Cisco :: Vpn Tunnel Between Draytek 2910 And 800?
Jun 27, 2011
We're trying to establish a "simple" vpn tunnel between a cisco 800 and a draytek 2910, situation:
LAN (192.168.2.0 ) --cisco800 ----- internet ------ draytek ----LAN (192.168.20.0 )
WAN-ports , internet access on both sides are working fine.vpn configuration part cisco:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
[code]....
What can be wrong: other protocol? something with pfs? diffy hellman group: i heart draytek used 1 and cisco 2?debugging on the cisco site keeps on ginving the error message:
entry number 487 : CRYPTO-4-IKMP_BAD_MESSAGE
IKE message from x.x.x.x failed its sanity check or is malformed
timestamp: 4002880
View 5 Replies
ADVERTISEMENT
Jan 10, 2013
I have Cisco 2910 router that have 3 interfaces:
g0/0 - LAN
g0/1 - WAN1
g0/2 - WAN2
I would like to configure port forwarding in such way that connections to both WAN interface on identical ports will be redirected to a single host in a private network. When I issue command: ip nat inside source static tcp 10.10.10.X 8080 interface g0/1 8080 everything is fine, until I add the second command: ip nat inside source static tcp 10.10.10.X 8080 interface g0/2 8080
After that, the first statement is just replaced by the second one, not added to configuration.
View 2 Replies
View Related
Aug 31, 2012
So we recently moved our Comcast demarc to our new server room which resulted in moving the SMC modem from our old server room where it directly connects to the firewall - to a new room where it connects to a 2910 switch, LACP to our L3 switch, LACP to another 2910, then to Sonicwall.
Since the move our internet has been dropping off randomly for about 2-5 minutes then it will come back online. This happens anywhere from 10 to 50 times a day. Sometimes it happens a half hour apart, sometimes it is 15 minutes apart, sometimes it will go 8 hours without issue.
The modem has been replaced, the Comcast line has been "tested."
The modem remains online when we lose internet connectivity - I can connect to it using a laptop on it's lan port and ping out to google.com while an computer connected beyond the switch and sonicwall cannot connect.
I have run a constant ping from a home comptuer to the modem as well as to our sonicwall (both static addresses) and they both seem to go offline when we lose internet connectivity.
Since the issue started, I moved the Sonicwall so that it connects directly to the 2910 that the modem connects to, put it in a vlan with the modem so they only talk to each other and it still results in the same intermittent disconnects. I checked all the port statistics on both ports as well as the event logs, and trunk links and find nothing abnormal.
I take the switch out entirely and plug the modem directly into the firewall like it was prior to the whole move. Works fine.
Traffic is not an issue and the switch in question also connects all my production servers and iSCSI SAN together without issue.
View 19 Replies
View Related
Apr 10, 2011
We use a couple of 2910al ProCurves for our core switching/routing then we have a few 2626 access switches.
Despite allocating adequate ports in our new building, I'm still having a problem with users plugging in shitty little D-Link 5 port hubs at there desk.
I'm guessing I'm going to have to only allow the mac's of approved workstations? Which sounds like a management nightmare.
View 18 Replies
View Related
Mar 26, 2012
I've recently installed a Cisco ASA with a NAT'd configuration, I'm in the final stages and would like to configure a lan to lan VPN to a Draytek box and that unfortunately isn't going well and having spent almost two days on it am starting to wonder if it will actually work. I can get it to connect but no data seems to be transmitted between the two.
Site A on the range 10.0.0.0 has the ASA and Site B is on the 192.168.16.0 and is a Draytek 2930.
Below is the ASA config created with the lan to lan wizard:
route outside 0.0.0.0 0.0.0.0 193.164.x
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00(code)
View 1 Replies
View Related
Jul 13, 2011
I have a cisco 877 router connected to our adsl broadband at our head office. I have managed to set this up with Nat and DHCP all working to let multiple users access the internet through our single static ip supplied by the ISP lets say the ip is 1.2.3.4.Our internal network is 192.168.1.0 255.255. 255. 0.I have a draytek vigor 2600 at a branch office set up the same with a static ip addresss supplied by the ISP lets say the ip is 5.6.7.8.The internal network is 192.168.4.0 255.255.255.0
I am trying to set up a VPN between the head office and branch office so the branch office users can connect to our internal server(lets say ip is 192.168.1.2) to receive group policies,access files and also telnet into our database server(lets say ip is 192.168.1.3).I have attached a sort of running config that i have pieced together from bits i have read on this site and others. I have tried these settings and other permutations of these settings but i cant seem to establish a tunnel even though when i show int tunnel0 on the router it says tunnel is up and line protocol is up, if i show ip route it shows that there is an ip address for the tunnel and that is about it(No vpn light on).
