2504 contrller with 1042N ap's. NPS and group policy (for computers) is setup. Certificates are setup.Logging on as a domain user I can connect to the wireless network but am only getting Internet access. I can not access any domain resources.DHCP is handled by a domain controller. I can ping servers and printers, but cannot access them. Can't map a drive, add a printer or access services on the network.
View 1 RepliesI have a WLC 2504(code 7.0.235) installed and two AP 3502 (local mode). RADIUS Server is a IAS runnning on my AD server.
I had a domestic AP before Cisco solution, using the same RADIUS server and everything was ok. After migration Windows 7 domain clients and Apple devices connects without issue. However when I try to connect non-domain windows 7 clients into wireless network (802.1X) and got failure. Apple devices out of domain can connect, certificate pop-up appears and connection flows.
I check certificates and everything looks ok for me. I remove a windows 7 client from domain and test it too, an got the same error. Certificate are install on windows 7 clients.
Could Cisco controller interfering in this authentication process ?
I have a Cisco 881 and I want to use Easy VPN.
-VLAN 1: 192.168.4.0
-WAN: 10.0.0.0
-VPN: 192.168.8.0
VPN connects and I get an IP of 192.168.8.100 from my pool. I can ping my cisco at VLAN1 (192.168.4.1), but I cannot access my local resources. I guess I miss a NAT configuration.
The Linksys is connected to a cable modem and a Dell Vostro system, the Netgear is connected via Cat 5 to the Linksys and the Linksys is the DHCP provider to the Netgear.The Vostro shares hard drives, folders and printers to the networkBoth have wireless and wired users.They are each DHCP providers to their users.How must I configure each to provide users on both routers access to all network resources
View 2 Replies View RelatedI've set up a VPN using a fortigate 50b wifi and forticlient ipsec VPN. when I log into my office from home, I cant see anything on my network at all. I can however remote desktop into other PC's and can access stuff that way. I was under the assumption that ... one a VPN connection is made in the LAN you should be able to see other pcs and servers in the workgroup. Is this not the case or do i need to configure something?
View 2 Replies View RelatedI have an RV042 with the PPTP server configured, which is working because I can connect with my iPad and droid phones, however, I'm unable to access resources on the RV042 side (192.168.1.X) when my local network is the same ip scheme (192.168.1.x). It works fine when I'm on a different network like 3G or someone else's Wifi network (192.168.11.X).
View 1 Replies View RelatedI have 3 networks coming from the DMZ (VPN) and only one works:10.132.24.0/24 Not working10.132.25.0/24 Not working10.132.26.0/24 Working The thing is, the one that works is on the same network as the DMZ(VPN) interface. The other two do authenticate and they get an IP from the VPN Pool. but they just cant access anything.
View 11 Replies View RelatedI am connected with qvpn, I can log in to the router bios remotely, but when I try to map the network drive from my remote location it does not work.I can detect the machine on the network, but it will not go further and tells me that "said IP was found but could not locate G". Does this mean it is behind a firewall on server side and that I need to create a rule to allow the incoming traffic? Or could it be something else.
View 1 Replies View RelatedI'm working on setting up a couple of new WAN sites with 256K frame relay circuits back to our main building. Each new site has a new PVC, and both are pointing back to a PVC on a T1 at the main building. The main site has a 2801 with a single CSU/DSU WIC, and each new site has a 1841 with a 3560 connected to fa0/1. At both sites, I'm able to get the circuit up, and the serial interfaces at both new sites show up/up, and the subinterfaces at the main site also show up/up for both sites. Routing is being done by EIGRP, and both sites are able to establish the 2801 as an EIGRP neighbor, and I'm able to ping/tracert anywhere on our network by name or IP, so routing and DNS appear to be working. I can also ping both new routers from the main site. However, that's about all I can do. I'm not able to access any resources on our network (email/shares/internet/intranet/etc) from the two new sites. I can ping the new routers/switches from the main site, but can't ssh to them. I can ssh to them locally. There are no firewalls in the equation, and I don't think there are any ACL's in the picture either.
