I am unable to VPN to my network from outside using cisco VPN client to PIX-515E. When I try it say: Reason 412: the remote peer is no longer responding. From inside everything work ok, I can connect... (same computer, same settings...)
View 3 Replies
I have an ASA 5520 with multiple site-to-site VPN's. A remote customer has changed their Public IP address and now the VPN has gone down. How can I easily change the peer IP of the remote site to the new one without have to put the pre-shared key in again as we don't know what it is and they don't manage their firewall.
View 7 Replies View RelatedWe are trying to add an additional LAN-to-LAN IPsec VPN to our network. We currently have one remote office connected, when we configure the second VPN matching the first the tunnel never begins to establish. There is an ACL that is dening the static IP for our remote office.
The layout is as follows:
Main office = ASA 5520
Remote Office A = ASA (Unknown Model)
Remote Office B = Adtran Router
All devices have static IP addresses.
We used the ASDM VPN wizard to create both VPN's.
We have created a rule allowing all traffic from our remote office IP, and that had no effect on the VPN aside from eliminating the following message from our logging:
4 Mar 19 2012 15:18:01 106023 67.50.19.230 50234 TWT-hq-e 31326 Deny udp src TWT-outside:67.50.19.230/50234 dst inside:TWT-hq-e/31326 by access-group "outside-in" [0x0, 0x0]
We have verified that both sides are configured the same however the VPN never is initiated so as of right now the ASA is simply blocking all attempts from our remote office to connect.
I've been using an ASA 5505 -- ASA 9.1(1) -- with an IPSec Remote Access VPN. Everything works properly, though I recently noticed that when my IPSec session is disconnected, I get the standard message ID 113019, but within that message the Peer IP address is incorrect. In fact, it isn't even close to my actual remote address. [code]
When I first researched the IP, I found it coming from China, which freaked me out. I changed settings, rolled back to 9.0(1), and nothing worked. Finally I rebooted, reconnected the VPN, and the IP changed. This time it was an address from RIPE NIC. I rebooted again, now an address from ARIN in the USA. One more reboot, now a random Comcast residential address.
Within that boot cycle, the peer address always stays the same. I've connected from different devices, different IPs, different ISPs - nothing matters. Additionally, there are no firewall logs for these IP addresses at all.
ASA Remote Access VPN peer addresses in disconnect message are incorrect and change at reboot.
I am trying to establish a site-to-site VPN between two Cisco routers (2951s). I am using the below config on both routers. One router has an interface with a public IP assigned to it, the other uses a private IP and is natted by our ASA outbound.
If i remove the tunnel protection ipsec profile command from the tunnel interface, the tunnel comes up no problem and I can ping both ends of the tunnel. But as soon as I apply the tunnel protection on the tunnel interface, it dies. Both sides of the tunnel show up but no pings are allowed and I see in the debugs that for some reason the routers don't think the Pre-Shared keys are configured properly. I have gone as far as making the ISAKMP keys very simple and I know there is something I'm missing here.
On the ASA i'm allowing ESP (protocol 50) and ISAKMP (UDP 500) both directions (in and out of the firewall). I am also allowing UDP NAT-T (4500) just in case. I don't see anything on the firewall being blocked but I can't be certain that isn't causing the problem. What could I be missing here?
*****Router Config*****
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
lifetime 1800
crypto isakmp key cisco123 address PUBLICIPHERE
[code]....
I have an ASR 1002. Behind that and across another small MAN network (considered inside) I have an ASA. On the remote end, I have a simple 2811.
I need to create a vpn peer from the remote router to both the ASR (to hand off traffic there) and also a peer at the ASA (to encrypto across the MAN). The ASR1002 has the serial connection (DS3) to our MPLS cloud in which the remote is on the opposite side of.
So basically, I've created a single isakmp policy with two crypto map's by the same name but set to different peers and placed on the remote router then applied it to the serial interface. This works fine. Now i throw in the ASA which is behind the ASR. However, the connection still comes through that ASR to get to the ASA.After setting it up, it works as long as I don't have the crypto map applied to the ASR. If i apply the crypto map to the so interface of the ASR, my asa vpn connection stops working.It almost seems as if the crypto map on the ASR is grabbing my enrypted traffic destined for xx.xxx.24.14 and trying to do something with it. [code]
Why can't i peer from my remote router to both the ASA and the ASR on the opposite end of the serial link?
A user in our office needs to connect to a client's remote PPTP VPN but can't connect. The user is running Windows 7. We have a Cisco PIX 515e firewall that is running PIX Version 6.3(3) - this is what our user is having to go through to try and make the connection to the client's remote VPN.
The client's network guys have come back and said the issue is at our side. They say that they can see some of our traffic but not all of it. The standard error is shown below, and they say it's symptomatic of the client-side firewall not allowing PPTP traffic:
"A connection between the VPN server and the VPN client XXX.XXX.XXX.XXX has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets."
I have very little firewall experience and absolutely no Cisco experience I'm afraid. From looking at the PIX config I can see the following line:fixup protocol pptp 1723.Does this mean that the PPTP protcol is enabled on our firewall? Is this for both incoming and outgoing traffic?
