VPN Routing To Branch Office?

Apr 11, 2012

I am trying to set our VPN connection to route to our branch office from a VPN Client. So far I did not succeed and at this point I am stuck.At our office we have a VPN Server which enables VPN Clients to connect to our main office with an IP Range of 192.168.104.0 with subnet 255.255.248.0 and a branch office with a IP Range of 192.168.25.0 and a subnet 255.255.255.0Internally on the LAN the routing is done by our firewall, which acts as DHCP and Default gateway. It connects the 2 LANs by a leased line.When I ping an IP address in our branch office from our main office I get a reply.

Now when a VPN client connects it gets a IP Address in the range of the main office from our firewall and the client can connect to all computers in the main office network. However if i try to connect to a computer in the branch office it does not work.I tried a static route in the Routing and remote access Server (which is Windows Server 2003 R2) and I tried adding a static route to the DHCP settings on the firewall. In both cases it does not connect from the VPN Client to the branch office.Searching the internet, since the examples are all based on a setup with a RAS Server on both networks. The LANs are already "integrated"/"physicly connected" trough the routing on our firewall and its leased line.

I also tried settings on the VPN Clients machine. Settings like "Use gateway in remote network" on or off and tried adding static routes. This did not work, since the Default gateway I must use is not on the same range as the home network and returned an error trying that.What I noticed is that the VPN Client gets a route which uses the VPN CLient IP as default gateway. Makign a static route like that will work (I think), but since the IP addresses for the VPN clients are obtained through DHCP and can vary each time, there is no way (i think) to automate adding a route with, for example, a batchfile that I could give to the employees connecting trough VPN because of the variable IP.

View 10 Replies


ADVERTISEMENT

Cisco :: Branch Office Setup With ASA 5505

Apr 23, 2013

I have a problem with a branch office setup, and I can't for the life of me think of what the problem is.I have a remote office setup, using an ASA 5505 that is set up to establish an easy vpn connection to the central network.  The connection at the branch office is a 20/5 cable modem, the central network has a 25/25 fiber connection.
 
The issue I have is this.  Wired clients work fine at this branch office, at least 95% of the time.  I have a lightweight AP there that can come up and join the controllers at the central network, no problem.  I haven't done anything with H-REAP because there are really no resources locally they need that would allow them to do their work, so all traffic is tunneled back to the WLC.
 
Wireless clients can authenticate to the AP, and I can get 15-20ms ping responses from them all day.  Latency never comes close to the 600ms proposed limit with CAPWAP.  Yet, for some reason the performance of the clients is problematic.  Webpages will frequently not load correctly, they experience some freezing, and with one application we use - it refuses to load completely.If we bring these same computers to an AP connected to our central network, on the same SSID, they work flawlessly.
 
Something about this particular location is causing a lot of grief for our users.For what it's worth, we are running WCS 7.0.230.0 and the WLCs are on 7.0.116.0.  The ASA is running a pretty basic configuration, pretty much out of the box with the easy vpn configuration entered.

View 7 Replies View Related

Cisco VPN :: VPN To ASA With Dynamic IP In Branch Office With 5505

May 22, 2012

I'd like to connect through a VPN the HQ office to a Branch using two ASAs.I have a 5520 in the HQ and 5505 in the Branch Office.My problem is in the Branch office where I have a dynamic IP (ADSL).
 
I couldn't find a example this kind of configuration.

View 7 Replies View Related

Cisco WAN :: ASA 5520 / Implement Failover For Branch Office Connectivity?

Aug 1, 2012

We have AT&T Managed MPLS service are our datacenter and our branch office locations.  AT&T has provided the routers and simply give us an ethernet connection.  We also have ethernet connectivity to the internet through our datacenter...with our network being protected by an ASA 5520.Each branch location has a 29xx series router (voice gateway) and switching gear attached to their AT&T MPLS router.  Some of our branches also have 3rd party cable internet service with an ASA 5505 to protect it from the internet. What I'd like to do is better utilize this cable modem/ASA5505 setup.  Right now, if there were an outage, I would be connecting manually to the remote location to change static routes to point to the cable link and to configure a VPN tunnel between the remote and our DC.

View 2 Replies View Related

Cisco VPN :: Setting Up WRVS4400n For Branch Office VPN With Watch-guard?

