CLIENT VPN connection OK &; PING OK but no INTERNET or LAN
Hello
After spending too much time to make it work on a router configured and cannot do work and using too much of your time, I decide to test my installation again on a fresh clean router.
Why I do that before, it took me only 15 minutes to create this script (out of my mind), I know that you will do in 5 minutes or less, but I'm new to this world of CISCO.
The installation program is to follow:
TESTLAB:
NAS (DIFFICULTY IP 192.168.0.100/24)-> C2691, F0 F0/1 (FIX IP (DHCP = IP OF THE ISP) 192.168.0.1/24)/0-> INTERNET-> COMPUTER (MAC BOOK PRO)
With the bellows of script, when I connect a computer to the side LAN of ROUTER (F0/1), I get an IP address from the DHCP server, I am able to see everything on my LAN, go to the INTERNET, so this does not work well.
On another network, I am able to do a VPN over the INTERNET connection at my home testlab, but:
I can PING 192.168.0.1 (ROUTER) and 192.168.0.100 (SIN), but I do not have access to the INTERNET or to the NAS on my LAN TESTLAB.
I'm sure what I lack only a single line in an ACL or IP ROUTE, but I have no idea.
Thus, if one of you can give me some advice, you are welcome
Here below, I give you the script and the JOURNAL when I'm logged in, I do not delete any information, you will be able to see the real IP, it's just a TESTLAB.
Best regards
Didier
Router #sh run
Building configuration...
Current configuration: 2297 bytes
!
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
router host name
!
boot-start-marker
boot system flash: c2691-adventerprisek9 - mz.124 - 5a .bin
boot-end-marker
!
AAA new-model
!
AAA authentication login userauthen local
AAA authorization groupauthor LAN
!
AAA - the id of the joint session
!
resources policy
!
IP cef
!
!
No dhcp use connected vrf ip
DHCP excluded-address IP 192.168.0.1
!
pool of dhcp IP LAN
import all
network 192.168.0.0 255.255.255.0
!
Fax fax-mail interface type
0 username cisco password Cisco
!
crypto ISAKMP policy 3
BA 3des
preshared authentication
Group 2
!
ISAKMP crypto client configuration group 3000client
key cisco123
DNS 8.8.8.8
domain cisco.com
pool ippool
!
Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
!
Crypto-map dynamic dynmap 10
Set transform-set RIGHT
!
map clientmap client to authenticate crypto list userauthen
card crypto clientmap isakmp authorization list groupauthor
client configuration address map clientmap crypto answer
10 ipsec-isakmp crypto map clientmap Dynamics dynmap
!
interface FastEthernet0/0
DHCP IP address
NAT outside IP
IP virtual-reassembly
automatic speed
Half duplex
clientmap card crypto
!
interface Serial0/0
no ip address
Shutdown
!
interface FastEthernet0/1
the IP 192.168.0.1 255.255.255.0
IP nat inside
IP virtual-reassembly
automatic speed
Half duplex
!
interface Serial1/0
no ip address
Shutdown
series 0 restart delay
No terminal-dce-enable-calendar
!
interface Serial1/1
no ip address
Shutdown
series 0 restart delay
No terminal-dce-enable-calendar
!
interface Serial1/2
no ip address
Shutdown
series 0 restart delay
No terminal-dce-enable-calendar
!
interface Serial1/3
no ip address
Shutdown
series 0 restart delay
No terminal-dce-enable-calendar
!
IP local pool ippool 14.1.1.100 14.1.1.200
!
IP http server
no ip http secure server
overload of IP nat inside source list NAT interface FastEthernet0/0
!
IP access-list standard NAT
allow a
!
control plan
!
Dial-peer cor custom
!
Line con 0
transportation out all
Speed 115200
line to 0
transportation out all
line vty 0 4
transport of entry all
transportation out all
!
end
To CONNECT the VPN CLIENT:
Cisco Systems VPN Client Version 4.9.01 (0100)
Copyright (C) 1998-2006 Cisco Systems, Inc. All rights reserved.
Type of client: Mac OS X
Running: the Darwin 10.6.0 Darwin kernel Version 10.6.0: Wed Nov 10 18:13:17 PST 2010; root:XNU-1504.9.26~3/RELEASE_I386 i386
1 08:04:22.991 27/01/2011 Sev = Info/4 CM / 0 x 43100002
Start the login process
2 08:04:22.992 27/01/2011 Sev = WARNING/2 CVPND / 0 x 83400011
Send error - 28 package. ADR DST: 0x0AD337FF, ADR Src: 0x0AD33702 (DRVIFACE:1158).
3 08:04:22.992 27/01/2011 Sev = WARNING/2 CVPND / 0 x 83400011
Send error - 28 package. ADR DST: 0x0A2581FF, ADR Src: 0x0A258102 (DRVIFACE:1158).
4 08:04:22.992 27/01/2011 Sev = Info/4 CM / 0 x 43100004
Establish a connection using Ethernet
5 08:04:22.992 27/01/2011 Sev = Info/4 CM / 0 x 43100024
Attempt to connect with the server "81.83.202.36".
6 08:04:22.992 27/01/2011 Sev = Info/4 CVPND / 0 x 43400019
Separation of privileges: binding to the port: (500).