I can see no reference to GRE 47 in the PIX config. What I should look for to see if this has been enabled or not?
I'm having a Issue getting my VPN up from out remote site . We have a ASA5505 at the remote site and the Main office we have a PIX-515E.. I followed this temp config I found on line but Im still not able to get the VPN UP..
This script can be used to get you started on a site to site vpn using the older Cisco PIX code. PIX running 6.3 ! ^^^^ Set ISAKMP (phase 1) parameters ^^^^^ {code]...
When I log into the ASA and run these commands This what I get
Colort2# sh run crypto isakmp
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
[code]...
In my Cisco PIX-515E Version 6.3(5), I have a IPSec VPN tunnel and also to the same firewall home users connect through VPN client. I am unable to find a solution that allows my home users to connect to office network and again access the remote network through the IPSec tunnel.
View 1 Replies View RelatedI am working on wi-fi networks (ISP), So I need to block the peer to peer on my network.My network involves cisco switch 2950/2960, cisco 2800 routers and Access Points, config for peer to peer blocking, for this where I need to config either switches or router.My network basic setup is, The internet will pass from router to switch and then Access Points.
View 1 Replies View RelatedI got ASA 5510 with base license, can I block all Peer-2-Peer traffic from inside to outside.
ASA Giga 0/0 connected to ISP Router 2811
ASA Giga 0/1 connected to LAN switch 3560
I see that Application protection - blocking peer-to-peer file sharing traffic is a capability of Cisco IOS Firewall. How do i configure my Cisco 2911 ISR to block peer-to-peer file sharing traffic?
View 1 Replies View RelatedI am facing issues in blocking Peer to Peer applications in LAN. I am using 881 Cisco router and below is the config done. [code]
View 1 Replies View RelatedIm having trouble with getting my VPN to work on my brand new WRVS4400N router. i cant find the solution to my problem, no matter how much i read about it.
WRVS4400N:
Firmware Version: V2.0.0.8-ETSI
QuickVPN:
Version: 1.4.1.2
The laptop im trying to connect to the gateway via VPN is a Windows 7 x64 HP Elitebook 8540p with a internal mobile broadband (HSPA+)So.The scenario is that i've installed the QuickVPN client on my Win7-machine without any trouble.I've created a user in the web-administration of the router.The router is configured to disable "Block WAN requests" in the firewall, apart from that the firewall is on.When trying to connect - with a valid certificate that i created, i get a error message after the dialog telling me "Verifying network":"The remote gateway is not responding. Do you want to wait?".
The log.txt tells me:
...2010/10/06 00:00:28 [STATUS]Verifying Network...2010/10/06 00:00:34 [WARNING]Failed to ping remote VPN Router!2010/10/06 00:00:37 [WARNING]Failed to ping remote VPN Router!2010/10/06 00:00:40 [WARNING]Failed to ping remote VPN Router!2010/10/06 00:00:43 [WARNING]Failed to ping remote VPN Router!2010/10/06 00:00:46 [WARNING]Failed to ping remote VPN Router!2010/10/06 00:00:49 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.2010/10/06 00:02:13 [STATUS]Disconnecting...
[code].....
I recently bought the WAG320N can I block Peer to Peer file sharing on my Network?
View 3 Replies View RelatedI bought my WAG320N, I too have the internet drop out and from reading in here is a very common problem. Cisco really should bring out a new firmware version and address this issue. Any way you can block peer to peer file sharing with the WAG320N? If so how do you go about it?
View 1 Replies View RelatedBasically, I rebuilt my network over the weekend, to include a subnet, and can no longer connect my desktop to the remote PC. My old router was reset to defaults and re-configured. My PC has been wiped, reinstalled, and fully updated.The error I receive is "Remote Desktop can't connect to the remote computer for one of these reasons: etc" I've only seen this error in the past when the PC I connect to was powered down. I have confirmed that everything is still set up properly on the PC I'm trying to connect to via an associate, and it is not powered down.
Old setup:
[My Win7 PC] ---- [old router] ---- [modem] --- [internet] ---- [Remote PC (Win 7)]
...............................| | |
.........................other local PCs
New setup:
[My Win7 PC] ---- [old router] ---- [new router] ---- [modem] --- [internet] ---- [Remote PC (Win 7)]
.........................................................| | |
...................................................other local PCs
1. I went into Windows firewall to allow Remote Desktop through, but it looks like that only needs to be set for the PC I'm trying to connect to. (Yes/No?)
2. I've forwarded port 3389 from the old router to my PC.
3. I haven't done anything yet to the new router, because I really can't tell if I'm doing the right things. The very first time I connected to the remote PC, it went right through, and I didn't have to change anything in the old router (I think - it's been awhile). I really don't know where to go from here, and it looks like the setup options I've found in the forum so far (static IP, port forwarding, Windows firewall changes, etc.) leave me with more security risks than I had on the old network, and there seem to be some conflicting opinions about the setup process.
I am able to connect via VPN from my office wireless. In my home I am not able to connect. I got the error as Login Failure Due to Remote host not responding. I have wireless connection in my home. I am able to surf internet and also able to ping the ip mentioned in VPN.