Jun 29, 2011

I've followed Watchguard's instructions for configuring a Branch Office VPN connection, and I'm unable to connect. I have configured the Watchguard gateway to accept remote-to-local connections and put in the Watchguard's public IP address as the local connection, and the WRVS4400n's public IP as remote.The Linksys has the local VPN group configured as 192.168.0.0./24 and the remote gateway as the Watchguard's public IP Address.When I connect it remains "down" and I"m receiving errors saying it could not authenticate.  I have the passphrase the same on both sides with 3DES and SHA1 configured.Does the WRVS4400n support this type of VPN configuration or am I wasting effort?

View 1 Replies View Related

Cisco WAN :: 7204 / Moving T1 Branch Office To Metro Ethernet?

Jan 31, 2012

I am preparing to move two branch offices from a point to point T1 connection to Century Link Metro Ethernet.Currently my branch locations connect to my HQ 7204 router via a channelized DS3. I have a 4507R at HQ that I will connect the ME circuit to.We will also be moving our Internet connection on the ME circuit.Our service provider Clink will hand me a single Ethernet handoff for the Internet and branch office connections. For the first phase I will connect one branch office using ME. Once that is in place and tested we will move another office and so on. Then our final step is to move our web connection to the ME circuit.Each branch office has their own unique voice and data subnet. They each have a 2801 router and a 3560 switch. The routers are MGCP gateways with only one PSTN connection, a POTs 911 line on a FXO port.
 
So my questions are;

1 - Should I connect the ME directly in to the 3560 at the branch offices or use the Fa0/1 on the 2801? Fa0/0 is currently connected to the 3560.
 
2 - On my 4507R at HQ how will I configure the ME switch port? As a dot1q trunk port?
 
3 - Given that ME is basically a LAN connection will I have to re IP the branch office? HQ is 10.10.1.x/24. Branch is 10.10.166.x/24 (data) 192.168.166.x/24 (voice).
 
4 - On the 4507R will I need to configure a vlan interface for each branch subnet?
  
I attached two network diagrams. One represents our current topology (MEexisting) and the second represents the new ME circuit changes (MEprojected).

View 5 Replies View Related

Cisco VPN :: 1841 / 881 - Setup A VPN To Connect To HO From Branch Office Through Router?

Jan 26, 2013

I have got two 1841 and one 881 cisco router. I can keep any one of this router at HO and remaining at branch office.  I have got a static internet IP at HO but dynamic IP at branch office. I want to setup a VPN to connect to HO from branch office through router. The branch connects through a private IP for internet purpose. Which VPN is the most secure and best for this purpose.

View 1 Replies View Related

Cisco LAN :: 3550 Simulating Small Branch Office In Lab Network

Jun 6, 2012

I have to setup what seems to be a very basic configuration, but it doesn't work. In our lab there is a cluster of switches with a 3550 that does all the routing for vlans. I need to simulate a sort of a small branch office that has one connection to the outside world (the lab network). [code] From the router I can ping any host on vlan 230 and other vlans,I can also ping the pc connected to e0/1.However from the PC I can only ping 192.168.1.1(e0/1) and 172.26.230.150 (e0/0) [code]

View 3 Replies View Related

Linksys Wired Router :: RVS4000 Create IPSec VPN Between Main And Branch Office

Aug 2, 2011

We have used two Cisco RVS4000 to create the IPSec VPN between the main office and the branch office. The main office has SBS 2008. There is a Windows Server 2008 as the domain controller in the branch office. One branch office user has a laptop which is not in the domain, but his exchange account is set up in the Outlook. When he connects the laptop to the branch office network, he cannot connect to the exchange server and get the emails. Is there any configuration to set up in the router, server or Outlook?

View 1 Replies View Related

Cisco WAN :: 2960 / 4507 L3 / Main Office Connect To Branch On Outdoor Wireless

May 18, 2012

I have been told to connect our branch offices over outdoor point-to-point wireless CPE. The wireless brand is Orthogon. The Main office got cisco 4507 L3 switch where all building switches terminate. DHCP,DNS and all application are hosted in main office.  The branch office got ONE 24 port POE Switch cisco 2960 where all users will be connected, On Port 0/24 of 2960 switch at branch will terminate the outdoor Wireless and other end will be terminated on 4/15 of 4507 at main office? what command I need at both interface where Wireless is terminated.when we connect floor switches to 4507 we got these commands on access switches

vtp mode client
vtp version 2
vtp password cisco1
vtp domain LIC
 
Fiber termination port configuration - switchport mode trunk

View 3 Replies View Related

Cisco VPN :: 5505 / 5510 - Accessing Branch Offices Connected To Main Office Via L2L VPN?