7 08:04:22.992 27/01/2011 Sev = Info/4 CVPND / 0 x 43400019
Separation of privileges: binding to the port: (4500).
8 08:04:22.993 27/01/2011 Sev = Info/6 IKE/0x4300003B
Attempts to establish a connection with 81.83.202.36.
9 08:04:23.072 27/01/2011 Sev = Info/4 IKE / 0 x 43000013
SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Frag), VID(Nat-T), VID (Unity)) at 81.83.202.36
10 08:04:23.203 27/01/2011 Sev = Info/5 IKE/0x4300002F
Received packet of ISAKMP: peer = 81.83.202.36
11 08:04:23.204 27/01/2011 Sev = Info/4 IKE / 0 x 43000014
RECEIVING< isakmp="" oak="" ag="" (sa,="" vid(unity),="" vid(dpd),="" vid(?),="" vid(xauth),="" vid(nat-t),="" ke,="" id,="" non,="" hash,="" nat-d,="" nat-d)="" from="">
12 08:04:23.204 27/01/2011 Sev = Info/5 IKE / 0 x 43000001
Peer is a compatible peer Cisco-Unity
13 08:04:23.204 27/01/2011 Sev = Info/5 IKE / 0 x 43000001
Peer supports the DPD
14 08:04:23.204 27/01/2011 Sev = Info/5 IKE / 0 x 43000001
Peer supports DWR and text DWR
15 08:04:23.204 27/01/2011 Sev = Info/5 IKE / 0 x 43000001
Peer supports XAUTH
16 08:04:23.204 27/01/2011 Sev = Info/5 IKE / 0 x 43000001
Peer supports NAT - T
17 08:04:23.282 27/01/2011 Sev = Info/6 IKE / 0 x 43000001
IOS Vendor ID successful construction
18 08:04:23.282 27/01/2011 Sev = Info/4 IKE / 0 x 43000013
SENDING > ISAKMP OAK AG * (HASH, NOTIFY: NAT - D, NAT - D, VID (?), STATUS_INITIAL_CONTACT, VID (Unity)) at 81.83.202.36
19 08:04:23.282 27/01/2011 Sev = Info/4 IKE / 0 x 43000083
IKE port in use - Local Port = 0x01F4, Remote Port = 0x01F4
20 08:04:23.282 27/01/2011 Sev = Info/5 IKE / 0 x 43000072
Automatic NAT detection status:
Remote endpoint is NOT behind a NAT device
This effect is NOT behind a NAT device
21 08:04:23.282 27/01/2011 Sev = Info/4 CM/0x4310000E
ITS established Phase 1. 1 crypto IKE Active SA, 0 IKE SA authenticated user in the system
22 08:04:23.290 27/01/2011 Sev = Info/5 IKE/0x4300002F
Received packet of ISAKMP: peer = 81.83.202.36
23 08:04:23.290 27/01/2011 Sev = Info/4 IKE / 0 x 43000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:status_resp_lifetime)="" from="">
24 08:04:23.290 27/01/2011 Sev = Info/5 IKE / 0 x 43000045
Answering MACHINE-LIFE notify has value of 86400 seconds
25 08:04:23.290 27/01/2011 Sev = Info/5 IKE / 0 x 43000047
This SA was already alive for 1 second, expiration of adjustment to 86399 seconds now
26 08:04:23.294 27/01/2011 Sev = Info/5 IKE/0x4300002F
Received packet of ISAKMP: peer = 81.83.202.36
27 08:04:23.294 27/01/2011 Sev = Info/4 IKE / 0 x 43000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" del)="" from="">
28 08:04:23.296 27/01/2011 Sev = Info/5 IKE/0x4300002F
Received packet of ISAKMP: peer = 81.83.202.36
29 08:04:23.296 27/01/2011 Sev = WARNING/2 IKE / 0 x 83000062
Attempt to inbound connection from 81.83.202.36. Incoming connections are not allowed.
30 08:04:23.298 27/01/2011 Sev = Info/5 IKE/0x4300002F
Received packet of ISAKMP: peer = 81.83.202.36
31 08:04:23.298 27/01/2011 Sev = Info/4 IKE / 0 x 43000014
RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">
32 08:04:23.298 27/01/2011 Sev = Info/4 CM / 0 x 43100015
Launch application xAuth
33 08:04:23.416 27/01/2011 Sev = Info/4 IPSEC / 0 x 43700008
IPSec driver started successfully
34 08:04:23.416 27/01/2011 Sev = Info/4 IPSEC / 0 x 43700014
Remove all keys
35 08:04:23.416 27/01/2011 Sev = Info/6 IPSEC/0x4370002C
Sent 29 packages, 0 were fragmented.
36 08:04:27.320 27/01/2011 Sev = Info/4 CM / 0 x 43100017
xAuth application returned
37 08:04:27.320 27/01/2011 Sev = Info/4 IKE / 0 x 43000013
SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to 81.83.202.36
38 08:04:27.333 27/01/2011 Sev = Info/5 IKE/0x4300002F
Received packet of ISAKMP: peer = 81.83.202.36
39 08:04:27.333 27/01/2011 Sev = Info/4 IKE / 0 x 43000014
RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">
40 08:04:27.333 27/01/2011 Sev = Info/4 IKE / 0 x 43000013
SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to 81.83.202.36
41 08:04:27.333 27/01/2011 Sev = Info/4 CM/0x4310000E
ITS established Phase 1. 1 crypto IKE Active SA, 1 IKE SA authenticated user in the system
42 08:04:27.334 27/01/2011 Sev = Info/4 IKE / 0 x 43000013
SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to 81.83.202.36
43 08:04:27.351 27/01/2011 Sev = Info/5 IKE/0x4300002F
Received packet of ISAKMP: peer = 81.83.202.36
44 08:04:27.351 27/01/2011 Sev = Info/4 IKE / 0 x 43000014
RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">
45 08:04:27.351 27/01/2011 Sev = Info/5 IKE / 0 x 43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS:, value = 14.1.1.101
46 08:04:27.351 27/01/2011 Sev = Info/5 IKE / 0 x 43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (1):, value = 8.8.8.8
47 08:04:27.351 27/01/2011 Sev = Info/5 IKE / 0 x 83000017
MODE_CFG_REPLY: The attribute (INTERNAL_ADDRESS_EXPIRY) and the (134744072) value received is not supported
48 08:04:27.351 27/01/2011 Sev = Info/5 IKE/0x4300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD:, value = 0x00000000
49 08:04:27.351 27/01/2011 Sev = Info/5 IKE/0x4300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN:, value = cisco.com
50 08:04:27.351 27/01/2011 Sev = Info/5 IKE / 0 x 83000015
MODE_CFG_REPLY: Attribute received no data MODECFG_UNITY_SPLITDNS_NAME
51 08:04:27.351 27/01/2011 Sev = Info/4 CVPND / 0 x 43400018
Separation of privileges: opening file: (/ etc/opt/cisco-vpnclient/Profiles/DRI.pcf).
52 08:04:27.352 27/01/2011 Sev = Info/5 IKE/0x4300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = software Cisco IOS, software 2600 (C2691-ADVENTERPRISEK9-M), Version 12.4(5a), VERSION of the SOFTWARE (fc3)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Last updated Sunday, January 14, 06 05:00 by alnguyen
53 08:04:27.352 27/01/2011 Sev = Info/4 CM / 0 x 43100019
Data in mode Config received
54 08:04:27.353 27/01/2011 Sev = Info/4 IKE / 0 x 43000056
Received a request from key driver: local IP = 81.83.203.94, GW IP = 81.83.202.36, Remote IP = 0.0.0.0
55 08:04:27.353 27/01/2011 Sev = Info/4 IKE / 0 x 43000013
SEND to > ISAKMP OAK QM * (HASH, SA, NO, ID, ID) to 81.83.202.36
56 08:04:27.359 27/01/2011 Sev = Info/4 IPSEC / 0 x 43700014
Remove all keys
57 08:04:27.371 27/01/2011 Sev = Info/5 IKE/0x4300002F
Received packet of ISAKMP: peer = 81.83.202.36
58 08:04:27.371 27/01/2011 Sev = Info/4 IKE / 0 x 43000014
RECEIVING< isakmp="" oak="" qm="" *(hash,="" sa,="" non,="" id,="" id,="" notify:status_resp_lifetime)="" from="">
59 08:04:27.371 27/01/2011 Sev = Info/5 IKE / 0 x 43000045
Answering MACHINE-LIFE notify has value of 3600 seconds
60 08:04:27.371 27/01/2011 Sev = Info/5 IKE / 0 x 43000046
Answering MACHINE-LIFE notification has the value 4608000 kb
61 08:04:27.371 27/01/2011 Sev = Info/4 IKE / 0 x 43000013
SEND to > ISAKMP OAK QM * (HASH) at 81.83.202.36
62 08:04:27.371 27/01/2011 Sev = Info/5 IKE / 0 x 43000059
IPsec Security Association of loading (MsgID = SPI OUTBOUND SPI INCOMING = 0x289044F5 0xA3A7DAF8 = 1DBA3942)
63 08:04:27.372 27/01/2011 Sev = Info/5 IKE / 0 x 43000025
OUTGOING ESP SPI support: 0xA3A7DAF8
64 08:04:27.372 27/01/2011 Sev = Info/5 IKE / 0 x 43000026
Charges INBOUND ESP SPI: 0x289044F5
65 08:04:27.372 27/01/2011 Sev = Info/4 CM/0x4310001A
A secure connection established
66 08:04:27.372 27/01/2011 Sev = Info/4 CVPND/0x4340001E
Separation of privileges: reduce the MTU on the main interface.
67 08:04:27.373 27/01/2011 Sev = Info/4 CVPND/0x4340001B
Separation of privileges: /etc/resolv.conf file backup.
68 08:04:27.373 27/01/2011 Sev = Info/4 CVPND/0x4340001D
Separation of privileges: chown (/ var/run/resolv.conf.vpnbackup, uid = 0 gid = 1).
69 08:04:27.373 27/01/2011 Sev = Info/4 CVPND / 0 x 43400018
Separation of privileges: opening file: (/ var/run/resolv.conf).
70 08:04:27.377 27/01/2011 Sev = Info/4 CM/0x4310003B
Look at address added to 81.83.203.94. Current host name: d5153cb5e.access.telenet.be, current address (s): 81.83.203.94, 10.211.55.2, 10.37.129.2.
71 08:04:27.860 27/01/2011 Sev = Info/4 IPSEC / 0 x 43700010
Creates a new key structure
72 08:04:27.860 27/01/2011 Sev = Info/4 IPSEC/0x4370000F
Adding key with SPI = 0xf8daa7a3 in the list of keys
73 08:04:27.860 27/01/2011 Sev = Info/4 IPSEC / 0 x 43700010
Creates a new key structure
74 08:04:27.860 27/01/2011 Sev = Info/4 IPSEC/0x4370000F
Adding key with SPI = 0xf5449028 in the list of keys
75 08:04:37.360 27/01/2011 Sev = Info/4 IKE / 0 x 43000013
SEND to > ISAKMP OAK INFO * (HASH, NOTIFY: DPD_REQUEST) to 81.83.202.36
76 08:04:37.360 27/01/2011 Sev = Info/6 IKE/0x4300003D
Sending DPD request to 81.83.202.36, our seq # = 2293347010
77 08:04:37.382 27/01/2011 Sev = Info/5 IKE/0x4300002F
Received packet of ISAKMP: peer = 81.83.202.36
78 08:04:37.382 27/01/2011 Sev = Info/4 IKE / 0 x 43000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:dpd_ack)="" from="">
79 08:04:37.382 27/01/2011 Sev = Info/5 IKE / 0 x 43000040
DPD ACK from 81.83.202.36, seq # receipt = 2293347010, seq # expected = 2293347010
80 08:04:47.859 27/01/2011 Sev = Info/4 IKE / 0 x 43000013
SEND to > ISAKMP OAK INFO * (HASH, NOTIFY: DPD_REQUEST) to 81.83.202.36
81 08:04:47.860 27/01/2011 Sev = Info/6 IKE/0x4300003D
Sending DPD request to 81.83.202.36, our seq # = 2293347011
82 08:04:47.867 27/01/2011 Sev = Info/5 IKE/0x4300002F
Received packet of ISAKMP: peer = 81.83.202.36
83 08:04:47.867 27/01/2011 Sev = Info/4 IKE / 0 x 43000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:dpd_ack)="" from="">
84 08:04:47.867 27/01/2011 Sev = Info/5 IKE / 0 x 43000040
DPD ACK from 81.83.202.36, seq # receipt = 2293347011, seq # expected = 2293347011
85 08:05:03.865 27/01/2011 Sev = Info/4 IKE / 0 x 43000013
SEND to > ISAKMP OAK INFO * (HASH, NOTIFY: DPD_REQUEST) to 81.83.202.36
86 08:05:03.865 27/01/2011 Sev = Info/6 IKE/0x4300003D
Sending DPD request to 81.83.202.36, our seq # = 2293347012
87 08:05:03.872 27/01/2011 Sev = Info/5 IKE/0x4300002F
Received packet of ISAKMP: peer = 81.83.202.36
88 08:05:03.872 27/01/2011 Sev = Info/4 IKE / 0 x 43000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:dpd_ack)="" from="">
89 08:05:03.872 27/01/2011 Sev = Info/5 IKE / 0 x 43000040
DPD ACK from 81.83.202.36, seq # receipt = 2293347012, seq # expected = 2293347012
You must configure split tunnel as well as the NAT ACL must refuse/free of traffic between the local network to IP Pool as follows:
(1) create split tunnel ACL:
access-list 150 permit ip 192.168.0.0 0.0.0.255 14.1.1.0 0.0.0.255
ISAKMP crypto client configuration group 3000client
ACL 150
(2) you must configure an ACL extended for NAT:
access-list 170 deny ip 192.168.0.0 0.0.0.255 14.1.1.0 0.0.0.255
access-list 170 allow ip 192.168.0.0 0.0.0.255 any
overload of IP nat inside source list 170 interface FastEthernet0/0
no nat ip inside the source list NAT interface FastEthernet0/0 overload
clear the ip nat trans *.
Hope that solves this problem.
Tags: Cisco Security
Similar Questions
-
The VPN client VPN connection behind other PIX PIX
I have the following problem:
I wanted to establish the VPN connection the client VPN to PIX on GPRS / 3G, but I didn t have a bit of luck with PIX IOS version 6.2 (2).
So I upgraded PIX to 6.3 (4) to use NAT - T and VPN client to version 4.0.5
I have configured PIX with NAT-T(isakmp nat-traversal 20), but I still had a chance, he would not go through the 1st phase. As soon as I took nat-traversal isakmp off he started working, and we can connect to our servers.
Now, I want to connect to the VPN client behind PIX to our customer PIX network. VPN connection implements without problem, but we can not access the servers. If I configure NAT - T on the two PIX, or only on the customer PIX or only on our PIX, no VPN connection at all.
If I have to connect VPN client behind PIX to the customer's network and you try to PING DNS server for example, on our PIX, I have following error:
305006: failed to create of portmap for domestic 50 CBC protocol translation: dst outside:194.x.x.x 10.10.1.x
194.x.x.x is our customer s address IP PIX
I understand that somewhere access list is missing, but I can not understand.
Of course, I can configure VPN site to site, but we have few customers and take us over their servers, so it'd just connect behind PIX VPN and client connection s server, instead of the first dial-in and then establish a VPN connection.
Can you please help me?
Thank you in advan
The following is extracted from ASK THE DISCUSSION FORUM of EXPERTS with Glenn Fullage of Cisco.
I've cut and pasted here for you to read, I think that the problem mentioned below:
Question:
Hi Glenn,.
Following is possible?
I have the vpn client on my PC, my LAN is protected by a pix. I can launch the vpn client to connect to remote pix. Authenticates the vpn client and the remote pix makes my PC with the assigned ip appropriate to its pool of ip address.
The problem that I am facing is that I can not anything across the pix remote ping from my PC which is behind my pix. Can you please guide me what I have to do to make this work, if it is possible?
My PC has a static ip address assigned with the default gateway appropriate pointing to my s pix inside interface.
Thank you very much for any help provided in advance.
Response from Glenn:
First of all, make sure that the VPN connection works correctly when the remote PC is NOT behind a PIX. If that works fine, but then breaks when put behind a PIX, it is probably that the PIX is PAT, which usually breaks IPSec. Add the following command on your PIX VPN client is behind:
fixup protocol esp-ike
See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/df.htm#wp1067379 for more details.
If it still has issues, you can turn on NAT - T on the remote PIX that ends the VPN, the client and the remote PIX must encapsulate then all IPSec in UDP packets that your PIX will be able to PA correctly. Add the following command on the remote PIX:
ISAKMP nat-traversal
See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#wp1027312 for more details.
NAT - T is a standard for the encapsulation of the UDP packets inot IETF IPSec packets.
ESP IPSec (Protocol that use your encrypted data packets) is an IP Protocol, it is located just above IP, rather than being a TCP or UDP protocol. For this reason, it has no TCP/UDP port number.
A lot of features that make the translation of address of Port (PAT) rely on a single to PAT TCP/UDP source port number ' ing. Because all traffic is PAT would be at the same source address, must be certain uniqueness to each of its sessions, and most devices use the port number TCP/UDP source for this. Because IPSec doesn't have one, many features PAT fail to PAT it properly or at all, and the data transfer fails.
NAT - T is enabled on both devices of the range, they will determine during the construction of the tunnel there is a PAT/NAT device between them, and if they detect that there is, they automatically encapsulate every IPSec packets in UDP packets with a port number of 4500. Because there is now a port number, PAT devices are able to PAT it correctly and the traffic goes normally.
Hope that helps.
-
I have created a VPN connection and it worked but you can't see how to remove Windows 7.
Delete the VPN connection
I have created a VPN connection and it worked but you can't see how to remove Windows 7. I tried rt-click but no delete option.Open network and sharing Center. On the left side, click on change adapter settings. You will get all VPN connections that have been created and you can delete what you don't need.
-
Connection to the local but no Internet (CABLE)
I am currently using a cable connection to connect to the internet. Yesterday after uninstalling ZoneAlarm and SuperAnti Spyware my computer connect to the internet. The box works properly because my phone line crosses and it works. Usually, if there is a problem with the actual adapter (box), that the phone will not work. I have reset the box many times, turned off for 30 minutes and reconnected. All the indicators show that the adapter is connected and functional. But my internet is not working.
I also have:
- Tried ipconfig/release / renew restarted. It says media disconnected however the link blinks on my cable adapter. It doesn't have an IP address. "Media State...: media disconnected > connection - specific suffix DNS.:" He also says disabled BIOS.
- I also tried EasyTether as an alternate. The connection is done however I can't access the internet.
- I've updated all the drivers of network, they seem to work correctly, there is not! or X (yellow or red) beside him. Ipv4 and the IPv 6 are verified.
- I tried disabling my firewall.
- Fact that I clicked on lan settings-it says 'autodetect' and this proxy server box was NOT checked
Nothing seems to work I'm about to throw the computer out the window. Help, please!
Hello
Try this process.
http://www.ezlan.NET/clean.html#refreshnet
Jack-MVP Windows Networking. WWW.EZLAN.NET
-
WRTG54S to connect to the network, but not internet
I have a WRTG54S and Mediacom 12mbps. My router worked fine on my old laptop (a Dell Vista), he was sitting in a box for about 6 months and now that I have a new (Sony running 7) I can connect to my network, but not internet. I have updated the firmware of 7.6 to 7.8 without change. I have tried no security, wep and wap without change. Also, I cloned the MAC, once again no change. Windows cannot detect all problems, and when I try to activate the router to connect to the internet it always says connection failed. I can connect directly connected to the modem but not when connected to the router or wireless. Any ideas? Thank you
Problem solved. I had to go to a Motorola SurfBoard 4100 to a 5100. Thanks anyway
-
Client VPN connects but cannot ping all hosts
Here is the configuration of a PIX 501, which I want to accept connections from the VPN software clients. I can connect successfully to the PIX using the 5.0.0.7.0290 VPN client and I can ping the PIX to 192.168.5.1, but I can't ping or you connect to all hosts behind the PIX. Can someone tell me what Miss me in my setup?
Thanks for your help.
Chi - pix # sh conf
: Saved
: Written by enable_15 at 03:49:39.701 UTC Friday, January 1, 1993
6.3 (3) version PIX
interface ethernet0 car
interface ethernet1 100full
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
activate the encrypted password
encrypted passwd
hostname chi - pix
.com domain name
fixup protocol dns-length maximum 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol they 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol 2000 skinny
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names of
list-access internet-traffic ip 192.168.5.0 allow 255.255.255.0 any
Allow Access-list allowed a whole icmp ping
access-list 101 permit ip 192.168.5.0 255.255.255.0 10.10.11.0 255.255.255.0
access-list 102 permit ip 192.168.5.0 255.255.255.0 10.10.11.0 255.255.255.0
pager lines 24
opening of session
debug logging in buffered memory
ICMP deny everything outside
Outside 1500 MTU
Within 1500 MTU
IP address outside pppoe setroute
IP address inside 192.168.5.1 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
IP local pool ippool 10.10.11.1 - 10.10.11.254
PDM logging 100 information
history of PDM activate
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) - 0 102 access list
NAT (inside) 1 list-access internet-traffic 0 0
group-access allowed to ping in external interface
Timeout xlate 0:05:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
RADIUS Protocol RADIUS AAA server
AAA-server local LOCAL Protocol
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
Permitted connection ipsec sysopt
Crypto ipsec transform-set esp - esp-md5-hmac GvnPix-series
Crypto-map dynamic dynmap 10 GvnPix-set transform-set
toGvnPix 10 card crypto ipsec-isakmp dynamic dynmap
toGvnPix interface card crypto outside
ISAKMP allows outside
ISAKMP key * address 0.0.0.0 netmask 0.0.0.0
ISAKMP keepalive 60
ISAKMP nat-traversal 20
part of pre authentication ISAKMP policy 9
encryption of ISAKMP policy 9
ISAKMP policy 9 md5 hash
9 2 ISAKMP policy group
ISAKMP policy 9 life 86400
vpngroup address ippool pool chiclient
vpngroup dns 192.168.5.1 Server chiclient
vpngroup wins 192.168.5.1 chiclient-Server
vpngroup chiclient com default domain
vpngroup split tunnel 101 chiclient
vpngroup idle 1800 chiclient-time
vpngroup password chiclient *.
Telnet 0.0.0.0 0.0.0.0 inside
Telnet timeout 30
SSH 0.0.0.0 0.0.0.0 outdoors
SSH timeout 30
management-access inside
Console timeout 0
VPDN group chi request dialout pppoe
VPDN group chi net localname
VPDN group chi ppp authentication pap
VPDN username password net *.
dhcpd address 192.168.5.2 - 192.168.5.33 inside
dhcpd dns xx
dhcpd rental 86400
dhcpd ping_timeout 750
dhcpd outside auto_config
dhcpd allow inside
Terminal width 100
Cryptochecksum:
Chi - pix #.On the PIX configuration seems correct.
I guess you try to access hosts in 192.168.5.0/24, and these default hosts is the PIX inside interface 192.168.5.1?
How you try to access these internal hosts? If you try to ping the hosts, please please make sure there is no personal firewall enabled inside welcomes as personal firewall normally doesn't allow incoming connections from different subnet ip address.
-
Client VPN connectivity problems
I use the cisco VPN client to connect to our network, located behind a 515E. The client is authenticated and gets an ip address but cannot ping or connect with one of the hosts. The connection is to a network of customers that is also behind a 515E. I have successfully connected using the same policy to other places and have had no problem. What confuses me, is that we have used to have a Netscreen firewall before and he had a netscreen vpn client which connected since their network with a problem. Is that something they need for their firewall so that we can get through the traffic?
Try to turn on NAT - T on your pix, by setting up:
ISAKMP nat-traversal 20
and configure the client vpn accordingly:
http://www.Cisco.com/warp/public/471/cvpn_3k_nat.html#conf_client
I think these discussions are useful:
-
Connect to the router but no internet.
I use windows xp and netgear wireless router.till yesterday I browse the internet.from today morning, I'm not in a position to communicate the internet.but it will connect to the linksys router not internet.i can ping default gateway.but, that I can't browse the firewall disabled net.i. What is the problem?
Hello
1. what exactly happens when you try to connect to the Internet?
2. you get any error message?
I suggest you to follow the steps from the link below and check if it helps.
Method 1 : in the Windows wireless network connection problems:
http://Windows.Microsoft.com/en-us/Windows/help/wired-and-wireless-network-connection-problems-in-WindowsMethod 2: Try to run fix it from the link below:
http://support.Microsoft.com/kb/811259
Hope this information is useful.
-
under the heading of ipconfig/all says media disconnected and NO active dhcp, LAN will work wireless connected but NO internet
Hi jmoraski8,
Try these steps and check the result.
Step 1: Dynamic Host Configuration Protocol (DHCP) lease renewal
a. Click Start, click Run, type cmd and click ok.
b. at the command prompt, type ipconfig / renew
c. Close command prompt.
d. check the result.Step 2: Check obtain an IP address automatically
a. open Internet Explorer, go to tools > Internet Options > connections > LAN settings > uncheck all boxes except "automatically detect connection settings.
b. click ok to apply the changes.
c. check to see if the problem persists.Step 3: If the problem persists, repair network connections
a. see the repair network connections
b. check if the problem persists.Visit our Microsoft answers feedback Forum and let us know what you think.
-
Client VPN connects but not internal LAN access or Ping
Hi all.
I'm new on this forum and kindly asking for your help because I'm stuck.
I have an ADSL router cisco 877 which I configured easy VPN server.
