Cisco VPN :: Setting Up WRVS4400n For Branch Office VPN With Watch-guard?
Jun 29, 2011
I've followed Watchguard's instructions for configuring a Branch Office VPN connection, and I'm unable to connect. I have configured the Watchguard gateway to accept remote-to-local connections and put in the Watchguard's public IP address as the local connection, and the WRVS4400n's public IP as remote.The Linksys has the local VPN group configured as 192.168.0.0./24 and the remote gateway as the Watchguard's public IP Address.When I connect it remains "down" and I"m receiving errors saying it could not authenticate. I have the passphrase the same on both sides with 3DES and SHA1 configured.Does the WRVS4400n support this type of VPN configuration or am I wasting effort?
View 1 Replies
ADVERTISEMENT
Apr 11, 2012
I am trying to set our VPN connection to route to our branch office from a VPN Client. So far I did not succeed and at this point I am stuck.At our office we have a VPN Server which enables VPN Clients to connect to our main office with an IP Range of 192.168.104.0 with subnet 255.255.248.0 and a branch office with a IP Range of 192.168.25.0 and a subnet 255.255.255.0Internally on the LAN the routing is done by our firewall, which acts as DHCP and Default gateway. It connects the 2 LANs by a leased line.When I ping an IP address in our branch office from our main office I get a reply.
Now when a VPN client connects it gets a IP Address in the range of the main office from our firewall and the client can connect to all computers in the main office network. However if i try to connect to a computer in the branch office it does not work.I tried a static route in the Routing and remote access Server (which is Windows Server 2003 R2) and I tried adding a static route to the DHCP settings on the firewall. In both cases it does not connect from the VPN Client to the branch office.Searching the internet, since the examples are all based on a setup with a RAS Server on both networks. The LANs are already "integrated"/"physicly connected" trough the routing on our firewall and its leased line.
I also tried settings on the VPN Clients machine. Settings like "Use gateway in remote network" on or off and tried adding static routes. This did not work, since the Default gateway I must use is not on the same range as the home network and returned an error trying that.What I noticed is that the VPN Client gets a route which uses the VPN CLient IP as default gateway. Makign a static route like that will work (I think), but since the IP addresses for the VPN clients are obtained through DHCP and can vary each time, there is no way (i think) to automate adding a route with, for example, a batchfile that I could give to the employees connecting trough VPN because of the variable IP.
View 10 Replies
View Related
Apr 23, 2013
I have a problem with a branch office setup, and I can't for the life of me think of what the problem is.I have a remote office setup, using an ASA 5505 that is set up to establish an easy vpn connection to the central network. The connection at the branch office is a 20/5 cable modem, the central network has a 25/25 fiber connection.
The issue I have is this. Wired clients work fine at this branch office, at least 95% of the time. I have a lightweight AP there that can come up and join the controllers at the central network, no problem. I haven't done anything with H-REAP because there are really no resources locally they need that would allow them to do their work, so all traffic is tunneled back to the WLC.
Wireless clients can authenticate to the AP, and I can get 15-20ms ping responses from them all day. Latency never comes close to the 600ms proposed limit with CAPWAP. Yet, for some reason the performance of the clients is problematic. Webpages will frequently not load correctly, they experience some freezing, and with one application we use - it refuses to load completely.If we bring these same computers to an AP connected to our central network, on the same SSID, they work flawlessly.
Something about this particular location is causing a lot of grief for our users.For what it's worth, we are running WCS 7.0.230.0 and the WLCs are on 7.0.116.0. The ASA is running a pretty basic configuration, pretty much out of the box with the easy vpn configuration entered.
View 7 Replies
View Related
May 22, 2012
I'd like to connect through a VPN the HQ office to a Branch using two ASAs.I have a 5520 in the HQ and 5505 in the Branch Office.My problem is in the Branch office where I have a dynamic IP (ADSL).
I couldn't find a example this kind of configuration.