Can ping and tracert just fine anywhere on our network (from both the 1841, a PC plugged into the 3560, or a PC plugged directly into the fa0/1 port on the 1841), including out to the internet, by name or ip.Can ssh to local router, but not to anything that isn't localDNS is workingDHCP not working using ip helper pointing to DHCP scope on server at main site, have to use static IPCan't rdp to anythingCan't get emailCan't browse windows sharesCan't get to any websites, external or intranet. IE says "Website found, waiting for reply..." but eventually times out.
I did some testing for communication over certain port numbers using telnet and nmap, and found the following:
Can telnet to url.. and local intranet webserver on port 80 (http)Can telnet to two of our Exchange Servers on port 25 (SMTP)If I run an nmap scan on url...com, or our intranet webserver, it confirms that 80 and 443 are open, but the pages will not load. I am able to telnet (port 23) to a state mainframe via the internet that some of our employees use, and I do get the expected login screen. I tried erasing the config one of the new routers, and just added back the bare minimum config to get the circuits up (serial/ethernet interface configs, eigrp), but saw the same symptoms.
One other thing to note: the 2801 at the main site has three other frame relay sites connected to it on the same WIC as the new sites, all of which are working fine.
I just don't understand why I can ping everywhere I need to be able to ping, and port scans show that communication is open over needed ports, but the applications don't work.
I am having an issue with my Cisco VPN Client. I am new to VPN setup, so this is probably something easy I am missing. I have a 2611XM router acting as my internet gateway for my local lan, and my VPN Server. I am doing all my testing from a company laptop with a mobile broadband card. The VPN will connect, but anytime I ping anything within the inside network, it comes back with the public IP of the outside interface. I have NAT overload configured so everything on the inside network can access the internet, which it looks like might be causing my problem.
When i remove the nat overload on my fa0/1 interface, the vpn will connect to any resource on the inside.
I have two places that I work out of. One is in Romania and one in Bulgaria. In Romania, I have a small office/home network set up. It has at least 8 computers (including the three that I have with me currently - some wireless and some towers) and a couple of android phones and Ipods. I have no trouble accessing any of the computers shared folders or them accessing mine. There are a varity of operating systems used there from XP, Windows 7 and Mac.Everything works great. All the computers can access each other shared resources. All the computers are set to get IP automatically from my DLink DIR - 600 router. I have brought my three computers to Bulgaria (tower and two laptops). They are all set the same- no changes in settings. However, in Bulgaria, All three computers CAN access the internet but NOT each other.
[code]...
I know this *should* be simple but having a devil of a time getting it to work.
I have 2 routers. Both have a static ip. Each is setup for a different private subnet. At the moment they are not connected to each other. Consider this setup (made up numbers obviously):
RV016
has 13 lan ports, 2 internet ports, 1 dmz port
Internet port: 10.10.10.10
[Code].....
I'd like clients on the rv082 lan to be able to access the printer on the rv016 lan, and use the rv016 as an alternate internet connection (optional). I would prefer the rv016 client not be able to access the rv082.
I want to use Cisco VPN Client to VPN to my SA520 to manage a UC320W. I can establish a VPN connection to the SA and ping both the SA and a switch that I have on the network, but I cannot ping my UC. I've set up firewall rules to allow ANY-ANY access from LAN-WAN, and a WAN-LAN rule to allow a certain range of IP addresses (the IP addresses assigned from the VPN DHCP pool, in this case, 192.168.12.x) access to the UC.
My SA IP address is 192.168.75.1 and my UC is 192.168.75.2 (I can ping both when I am directly connected to a LAN port on either equipment).
I managed to set up an ipsec vpn between the RV 120W (responder) and Shrewsoft vpn client.The virtual ip and dns for the client pc are manually set. The tunnel is enabled, but I see no traffic between the local and the remote LAN.I can't ping or reach any pc behind the router.Using the command ipconfig /all on the client pc, I see that no gateway is assigned to the virtual vpn interface.So it seems that the RV 102W is unable to pass to the client the address of the default gateway for the lan, and I think this is why I can't access any resource.