If it makes sense and that I have entered the right information? I have highlighted the parts i am not sure about in red(Quite a bit and obviously not the exact settings but what i think it should be). Once all the settings are correct on the cisco will it automatically establish the vpn or do i have to dial it from the draytek.
View 4 Replies
View Related
Jun 26, 2011
My company is setting up a small branch in Scotland (the main office is in Bristol)All we need one desktop, one laptop, a printer and we will be using a DraytekVgn router, and a small switch.We need VPN to this office to set up an inhouse application.How would I set this up with minimal configuration.......ie...Does BT send a router/modem with the set up..Is there anything inside the router configuration that has to be changed.(I know PPTP etc has to be enabled).Do I use the same vpn external ip address we use for our other 2 branches....Can I change the IP Address of the router from 192.168.1.1........to say 192.168.100.1.
View 6 Replies
View Related
Apr 20, 2011
I have a Cisco 7200 and need to establish L2TP over IPSEC session with a Draytek Fly200. Draytek must use L2TP over IPSEC to provide LAN-to-LAN connectivity. IPSEC phase 1 and 2 is ok, L2TP tunnel is also established, but on cloned virtual-access IPCP negotiation is not completed:
*Sep 16 09:50:36.911: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
L2X_ADJ: Vi3:midchain adj reqd for ip 0.0.0.0, cid 0
*Sep 16 09:50:38.911: Vi3 IPCP: O CONFREQ [REQsent] id 2 len 10
*Sep 16 09:50:38.911: Vi3 IPCP: Address 192.168.176.2 (0x0306C0A8B002)
*Sep 16 09:50:38.911: Vi3 IPCP: Event[Timeout+] State[REQsent to REQsent]
I think my VPDN configuration from Cisco side is not correct, but I cannot find configuration examples for this kind of solution.
View 8 Replies
View Related
Apr 11, 2013
we have bought 2 Draytek 2830 Routers for our 2 businesses that are in different locations. We are looking at setting up a VPN between them and wanted to do it similar to the following:
http:[url].....
The thing the "Dial IN" site has a static IP from the ISP but the "Dial Out" site has a dynamic IP.what the best approach to take with this would be as I guess the link between the routers wouldn't work if the address kept changing?
View 2 Replies
View Related
Sep 18, 2012
Any experience with IP Routing on Draytek routers?We have a 2830 and I'm trying to set it up like the following: [code]
Now a server in VLAN 2 with address x.x.x.77 can ping x.x.x.74, but I can't access any of it's services (Apache, SSH etc) from the internet (testing through my phone and other people).I've removed the IPs from the NAT pool in the WAN settings, setup LAN2 for IP routing and put it into the second VLAN, but apart from that not done much else.
View 3 Replies
View Related
Dec 17, 2011
I have recently changed my Router to a Draytek Vigor 2830N from the standard O2 broadband router. When I swap them out I get no internet access via the main PC that is connected via ethernet. However I can access internet via WLAN on any other device. here are the ipconfig details for before and after swap (same)
View 3 Replies
View Related
Jun 19, 2011
my local site has Cisco 2811 router connecting locally to ASA 5520. Remote site A has Draytek Vigor2950. I have working vpn between local subnet 10.0.0.0/24 and remote site A 10.100.6.0/24. I have remote sites B (10.100.7.0/24) and C (10.100.8.0/24). I would like to route traffic from local site to remote sites B and C via the local-to-remote A vpn. On Draytek routers B and C, I have added to subnet 10.0.0.0/24 to the remote network profile list. On local router, I route traffic for subnets 10.100.7.x and 10.100.8.x to the ASA. On ASA I have added these subnets to the profile for local-to-remoteA vpn.But the vpn will not establish when I attempt to ping from local to remote B or C.
View 5 Replies
View Related
Jul 14, 2011
I am currently using a Draytek 2820 at work and I am needing to port forward port 3333 to two different computers at the same time
View 9 Replies
View Related
Jun 14, 2011
I'm having some rather odd issues with my wireless connectivity. Running a draytek 2830n router. The wireless connection drops out at random sometimes, at other times it connects (shows full reception) but does allow any kind of internet connection. Plugging in by lan cable allows normal function.I have no clue whats going on but I did just notice that shutting down one of the laptops connected to the network (Dell lx502) appears to have solved the problem for the moment. I've not had a chance to test this as a long term solution. However I believe this is the only laptop with a dual band wifi card.This problem was also occurring on our previous router, a draytek 2820vn but the symptoms were a bit different and this laptop was not there at the time.Is it possible for one machine to knock out an entire wireless network? The other change I made yesterday was to activate the bind ip to mac function on the router for our new NAS as I was messing around with ftp configurations.
View 1 Replies
View Related
Apr 19, 2011
I have managed to get the tunnel up and working and we are sending data via the tunnel from our Cisco VPN router to the Draytek and onto the clients server. (they , the client, have acknowledged that they are recieving and sending packets back to us).But, we never see any returning packets at our VPN tunnel endpoint. When we send I see the encrypted packet count go up , but the packet decrypt remains at zero, this is using show crypto ipsec sa | begin x.x.x.x.
We do have other working VPN solutions, but this is the first connecting to a Draytek. The ACL's are matching, and they have NAT turned off. The routing is fine or else the tunnel would not come up as are all the tunnel parameters, else our packets would not arrive at their server.
View 1 Replies
View Related
Jan 9, 2011
i have a 7201 router with NPE-G2. i have a design which i have the option to send all the traffic through a GRE tunnel or a L2TPV3 tunnel.which method is more CPU consumption ?
View 1 Replies
View Related
Sep 23, 2012
I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?
View 4 Replies
View Related
Oct 17, 2012
I am using a Cisco RV110W (Firmware 1.2.09) in a branch and I would like to create a VPN Tunnel to another site that has a Cisco RV042 (firmware v4.2.1.02)
What would be the correct Configuration? the current configuration I am using is
in the RV042 i am using
Check Enable
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address
[Code].....
View 3 Replies
View Related
Jul 24, 2012
Environment :linksys wrt300n v1.1 which can have ddwrt-mega. Willing to tunnel all lan's outbound traffic through an ssh tunnel.
View 2 Replies
View Related
Jan 23, 2012
There are a few situations were I'd like to be able to use the locally configured account on a device but still have ACS in place.I want to complete this WITHOUT adding the locally configured account into ACS.I have tried setting the advanced option under Identity for if an account is not found to "Continue" however this causes the account to be allowed as long as a password is typed (any password, as long as its not blank).
View 2 Replies
View Related
Dec 21, 2010
Is it possible to create a crypto IPSec VPN tunnel between A Cisco c831 and a Pix 501e using a back to back set-up with a cross-over cable?
View 4 Replies
View Related
May 30, 2012
I have my Router, not asa, with IOS Easy VPN Server established. If I use split tunneling my clients can access the net all day long and access hosts and resources over the VPN on the other side of the network as if it were plugged into the lan. The hard part I cant figure out is how to force tunnel. I want all internet access to go through the router and not to split tunnel in addition I want to retain the ability to access local resources as if I were plugged into the LAN. I have security reasons for doing this and I am not worried about a little extra load on the router. Let me know where to start looking. I can provide configs if necessary. If I do be warned I am trying to learn what all this nifty Cisco Config Pro GUI can do so my config is gonna be full of all kind of stuff that is messy. I wont post unless asked.
View 1 Replies
View Related
Jan 16, 2012
Have a lab in which I am trying to configure a VPN tunnel between an ASA5520 (running ASA ver 8.0(2)) and a router (3725 running C3725-ADVENTERPRISEK9-M) - see pic below for topology.
View 8 Replies
View Related
Sep 5, 2012
I have a problem with ip-sec lan to lan tunnel
Location A ASA5505 192.168.100.0/24
Location B ASA5510 192.168.58.0/24
I created a ipsec site to site vpn Also create the nat exempt rule Now i have also a second interface on Location B with subnet 192.168.100.0/24 Now can i access from location a the devices on location b But when i wil connect from location b to location a i get no connection i think that the asa the traffic not send over the ipsec tunnel but it keeps in the asa?
View 2 Replies
View Related
Apr 11, 2011
is there a way in LMS 4.0 to generate a notification when a VPN tunnel drops on an ASA 5500?
View 1 Replies
View Related
Mar 4, 2013
Can i use at one site ASA 5520 and another site Router to configure VTI tunnel with OSPF routing?
View 1 Replies
View Related
Jan 20, 2013
I have a Cisco 819 router and it's the first time I've configured any Cisco product. Starting from scratch, I have managed to get 3G working and the VPN to connect but so far no packets can route down the VPN tunnel (the other side is openswan/shorewall on CentOS5).I've been pawing over lots of guides and forum discussions but seem to be a bit lost. I suspect I'm missing some access-list definitions but don't really know how to go about it. I want the network behind the Cisco 819 (10.x.x.0/20) to be able to access the internet through the interface Cellular 0 but also the VPN remote network (192.y.y.0/24)When I ping from the other (non-cisco) end I see on the Cisco 819.
View 9 Replies
View Related
May 11, 2011
i got a person who connect with vpn on a adsl connection to the corporate network.this person is using cisco ip phone on his remote location and i did configure the ASA 5505 to priorize voice over data.i still get voice skips when the remote pc is uploading data to the corporate network...what i've done is :
1.with asdm i did create 2 priority queues one for inside (queue limit 2048 trans ring limit 512) and outside (queue limit 2048 trans limit 256)
2. with the service policy wizard i did create a global service policy (all interface) and a traffic class for dscp 46 ef and on qos tab i did check the "enable priority for this flow"...
3. When using the phone, i clearly see that packets are growing on the LLQ queue (show priority-queue statistics)
4. i still get voice skips when uploading data to the corporate network... upload bandwidth is about 800k for upload the pc and the phone is on the same subnet
View 2 Replies
View Related
Mar 28, 2012
i have one interesting problem with local PBR on 2921 router. Here is the case,On HQ site there is 2921 router with two directly connected ISP, and there is Branch which is connected to only one ISP. The configuration should be to connect HQ router to Branch router with two VTI tunnels, so that each tunnel on HQ site should be terminated on different ISP, and EIGRP will be monitoring each VTI status.The problem is on HQ site, there is only one way to specify router with LOCAL PBR configuration, so router should send on ISP1 terminated tunnel traffic to ISP1, and on ISP2 interface terminated tunnel traffic to ISP2.
As I know this configuratino should work, but I could't make it work on c2900-universalk9-mz.SPA.151-4.M4.bin IOS, and on c2900-universalk9-mz.SPA.152-2.T1.bin.
Here is simple config:
ISP1 ip is 1.1.1.1
ISP2 ip is 2.2.2.2
3.3.3.3 is Branch ip address.
!
ip vrf BRANCH
[code]....
when I configure one default static route, it starts workig, but both tunnels go with specified ISP, and also there is no vrf problem,when there is no any vrf config it also don't work. gre tunnels also dont work.
View 4 Replies
View Related
Nov 15, 2011
Currently I have users that connect with the Cisco VPN client to our PIX 515e. Our corporate network is also directly connected to our partners network, sharing common address space. I want to be able allow our VPN users to connect to certain resources on their network. Since they already have routing for our address space, can I allow the VPN to only NAT traffic to certain destination addresses with a local IP address on our network? That way the partner's network does not have to change any routing since they would see the source address as a local IP on our network.
View 1 Replies
View Related
Oct 19, 2011
- Ipsec tunnell between two 881's
- An Aruba access point trying to set up a tunnell back to controller through the ipsec tunnell, on udp 4500
- Even though traffic shouldn't be NAT'ed (and other traffic is not), udp 4500 is NAT'ed
I guess this might be default behaviour, thing is that it used to work when it was set up as a route based easy vpn.
View 1 Replies
View Related
Jun 5, 2011
I finally got the VPN tunnel between 2 asa 5505's up and running, but I have some error codes on the initiator side that I can not figure out. [code]I have looked at the Crypto transforms on both sides, and they match just fine as far has the DH ID code, Group Number and the encryption. The remote side however, does not have any of there errors.
Is this something that I have skipped over, or missed that I should be looking for? The IP address that is listed above is not in my static addresses, not sure where theose are coming from. I believe that they are outside public IP's.
View 3 Replies
View Related
Feb 7, 2013
We're setting up a site to site VPN with a customer. Our side is a Cisco sa520 and there side is a Checkpoint. The tunnel is up, we've verified phase 1 and 2 are good. The issue is passing traffic across the tunnel, our LAN ip address are private addresses 10.10.1.0/24 but the customer states that we need to have a public IP address for our LAN in order to access there server on there LAN. So looking through all the forums, I see that you can NAT before crossing the VPN tunnel, but our issue is that our site only has 6 IP addresses assigned to it and those are the Comcast router, the WAN side of the SA520 firewall.
So we were wondering was there a way that we can either use the WAN interface on the SA520 or use another available of the 6 that were assigned to NAT and pass traffic across the tunnel. Sounds confusing? sorry but it is, rarely do I have a customer say I have to have a public IP for my side of the LAN. Now I also say this is a SA520 firewall, but if it's not possible to do with that is there a way were could with an ASA5505?
View 5 Replies
View Related