View 7 Replies
View Related
Aug 1, 2012
We have AT&T Managed MPLS service are our datacenter and our branch office locations. AT&T has provided the routers and simply give us an ethernet connection. We also have ethernet connectivity to the internet through our datacenter...with our network being protected by an ASA 5520.Each branch location has a 29xx series router (voice gateway) and switching gear attached to their AT&T MPLS router. Some of our branches also have 3rd party cable internet service with an ASA 5505 to protect it from the internet. What I'd like to do is better utilize this cable modem/ASA5505 setup. Right now, if there were an outage, I would be connecting manually to the remote location to change static routes to point to the cable link and to configure a VPN tunnel between the remote and our DC.
View 2 Replies
View Related
Jan 31, 2012
I am preparing to move two branch offices from a point to point T1 connection to Century Link Metro Ethernet.Currently my branch locations connect to my HQ 7204 router via a channelized DS3. I have a 4507R at HQ that I will connect the ME circuit to.We will also be moving our Internet connection on the ME circuit.Our service provider Clink will hand me a single Ethernet handoff for the Internet and branch office connections. For the first phase I will connect one branch office using ME. Once that is in place and tested we will move another office and so on. Then our final step is to move our web connection to the ME circuit.Each branch office has their own unique voice and data subnet. They each have a 2801 router and a 3560 switch. The routers are MGCP gateways with only one PSTN connection, a POTs 911 line on a FXO port.
So my questions are;
1 - Should I connect the ME directly in to the 3560 at the branch offices or use the Fa0/1 on the 2801? Fa0/0 is currently connected to the 3560.
2 - On my 4507R at HQ how will I configure the ME switch port? As a dot1q trunk port?
3 - Given that ME is basically a LAN connection will I have to re IP the branch office? HQ is 10.10.1.x/24. Branch is 10.10.166.x/24 (data) 192.168.166.x/24 (voice).
4 - On the 4507R will I need to configure a vlan interface for each branch subnet?
I attached two network diagrams. One represents our current topology (MEexisting) and the second represents the new ME circuit changes (MEprojected).
View 5 Replies
View Related
Jan 26, 2013
I have got two 1841 and one 881 cisco router. I can keep any one of this router at HO and remaining at branch office. I have got a static internet IP at HO but dynamic IP at branch office. I want to setup a VPN to connect to HO from branch office through router. The branch connects through a private IP for internet purpose. Which VPN is the most secure and best for this purpose.
View 1 Replies
View Related
Jun 6, 2012
I have to setup what seems to be a very basic configuration, but it doesn't work. In our lab there is a cluster of switches with a 3550 that does all the routing for vlans. I need to simulate a sort of a small branch office that has one connection to the outside world (the lab network). [code] From the router I can ping any host on vlan 230 and other vlans,I can also ping the pc connected to e0/1.However from the PC I can only ping 192.168.1.1(e0/1) and 172.26.230.150 (e0/0) [code]
View 3 Replies
View Related
May 18, 2012
I have been told to connect our branch offices over outdoor point-to-point wireless CPE. The wireless brand is Orthogon. The Main office got cisco 4507 L3 switch where all building switches terminate. DHCP,DNS and all application are hosted in main office. The branch office got ONE 24 port POE Switch cisco 2960 where all users will be connected, On Port 0/24 of 2960 switch at branch will terminate the outdoor Wireless and other end will be terminated on 4/15 of 4507 at main office? what command I need at both interface where Wireless is terminated.when we connect floor switches to 4507 we got these commands on access switches
vtp mode client
vtp version 2
vtp password cisco1
vtp domain LIC
Fiber termination port configuration - switchport mode trunk
View 3 Replies
View Related
Dec 17, 2012
I am trying to configure access to several remote offices for users who VPN into our main datacenter. The datacenter has a 5520, and the branches are connected through IPSec L2L VPNs. Branches all have 5505 or 5510's. Remote users use IPSec via the Cisco remote Client. Remote access into our data center works, and the L2L VPNs are perfect...just now that i need remote users to access the branches after Remote access VPNing (for support) i cant get that part to work.
View 2 Replies
View Related
Aug 2, 2011
We have used two Cisco RVS4000 to create the IPSec VPN between the main office and the branch office. The main office has SBS 2008. There is a Windows Server 2008 as the domain controller in the branch office. One branch office user has a laptop which is not in the domain, but his exchange account is set up in the Outlook. When he connects the laptop to the branch office network, he cannot connect to the exchange server and get the emails. Is there any configuration to set up in the router, server or Outlook?
View 1 Replies
View Related
Sep 7, 2011
What are my best options to secure branch office connection to HQ over Provider MPLS cloud. Our existing Setup
<<HeadQuarter>> :: DataCenter hosting Email, ERP, Intranet, Voice Services 10mb link to Service Provider over MPLS CloudMPLS is terminated on a 3825 Router running advance Services
<<BrancOffice>>::Total 10 In Country Branch Offices2mb Link to Service Provider over MPLS CloudTotal users in each branch : 20 MPLS is terminated on a 2811 Router running advance Services
View 1 Replies
View Related
Mar 6, 2013
Our Headquarter (asa 5510) is running a site to site vpn connection with a Branch office (router 2811). All remote users are accesing the internet through the VPN and also accesing headquarter file servers.I want to know if there is a way for some remote users to be able to use the vpn for accesing the file servers but to access the internet through the branch office. The rest of the remote users will be still accessing the internet through VPN.
View 2 Replies
View Related
Oct 17, 2011
My current set-up is: my laptop connects to the coaxial outlet with a cable so I can access the internet. So I can't really bring it somewhere else since the cable is short.
Now, I am planning to buy 2 more computers and a printer. The printer will be shared by all 3 computers. what else I need to buy (modem?? wireless router??) and what type. I also request that you let me know how to set it up. Of course, I will follow the manufacturer's instructions.
View 15 Replies
View Related
Mar 3, 2013
I'm having problems trying to establish a IP Sec tunnel from the office to home. All of our machines are Macs so I have been using the directions described in "How to create an IP Sec tunnel for MAC Clients, A QVPN alternative" but I still can't get it to work. My setup is as follows:
The office is connected to the outside world through a MODEM (Sagemcom 2864 Connection Hub). This MODEM is also a wireless router. It's DHCP server provides addresses 192.168.2.x.The WRVS4400N's WAN port is connected to one of the LAN ports on the MODEM. It's IP address from the MODEM is 192.168.2.x. The WRVS4400N provides addresses 192.168.21.x to devices connected to it.We have a DynDNS account and are using the DDNS client on the WRVS4400N router to connect to it.At home, we have a DIR-655 router with IP Sec Passthru enabled. The router provides IP addresses 192.168.1.x for all devices connected to it. I am fairly sure there are no issues with the router setup at home since I am able to VPN into the office of my full-time job without any problems. I have tried just about everything I can think of but have not been able to get this to work. setting up the Local and Remote Group Settings on the WRVS4400N and the IP address settings in IP Securitas?
View 2 Replies
View Related
Apr 22, 2012
I have a problem setting up a VPN between a local office and a head office some distance away.Here at our local office, we have a Cisco WRVS4400N Small Business device.At the head office they have a Cisco ASA Device.We need to set up a point-to-point VPN and I have no idea how to do this with these devices.To make matters worse, the resource I have at the other end in an unknown entity who also does not seem to have much experience with this.Is there any type of step-by-step guide to such a configuration?
View 5 Replies
View Related
Mar 12, 2013
I am attempting to setup a router with another vendor, but I am not wanting to give full access to the network just a couple IP addresses, most routers you can setup an VPN IP Range, but I can't find that setting on this Cisco WRVS4400N.
View 1 Replies
View Related
Jan 13, 2013
I'm setting up a wireless network for a small office with 25 people with approx. 15 on wireless at any time. The office is very long and skinny so I'm looking at a cluster of WAP321's. I'm hoping these will save a ton of money versus buying a controller and more expensive access points.