View 4 Replies View RelatedSince we upgraded our ASA from 8.3 to 8.4(4), VPN users cannot access resources. This worked fine until the appliances were upgraded. We get the message:
[code]....
I have an RV042 with the PPTP server configured, which is working because I can connect with my iPad and droid phones, however, I'm unable to access resources on the RV042 side (192.168.1.X) when my local network is the same ip scheme (192.168.1.x). It works fine when I'm on a different network like 3G or someone else's Wifi network (192.168.11.X).
View 1 Replies View RelatedI have setup a VPN connection on a 891 router. I can connect to the VP both but am unable to ping or access any resources on the remote network.
Here is my running configuration:
[code]...
I have easy vpn on my PIX 515e and working normally everywhere, except when my users go FRANCE, the vpn client connect, but, can't ping or access any inside network resources. when same user try any where here in EGYPT, it works normally.
View 2 Replies View RelatedI have a couple of users who randomly can't get access to any resources. The port they connect to doesn't have port security, the have an IP phone and PC. IP phone is fine since it's always on the same port. There PC get's an IP from DHCP (DHCP is on a windows server) but they can't ping any devices nor can I ping the PC from the switch. I checked if there were any mac access filters applied on the switch (and there aren't any). The log doesn't show any events on the ports in question so I don't know if the switch is going or there is a config issue some. Doesn't happen to all users, just 1 or 2.v
View 11 Replies View RelatedI have VPDN running on our Cisco 1921 router running 15.2(1)T. Previously I was using Cisco 2801 router running 12.4(24)T4. I copied the config from the 2801 to the new 1921 router before replacing the router but now the VPDN isn't working.
Basically the users can connect and authenticate to the VPDN, but once they get the IP 192.168.12.10-20 IP, they can't access the internal servers (i.e. 192.168.12.120).
Is there any bug in the 15.2(1)T relating to VPDN?
Here's the VPDN section of the config:
vpdn-group TESTVPDN
! Default PPTP VPDN group
accept-dialin
[Code].....
I have recently deployed a Cisco ASA 5510 Security plus firewall on my companies network, but there is a problem that I am finding hard to get by and I think it is ASA related.
From (inside we are not able to hit any of our sites that are on the (outside). I have nat policies in place to translate the public to private, but I think I that I need some thing more. This seems to be occuring mainly with our external web sites as well as another animoly with regards to FTP (but it may be fixed if the http issue is resolved.)
I was hoping some with a lot more knowledge on ASA firewalls than my self can spot the error in my run-cfgs.
[code]....
So here is my issue. I have two sites, each with a Linksys RV042 on thier site.
Site 1:
External: 142.142.142.142
Internal: 192.168.25.0/24
Site 2:
External: 143.143.143.143
Internal: 192.168.26.0/24
We have setup a site-to-site VPN between these sites, and all traffic is running back and forth without isse.
At Site 1 we have configured the Client VPN for use with the QuickVPN software. Again, for site 1, this is not an issue. We are able to access all internal resources at Site 1 without issue (expect for some DNS related problems).
The problem that we have is attempting to access Site 2 resources via the QuickVPN connection at Site 1. Even though they are not suppose to exist, we are able to ping 192.168.26.1-6 (which are ghost addresses likely created by the RV042's) but no actual systems on at Site 2.
I have added the Client VPN connection at Site 2, but it has the same problem accessing resources at Site 1.
We have a two separate businesses in the same building who will both need access to shared resources and the same internet connection. They will need to remain on separate subnets and cannot communicate directly to each other. The current switch is a Cisco ESW-520-48P and we are looking at purchasing an SG-300-20P for the new business moving in. Heres how we envisage setting it up:
ESW-520 will host Company A's network. Workstations, servers etcSG-300 will have two VLANS. VLAN1 will host all Company B's network. Workstations, servers etc. VLAN2 will host the shared resources such as printers. The internet gateway is a UNIX based system with 3 NICS. 2 NICS are taken up by ADSL connections while the other NIC is the LAN, which would connect to VLAN2 on the SG-300. We would like to define which ADSL connection to route through depending on which subnet traffic is originating. The ESW-520 will need access to the shared resources and internet gateway on VLAN2 on the SG-300.
