Site to site VPN to allow sharing of files and AD domain trust.

Similar Questions

• Site to Site VPN using an interface to Peer and LAN

  Hello

  I have an ASA 5580 to the site to site VPN with our partner. VPN connection is through my external interface and Local for the VPN network comes from the external interface too. Is it possible to do? Thank you.

  drawing2.jpg

  

  The layout you describe is contrary to the concept of basic firewall of the approved facility and no approved interfaces (upper and lower security level).

  If your LAN is on the external interface, which is to stop remote users simply access it directly?

• Sharing of files and hard drive between computers

  Dear Sir or Madam:

  I'm trying to connect two computers, which I named system A and system b. Computers and a DSL modem at wire speed Westel are connected to a router Asus WL-520 through ethernet LAN cables wireless/wired. HP PSC 2355 printer is connected to the router with a USB cable. The LAN on board two computers automatically configures the IP addresses of the form 192.168.x.x, which, in my view, to work. However there is no connectivity between the two computers, systems A and B. They do not see the shared disks and files on the other. The operating system is Microsoft Windows XP Home Edition, Version 2002 with Service Pack 3, n ° 76477-OEM-0015717-31545.

  When I ran the program ipconfig on each a said computer specification that IP routing is not enabled. See the configuration below. IP routing must be enabled in order to have connectivity? How IP routing is enabled in Windows XP? In the Services section of the Control Panel, there is the Routing and remote access, which is disabled and other related networking services, of which some are also disabled. What services must be enabled for computers to connect to share files and hard drives?

  Windows IP configuration

  Name of the host...: SYSTEM-A

  Primary Dns suffix...:

  Node... type: mixed

  Active... IP routing: No.

  Active... proxy WINS: No.

  Ethernet connection to the Local top-Dock network card:

  The connection-specific DNS suffix. :

  ... Description: ADM8511 USB to Fast Ethernet Sn54ls164j

  Converter

  Physical address.... : 00-50-5B-00-0A-4B

  DHCP active...: Yes

  Autoconfiguration enabled...: Yes

  ... The IP address: 192.168.1.2

  ... Subnet mask: 255.255.255.0.

  ... Default gateway. : 192.168.1.1.

  DHCP server...: 192.168.1.1.

  DNS servers...: 192.168.1.1.

  68.237.161.12

  Concerning

  Peter Dooling

  Hello

  The display is OK. The routing setting this isOoff is not relevant in your case.

  ----------------

  Configure all of the computers to share files and you have a network Lcall.

  Make sure that the software firewall on each computer allows free local traffic. If you use 3rd party Firewall on, Vista/XP Firewall Native should be disabled, and the active firewall has adjusted to your network numbers IP on what is sometimes called the Zone of confidence (see part 3 firewall instructions

  General example, http://www.ezlan.net/faq#trusted

  Please note that some 3rd party software firewall continue to block the same aspects it traffic Local, they are turned Off (disabled). If possible, configure the firewall correctly or completely uninstall to allow a clean flow of local network traffic. If the 3rd party software is uninstalled, or disables, make sure Windows native firewall is active .

  Windows XP file sharing - http://support.microsoft.com/default.aspx?scid=kb;en-us;304040
  Sharing printer XP - http://www.microsoft.com/windowsxp/using/networking/expert/honeycutt_july2.mspx

  Setting Windows native firewall for sharing XP -http://support.microsoft.com/kb/875357

  In Win XP pro you can visually see the setting of authorization/security and configure them according to your preferences.

  http://www.Microsoft.com/windowsxp/using/security/learnmore/AccessControl.mspx#securityTab

  When you have finished the configuration of the system, it is recommended to restart everything the router and all computers involved.

  
  

  Jack-MVP Windows Networking. WWW.EZLAN.NET

• How to get a program to the shared program files and data on a different computer?

  I run an accounting program on a Windows XP computer that has all the programs files and data shared to our local network. This accounting program is also installed on several other machines, Windows 7, and I want to know, how I move these Windows 7 machines to use the program and data off the XP machine, instead of using local data files (static)?

  This has been fixed, thanks. I ended the program on the host computer, and on this computer I just run the .exe; i.e. I actually run the program on the host computer.

• The difficulty to move the files to shared documents files and transfer documents to my USB on my computer

  I'm moving all my documents and music files in the folder documents shared on my computer but its telling me C:\ is not accessibble, access is denied.
  He responds in the same way when I try to move files that that are on my USB on my computer.
  I don't know if this has to do with the hard drive or what he can possibly be or how to fix it. Help, please. Thanks in advance

  Hello

  • Connect you as an administrator?