How do these work for roaming? I tried a search but I've found descriptions of them not roaming at all and descriptions of them roaming but you have to do some kind of pre-authorization right up to they roam with no user interaction, they just roam.
I need the users to be able to roam around the office with no interruption. I don't want to install these and have to rip them out later and put in new ones and a controller. How to find out if the WAP321's will work for roaming.
View 4 Replies
View Related
May 22, 2013
We have an environment where users create a lot of bridge loops. We have tried to send E-mails about it and educate the users but it is almost a lost cause at this point. The loops are created when users don’t pay attention and they plug a patch cable coming off of an access port up to ANOTHER access port by mistake.
All of our access ports are from 3750 stacked switches. The way we tried to deal with this in the beginning was with BPDUGuard and ERRDiable (BPDUGuard) auto recovery. We turned BPDUGuard on globally and left BPDUGuard auto recovery at the default value (I believe it was 30 seconds). so a loop would be detected and after 30 seconds, the switch would try to enable the port and if the loop still existed, close the port for 30 more seconds. Then we started having problems with printers getting "fried". Their NICs would die out and the control board would need to be replaced. After a lot of troubleshooting and testing, it was determined that allowing the ports to come out of ERRDisabled state would flood the network and the packets would generate in the millions per second range and fry the NIC of these printer.
The fix for this and saving the printers was terrible. We removed ERRDisable auto recovery and just let the ports that are looped stay in an ERRRDisabled state. We wait for the user to figure out the loop and try to use the port and then put in a work order. Then we physically visit the site and verify the port was shut (ERRDisabled) from a loop and we bounce the port (shut/no shut) and everything is resolved. I did lab tests with a switch looped and a printer on the switch and watched it fry. We have had no printers fry after we removed the auto recovery protocol at every location. Only the locations where loops existed and auto recovery protocol running were printers going bad. What I found during my lab tests was that each time the port was auto-recovered (yes, for that millisecond while it checks if a loop still exists), more packets were re-generated and eventually enough was re-broadcastthat printers would go down. We never had a problem with computer NICs. I guess the cheaper printer NICs couldn’t handle the broadcast storms created by this. I tried playing with the auto recovery timers and even the highest setting would eventually re-create these storms.
So my question is what best practices are others using? Should we get rid of BPDUGuard and just try to let spanning-tree handle these bridge loops? Is there something else I can try? I’m not CCNA by any means, just trying to do what I can in my environment. Manually visiting sites when loops occur is becoming more and more my job, though and I have plenty of other things to be doing.
View 9 Replies
View Related
Mar 24, 2013
I have a strange issue where spanning-tree is blocking vlans through a mesh network.Here is my set up.
2-Cisco 3560's that have two trunk ports set with do1q and a native vlan of 2. I'm allowing a client vlan (2) and a voice vlan (103) to come over the trunk. They have a native vlan of 2 so the mesh APs can get an address through DHCP. Spanning-tree loop guard is also enabled.
When connected to the mesh network, the voice vlan is being blocked by spanning-tree. I get the following erros:
000129: *Feb 28 19:24:58.289 EST: %SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port FastEthernet0/1 on VLAN0103.000130: *Feb 28 19:24:58.448 EST: %SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port FastEthernet0/1 on VLAN0103.
Eventually the loop is cleared and the port is set back to a forwarding state from a blocking state. I don't want to disabled spanning-tree loopguard since I don't want to create a loop. The mesh network is supposed to act as a P2P connection between two switches. As a test I disconnected the APs from their trunk ports. I then used a cross over cable to connect the switches and no spanning tree loops occured. The mesh doesn't have STP enabled on it and should just be acting as an over-the-air connection from one switch to another.
