Remote access external hdd E3000

Hello everyone. I have a noob question. I have an e300 router with my external hard drive connected via USB. I am trying to find a way to access the remote hard drive. I'm not trying to access through remote desktop access. I have my laptop that I take with me when away from home, but I would like to be able to access the hard drive via Internet. Is this possible? I'd appreciate any help I can get. Thank you.

AT·

Tags: Linksys Routers

Similar Questions

Remote access Windows Server 2012 through internet with desktop connection

Summer messing about with it for days and don't get no love.

Try to connect with Windows 7 Ultimate edition to Windows Server 2012 Data Center version from outside my home network, Starbucks or McDonald's or my server at home.

Tried all these steps found in this promising and useful article:

http://Windows.Microsoft.com/en-us/Windows7/allow-remote-desktop-connections-from-outside-your-home-network
1. Allow connections to the computer you want to access remotely. DONE - ADDED to THE SERVER AND NON-ADMIN ACCOUNT to RDP GROUP of ROLES, using network level authentication. Connection of Win 7, so this method of authentication should not be a problem, I assume.
2. Make sure that remote desktop is able to communicate through your firewall. DONE - FOR BOTH PUBLIC AND PRIVATE RULE.
3. Find the IP address of the computer on your home network you want to connect. MADE - by using the ipconfig/all command
4. Open your router configuration screen and worms forward port 3389 for TCP IP address of the destination computer. DONE - NOT TCP/UDP but TCP only, internal and external port goes. Note: The use of a booster signal wifi at the end of the House, it is a problem that requires additional configuration? I don't think he has an ip address or acts as a router. But in desperation I can try unplugging then again head the local Starbucks to try to connect.
5. Find the IP address of the router so that the remote desktop can be found on the Internet. DONE - using "what is my ip", pretty easy.
6. Open Remote Desktop connection, and connect. ACTUALLY, I think THAT, IN ENTERING [ip router]: 3389.
But the result of the message is always the typical:

(1) remote access to the server is not enabled.

> But this is not true, that I am capable of the DRC at home on the server machine.

(2) computer remote is not off.

> But this is not true, as I just left home 30 minutes and sometimes it's rarely, only restarted.

(3) the remote computer is not available on the network.

> Don't know what that means. Of course the remote computer is not on the network, I am on right now. It's on my home network. But I can ping my router ip via cmd, then coming to the outside can be done; through my router, I should be able to access inside my home network port forwarding w. But no love.

So... what to do, what to do...

The wifi booster is a problem?

Connects to the Data Center edition a problem?

What happens if I uncheck the option ' use authentication NLA, is that the passage of the security risk?

Any ideas about the configuration I could be missing before giving up and go for VPN or TeamViewer. I would really like to see materialized during all the time that I put in trying to run the DRC.

Thanks for any input.

/ Markus

Hello

Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.

http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

See you soon.

Wireless remote access disk attached to the router wi - fi via USB

I access the internet from Windows 7, you use a wi - fi FiOS router. It has a USB port on the router. I connected an external hard drive (already correctly formatted) to the USB port. QUESTION: How can I access the HDD (wireless) of Windows 7? Currently, Windows 7 does not indicate the presence of the external drive.

If you have the Actiontec MI424WR (Verizon FIOS router more common) the USB port is pretty useless. Here is a quote from the Manual:

"The USB port provides up to 5 VDC for the devices connected (to recharge a mobile phone, for example). In the future, with an update of the firmware version, the USB host feature will be available as external storage devices and cameras. »

Here is a related discussion: http://forums.verizon.com/t5/FiOS-Internet/USB-Port-on-Actiontec-MI424WR-Rev-E/td-p/277749

ODA IP ASA when you browse the web via remote access vpn

Hi all

I was wondering if it is possible to configure an ASA5510 in a way to allow users remote access VPN use external IP of the ASA when browsing the web. So what I'm looking for is a solution to hide my IP address and use the IP address of the ASA, when browsing.

The firmware version of the ASA is 9.1 (6)

Thanks in advance

Hello

What you want to achieve is calles u-turn.

You must enable the feature allowed same-security-traffic intra-interface

For the configuration of the asa, here's the Cisco documentation (I don't copy paste on the post):

http://www.Cisco.com/c/en/us/support/docs/security/ASA-5500-x-series-NEX...