I have a Cisco 881 setup with the following VPN config.
[code]...
The client is able to connect just fine to the network via VPN, but I am unable to gain access to any of the local resources. I know 192.168.1.1 has SSH running and 192.168.1.50 has telnet running but if I try to connect to either using the correct program they just timeout. I am really at a loss on why the vpn connection connects but I can not gain access to any of the resources on the VPN network.
After I change my router, I recently found out that I cannot access remote network resources after VPN tunnel is established. I use CISCO System VPN client. I can see the connection is successful. I cannot ping server on the remote network
View 2 Replies View RelatedI’m configuring a L2TP IPSEC VPN on a 5505 asa so that windows 7 clients can natively connect. It connects correctly during Phase 1 and 2, but I can’t ping anything or access resources on the internal network. This is my first time working with an ASA.
Master# sh run
: Saved
:
ASA Version 8.2(2)
!
hostname Master
domain-name service.local
[code]....
I want a simple remote client-initiated VPN for employees to access corporate resources from home simultaneously with being able to access the internet. I am using CCP and seem to have several options including Easy VPN server, SSL VPN. I also can choose "Full Tunnel" or not.I have a 2911 router. I have a static range of internet IP addresses. The router is already functioning with inside to outside and outside to inside NAT, etc.
View 1 Replies View RelatedWe have a several cisco 4400 wireless controllers and a cisco WLC. All clients autheticate to an AAA server. Acces points are cisco LWAP 1242. Security is PEAP TKIP ms-chap. Machine and user authetication. Settings are pushed out through grou policy. A new user can log on to a laptop (without cached credetials) and get all their network settings....most of the time. Randomly we have laptops that after being restarted, recieve "yourdomain.com is not availalbe" error message. The laptops will work fine for weeks and then random laptops start to get this error. If we wire them into the network, run a gpupdate, they logon fine. Shutdown, unplug, and the wireless works fine again.. I am not sure if this is an ms group policy issue or a wireless issue. Any setting change or a gp setting that I may have missed??
Clients are mostly windows 7 some XP Domain Windows 2008r2
ACS 4.2
Group policy settings - wifi config settings enabled and configured correctly Always wait for network enabled.allow fast reconnect disabled (was recommended by a cisco tech) Disabled computer passwords for domain about 2 months ago to see if the computers reseting their passwords were an issue.
I have 2 APs, Cisco Aironet 1040, and 2504 WLC.Is it possible to configure guest access (Guest SSID/VLAN and Corporative SSID/VLAN) without dedicated guest WLC in DMZ?
View 4 Replies View Relatedi have stand alone cisco 1130g ap ,and wlc 2504. wlc 2504 support this ap or not ?
View 3 Replies View RelatedWe have purchased Cisco 2504 Wireless Controller (One) and Ciscon 1042 Access Points (Five). At present I am going to use 3 access points only.I have attached a simple diagram of our office network. We have more than 30 VLANs configured in Core Switch, we are planning to give wifi access to only 3 VLANs.
1. VLAN 121 ( IP Segment - 10.52.121.0 /24)
2. VLAN 116 ( IP Segment - 10.52.116.0 /24)
3. VLAN 100 ( IP Segment - 192.168.100.0 /24) (Guest)
I would like to use LDAP or ACS for authentication purpose.
I have setup guest access on the controller and this is not working at the moment. DHCP server setup on the controller for the Guest users. You are able to connect (get ip address from controller) and the browser gets redirected to 1.1.1.1 but then page can not be displayed instead of the login page.
View 10 Replies View RelatedWe have cisco 2504 controller and 1200 series access point.These are in India and country code is IN.When access point joins the controller , then in wireless>advanced , i see the two country code is already configured these are Sri Lnaka(LK) and Singpore (SG).I have disabled the radios and changed the country code to IN but after doing that Access point is not joining the controller and giving the duplicate error.
Then i have again set the country code to IN,LK and SG.I am able to see the LK and SG but In is not showing in drop down list.
Operationally everything is working fine.