issue, remote-desktops were never getting lost / reset with single timeout
Just recently we replaced our HQ Cisco-Pix with Cisco-ASA 5510. where we have many branches connecting to our HQ through site-to-site vpn.
Since putting this new ASA5510 at HQ , while we are getting a Remote-Desktop session into our branches clients, and at the time when even a single TIMEOUT occurs on the vpn-link so the remote-desktop session gets completly lost. then we have to re-connect the session.
This issue happens as i said above when a single timeout occurs on the vpn link. What is the issue with the ASA5510. because with pix we didnt have this issue, remote-desktops were never geting lost / reset with single timeout
I want to setup Remote desktop connection between PC's running win 7 and win xp so that i can access win xp machine through win 7. Both are connected through LAN connection.
configure this router to allow connections from the internet for remote desktop? I can do it on my lan, but the Dir-825 blocks this feature. Yes, I set up port 3389 as a virtual server to the computer I wish to use.
I have a Win 7 machine with Win SBS 2011 in my office and an iMac. The Win machine is being setup for Exchange 2010. My problem is this: I can't Remote Desktop in from my iMac into the Win machine, but CAN when outside the network.The Win7 machine has a static IP, the iMac a dynamic. When I access the internal part of my router I can only see my iMac. I get a "can't connect to win-based machine" error when I try to Remote Connect.The only thing I can think is that using the same gateway is somehow messing things up? I've had two techs try to figure this out and they're both stumped.I was maybe thinking that since both comps are going out the same gateway that I should try anc configure the iMac to try and RDC on a different port, since maybe the iMac is listening on 3389 and sending the RDC back to itself?
We have a WRSV4400N installed as our primary NAT Firewall. It is configured to allow Windows VPN connections to our server residing on the Internal Network Domain - this works fine.Problem is that even though the remote VPN client can open shares, browse the internal network, and resolve computer names fine with DNS, but... Remote Desktop will not connect using the VPN tunnel.We need this to work... I spent several hours with your support people when installing this router a year ago and got nowhere. And everythung else works fine.I am using Windows server-based VPN because your VPN Clint didn't work ata ll either. Can you perhaps give me a list of configuration settings to check?
I recently purchased (2) DIR-655 routers; one for home and one for the office. Both are connected to the 'net through CenturyLink DSL via a Zyxel 660 modem.I am switching from a Cisco/Linksys WRT54G home and a Trendnet TEW432BRP at the office. I wanted to get up to N and consolidate to a single hardware type. The 655 came highly recommended, and the price was right at $75.My goal is to utilize RDP (Windows Remote Desktop) between the two points and from other points inbound to either 655. The first hurdle was that the Xyxel modem, by default, blocks just about everything inbound with no hope of opening the ports. The only viable solution was to bridge the modem and allow the 655 to act as DHCP. Done. The modem now should not even have its own IP address, and should completely bypass all of the built-in firewalls, etc. As soon as I went into bridged and forwarded the ports in the router we were in business (though I still can't seem to log in to RDP, the ports are verified open).
I use RDP extensively on my LAN to use and manage 4 PCs running Win XP or Win7. My consumer-grade Cisco Linksys WRT610n crapped out after less than 2 years, so I thought I'd try the Cisco WRVS4400N to gain extra features like VPN. I have not enabled anything new on the router except for adding a second wireless SSID for guest use, although no bandwidth management or VLANs have been set up yet. Firmware version is 2.0.0.8.Since installing this router I have been unable to use Windows RDP on ANY of my computers on the LAN, whether I use the machine name or the IP address. I can ping every device on my network - print servers, NAS boxes, PCs, but no RDP. WHAT'S GOING ON?
I just picked up the E4200 to replace a router, I can remote desktop into a computer that is physically connected to this router, but cannot remote desktop into other computers on the network that are connected via another switch.
On wireless (lenovo tabletx61) I cannot connect through the intranet - no problem connecting through internet. When I manage to connect through intranet connection is dropped quite often.No problem connecting via Ethernet cables.
I just got a new internet connection after going for 2 years or so without one here at home, now that i have it and got the router installed and all my main computer a desktop (HP Pavilion a6655f Desktop PC) has not been able to connect online using my laptop i've had no problems but would really like to get my desktop online as well, I have tried the windows diagnostic tool tried resting the adapter but that has not worked.
I have a Dell XPS 8300 desktop and have been having issues with the modem connecting to the wireless network just fine but, I'm not able to access the internet. This has only occurred over the last 24 hours and is frustrating. I've read some other recent posts and have gone back and done the System Restore to before the installation of Windows Updates a day or so ago and that has worked twice today. But I'm not a PC expert and I would like to know how I could resolve this issue permanently without having to undo the updates with System Restore every time I power up and log in. How do I figure out what setting is being undone to disconnect the internet connection from my XPS 8300?
After trying to configure remote client VPN access to a Cisco 2911 ISR using the CLI I tried to use the Cisco Configuration Professional. However, either way I have the same problem. A client can successfully connect and access servers but just once. When the client disconnects and tries to connect again there is no access to the servers even though the VPN tunnel appears to be up. I've tried multiple versions of the Cisco vpn client SW and all behave the same: 1st connection can access servers, subsequent connections can't. I've also tried a second (different) client after the original connection and still no luck. If I reload the router the client can get the vpn connection and access the servers but if the client disconnects from the vpn and tries again there is no access to the servers.
I've also tried it with and without NAT but it doesn't seem to make any difference.
The config generated using CCP is as follows:
version 15.0 service timestamps debug datetime msec service timestamps log datetime msec
My desktop with Windows Vista is connected to the modem with a standard ethernet cord, and when I try to plug the same cord into my laptop I don't get any internet access. My laptop is running Windows 7. I have tried powering the modem off for 15 seconds multiple times, but to no avail. I am just trying to make this connection work until I purchase a router.
I have one user who is unable to Access Remote Network resources when connected to the VPN on his home network. VPN shows connected and he is given a remote IP from the VPN Pool, but he cannot ping any IP on our network. When connected using Sprint Wi-Fi card he is able to connect and access remote network from the same laptop. Maybe there is some network overlap that I am missing.
see attached firewall config (zzz... being firewall public IP) and remote user route table. ASA 5505 VPN Client 5.0.07.0290
i want to create Remote IP Sec VPN on Cisco ASA5510.Problem is this 5510ASA is behind another 5520ASA and it dont have any public IP address on any of 5510 interface.if i do static NAT of ASA 5510 Private IP on internet facing 5520 IP Public POOL, then will VPN work on 5510 ASA? and what ports need to forward on 5520 for 5510 to become IPSEC VPN head end
how to configure simple VPN access for a user to login to the corporate network and access the resource and get emails I do not want to use CA certificate for authentication instead a very simple method is what i plan to start up with the configuration step so i can test this out.
I have access to my enterprise network through Cisco VPN (software) client and it goes through remote-access ipsec vpn setup on an ASA 5510. Everything works fine.
But now users that connect to the enterprise network have in addition need to access remote sites networks that are connected through the site-to-site VPN tunnels: IPSec tunnels between mentioned ASA5510 and remote ASA5510s and ASA5505s in branch offices.
there is NAT exemption rule that exempts networks 10.1.10.0/24, 10.1.20.0/24, 10.1.30.0/24.All traffic from local network 10.1.1.0/24 have full ip connectivity with all the networks in branch offices. The PROBLEM is that remote vpn clients can reach only local network 10.1.1.0/24, but not the remote networks.
The ASAs in remote branch offices has set up NAT exemption towards both local network 10.1.1.0/24 and remote access clients network 10.0.5.0/28, but as I said, it doesn't go.
i configured a remote VPN on cisco ASA 5520 and everythings seems to be working fine...DHCP IP were been lease to users that connect to the VPN. but the issue now is that our customer want a static IP to be given to a particular user when he connect via VPN.
I configured my cisco client with the info from the vpn wizard and get the following error :
error in the cisco vpn client when enabling the log : Invalid SPI size (log) + reason 412 the remote peer is no longer responding (application) message I see via the ASDM-IDM : Built inbound UDP connection for interface WAN
I'll explain briefly what I'm trying to do here :
* Remote vpn with windows users having cisco clients * Group authentication and in the asa5510 LOCAL authentication
My WAN interface contains a public ip/29 I also defined a LAN interface with security level 100 in 10.0.60.0 255.255.252.0 range the vpn dhcp range I want to attribute to vpn users : 10.0.69.0/24
Basically I want users to initiate the vpn tunnel to the public IP and be able only to access the LAN range with the 10.0.60.0/22 range
ASA Version 8.2(5) ! hostname xxxx domain-name xxxx
We have a Cisco 5510 with 2 IPSec Connection Profiles each using a different IAS for authentication.If we add another VPN profile we need another IAS.With Cisco ACS can it be configured for different VPN profiles from the same ASA 5510?