Now the Cisco VPN client ver 5.0 to connect successfully to the VPN server, but when you try to access/ping computers on the internal network, there is no response.The configuration is below. Please let know us where I was going or what I missed.
[code]Building configuration...
Current configuration: 4574 bytes
!
version 12.4
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$ $86dn J8HrK9kCQ8G9aPAm6xe4o1
enable password 7 13151601181B54382F
!
AAA new-model
!
!
AAA authentication login default local
AAA authentication login internal_affairs_vpn_1 local
AAA authorization exec default local
AAA authorization internal_affairs_vpn_group_1 LAN
!
!
AAA - the id of the joint session
!
Crypto pki trustpoint TP-self-signed-2122144568
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 2122144568
revocation checking no
rsakeypair TP-self-signed-2122144568
!
!
TP-self-signed-2122144568 crypto pki certificate chain
self-signed certificate 03
30820248 308201B 1 A0030201 02020103 300 D 0609 2A 864886 F70D0101 04050030
2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
69666963 32313232 31343435 6174652D 3638301E 170 3032 30333032 32303537
31375A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
4F532D53 5369676E 656C662D 43 65727469 66696361 74652 32 31323231 65642D
34343536 3830819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
8100D3EA 07EC5D66 F4DD8ACC 5540BDBE 009B3C26 598EC99C D99D935A 51292F96
F495E5A9 8D012B0E 73EA7639 3B 586799 187993F5 ED9CA31C 788756DD 6BDB1B2B
4D7AA7F0 B07CF82F F2A29E86 E18B442C 550E22D2 E92D9914 105B7D59 253BBEA1
D84636B4 A4B4B300 7946CE84 E9A63D2E 7789B03A 6ADDB04E B21EC207 CCFEAE0B
30 HAS A 50203 010001, 3 1 130101 301B 0603 030101FF FF040530 0F060355 70306E30
551 1104 14301282 10494E54 45524E41 4C5F4146 46414952 53301F06 03551D 23
04183016 8014FA0F B3C9C651 7FD91EFA 3F63EAE8 6C83C80D 8AE2301D 0603551D
0E041604 14FA0FB3 C9C6517F D91EFA3F 63EAE86C 83C80D8A E2300D06 092A 8648
86F70D01 01040500 03818100 A1026DDC C91CAEB2 3C62AF92 D6B25EB2 CA 950, 920
313BCF26 4A35B039 A4F806A0 8CB54D11 6AF1ABAA A770604B 4403F345 0351361B
E2CF2950 26974F4A 95951862 401A4F76 C816590C 2FFCB115 9A8B3E96 4373FFE1
33D744F7 E0FDDE61 B5B48497 9516C3C6 A3157957 C621668E A83B5E33 2420F962
9142DD9E B6E9D74A 899A 9653
quit smoking
dot11 syslog
IP cef
No dhcp use connected vrf ip
DHCP excluded-address IP 10.10.10.1
!
IP dhcp pool dhcplan
Network 10.0.0.0 255.0.0.0
DNS-server 196.0.50.50 81.199.21.94
default router 10.10.10.1
Rental 7
!
!
property intellectual auth-proxy max-nodata-& 3
property intellectual admission max-nodata-& 3
name of the IP-server 81.199.21.94
!
!
!
VPN username password 7 095A5E07
username fred privilege 15 password 7 1411000E08
username ciscovpn password 7 01100F175804101F2F
!
!
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
!
ISAKMP crypto client configuration group internal_affairs_vpn
key *.
DNS 196.0.50.50 81.199.21.94
pool ippool
ACL 108
!
!
Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
!
Crypto-map dynamic internal_affairs_DYNMAP_1 10
Set transform-set RIGHT
market arriere-route
!
!
card crypto client internal_affairs_CMAP_1 of authentication list internal_affairs_vpn
card crypto isakmp authorization list internal_affairs_vpn_group_1 internal_affairs_CMAP_1
client configuration address card crypto internal_affairs_CMAP_1 answer
ipsec 10-isakmp crypto map internal_affairs_CMAP_1 Dynamics internal_affairs_DYNMAP_1
!
Archives
The config log
hidekeys
!
!
!
Bridge IRB
!
!
interface Loopback0
2.2.2.2 the IP 255.255.255.255
!
ATM0 interface
no ip address
ATM vc-per-vp 512
No atm ilmi-keepalive
PVC 0/32
aal5snap encapsulation
Protocol ip inarp
!
DSL-automatic operation mode
Bridge-Group 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description of the local lan interface
IP 10.10.10.1 255.0.0.0
IP nat inside
IP virtual-reassembly
!
interface BVI1
internet interface Description
IP 197.0.4.174 255.255.255.252
NAT outside IP
IP virtual-reassembly
internal_affairs_CMAP_1 card crypto
!
IP local pool ippool 192.168.192.1 192.168.192.200
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 196.0.4.173
!
IP http server
local IP http authentication
IP http secure server
IP nat inside source list interface BVI1 NAT overload
IP nat inside source static tcp 2.2.2.2 23 23 BVI1 interface
!
NAT extended IP access list
allow an ip
!
access-list 108 allow ip 10.0.0.0 0.255.255.255 192.168.192.0 0.0.0.255
!
!
!
control plan
!
Bridge Protocol ieee 1
1 channel ip bridge
!