Dec 17, 2012

I am trying to configure access to several remote offices for users who VPN into our main datacenter.  The datacenter has a 5520, and the branches are connected through IPSec L2L VPNs.  Branches all have 5505 or 5510's.  Remote users use IPSec via the Cisco remote Client.  Remote access into our data center works, and the L2L VPNs are perfect...just now that i need remote users to access the branches after Remote access VPNing (for support) i cant get that part to work.

View 2 Replies View Related

Cisco WAN :: 2811 / Options To Secure Branch Office Connection To HQ Over Provider MPLS Cloud?

Sep 7, 2011

What are my best options to secure branch office connection to HQ over Provider MPLS cloud. Our existing Setup

<<HeadQuarter>> :: DataCenter hosting Email, ERP, Intranet, Voice Services 10mb link to Service Provider over MPLS CloudMPLS is terminated on a 3825 Router running advance Services 

<<BrancOffice>>::Total 10 In Country Branch Offices2mb Link to Service Provider over MPLS CloudTotal users in each branch : 20 MPLS is terminated on a 2811 Router running advance Services  

View 1 Replies View Related

Cisco VPN :: 5510 Site-to-Site VPN Internet Access From Branch Office For Group

Mar 6, 2013

Our Headquarter (asa 5510) is running a site to site vpn connection with a Branch office (router 2811). All remote users are accesing the internet through the VPN and also accesing headquarter file servers.I want to know if there is a way for some remote users to be able to use the vpn for accesing the file servers but to access the internet through the branch office.  The rest of the remote users will be still accessing the internet through VPN.

View 2 Replies View Related

Cisco WAN :: 5510 Two Router Branch Routing Design With T1 MPLS And ADSL

Feb 29, 2012

I'm looking for Routing Design scenarios to complete our configuration needs for remote branches.  We will have two 1921 routers in each location, one with a T1 from our MPLS carrier, the other with a DSL connection from an ISP.  The T1 router will have an assigned AS and use BGP to router back to head quarters.  The DSL router will have an IPSec tunnel back to an ASA 5510 at head quarters. I envisions a GRE tunnel from the DSL router back to head end routers connecting to MPLS at head quarters.  Not sure yet how to manipuate the routing between head quarters and the branches such that the T1 router is the primary route to and from the branches and the DSL router is for failover/backup. 

View 1 Replies View Related

Cisco Switching/Routing :: Q931 / ISDN BRI Branch Connecting To ISDN E1 At Central Site?

Jun 6, 2012

I have senario where 15 branches via bri connection to central ISDN E1 Pri Head office.The setup is working before and suddenly branches not able to dial head office.Below is the debug q931  logs from branch router  and i am  getting continous "channel not avalible message on Head office 
 
Branch router logs
*********************************************************************************************
hmc#isdn test call interface bri 0/0/0 44492999
hmc#
007049: Jun  6 14:41:39.497 gmt: ISDN BR0/0/0 **ERROR**: handle_l2d_srq_mail: Layer 1 inactive
007050: Jun  6 14:41:39.721 gmt: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0/0, TEI 78 changed to up
007051: Jun  6 14:41:39.721 gmt: ISDN BR0/0/0 Q931: Sending SETUP  callref = 0x002E callID = 0x84BC switch = basic-net3 interface = User
007052: Jun  6 14:41:39.721 gmt: ISDN BR0/0/0 Q931: TX -> SETUP pd = 8  callref = 0x2E

[code].....

View 1 Replies View Related

Cisco Switching/Routing :: How To Configure The 887 In Small Home Office

Apr 6, 2012

i have a cisco router 887 which i am trying to configure. but however, do i really need to use the SDM utility or i can do it through CLI?i need to replace my current router in my small home office.