Thank you

PS: Please do not forget to rate and score as good response if this solves your problem

Urgent! Users of remote access VPN connects but cannot access remote LAN (ping, folder,...)

Hello

I am setting up a VPN on a Cisco ASA 5510 version 8.4 remote access (4) 1.

When I try to connect via the Cisco VPN client software, I am able to connect however I am unable to access network resources.

However, I can ping the servers in the other site that is connected through the VPN site-to site to the main site!

VPN client--> main site (ping times on)--> Site connected with the main site with VPN S2S (successful ping)

Please help me I need to find a solution as soon as POSSIBLE!

Thank you in advance.

Hello

Please remove the NAT exemption and the re - issue the command but with #1, so it will place the NAT as first line:

No nat (SERVERS, external) static source SERVERS_LAN SERVERS_LAN NETWORK_OBJ_10.10.40.8_29 NETWORK_OBJ_10.10.40.8_29 non-proxy-arp-search of route static destination

NAT (SERVERS, external) 1 static source SERVERS_LAN SERVERS_LAN NETWORK_OBJ_10.10.40.8_29 NETWORK_OBJ_10.10.40.8_29 non-proxy-arp-search of route static destination

After re-configured this way, make sure that this command is also available:

Sysopt connection permit VPN

This sysopt will allow traffic regardles any ACL a fall, just in case. Please continue to run a package tracer and post it here,

Packet-trace entry Server icmp XXXXXX 8 0 detailed YYYYY

XXXX--> server IP

AAAA--> VPN IP of the user

Don't forget to do the two steps and a just in case, capture Please note and mark it as correct the useful message!

Thank you

David Castro,

Remote access ASA5510

Hello guys,.

I have to configure an ASA 5510 as server of remote access for Windows XP machines. I tried to configure L2TP and IPSec, but not worked. I was referred to a correct document by a member of this forum (appreciated), but it seems that XP machines do not like L2TP and they more readily accept PPTP. Someone can reffer me a document how to configure ASA5510 with PPTP remote access. I checked the unit and see no option to use PPTP instead of L2TP. Guys thank you very much in advance.

Kind regards

RVR

! - Identifies the encryption and hash IPsec algorithms

! - to be used by the game of transformation.

Crypto ipsec transform-set esp-3des esp-md5-hmac TRANS_ESP_3DES_MD5

! - Because the Windows 2000 L2TP/IPsec client uses IPsec transport mode,.

! - define the mode of transport.

! - The default is tunnel mode.

Crypto ipsec transform-set transit mode TRANS_ESP_3DES_MD5

! - Specifies the transformation affects to be used in a dynamic crypto map entry.

Crypto-map dynamic outside_dyn_map 20 game of transformation-TRANS_ESP_3DES_MD5

! - Requires a given crypto map entry to refer to a pre-existing

! - dynamic crypto map.

map outside_map 20-isakmp ipsec crypto dynamic outside_dyn_map

! - Apply a defined encryption card previously set on an external interface.

outside_map interface card crypto outside

crypto ISAKMP allow outside

Crypto isakmp nat-traversal 20

! - Specifies the protocol IKE Phase I parameters of strategy.

crypto ISAKMP policy 10

preshared authentication

3des encryption

md5 hash

Group 2

life 86400

! - Create a group of tunnel with the tunnel-group command, and specifies the local

! - name of the address pool used to assign the IP address to the client.

! - Associated with the AAA (VPN) server with the Group of the tunnel group.

attributes global-tunnel-group DefaultRAGroup

address clientVPNpool pool

Vpn server authentication group

! - Link the name of the group to the default tunnel

! - Tunnel group general attributes mode group.

Group Policy - by default-DefaultRAGroup

! - Use the command of tunnel group ipsec-attributes

! - to enter the mode of configuration of ipsec-attribute.

! - The value of the preshared key.

! - This key must match the key configured on the Windows machine.

IPSec-attributes tunnel-group DefaultRAGroup

pre-shared-key *.

. - Configure the PPP authentication with the type of authentication protocol

! - tunnel ppp-attributes group mode command.

tunnel-group DefaultRAGroup ppp-attributes

No chap authentication

ms-chap-v2 authentication

«Problems with remote access with ASA 5505-, this is the error "the remote peer is no more answers»

Hello

By train I got a remote access IPSec VPN, when I have all the performed configuration and try to access remote show software vpn client (cisco) the following message:

"The remote peer is no more answers.