Line con 0
password 7 0216054818115F3348
no activation of the modem
line to 0
line vty 0 4
password 7 06160E325F59590B01
!
max-task-time 5000 Planner
endSince this is a named ACL, you need to change ACL configuration mode:
NAT extended IP access list
Then, make the changes.
Federico.
-
Client VPN connects but no IP traffic is passed...
I have a user in a hotel, his laptop was works well on remote connections previously, he gets the lock when it connects, but no IP traffic is passed. Is it pings it gets "host unreachable". I think he's behind a firewall of hotel, but nothing else that I can check to confirm? I was going to put the new client available for download (internet access works very well), he performs a version 4.7. I also tested his connection on a profile box test and it worked fine.
UM... so it is able to authenticate so I don't think that he coulkd be blocked... double check you are using have traversed nat enabled on your PIX...
ISAKMP nat-traversal 20
I hope that helps... Rate if he does!
-
Access remote vpn connects to the 5505 but cannot ping servers
I have a cisco 5505 and trying to set it up with 6.4 AMPS.
My vpn client connects ok to the network but I'm unable to reach one of the servers.
I'm sure it's a simple configuration issue, as I don't have much experience with Cisco Configuration.
Any suggestions on where to find would be very appreciated.
Thanks in advance
Graham
Hi Graham,
Please, add the following command:
Inside_nat0_outbound to access extended list ip 192.168.100.0 allow 255.255.255.0 192.168.100.0 255.255.255.0
Thank you.
Portu.
-
How to limit the client VPN connection time in Router2821
I have install a cisco router with VPN (client) 2821 and it works very well.
All the configurations that I did via CLI
But I want a customer to have vpn user:
Connection time maximum 30 min
Maximum idle time 15 min
Where should I put this command?
Kind regards!
Hi Lasandro,
Looks like max connect timer is not yet available, but the timeout is.
You can configure in the dynamic plan using the command 'set security association idle-timeout' .
Or apply globally with periods of inactivity of 60secs just to check:
"crypto ipsec security association idle time 60.
HTH.
Portu.
Please note all useful messages.
-
AnyConnect VPN connects to the work but not the House
Hello
I tried searching for this problem, but I have not found something that I think applies to this situation.
A University that I work uses a vpn ssl with Anyconnect and while in my office at another University, I can easily connect (even through a firewall). However, at home I can not connect. If I connect to the webvpn then the connection hangs at the part where the installation program is to analyze the computer and nothing happens. If I open the program Anyconnect sslvpn address in the login field and I get a time-out error.
I tried to disable the windows firewall and my antivirus, but this is not enough, and not that he should, since both are active while at my desk. I also tried connecting via ethernet and wireless at home.
OS: Windows 7 64-bit
Thank you very much for your help!
We started to see a similar problem a few weeks ago and concluded that when not at the office, users must uncheck the proxy configuration in Internet Explorer before AnyConnect works. Once they VPN, they must of course activate the setting back on proxy.
So far we can say, IE started to cache the proxy.pac and use it when the user is not connected to the corporate network. We are still investigating but would be interested in hearing if this affects others now, and if this is a recent problem for them.
-
PC connected to the airport but no internet
List Dear members, I'll put up a new wifi network in my laboratory using an airport Time Capsule 3 to (802.11ac). All Macs here are correctly attached to the base of the airport and have full internet access. However, two laptops with Windows 7 and 8.1 are connected to the airport base, but do not have access to the internet. The airport is configured with a fixed IP address from my DHCP router mode University. Could you please help me solve this problem? Thank you.
First ping computer test windows laptop in a DOS command window.
Ping the DNS servers of the University System. Ping Google's Public DNS servers. IE 8.8.8.8 and 8.8.4.4
Tell us what is happening.
If you can ping the google DNS, which is usually a good indication that the PC has got the wrong DNS values. So just use manual DNS Configuration in the laptop.
If you cannot ping out of the United system but are ok internally you question gateway... Again check the IP of the bridge against the value Macs are gettings.
Maybe you are looking for
-
Satellite Pro R850-15F - freezing randomly and the fan speeds up
Hello I have a Toshiba Satellite Pro R850-15F who gave me four years in refurbished condition and so it is quite old.I have recently installed Windows 10 and things seemed to work very well. However, last week, I noticed that at least once a day my l
-
Using ISA cards in the Tecra 8100/8200 docking station
Is it possible to use old pc ISA cards in the PCI slots in the Tecra 8100 docking station?The Deskstation V Plus for the 8000 series seems to allow dual use in some of its slots so I wonder if it's the same for the 8100/8200 series. You can also the
-
iPhone 6s frozen when update checking
After downloading and installing the latest update for my iPhone 6 s, he "froze" or "suspended" on the screen that reads, "update of the audit. The circle is to swing around, but I can't cancel, or turn it off. I wonder if there is some sort of "forc
-
After doing a system restore, the wordpad does not work. I do not have word ' cuz it costs money, but I had the work of wordpad and all my docs are on wordpad and now I can't seem to open or work. What I get is ' wordpad application has stopped worki
-
How to activate bluetooth on my aspire 5740G?
How could activate the bluetooth on my computer? I have an ACER Aspire 5740 G laptop and although it has a tab of bluetooth, it never lights up when I press it. I tried to install the bluetooth driver, but still it doesnot work. any help? Thank you v