View 3 Replies View Related

How To Connect Two Branch Network

Apr 6, 2011

Win Xp ip is 192.168.0.41 one system & wix xp ip is 192.168.1.100 how can i connect to network

View 2 Replies View Related

Cisco Switching/Routing :: 2960 Files Copy Crossing Office LAN Is Super Slow

Apr 16, 2012

Two computers (XP and Win7) connected on office LAN, cisco 2960, not same switches, but all in the same rack, and link togeter, same IP subnet, tried to copy some kind of 26G files from one to another, using Windows share folders, and it showed need 23 hours to finish the copying.It's not the first time, actually we always experienced very slow speed when copying files on Windows share folders.  Did not see any particualler message on the switch.  ports are all full/100m. 

View 9 Replies View Related

Cisco VPN :: ASA 5510 / Two Branch Communication?

Nov 10, 2011

I have an ASA 5510 configured with two L2L VPNs from the headquarter to two different branches.I m using the ASA “outside” interface which is connected to the internet in order to establish and configure the 2 VPN connections.  Branch 1 could communicate with branch 2 through the ASA?

View 1 Replies View Related

Cisco WAN :: Branch 867vae-k9 Atm Output Stuck

Mar 14, 2013

we installed two weeks ago a 867VAE-K9 as a border router for a medical practice.It's got two vlan interfaces for inter-vlan routing, only one Gi interface up in trunk mode to the core switch and the ATM for ADSL2+ connection to the local ISP. A cisco wap is on the secon vlan for the patients. There is a voip pbx on a linux machine that registers 5 trunks to an external provider (only one trunk is used right now, and it works fine).(Almost) everything works fine :-) Sometimes (it can be hours or days) the routing to the internet stops. The meds can still use the LAN accessing everything in it with no lag, and the patients can access the isolated SSID on a Cisco wap on the second vlan. They simply cannot surf the internet.
 
- DNS and local routing is fine
- the router is reachable through the Gi interface
- they can send and receive traffic to and from the 867 vlans' IPs
- the ATM, dialer 0 and virtual access are up, line protocol up
- the dialer has got the IP address negotiated from the ISP
- default route is negotiated through ipcp
- the controller vdsl 0 is in showtime! state
- from the outside we can ping the PPP peer, but not the IP of dialer 0
 
The only thing is the queue counter of ATM which shows drops and total output drops. Attenuation is fine, noise margin not so well. The point is that outside traffic to the internet is at low levels and the routing almost always stopped when no one was using the internet (i.e. out of office hours). It already happened 7 times in 16 days. The problem obviously is that voice traffic is impaired by the stuck router, and no med there is able to ssh into the router and re-activate the atm 0 with a shut/no shut.
 
It is not necessary to reload. A fast shut/no shut of the atm0 (no wait between the commands) will make it running again.We're activating the smarnet for this router to update dsl fw and ios image, but I thought I could post here before that.[code] As a brutal workaround till the update/fix, I was thinking about monitoring the reachability of some external systems and use snmp from the lan to shutdown/no shutdown the atm (though I don't even know if that would be possible from snmp on this router).

View 1 Replies View Related

Cisco VPN :: 1841 - Connections In Between HO And Branch Locations

Oct 15, 2011

I have VPN connections in between my HO and branch locations. I am using ASA in HO and 1841 branch locations. One of the location is keep on disconnecting, why this is happening as i can see the configurations are identical to other locations.In 'sh crypto isakmp sa' output i can see multiple entries for this particular location, one with type 'L2L' and others with type 'user'.

View 2 Replies View Related

Wireless :: Set Up Inter-Branch File Sharing Through DSL Connection

Nov 2, 2011

I have a branch about 2KM far from Main Branch i want to share my database with another branch which device should i use. I have 1MB DSL internet through phone line.

View 1 Replies View Related

Cisco VPN :: 5510 Unable To Ping Any Off Private IPs At HQ From New Branch

Jun 25, 2012

We have had a successful site to site vpn working for several months now. It is an ASA 5510 at HQ to a ASA 5505 at a branch office in another state. We just added a second site to site vpn in another state this time from HQ to a Sonicwall TZ100. After plugging in the Sonicwall to the Qwest modem in bridge mode the tunnel came right up. I was unable to to ping any off the private IPs at HQ from the new branch, but was able to use remote desktop into the servers and workstations at HQ. Also all the computers show up when browsing the network from the new branch.
 