I know where is the problem.

Network information:

ASA TO LAN - 1:

192.168.1.0 - 255.255.255.0

the interface vlan 1:

IP: 192.168.1.1 - 255.255.255.0

the interface vlan 2:

IP: 100.100.100.1 - 255.255.255.252

REMOTE LAN ACCESS:

192.168.10.0 - 255.255.255.0

ASA-1 configuration:

* IP address pool

local IP VPNPOOL 192.168.20.1 pool - 192.168.20.254

* Split tunneling

splittunnel list standard access allowed 192.168.1.0 255.255.255.0

* NAT configuration

object obj LAN
subnet 192.168.1.0 255.255.255.0
object obj-vpnpool network
subnet 192.168.20.0 255.255.255.0
NAT (inside, outside) 1 static source obj-local obj-local destination static obj-vpnpool obj-vpnpool no-proxy-arp

* Group Policy

internal group company-vpn-policy policy
attributes of vpn-company-policy-group policy
VPN-idle-timeout 30

Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list splittunnel

Configure the IPSec

IKEv1 crypto policy 10
3des encryption
sha hash
preshared authentication
Group 2
life 3600
Crypto ikev1 allow outside
crypto isakmp identity address

Crypto ipsec transform-set esp-3des esp-sha-hmac RA - TS ikev1

Dynamic crypto map DYN_MAP 10 set transform-set RA - TS ikev1

card crypto VPN_MAP 30-isakmp dynamic ipsec DYN_MAP
VPN_MAP interface card crypto outside

Create tunnels

tunnel-group vpnclient type remote access
tunnel-group vpnclient-global attributes
address VPNPOOL pool
by default-group-company-vpn-policy
tunnel-group vpnclient ipsec-attributes
IKEv1 pre-shared-key groupkey123

Where is the problem?

Hello
Configuration seems almost perfect. Please share the result of the following of the ASA when you try to connect.

Debug crypto isakmp 200
Debug crypto ipsec 200

You can take snapshots on the external interface of the firewall to confirm if the packets are reaching the firewall or don't use do not:
capture capx off match ip host host interface

Kind regards
Dinesh Moudgil

PS Please rate helpful messages.

The managed behind router switch remote access?

What is the best way to access remotely to a switch behind a router? I will use a switch SF300, and there is no server.

For points of access (PA) behind a router, I give each a diffferent LAN address and port number. In router I have forward TCP traffic with the single port/LAN IP. Then using the port numbers with the address of the static router, the browser can remote access to the router or the attached AP. But where do I put the managed switch LAN port number? Assume default is port 80 and I would change to 8001 to switch #1; 8002 to switch #2; etc. Could not find this info in the manual of configurtion.

Hello

At this point, I would recommend a call to the Cisco Small Business Centre at 1-866-606-1866 support so that action can be taken and your configuration can be reviewed.

I have reproduced the concern here and I am able to remotely manage my switch SF300 with an RV082 as the router.

My rule in the RV082 are as follows:

Creating a custom topic UPnP service. Create SF300 application name (it is a basic text field and can be any name), 8001 an external port and internal port 80. I send to the address IP internal SF300 switch and click the check box. From there on, I select Add to the list. Once it appears in my list, I then click Save settings at the bottom of the page.

Thank you!

Dave

Remote access VPN Cisco ASA

Hello!

I have 9.1 (3) version of Cisco ASA with remote access VPN set UP on the outside interface. When the user connects to the Internet on the outside interface, it works well. My goal is to allow the connection of all other interfaces (inside the dmz and etc.) to the outside interface. Cisco ASA allows to do? Order to packet - trace output is less to:

MSK-hq-fw1 # packet - trace entry inside tcp 10.10.10.1 14214 1.1.1.2 443

Phase: 1

Type:-ROUTE SEARCH

Subtype: entry

Result: ALLOW

Config:

Additional information:

developed 1.1.1.2 255.255.255.255 identity

Phase: 2

Type:-ROUTE SEARCH

Subtype: entry

Result: ALLOW

Config:

Additional information:

developed 1.1.1.2 255.255.255.255 identity

Result:

input interface: inside

entry status: to the top

entry-line-status: to the top

the output interface: NP identity Ifc

the status of the output: to the top

output-line-status: to the top

Action: drop

Drop-reason: (headwall) No. road to host

Hello

Well, you can of course turn VPN on other interfaces, but to be honest, I never even tried to set up the VPN it otherwise than of multiple multiple external interfaces in the case of the ISP and in this case only for testing purposes.

Some things related to the ASA are well known but not well documented.

The official document that I can remember: this is the following (which only refers to this limitation regarding the ICMP)
```
Note 
For  security purposes the security appliance does not support far-end  interface ping, that is pinging the IP address of the outside interface  from the inside network.
```
Source (old configuration guide):

http://www.Cisco.com/c/en/us/TD/docs/security/ASA/asa71/configuration/guide/conf_gd/trouble.html#wp1059645

-Jouni

Problems with remote access IPSec VPN

Dear Experts,

Kindly help me with this problem of access VPN remotely.

I have configured remote access VPN IPSec using the wizard. The remote client connects to fine enough seat, gets the defined IP address, sends the packets and bytes, BUT do not receive all the bytes or decrypt packets. On the contrary, the meter to guard discarded rising.

What could be possibly responsible or what another configuration to do on the SAA for the connection to be fully functional?

It can help to say that Anyconnect VPN is configured on the same external Interface on the ASA, and it is still functional. What is the reason?

AnyConnect VPN is used by staff for remote access.

Kindly help.

Thank you.

Hello

So if I understand correctly, you have such an interface for LAN and WAN and, naturally, the destination networks you want to reach via the VPN Client connection are all located behind the LAN interface.

In this case the NAT0 configuration with your software most recent could look like this

object-group, LAN-NETWORKS-VPN network

network-object

network-object

network-object

network of the VPN-POOL object

subnet

destination of LAN-NETWORKS-VPN VPN-NETWORKS-LAN static NAT (LAN, WAN) 1 static source VPN-VPN-POOL

Naturally, the naming of interfaces and objects might be different. In this case its just meant to illustrate the purpose of the object or interface.

Naturally I'm not sure if the NAT0 configuration is the problem if I can't really say anything for some that I can't see the configuration.

As for the other question,

I have not implemented an ASA to use 2 interfaces so WAN in production environments in the case usually has separate platforms for both or we may be hosting / providing service for them.

I imagine that there are ways to do it, but the main problem is the routing. Essentially, we know that the VPN Client connections can come from virtually any public source IP address, and in this case we would need to default route pointing to the VPN interface since its not really convenient to set up separate routes for the IP address where the VPN Client connections would come from.

So if we consider that it should be the default route on the WEBSITE of the ASA link, we run to the problem that we can not have 2 default routes on the same active device at the same time.

Naturally, with the level of your software, you would be able to use the NAT to get the result you wanted.

In short, the requirements would be the following
- VPN interface has a default route, INTERNET interface has a default route to value at the address below
- NAT0 between LAN and VPN interface configuration to make sure that this traffic is passed between these interface without NAT
- Interfaces to special NAT configuration between LAN and INTERNET which would essentially transfer all traffic on the INTERNET interface (except for VPN traffic that we have handled in the previous step)
The above things would essentially allow the VPN interface have the default route that would mean that no matter what the VPN Client source IP address it should be able to communicate with the ASA.

The NAT0 configuration application would be to force ASA to pass this traffic between the LAN and VPN (pools) for VPN traffic.

The special configuration of NAT then match the traffic from LAN to ANY destination address and send to the INTERNET interface. Once this decision is made the traffic would follow the lower value default route on this interface.

I would say that this isn't really the ideal situation and the configuration to use in an environment of productin. It potentially creates a complex NAT configuration such that you use to manipulate the traffic instead of leave the mark of table routing choice in the first place.

Of course, there could be other options, but I have to test this configuration before I can say anything more for some.

-Jouni

Client remote access VPN gets connected without access to the local network

: Saved

:

ASA 1.0000 Version 2

!

hostname COL-ASA-01

domain dr.test.net

turn on i/RAo1iZPOnp/BK7 encrypted password

i/RAo1iZPOnp/BK7 encrypted passwd

names of

!

interface GigabitEthernet0/0

nameif outside

security-level 0

IP 172.32.0.11 255.255.255.0

!

interface GigabitEthernet0/1

nameif inside

security-level 100

IP 192.9.200.126 255.255.255.0

!

interface GigabitEthernet0/2

Shutdown

No nameif

no level of security

no ip address

!

interface GigabitEthernet0/3

Shutdown

No nameif

no level of security

no ip address

!

interface GigabitEthernet0/4

Shutdown

No nameif

no level of security

no ip address

!

interface GigabitEthernet0/5

nameif failover

security-level 0

192.168.168.1 IP address 255.255.255.0 watch 192.168.168.2

!

interface Management0/0

nameif management

security-level 0

192.168.2.11 IP address 255.255.255.0

!

passive FTP mode

DNS server-group DefaultDNS

domain dr.test.net

network of the RAVPN object

192.168.0.0 subnet 255.255.255.0

network of the NETWORK_OBJ_192.168.200.0_24 object

192.168.200.0 subnet 255.255.255.0

network of the NETWORK_OBJ_192.9.200.0_24 object

192.9.200.0 subnet 255.255.255.0

the inside_network object-group network

object-network 192.9.200.0 255.255.255.0

external network object-group

host of the object-Network 172.32.0.25

Standard access list RAVPN_splitTunnelAcl allow 192.9.200.0 255.255.255.0

access-list extended test123 permit ip host 192.168.200.1 192.9.200.190

access-list extended test123 permit ip host 192.9.200.190 192.168.200.1

access-list extended test123 allowed ip object NETWORK_OBJ_192.168.200.0_24 192.9.200.0 255.255.255.0

192.9.200.0 IP Access-list extended test123 255.255.255.0 allow object NETWORK_OBJ_192.9.200.0_24

pager lines 24

management of MTU 1500

Outside 1500 MTU

Within 1500 MTU

failover of MTU 1500

local pool RAVPN 192.168.200.1 - 192.168.200.254 255.255.255.0 IP mask

no failover

ICMP unreachable rate-limit 1 burst-size 1

ASDM image disk0: / asdm - 66114.bin

don't allow no asdm history

ARP timeout 14400

NAT (inside, outside) source Dynamics one interface

NAT (it is, inside) static static source NETWORK_OBJ_192.9.200.0_24 destination NETWORK_OBJ_192.168.200.0_24 NETWORK_OBJ_192.168.200.0_24 NETWORK_OBJ_192.9.200.0_24

Route outside 0.0.0.0 0.0.0.0 172.32.0.2 1

Timeout xlate 03:00

Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

Floating conn timeout 0:00:00

dynamic-access-policy-registration DfltAccessPolicy

identity of the user by default-domain LOCAL

the ssh LOCAL console AAA authentication

Enable http server

http 0.0.0.0 0.0.0.0 outdoors

http 0.0.0.0 0.0.0.0 inside

No snmp server location

No snmp Server contact

Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start

Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac

Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac

Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac

Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac

Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac

Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

outside_map interface card crypto outside

Crypto ca trustpoint ASDM_TrustPoint0

Terminal registration

name of the object CN = KWI-COL-ASA - 01.dr.test .net, C = US, O = KWI

Configure CRL

Crypto ikev1 allow outside

IKEv1 crypto policy 10

authentication crack

aes-256 encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 20

authentication rsa - sig

aes-256 encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 30

preshared authentication

aes-256 encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 40

authentication crack

aes-192 encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 50

authentication rsa - sig

aes-192 encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 60

preshared authentication

aes-192 encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 70

authentication crack

aes encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 80

authentication rsa - sig

aes encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 90

preshared authentication

aes encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 100

authentication crack

3des encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 110

authentication rsa - sig

3des encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 120

preshared authentication

3des encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 130

authentication crack

the Encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 140

authentication rsa - sig

the Encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 150

preshared authentication

the Encryption

sha hash

Group 2

life 86400

IKEv1 crypto policy 65535

preshared authentication

3des encryption

sha hash

Group 2

life 86400

Telnet 192.9.200.0 255.255.255.0 inside

Telnet timeout 30

SSH 0.0.0.0 0.0.0.0 management

SSH 0.0.0.0 0.0.0.0 outdoors

SSH 66.35.45.128 255.255.255.192 outside

SSH 0.0.0.0 0.0.0.0 inside

SSH timeout 30

SSH version 2

Console timeout 0

a basic threat threat detection

Statistics-list of access threat detection

no statistical threat detection tcp-interception

WebVPN

allow outside

AnyConnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1

AnyConnect enable

tunnel-group-list activate

attributes of Group Policy DfltGrpPolicy

internal RAVPN group policy

RAVPN group policy attributes

value of server WINS 192.9.200.164

value of 66.35.46.84 DNS server 66.35.47.12

VPN-filter value test123

Ikev1 VPN-tunnel-Protocol

Split-tunnel-policy tunnelspecified

Split-tunnel-network-list value test123

Dr.kligerweiss.NET value by default-field

username test encrypted password xxxxxxx

username admin password encrypted aaaaaaaaaaaa privilege 15

vpntest Delahaye of encrypted password username

type tunnel-group RAVPN remote access

attributes global-tunnel-group RAVPN

address RAVPN pool

Group Policy - by default-RAVPN

IPSec-attributes tunnel-group RAVPN

IKEv1 pre-shared-key *.

!

class-map inspection_default

match default-inspection-traffic

!

!

type of policy-card inspect dns preset_dns_map

parameters

maximum message length automatic of customer

message-length maximum 512

Policy-map global_policy

class inspection_default

inspect the preset_dns_map dns

inspect the ftp

inspect h323 h225

inspect the h323 ras

Review the ip options

inspect the netbios

inspect the rsh

inspect the rtsp

inspect the skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect the tftp

inspect the sip

inspect xdmcp

!

global service-policy global_policy

context of prompt hostname

no remote anonymous reporting call

call-home

Profile of CiscoTAC-1

no active account

http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address

email address of destination [email protected] / * /

destination-mode http transport

Subscribe to alert-group diagnosis

Subscribe to alert-group environment

Subscribe to alert-group monthly periodic inventory 2

Subscribe to alert-group configuration periodic monthly 2

daily periodic subscribe to alert-group telemetry

aes encryption password

Cryptochecksum:b001e526a239af2c73fa56f3ca7667ea

: end

COL-ASA-01 #.

Here is a shot made inside interface which can help as well, I've tried pointing the front door inside the interface on the target device, but I think it was a switch without ip route available on this subject I think which is always send package back to Cisco within the interface

Test of Cape COLLAR-ASA-01 # sho | in 192.168.200

25: 23:45:55.570618 192.168.200.1 > 192.9.200.190: icmp: echo request

29: 23:45:56.582794 192.168.200.1.137 > 192.9.200.164.137: udp 68

38: 23:45:58.081050 192.168.200.1.137 > 192.9.200.164.137: udp 68

56: 23:45:59.583176 192.168.200.1.137 > 192.9.200.164.137: udp 68

69: 23:46:00.573517 192.168.200.1 > 192.9.200.190: icmp: echo request

98: 23:46:05.578110 192.168.200.1 > 192.9.200.190: icmp: echo request

99: 23:46:05.590057 192.168.200.1.137 > 192.9.200.164.137: udp 68

108: 23:46:07.092310 192.168.200.1.137 > 192.9.200.164.137: udp 68

115: 23:46:08.592468 192.168.200.1.137 > 192.9.200.164.137: udp 68

116: 23:46:10.580795 192.168.200.1 > 192.9.200.190: icmp: echo request

COL-ASA-01 #.

Any help or pointers greatly appreciated, I have do this config after a long interval on Cisco of the last time I was working it was all PIX so just need to expert eyes to let me know if I'm missing something.

And yes I don't have a domestic network host to test against, all I have is a switch that cannot route and bridge default ip helps too...

Hello

The first thing you should do to avoid problems is to change the pool VPN to something else than the current LAN they are not really directly connected in the same network segment.

You can try the following changes

attributes global-tunnel-group RAVPN

No address RAVPN pool

no mask RAVPN 192.168.200.1 - 192.168.200.254 255.255.255.0 ip local pool

local pool RAVPN 192.168.201.1 - 192.168.201.254 255.255.255.0 IP mask

attributes global-tunnel-group RAVPN

address RAVPN pool

no nat (it is, inside) static source NETWORK_OBJ_192.168.200.0_24 NETWORK_OBJ_192.168.200.0_24 static destination NETWORK_OBJ_192.9.200.0_24 NETWORK_OBJ_192.9.200.0_24

In the above you first delete the VPN "tunnel-group" Pool and then delete and re-create the VPN pool with another network and then insert the same "tunnel-group". NEX will remove the current configuration of the NAT.

the object of the LAN network

192.168.200.0 subnet 255.255.255.0

network of the VPN-POOL object

192.168.201.0 subnet 255.255.255.0

NAT (inside, outside) 1 static source LAN LAN to static destination VPN-VPN-POOL

NAT configurations above adds the correct NAT0 configuration for the VPN Pool has changed. It also inserts the NAT rule to the Summit before the dynamic PAT rule you currently have. He is also one of the problems with the configurations that it replaces your current NAT configurations.

You have your dynamic PAT rule at the top of your NAT rules currently that is not a good idea. If you want to change to something else will not replace other NAT configurations in the future, you can make the following change.

No source (indoor, outdoor) nat Dynamics one interface

NAT source auto after (indoor, outdoor) dynamic one interface

NOTICE! PAT dynamic configuration change above temporarily interrupt all connections for users on the local network as you reconfigure the dynamic State PAT. So if you make this change, make sure you that its ok to still cause little reduced in the current internal users connections

Hope this helps

Let me know if it works for you

-Jouni

ASA 5510 vpn remote access - must now be added vpn site-to-site.

We currently have a configuration of remote access vpn and all this hard work.

I need to configure a vpn lan lan 2 now.

Can someone point me to the documentation on that? I used the command line to add a site to site and wrong on it and disconnected me when I applied the crypto map to the external interface. Do I need another card encryption or should I use my existing?

Shannon,

Please see the below URL for more configuration information. Even if that configuration is dynamic to static IPSEC, you can use the concept to build the Tunnel L2L with static IP.

http://www.Cisco.com/en/us/partner/products/ps6120/products_configuration_example09186a00805733df.shtml

Let me know if it helps.

Kind regards

Arul

* Please note all useful messages *.

1841 as Concentrator VPN remote access with manual keying

Hi there and happy new year 2011 with best wishes!

I would use a router 1841 as VPN hub for up to 20 remote connections.

My remote (third party) clients have IPsec capacity supported by IKE and the Manual Keying, but I have not found information about simple configuration of Cisco VPN remote access (only on the easy VPN server).

I'd like to configure the VPN entry Server Manual (I think it's an easy way to start), no problem to do?

files:

-topology

-third party router Ethernet / 3G GUI IPsec with choice of algorithm auth

-third party router Ethernet / 3G GUI IPsec with choice of encryption algorithm

I feel so much better that someone help me!

Kind regards

Amaury

As the remote end is third-party routers, the only option you have will be LAN-to-LAN IPSec VPN. You can not run VPN easy because that is only supported on Cisco devices.

If your remote end has a static external ip address that ends the VPN, you can configure card crypto static LAN-to-LAN on the 1841 router, however, if your remote end has dynamic external ip address, you must configure card crypto dynamic LAN-to-LAN on the 1841 router. All remote LAN subnets must be unique.

Remote access vpn Wizard does not work?

I have a brand new ASA 5505 running version 8.2 (5). Am connected with the ASDM and run the installation wizard and the VPN remote access Wizard. I am not able to ping the external interface of the internet, and my VPN client gets no response when you try to connect. Config is attached. Any suggestions?

Hello

1.), you need the default route for the SAA to be able to send traffic to the VPN connection initiator

2.) I guess that is something done by hand when to create the basic configuration of the firewall, OR maybe the Startup Wizard would handle this when you make the ASA initially basic settings.

-Jouni

Cannot Ping across the VPN remote access

Hello world

I hope I posted this in the right place!

I'm a bit new to Cisco IOS, so please forgive me if I ask a stupid question!

We have a firewall of 515E PIX 6.3 (4) on which I used the VPN Wizard to set up a remote access VPN the Cisco VPN client on the external interface.

When I connect to home on my laptop Windows XP Pro SP2 running Cisco VPN Client 4.0.5(C) I seem to be able to connect to most of the network resources (IE file shares, I can RDP into servers, etc.) but I can't seem to be able to ping anything : I just request times out.

I'm sure it's something stupid I've done (or not done).

I have attached my config and would be grateful if someone could take a look and point me in the right direction.

Thanks in advance for your help,

Peter.

Hi Peter,.

You must add a line to the inside_access_in access list:

Enable

conf t

access-list inside_access_in allow icmp a whole

output

write members

Kind regards

Cathy

Remote access external hdd E3000

Similar Questions

Maybe you are looking for