View 3 Replies View RelatedOne of the schools whose networks I administer has a peer to peer network running about 30 xp machines. DHCP is achieved and DNS settings distributed via a basic Linksys router; is there any way of distributing proxy server address and port short of entering manually in LAN settings of IE on every terminal - there is no budget to install a server.
View 4 Replies View Relatedi just set up my 2Xp pc's and one windows7 laptop peer to peer for file and printer sharing but i can not configure internet connection for those pc's
View 2 Replies View RelatedI have a RV180 router and i am trying to use the Quick VPN Client version 1.4.2.1. It works fine on my Windows 7 pc, and worked successfully once on the windows XP sp3 pc. But now the XP pc will not work.
What looks strange is in the VPN Client Connection Status on the router I see the status is Online, however the XP pc will not ping anything on the network or connect to the RDP pc i want. The QuickVPN Client hangs on "Verifying Network".
I tried the suggestions i saw online:
Disabling Firewall
Enabling Firewall
Making user name shorter
Allowing for PING on WAN (replies all come back fast)
Reboot Router
Upgraded firmware to 1.0.1.9
I did not adjust the MTU rate as i was not sure what to change it too. AV is AVG 2012.
I am trying to connect with QuickVPN to my RVS4000 in another location. I get this message: "The remote gateway is not responding. Do you want to wait?'
View 15 Replies View RelatedRouter is a version 1.1 running with sw version V1.1.13-ETSI
Quick VPN is sw version Ver 1.4.1.2
The issue is that I can't connect due to that i cant ping the internal IP, get this error message in the QVPN log [WARNING]Failed to ping remote VPN Router![URL]I have disable the "Block WAN Request" and it is possible to ping the router on the external site.So as I see it, the router blocks for ping on the internal IP via QVPN, what have I done wrong?
I've just set-up one of the RV220W VPN solutions. This worked fine for a while, but now it reports the remote gateway is not responding. Other clients can connect, but not the computer I'm using at home.
Log file reports:
2011/08/31 21:10:31 [STATUS]Success to connect.
2011/08/31 21:10:31 [STATUS]Tunnel is configured. Ping test is about to start.
2011/08/31 21:10:31 [STATUS]Verifying Network...
[code]...
I've tried the most common stuff. Enabling ICMP, checked that remote administration runs on port 443, changed MTU to 1400 manually, It allows fragmented packages too. Checked that IKE and IP Sec services are running. I've also tried both with windows firewall ON and OFF. A colleague of mine had the same problem in the same time frame as me, but after a while - he suddenly was able to connect. I still can't!!
Firmware Version: 1.0.2.4
Edit: IP is not real.
We have 2 remote locations that are connecting to a server at our home location. Each remote computer uses quickvpn utility to establish a vpn with the home location. Our problem is that sometimes the vpn disconnects while we are working in remote desktop on server 2008. Luckily our sessions in remote desktop stay put but we lose the vpn connection. Most of the time we get a message that the remote gateway is not responding. Our dsl internet connection seems to work and we have previously had no trouble with connecting to the home location. We have 3 computers that connect simultaneously to the server at each remote location and sometimes one computer will stay connected while others disconnect.
View 3 Replies View RelatedI have a ASA 5510 actve/standby and create one site to site VPN with remote peer ip address xx.xx.xx.xx, Our VPN traffic running on 6 mb internet link for video conferancing traffic.Now client give another link 2 mb internet and client told to us our data traffic runnig on 2 mb link but this data traffic running on the same remote peer IP xx.xx.xx.xx.
Secondly request also they need failover over the ISP link.
how we immplement the same on ASA 5510.
i want to set up my two computers /win xp/ installed using peer to peer network , just tell me the needed steps
View 2 Replies View RelatedI want to prevent guest from doing peer - peer communication on my Guest (5508) controllers. Is this a feature on the WLC or only by applying an ACL on the router interface?
View 2 Replies View RelatedI need to redo the configuration on the new one?
View 11 Replies View RelatedI have a host that can successfully connect to a PIX 515E (7.x OS) via VPN Client; however, I have no IP routing to the LAN from the remote host.The VPN IP pool works finem,The LAN default gateway is the inside interface on the PIX; the network is flat L2 behind it.The default route on the PIX points out; no other routes are defined,The VPN remote host can be pinged from LAN hosts, but the VPN remote host cannot ping any LAN host, not even the PIX inside interface.
View 2 Replies View RelatedWhat is difference between Peer to Peer network and point to point network???
View 5 Replies View RelatedWhy does Cisco recommend a configuration of originate-only on the ASA with multiple peers configured and the answer-only to the other end? Shouldn't it work as Bi-Directional ?
[URL]
The only scenario I see which could break is if both peers try to establish a VPN at the same time to the ASA. Is there any other reason ?
I believe that the Cisco Unified Communications Manager Express matches the outbound VoIP dial peer digit-by-digit, because:
1. when using the debug command it shows how it works digit-by-digit till it match a pattern
2. It says in the study guide ( If a match is found, the router immediately processes the call - chapter 6) so I understand its not en bloc