At the first branch we are able to ping both ways and use remote desktop both ways.When using packet tracer in ASDM on the HQ ASA and pinging from one of the IPs in the HQ protected network to an IP in the new branch network NAT-EXEMPT looks good, but when it hits the first NAT it matches on the "dynamic translation to pool 10 (10.1.255.254) [Interface PAT]" (which is the default route for all the vlans to get to the Internet.)The next NAT (subtype - host-limits) looks better and this one going to the IP address of the outside interface of the HQ ASA 5510, but then the third NAT (Subtype - rpf-check) reverts back to the "10 (10.1.255.254) Interface PAT]" and the packet is DROPPED. Also there is no VPN step in Packet Tracer after NAT.[code]
 
Is the problem possibly due to the fact that my 2 new ACLs for "encrypt_acl-30" fall after "access-list global_mpc extended permit tcp any any" in the config and it is running into the implicit deny all?

View 8 Replies View Related

Cisco WAN :: 3845 Branch Router Has Two Type Of Connection

Apr 16, 2011

I have 3 Cisco Routers as following :G.SHDSL Router : Cisco 3845 withISDN and Branch Router : Cisco 2811.How My Network works :Branch Router has two type of connection ( First one : G.SHDSL link work as Main link and the other one ISDN Link work as Backup link )when main link goes down the ISDN link goes up ...( Note : i applied IP SLA with tracking ) ...

My Problem :i want to delete default route from ( G.SHDSL Router )0.0.0.0 0.0.0.0 dialer 3..My network works properly with these configuration but when i delete the default route 0.0.0.0 0.0.0.0 dailer3 , my network goes down ( Failover technique not works)

View 4 Replies View Related

Cisco Firewall :: ASA 5515-X Route With Branch Locations?

Apr 17, 2013

We installed a new ASA 5515 about a month ago for the corporate office we also have 40 branch locations that feedback VOIP, camera, and Citrix to the corp location.  Each of the branch locations have a separate DSL connection with a local provider and all of them are dynamic IP addresses. 
 
The problem I have is that I cannot figure out a access rule to make the voip traffic work 100% of the time what ends up happening is five or six random locations change IP address's every day and I could not figure out how to create a access rule for that so I create a static route with that dynamic IP and then it will change a week or so later.  That's a horrible security risk and a lot of manual work.

View 4 Replies View Related

Cisco VPN :: Possible To Configure Easy VPN On Branch Side Which Has 877 Series Router

Jul 11, 2011

Is it possible to configure Easy VPN on brach side which has 877 series router and ADSL connection for internet such a way that for internet traffic it will use the local ADSL line and for the server in HQ it uses the tunnel.or for internet also it will go thrugth tunnel and uses internet link at the HQ?

View 3 Replies View Related

Cisco WAN :: 3845 - Connecting Branch Campus To Existing Network

Oct 2, 2011

In regards to a WAN connection, how would you recommend we connect a leased campus to our existing network. It is a temporary location that must be connected for a year.
 
We have an available 3845 with a VWIC2-2MFT-T1/E1 card. We are supposed to be getting 2-T1 lines from Verizon. I have a spare 3750 L3 switch for the core and 6 access switches.

View 1 Replies View Related

Cisco WAN :: Catalyst 3750 / Switching Branch To P2P Fiber From MPLS?

Sep 13, 2011

We recently switched two of our branches to point-to-point fiber connections to our corporate office.  Previously they were using MPLS connections.  For branch A, the ethernet handoff of the fiber is connected directly to a Catalyst 3750 gigabit port.  That port has no configuration on it.  The other end of that fiber is connected to a gigabit port on the 3750 switch at our corporate office.  That port is configured with an IP address that is within the subnet of branch A, and is operating at layer 3 due to the no switchport command. 
 
Branch B currently has a Cisco Express 500 ethernet port (with no configuration on it) connected to the fiber hand off there.  At first we setup a port on the 3750 at our corporate office that is connected to Branch B via the fiber in the same manner.  This resulted in us receiving DCHP leases at Branch B from Branch A.  Obviously not desired.  Now we have the port on the corporate 3750 that is connected to Branch B's fiber configured with switchport vlan 64.  I also configured interface vlan 64 on that switch at corporate with an IP address from the branch B subnet.  We then set that IP address as the default IP address for devices at Branch B.
 