View 1 Replies
View Related
Jan 12, 2012
I have 2 3550 12G switches that I use as core fiber switches. Switch 1 is the primary for 1/2 the V LANs and Switch 2 is the primary for the others using MST with 2 instances (I am not including the default 0 instance). I am using HSRP to provide redundancy. So far so good.
Recently a tenant in my building would like to use their own switch for data but still needs access to a V LAN on mine for voice. Again not a problem as I can configure a trunk port and give them what they need. My concern is that if they try to configure STP on their switch can they take down mine. Are there some preventions that I can put into place, such as root guard, that work with MST? What happens if they too set up MST can they kill mine?
Switch 1 is the root for 1/2 the v lans and Switch 2 is the backup root. The scenario is flipped for the other 1/2.
View 3 Replies
View Related
Dec 15, 2012
in my LAN the all access layer switchs/stacks are connected directly to core backbone switch (cisco 6509) via sfp fiber-optic, i want to protect my spanning tree setup with the "root guard" command.
1. where would i set this ? on uplink ports on access layer switches ? or on core backbone ports to which the access layer swithes connect to?.
2. can this be set on active (production) ports without downtime?
View 5 Replies
View Related
Sep 29, 2012
I've just set up DHCP Snooping and IP Source Guard on our SG500 series switches. It seems to work quite well, except when a wireless host roams from one AP to another (on a different switch port), all traffic from that host gets blocked.
I can understand why this is occuring, but I don't know what I can do to work around this problem.had success with roaming WiFi machines in conjunction with IP Source Guard?
View 6 Replies
View Related
May 29, 2009
I have scoured your website and the web.I do not have the CD rom that came with my WAP54G wireless access point (misplaced) and now need to configure the WAP54G, but for the life of me, i cannot find the link to download client software to configure it anywhere.Could the network admin please post the link on your website to download it, or could they send me a private email with a link, so that i can download, then install it, so that i can use the wireless access Point?
View 6 Replies
View Related
Mar 24, 2003
Currently it seems as our 3550's doesn't send traps when bpdu-guard sets a port in err-disable state. Or DFM doesnt recognize it.Is there a way to get a DFM alert when a 3550-port gets into err-disable state?
View 2 Replies
View Related
Sep 5, 2011
Watch TV on LCD monitor? To be exact, this monitor:
[code]....
View 2 Replies
View Related
Feb 12, 2012
wat is wrong with my new ps3 160 gig it want at all play videos but i still have full access to going on sites and on top of that i cant get rid of trend micro in the tool bar
View 1 Replies
View Related
Jun 21, 2011
My mother is hearing impaired. Can we get her bluetooth so she can hear the TV without driving everyone else deaf?
View 2 Replies
View Related
Feb 6, 2011
theres something wrong with my computer, Youtube works fine, but videos on facebook, and other websites dont work. Even when i watch live sports streams, it doesnt work. The video takes ages to load, and keeps freezing and lagging. I have tried many websites and none of them work
View 1 Replies
View Related
Nov 29, 2011
l do not know how to download software that will enable me to watch hd movies on my pc.
View 2 Replies
View Related
Jan 23, 2012
I took my tv off of the cable, and am watching the Analog channels. Is there a way I can freely watch like USA HD, and such? Also, I have comcast I was going to watch stuff over the internet is there a way around minus switching to business class from comcast to not count toward bandwith?
View 4 Replies
View Related
Apr 28, 2012
There's a splitter (rca home theatre 5-1000mhz) between the tv and the Mac Whenever both cables are hooked up, the internet always cuts out.The wireless on the ps3 disconnects when the internet upstairs is connected.
View 1 Replies
View Related
Oct 25, 2012
Have a look at the diagram showing my router/modem setup here:I'm not sure the proper terminology or how to say this but I would like Router A to broadcast 1 IP and and Router B to broadcast another.For "business" reasons I need my "normal" IP on router A and for "pleasure" reasons, I want to have different DNS on router b.I'm in canada and I'm using a DNS service to make it appear like I'm from the US.
View 17 Replies
View Related