I have two ASA5510 with a peer to peer VPN configuration which is working pretty well.I'm trying to connect to my remote ASA (ASA2) with ASDM on my PC through the VPN on the local ASA (ASA1)I already connected the ASDM to ASA1 through the inside interface but I cant connect to the ASA2 the same way (over the VPN).
When I ping the ASA2 inside interface from my computer, I get the following events:
ASA Version 8.0(5)!hostname ciscosnqdomain-name chaco.com.boenable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednamesname 192.168.2.10 SNQ-Servername 192.168.1.21 Srvplxaname 10.30.30.30 e-Servername 192.168.1.0 Experion-networkdns-guard!interface Ethernet0/0 nameif Corporativo security-level 0 ip address 10.64.12.6 255.255.0.0!interface Ethernet0/1 nameif ExP_LS security-level 90 ip address 192.168.2.1 255.255.255.0!interface Ethernet0/2 shutdown no nameif no security-level no ip address!interface Ethernet0/3 shutdown no nameif no security-level no ip address!interface Management0/0 nameif management security-level 100 ip address 192.168.0.2 255.255.255.0!boot system
We have a high availability pair of ASA 5510's in Data Centre where we have configured remote access to allow users log in via SSL VPN, now we want to add further security to our environment we are adding endpoint assessment licenses...the question I have would I need two sets of the license ASA-ADV-END-SEC ?
I learned the hardway before with ASA SSL VPN licenses breaking other failover pair as it needed identical licenses on both units! Will I need 2 separate license sets to keep my firewalls in a HA pair?
Have a few users on Vista/7 using Windows L2TP to connect to our ASA5510. It is reported that after a few hours the connection drops. From what I have seen this can be anywhere around 5-6 hours. Of course my connection will drop after an amount of time has passed and no traffic has passed the tunnel. But the users are adament that this drops during large transfers; i.e. not a timeout issue. Before I spend anymore time on this I just want to know if this is normal behavior for a remote access L2TP using Windows to disconnect on it's own after this amount of time. Never had a reason myself to remain connected that long, and when I did I used a site 2 site tunnel.
I am facing a problem with Cisco ASA remote access VPN, the remote client is connected to VPN and receiving IP address but the client is not able to ping or telnet any internal network.I have attached running configuration for your reference.
I recently upgraded our head end ASA5510 at our datacenter from 8.2.1 to 8.4.5. The ASDM was also upgraded from 6.2.1 to 7.1.(1)52. Under the old code, a remote ASA5505 connected via Easy VPN Remote showed 1 IPsec tunnel. However, after the upgrade, it shows 42 sessions. It would seem to me that each split tunnel network defined in the Easy VPN profile is being counted as a tunnel. Is it possible that I may have something misconfigured now that the code is upgraded?
We have ASA5510 with version 7.x and asdm 5.X, i upgraded it to 8.3 and asdm 6.2, and i got vpn peers 250 and 2 ssl.when i try to connect through client software , i can see in the logs UDP 500 port is created as shown below.Mar 31 2011 23:54:40 302015 94.97.180.0 57013 x.x.x.x 500 Built inbound UDP connection 56694 for outside:94.97.180.0/57013 (94.97.180.0/57013) to identity:x.x.x.x/500 (x.x.x.x/500) no other things are going on , and i get error as shown below.
Secure VPN Connection terminated Locally by the client Reason 412: Remote peer is no longer Responding Connection terminated on.
i am suspecting it is VPN-3DES-AES activation key issue.when i go to Remote Access VPN ---Advanced---SSL Seetings--From Left Encryption Panel Available Algorithems i have DES-SHA1 when i try to drag it tto Right panel of Active algorithems it gives me error *** below [ERROR] sl encryption rc4-sha1 des-sha1 The 3DES/AES algorithms require a VPN-3DES-AES activation key and currently in right panel of Active Algorithms i have only RC4-SHA1,