We are having trouble with both an ATM and a phone system not communicating properly at Branch B.  At Branch A we are experiencing the same oddity with the phone system, but the ATM is able to communicate fully.  At branch B, when configuring a Windows Vista or Windows 7 laptop with a static IP address that is known to be available, you get transit failures when trying to ping.  Essentially everything seems to be able to route fine, but some traffic even after a full tcp hand shake seems to not transmit properly.
 
When you configure a point-to-point fiber connection from a layer 2 switch at a location without a router to a location with a Cisco Catalyst 3750 switch as the endpoint, what is the best way to configure both sides? 
 
Currently we only have vlan 64 configured on the port mentioned on our switch at corporate, and then the switch at Branch B is essentially operating as an unmanaged switch at the moment with all ports in vlan 1.

View 4 Replies View Related

Cisco WAN :: 2951 / MPLS Branch Site Setup On T3 Line

May 24, 2013

setting up MPLS on a single T3 line. A client has contacted us to set up a 2951 at a branch location. There are 5 locations connected with MPLS.They will split off 4meg of the T3 for mpls. The rest of the 45meg would go to the internet.They have two 1841's currently set up with a T1 line in each. One 1841 connects to the MPLS and the other to the internet.When the T3 is turned up by the provider, everything, internet and MPLS, will go through it.  I asked for the current configurations, but I have not received them yet and this setup is due in a couple days.Given I've never configured MPLS before and I have a rudimentary understanding of how it works, any tips or configurations? I'd hate to be stuck on site and not equipped to complete the job.

View 3 Replies View Related

Cisco VPN :: 5520 / 5505 - VPN Tunnel Ping Branch Side But Not Other Way Around

Nov 2, 2012

I have HQ side with ASA 5520 (8.4) & Branch Side with ASA 5505 Design

VPN LAN<------->ASA5520(8.4)----->Thomson Business TG628s----->Internet<--->ADSL Modem------>ASA5505(8.2)
 
Now on both modems UDP 500 & TCP/UDP 4500 ports are enabled I can ping from internal LAN of HQ to internal LAN of branch but I cant ping from internal LAN of branch to internal LAN of HQ

HQ ASA 5520 Side
ASA Version 8.4(3)
host name aljoaib-fw01
[ code].... 
Branch side ASA 5505
ASA Version 8.2(5)
host name GTC- DMM- FIREWALL
domain-name ALJOAIB.COM
enable password 7pgp93AEPfHtDc5N encrypted
[Code]....
 
Both sides have static ip address.

View 22 Replies View Related

Cisco Wireless :: 3602 AP Unable To Ping Anything At Branch And Central Sites

Mar 7, 2012

We are in the process of evaluating Cisco wireless controllers and AP. We have 3602 APs and 2504 controllers right now. We have multiple branch offices connected to the main office through layer 3 and they all have different vtp domains and vlans. I am trying to deploy APs at the branch offices and connect them back to the controller and the central site. I created a sub interface and ssid with one of the vlans at the branch office on the controller and was able to get the AP to join the controller through DNS. However, a client at the branch office connected to the AP was unable to ping anything at the branch and central sites. Any documentations on how to deploy such a setup where the controller is at the central site and AP at the branch office going through multiple routers in between?

View 1 Replies View Related

How To Add Laptop To Office Network

Jan 22, 2011

My current IT people are so expensive, I am determined to hook up a new laptop to my office network if it destroys me (wirelessly). I have the office network map with all usernames, passwords, and IP addresses...but I can't figure it out. Can someone give me a step by step for dummies to save me the several hundred or should I just bite the bullet? (I am the business owner and seems like we add laptops every year or so and desktops and would really love to finally understand)

View 1 Replies View Related

New Office And Wireless Printing

Jan 19, 2012

A friend has asked me to work with him set up a new office. He already has a PC and a phone line but not broadband, so he is going to organise that and getting a wireless router.He wants a wireless colour laser printer so that his visitors/guests can print easily from his office, or the next office. Does he really need a wireless printer to do this? Or if I plug a network printer directly into his router with an Ethernet cable, same with his PC, will that enable laptop users to print wirelessly (assuming they know the router passphrase of course)? I guess they would need to install the relevant printer driver to do this too.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved