Console Cable - Cisco VPN 3000 Concentrator
Where can I get a cable from the console to the Cisco VPN 3000 Concentrator? The place I bought the hub of not sent me one with it.
Thank you
JP
JP,
Console port for the concentrator vpn being complient rs-232, you can buy two female DB9 to RJ45 / adapters, one for the concetrator and one for the PC to use in the COM1 port, then use a regular straight through CAT5 cable, that's the way I do and it is convenient as suppose to use the straight through serial rs-232 cable.
http://www.sealevel.com/product_detail.asp?product_id=787
With regard to the regular cable this hub comes with you can use it.
http://www.stonewallcable.com/product.asp?Dept%5Fid=35&PF%5Fid=SC%2DS9%2DFF
Adidtional information for your initial hub seup -.
http://www.Cisco.com/univercd/CC/TD/doc/product/VPN/vpn3000/3_6/getting/gs2inst.htm#1050260
Concerning
PLS rate useful posts
Tags: Cisco Security
Similar Questions
-
Our company uses a 3000 VPN concentrator for our VPN access.
Is there a way to view a log history of what the user connected to the VPN and what IP address they were assigned? This would be 2 days ago, which was over the weekend.
Thank you.
To obtain this type of information, you must configure an external management server, syslog server and send this info to this server.
You can for example download any freeware like http://www.kiwisyslog.com kiwi syslog server, then configure the hub to send the logs on the server.
Here's how to use the VPN 3 k and syslogs etc...
http://www.Cisco.com/en/us/partner/docs/security/vpn3000/vpn3000_47/configuration/guide/events.html
For information more fancy graphical reporting you can also use Cisco Security Manager http://www.cisco.com/en/US/partner/products/ps6498/index.html
There are also 3rd party sofwware out there who can collect this type of information such as the engine firewall monitor of manage - may also collect newspapers of concentrators Cisco VPN - connections vpn etc...
http://www.ManageEngine.com/products/firewall/distributed-monitoring/index.htmlConcerning
-
Cisco VPN 3000 at work and at home
I have a Cisco VPN to my desk that I can use to get to my home office network using my VPN client. Unfortunately I can't print on my personal printer (which is on a switch) then I am connected to the VPN. After I disconnect the VPN, I am able to print again at my home printers. What can I do to set this up, so I can see my printers on my way home when I am connected to the VPN to work.
Thank you for your help.
Kind regards
Diane
Diane,
It is very likely that you use at home the same subnet exists at your office. For example, if you use 192.168.1.X and the VPN is configured to send all traffic through the tunnel 192.168.1.X because it's your office network, you would see this symptom. A simple solution would be to change your home network 192.168.0.X
I hope this helps. If so, please indicate the position.
Brandon
-
Problems with VPN between Cisco PIX 6.3.3 and VPN 3000 Concentrator
Hi guys,.
I hope this is the right place and that someone has encountered this before I don't have much hair left to offset - I'm trying to set up a tunnel between our Pix 6.3.3 performer and a customer using a VPN3000.