  You can refer to the following steps:

  1. Log the computer with an account that has administrative credentials. If you are running Microsoft Windows XP Home Edition, you must start the computer in safe mode, and then log on with an account that has administrative rights to access the Security tab.
  2. If you use Windows XP Professional, you must turn off Simple file sharing.
  3. Right click on the file/folder that you want to take control and then click Properties.
  4. Click on the Security tab, and then click OK in the security message (if one appears).
  5. Click Advanced, and then click the owner tab.
  6. In the name list, click your user name, click administrator if you are logged in as administrator, or click the Administrators group. If you want to take ownership of the contents of this folder, select the check box replace the owner of subcontainers and objects .
  7. Click OKand then click Yes when you receive the following message is displayed:
     You are not allowed to read the contents of directory folder_name. Do you want to replace the the directory permissions with permissions granting you full control?
     All permissions will be replaced if you press Yes.
  8. Click OK, and then reapply the permissions and security settings that you want for the folder and its contents.

  See also:

  http://support.Microsoft.com/default.aspx?scid=kb;en-us;308421&product=winxp

• Can I create a theme or office that will also allow to save files and programs open?

  I use Win 7 64 bit

  I know how to create a theme in Windows that includes the background, sounds, mouse pointers, screen saver etc, - the usual theme settings. But I wonder if there is a way to create a framework of office personalized with your current open files and programs. I have set up my desktop for including Sony Vegas video editing and audio and video encoders-muxeurs and set-top boxes. I also created a specific model of open cases. Ultimately, what I want to do is just to save open files and programs for a parameter I could access with one click later and light up, (or a login name). Then he would automatically come to the office with all the relevant files and programs open. Is this possible in Windows 7?

  Thank you

  Shawn "Cmdr" Keene [MVP]

  Some weird results

  Initially, I used your method of single line, since the first example you gave, to try to open programs. It would open a single program and then hang. If I closed this program it will open the next and hang.  If I closed it program would open the next and hang, etc. - it only opened one at a time.

  Then I used the cd "method of C:\Pathname and got the same results: open and hang, close, open and crash, close, etc..".

  Then in the first entry

  REM MKVExtractGUI2
  CD /d "C:\Program Files\MKVToolNix".

  I've added the /d and everything as it should - programs and files open. That's why I stuck as the final.

  Using your method to explore start/wait worked if I used it in the form of lots to open folders only - no program.

  Try it with the:

  : MKVExtractGUI2
  Start "C:\Program Files\MKVToolNix\MKVExtractGUI2.exe".

  method would open six control boxes that all had the directory where I started the batch of files of

  so:

  F:\My Documents\Desktop Vid settings of batch files

  With the help of your:

  Start the Explorer c:\users\shawn\desktop\1
  ping google.com/n 1

  method also worked if I used it in the form of lots to open folders only - no program.

  Try it with the:

  : MKVExtractGUI2
  Start "C:\Program Files\MKVToolNix\MKVExtractGUI2.exe".

  method would also six control boxes that all had the directory where I started the batch of files of
  Once again:

  F:\My Documents\Desktop Vid settings of batch files

  So, I used which is the only one that has worked to open everything - and in the order that I wanted:

  off @echo
  : files
  Start the Explorer "G:\Sony Vegas\Sony Veg Project Files"
  ping google.com/n 1
  Start the Explorer "F:\Torrents Completed"
  ping google.com/n 1
  Start the Explorer "E:\Projects hand"
  ping google.com/n 1
  Start the Explorer "models E:\Projects.
  ping google.com/n 1
  Start the Explorer "E:\Project Films waiting for editing"
  ping google.com/n 2
  Start the Explorer "C:\Users\TIM\Desktop\Multimedia".
  Start the Explorer/Wait 'pending F:\Projects TV Series'
  REM MKVExtractGUI2
  CD /d "C:\Program Files\MKVToolNix".
  Start MKVExtractGUI2.exe
  REM MyMP4BoxGUI
  CD "C:\Program Files\My MP4Box GUI"
  Start MyMP4BoxGUI.exe
  REM AudioCoder
  CD "C:\Program Files\AudioCoder x 64"
  Start AudioCoder.exe
  VLC REM
  CD "C:\Program Files\VideoLAN\VLC".
  Start vlc.exe
  chrome rem
  CD "C:\Program Files (x 86) \Google\Chrome\Application.
  Start chrome.exe
  REM dark-color-29
  CD "C:\Users\TIM\Desktop".
  Start Black-color - 29.jpg
  output

  I had to add 'ping google.com/n 2'after launch 'E:\Project Films pending Edit' Explorer or it would still be to Exchange places with the multimedia folder. I have no idea why. But it worked and after having messed with it for a few hours now, I am satisfied. However not the elegant be!

  Thanks for your help

• Error message "Access denied" on the sharing of files and folders on a dual-boot computer.

  I have a Dual Boot PC - the two Windows 7 Home Premium - one 32-bit, 64-bit.

  If I try to access files created in the 32-bit system to the 64-bit system, I get "Access Denied" errors. This is extremely annoying as its my PC, my data, my everything!

  The only way to solve the problem seems to be to give all permissions to "Everyone", but then I get my parcel Internet Security complain bitterly that my PC is now open to piracy because I gave "Everyone" full access permissions.

  I searched the Web and Microsoft, but I never seem to find exactly what I'm looking for; part of my search text seems to have more weight than another. For example, I add "in the system to dual-boot" and I get links to creating a dual boot system.

  If anyone has any suggestions on how to grant permissions to access 32-bit system folder to the main user on the 64 bit system, I would be very grateful.

  Thank you very much.

  David

  Hi David,

  You did changes to the computer before the show?

  I suggest you try the steps from the following link:

  I suggest you try the steps from the following link:

  "Access denied" or other errors in the access to or work with files and folders in Windows
  http://support.Microsoft.com/kb/2623670/en-us

  I hope this helps. Let us know if you have other problems with Windows in the future.

• Site to Site VPN problem ASA 5505

  Hello

  I have a strange problem with a site to site VPN. I configured it completely and I added 3 of my internal networks to be encrypted and access the remote network across the tunnel.

  For some reason, I can access the remote network of only two of the three internal networkls that I've specified.

  Here is a copy of my config - if anyone has any info I would be happy of course.