The customer wants us to be able to do checkups on a device without allowing anything to of our range of addresses network side private, just one public IP address. We currently run a VPN to our recovery site to allow off-site replication, but the ACL on the other end of this VPN * does * allow the configuration that we had for our private network side, so traffic was not useful at that. Here is a screenshot of what I tried:
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
nameif ethernet2 dmz1 security50name 172.16.1.48 Cust_DVR1
permit 192.168.1.0 ip access list inside_outbound_nat0_acl 255.255.255.0 255.255.255.255 Cust_DVR1
permit 192.168.1.0 ip access list outside_cryptomap_30 255.255.255.0 255.255.255.255 Cust_DVR1
IP outside X.Y.Z.227 255.255.255.224
IP address inside 192.168.1.1 255.255.255.0location of PDM Cust_DVR1 255.255.255.255 outside
Global 1 X.Y.Z.230 (outside)
Global (dmz1) 1 interface
NAT (inside) 0-list of access inside_outbound_nat0_acl
NAT (inside) 1 192.168.1.0 255.255.255.0 0 0Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
outside_map 30 ipsec-isakmp crypto map
outside_map 30 peer A.B.C.D crypto card game<--- (public="" ip="" of="" customer="">--->
card crypto outside_map 30 match address centura_map_30
card crypto outside_map 30 the transform-set ESP-3DES-MD5 value
outside_map interface card crypto outside
ISAKMP key * A.B.C.D netmask 255.255.255.255 No.-xauth No. config-mode
part of pre authentication ISAKMP policy 30
ISAKMP policy 30 3des encryption
ISAKMP policy 30 md5 hash
30 2 ISAKMP policy group
ISAKMP duration strategy of life 30 86400
My hope is that anything on the 192.168.1.0/24 would be able to get out of the external interface as our only our public IP addresses (i.e. X.Y.Z.230), but the traffic they see on the other end is coming from the 192.168.1.0 network. I tried to remove the line inside_outbound_nat0_acl think she would use then the world but still do not have a bit of luck and the only difference I see on Kiwi Syslogd is that the src_proxy changes to 0.0.0.0 where is shows the IP address of my private side (for the purposes of the config above let's call it 192.168.1.135).
THANKS MUCH FOR ANY HELP!
-Mario
Hello
For example, you can NAT your internal via the tunnel network traffic when you go to this customer.
In this way, they will see your unique internal network as an IP address.
Let's say, rather than them seeing your internal 192.168.1.0/24, eelle will see your traffic like X.Y.Z.227
Is this what you need?
Federico.
-
How to configure VPN 3000 Concentrator for remote access
I have inherited a VPN concentrator and want to configure it to provide remote access to my internal laboratory network when I'm traveling. Private interface is configured as 192.168.1.240/24. Public interface is configured as one of my public IP addresses. I have a public IP pool on the back side of a cable modem Roadrunner. I created a pool of addresses for clients such as 192.168.1.200 by 192.168.1.205. I created all group configurations, group and user base.
In the IP Routing tab, I see a default route pointing to my IP address of public gateway - the IP address of my box of roadrunner cable modem gateway.
Since my VPN client, I am able to connect to the VPN concentrator. I get an address from the pool and check the details of the tunnel under the statistics section shows IP address correct pool for the customer and the correct public IP address of my VPN reorga
Jeff,
According to statistics, it seems that the client sends traffic to the hub, but his answer not get back.
We need check the hub settings itself.
I need check the hub settings and that it is a GUI based device so I can't even ask to see the technology and the only option available is to WebEx.
You're ok with webex, pls lemme session comfortable time id and e-mail to send the invitation, it takes no more time and we will carry it out
Thank you
Ankur
-
NAT via LAN-to-LAN configuration between router IOS and Cisco VPN 3000
Hello
I have the following document on the creation of a virtual LAN2LAN including NAT private network.
It? s easily do this with the hub. Now, I have to set it up on the IOS router, and for this purpose, I can? t find any information. NAT, I have my private network to a single IP address that must be by tunnel as my local network official.
Anyone have documentation on this szenario? I can? t is not on the OCC.
Thanks for the support
Hello.
Concentrators are very friendly units (IMHO) to VPN with NAT and VPN.
You build an acl defined traffic over the vpn (110) based on the nat wouldn't
You create an acl to set what is NAT had (111) and create a NAT statement accordingly
Here is an example configuration.
!
crypto ISAKMP policy 10
BA 3des
md5 hash
preshared authentication
Group 2
vpnsrock crypto isakmp key! address x.x.x.x
!
!
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
!
10 VPN ipsec-isakmp crypto map
defined peer x.x.x.x
game of transformation-ESP-3DES-SHA
match address 110
!
interface Fa0
NAT outside IP
VPN crypto card
!
!
interface fa1
IP nat inside
!
IP nat inside source list 111 interface fa0 overload
IP route 0.0.0.0 0.0.0.0 y.y.y.y
access-list 110 permit ip fa0 - ip network-remote control-generic generic-mask
access-list 111 allow local-network ip network-remote control-generic generic-mask
!
-
Failures of intermittent connection to the VPN 3000 Concentrator
Hello
I managed a VPN 300 hub that works with happiness for several years with no problems. All users are part of the same group and authenticate on a server RSA. We recently moved from Authentication Manager RSA RSA 7.1 Authentication Manager 6.1. Continuous everthing works well for several weeks, then at the beginning of this week we started having users intermittently failing to connect to the VPN. I don't know if this problem is related to our new server RSA, but we have other devices on the network that authenticate on it without any problem, so I guess the problem is with the Concentrator VPN itself.
When users fail they just get a generic error message 'Reason 427 completed peer connection'. Live event log shows "group = vpn, status = is not off duty" when their connection fails. Other times they connect normally and no error messages appear. There seems to be no real reason, sometimes your connection fails, but if you keep trying you will get eventually in [However it may take several attempts in the course of an hour or two until you succeed, or you can get immediately without a problem].
I don't think that it's a network problem, because I ran continuous for the hub and the RSA server pings while users are experiencing these problems and there are no drops.
Authentication RSA server monitor always shows that the user is authenticated successfully, the connection of users actually succeed or not. I'm tempted to reboot just the hub, but we have tunnels VPN site-to-site connected on it and I'm a little worried if it is faulty you can not come back at all.
Has anyone encountered this problem before?
Thanks in advance
Hi Graham,
My guess is that the new RSA server is slower to react, causing the Timeout vpn3000 sometimes - this would explain all the symptoms (nature intermitten's not in service, the success of logs on the server).
I don't have a vpn3k at hand to check, but I think that in the config server aaa where you set the ip address etc. of the RSA server, you can also set a time-out value - see if increasing this value help.
HTH
Herbert
-
VPN 3000 Concentrator authentication failure.
Hi team,
I am facing the error of authentication in the hub.
Scenario: -.
Hub is integrated with AD.
Error: -.
---
2451 11/22/2009 13:20:35.550 SEV = 3 RPT AUTH/5 = 19132 86.62.198.251
Authentication was rejected: reason = Unspecified
manage 396, server = 172.27.1.13 =, user = 23733, area =Hi subashmbi,
I have more questions for you: -.
1. which authentication protocol is used with AD?
2. by chance "23733" user which you see the authentication error, part of several groups defined in AD?
As a quick test, try to switch the VPN group to NT domain authentication and let me know how it goes...
If NT does not work then try LOCAL authentication.
Waiting for your answer, the answers to the questions posed above and the results of the test with NT and LOCAL...
Concerning
M
-
What are the ports used by the Cisco VPN Client?
Hello
I need to open my outgoing traffic on my firewall to allow two interns (LAN) Cisco VPN Client to connect to their Internet virtual private network.
I already opened the port 500/UDP, but they are not able to connect. If I open all outgoing ports, they can connect.
What are the ports used by the Cisco VPN Client?
Thank you
You need to open:
UDP 500
ESP protocol
You must also open the UDP 4500 port (if using NAT - T).
In addition, if the clients are connecting to a VPN 3000 Concentrator series and it is configured for all other options of NAT-transparency, corresponding ports must be open. By default:
1. If using IPSec over TCP 10000, then open TCP 10000.
2. If using IPSec over UDP 10000, open UDP 1000.
-
Hello
It is as sure to fix the public interface on a VPN 3000 Concentrator on the internet? Or should there be a firewall in front.
I understand that the public interface is "hardcoded" and only open ports you'd pass firewall anyway, but I just wanted to check with experts to ensure that :-)
Peter
Hi Peter,.
I don't think there are major problems involving the public interface of VPN 3030 Internet. It is means in reality for public access... it is a little hardened to allow only specific protocols... If you have an ID, you can monitor the traffic on this interface and shun unnecessary connections if necessary... you also have filters on the public interface, which allows you to restrict the traffic...
set the vpn behind a firewall increases the complexity of your network. You may as well have this behind, but it will be a little complicated.
I hope this helps... all the best
REDA
-
I keep to err msge "mask/area bad ip address/subnet mask/generic id" when you attempt to add a class C network to the list a VPN 3000 Concentrator using the CLI. Here's my entry 192.168.51.0/0.0.0.255. The number and the wildcard mask seem ok. Isn't the right syntax?
Vincent, you're very welcome and thank you for the update... happy all worked... Please rate as solved post.
Rgds BST
Jorge
-
I have a Cisco VPN 3060 concentrator and sometimes I get the following message from syslog. What does this error mean?
Local7.warning, SEV 2 RPT EVENT/42 = 30 = save to FTP server failed (9)
It seems that you configure the VPN concentrator to send the log saved on an FTP file.
You can check the following for parameters:
Configuration | System | Events | FTP backup
These are the 2 FTP options which can be configured on the VPN concentrator.
-
Cisco VPN 3060 - Cisco ASA conversion
We are about to embark on the passage of all extensions L2L and network (Cisco ASA 5505 s) of the Cisco VPN 3060 concentrator to a Cisco ASA 5520.
We bsemblable woul to see if there is a simple method to do this as a converter? Also, there are lessons learned? We run 8.4.3 so that we know that the NAT configuration has differed. The 3060 configuration can be changed in anyway for help in configuring the ASA?
Thank you
Dwane
Thank you for your understanding Dwane.
Please mark this message as answered.
Good day.
-
Cisco ACS 5.4 and VPN 3000
Hello
I'm trying to use CIsco ACS 5.4 for RADIUS authentication for VPN by using VPN concentrator 3000 users.
I added the VPN 3000 on ACS and added GBA on VPN group with a shared secret authentication server. When I do a test on the authentication server using the local account that I created on ACS it happens as no response was received from the server so that I can see the RAIDUS AAuth in green.
Any help would be much appreciated.
Concerning
AR
Hey,.
What is the report on GBA?
"RAIDUS AAuth in green"
If so, a pcap help between the two.
Concerning
Ed
-
LAN-to-LAN tunnel between VPN 3000 and Cisco 1721
Hello
I have a current LAN-to-LAN tunnel configuration between VPN 3000 (3.6) and Cisco 1721 (12.2 (11) T).
When I use the encryption = authentication and Des-56 = ESP\MD5\HMAC-128 for the IPSec Security Association, everything works fine.
However, I would like to Turn off encryption for some time getting the speed improvements, so I changed
Encryption = null esp (in 1721) and to "null" in VPN-3000.
Now the tunnel is setup but I can spend only ICMP traffic. When I pass the traffic UDP\TCP the message below appears the Cisco 1721
% C1700_EM-1-ERROR: error in packet-rx: pad size error, id 75, hen offset 0
Has anyone seen this behavior?
All those put in place an IPSec Tunnel with only the ESP authentication and NO encryption between VPN-3000 and Cisco 1721?
Thanx------Naman
Naman,
Disable you the vpn Accelerator? "no accel crypto engine. Sure that you can't do with a null module vpn.
Kurtis Durrett
Maybe you are looking for
-
How can I install my old hp scanjet 2400 driver
I have not find a driver for my old HP scanjet 2400 driver. Help, please.
-
Can't see kill County and buildings razed in age of empires 2 conquerors, how to fix?
I reinstalled the game, fixed it at first, but when I installed 1.0 c and installed Woobly (which is where I play online for age of empires) it shows kill account less than 10 years old when I killed more than 200 and razed buildings it shows 0, it's
-
McAfee antivirus updates the computer preventing it from closing
McAfee Antivirus is installed on my Windows XP computer. Every time I go to shut down my computer that McAfee updates the window rises and must first be downloaded. It's OK, except that updates download ever and that my machine restarts without the
-
Can network Mobile be enabled/disabled by programming in BB10?
Hello Please let me know if there is a api to power mobile network programmatically in blackberry 10.
-
I just got a new Blackberry Curve 8900 in Exchange for one who broke up with the trackball fault mentioned here a couple of weeks. They couldn't fix it in the allocated time so they sent me a new. It's very nice, but the software has changed a bit -