  Thank you

  Kevin

  FK - U host name. S. - Raleigh - ASA
  domain appdrugs.com
  activate 08PI8zPL2UE41XdH encrypted password
  2KFQnbNIdI.2KYOU encrypted passwd
  names of
  name Maridian-primary-Net 192.168.237.0
  Meridian-backup-Net 192.168.237.128 name
  name 10.239.192.141 AccessSwitch1IDFB
  name 10.239.192.143 AccessSwitch1IDFC
  name 10.239.192.140 AccessSwitch1MDFA
  name 10.239.192.142 AccessSwitch2IDFB
  name CiscoCallManager 10.195.64.206
  name 10.239.192.2 CoreSwitch1
  name 10.239.192.3 CoreSwitch2
  name 10.195.64.17 UnityVM
  name 140.239.116.162 Outside_Interface
  name 65.118.69.251 Meridian-primary-VPN
  name 65.123.23.194 Meridian_Backup_VPN
  DNS-guard
  !
  interface Ethernet0/0
  Shutdown
  No nameif
  security-level 100
  no ip address
  !
  interface Ethernet0/1
  nameif outside
  security-level 60
  address IP Outside_Interface 255.255.255.224
  !
  interface Ethernet0/2
  nameif Inside1
  security-level 100
  IP 10.239.192.7 255.255.255.128
  !
  interface Ethernet0/3
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Management0/0
  nameif management
  security-level 50
  IP 192.168.1.1 255.255.255.0
  management only
  !
  boot system Disk0: / asa804 - k8.bin
  Disk0: / asa804.bin starting system
  passive FTP mode
  DNS domain-lookup outside
  DNS domain-lookup Inside1
  management of the DNS domain-lookup service
  DNS server-group DefaultDNS
  Server name 10.239.192.10
  domain appdrugs.com
  permit same-security-traffic inter-interface
  permit same-security-traffic intra-interface
  the DM_INLINE_NETWORK_1 object-group network
  object-network 10.195.64.0 255.255.255.0
  object-network 10.239.192.0 255.255.255.0
  object-network 10.239.192.128 255.255.255.128
  object-group service DM_INLINE_SERVICE_1
  the purpose of the ip service
  ICMP service object
  the purpose of the echo icmp message service
  response to echo icmp service object
  the DM_INLINE_NETWORK_2 object-group network
  object-network 10.195.64.0 255.255.255.0
  object-network 10.239.192.0 255.255.255.128
  object-network 10.239.192.128 255.255.255.128
  the DM_INLINE_NETWORK_3 object-group network
  network-object 10.195.64.0 255.255.255.192
  object-network 10.239.192.0 255.255.255.128
  object-network 10.239.192.128 255.255.255.128
  the DM_INLINE_NETWORK_5 object-group network
  Maridian-primary-Net network object 255.255.255.128
  Meridian-backup-Net network object 255.255.255.128
  the DM_INLINE_NETWORK_6 object-group network
  Maridian-primary-Net network object 255.255.255.128
  Meridian-backup-Net network object 255.255.255.128
  object-group network Vital-network-hardware-access
  host of the object-Network UnityVM
  host of the CiscoCallManager object-Network
  host of the object-Network AccessSwitch1MDFA
  host of the object-Network AccessSwitch1IDFB
  host of the object-Network AccessSwitch2IDFB
  host of the object-Network AccessSwitch1IDFC
  host of the object-Network CoreSwitch1
  host of the object-Network CoreSwitch2
  object-group service RDP - tcp
  EQ port 3389 object
  the DM_INLINE_NETWORK_7 object-group network
  Maridian-primary-Net network object 255.255.255.128
  Meridian-backup-Net network object 255.255.255.128
  host of network-object Meridian-primary-VPN
  host of the object-Network Meridian_Backup_VPN
  the DM_INLINE_NETWORK_9 object-group network
  host of the object-Network Outside_Interface
  Group-object Vital-equipment-access to the network
  object-group service DM_INLINE_SERVICE_2
  will the service object
  ESP service object
  the purpose of the service ah
  the eq isakmp udp service object
  object-group service DM_INLINE_SERVICE_3
  ICMP service object
  the purpose of the echo icmp message service
  response to echo icmp service object
  the DM_INLINE_NETWORK_4 object-group network
  object-network 10.195.64.0 255.255.255.0
  object-network 10.239.192.0 255.255.255.128
  object-network 10.239.192.128 255.255.255.128
  the DM_INLINE_NETWORK_8 object-group network
  object-network 10.195.64.0 255.255.255.0
  object-network 10.239.192.0 255.255.255.128
  object-network 10.239.192.128 255.255.255.128
  Outside_access_in list extended access permit icmp any any echo response
  Access extensive list Maridian-primary-Net ip Outside_access_in 255.255.255.128 DM_INLINE_NETWORK_8 object-group enable
  Access extensive list Meridian-backup-Net ip Outside_access_in 255.255.255.128 DM_INLINE_NETWORK_3 object-group enable
  Inside_nat0_outbound to access ip 10.0.0.0 scope list allow 255.0.0.0 10.0.0.0 255.0.0.0
  Access extensive list ip 10.239.192.0 Inside_nat0_outbound allow Maridian-primary-Net 255.255.255.0 255.255.255.128
  Inside_access_in to access ip 10.0.0.0 scope list allow 255.0.0.0 all
  Inside1_nat0_outbound to access ip 10.0.0.0 scope list allow 255.0.0.0 10.0.0.0 255.0.0.0
  Inside1_nat0_outbound list extended access allowed object-group DM_INLINE_NETWORK_1 Maridian-primary-Net 255.255.255.128 ip
  Inside1_nat0_outbound list extended access permitted ip object-group Meridian-backup-Net DM_INLINE_NETWORK_2 255.255.255.128
  Access extensive list ip 10.239.192.0 Inside1_nat0_outbound allow 255.255.255.0 10.239.199.0 255.255.255.192
  Access extensive list ip 10.195.64.0 Inside1_nat0_outbound allow 255.255.255.192 10.239.199.0 255.255.255.192
  Inside1_access_in to access ip 10.0.0.0 scope list allow 255.0.0.0 all
  Outside_1_cryptomap list extended access allowed object-group DM_INLINE_SERVICE_1-DM_INLINE_NETWORK_1 Maridian-primary-Net 255.255.255.128 objects
  Outside_2_cryptomap list extended access permitted ip object-group Meridian-backup-Net DM_INLINE_NETWORK_2 255.255.255.128
  permitted access Vital-network-Access_splitTunnelAcl-list standard 10.239.192.0 255.255.255.128
  permitted access Vital-network-Access_splitTunnelAcl-list standard 10.195.64.0 255.255.255.0
  permitted access Vital-network-Access_splitTunnelAcl-list standard 10.239.192.128 255.255.255.128
  Access extensive list ip 10.239.199.0 Vital_VPN allow 255.255.255.192 object-group Vital-equipment-access to the network
  Vital_VPN list extended access allow icmp 10.239.199.0 255.255.255.192 object-group Vital-equipment-access to the network
  Vital_VPN of access allowed any ip an extended list
  Outside_cryptomap_1 list extended access allowed object-group DM_INLINE_NETWORK_4 Maridian-primary-Net 255.255.255.128 ip
  access list Vital-Site-to-site access extended allow ip object-DM_INLINE_NETWORK_5 group Vital-network-hardware-access object
  Vital-Site-to-Site-access extended access list permits object-group DM_INLINE_SERVICE_3-group of objects DM_INLINE_NETWORK_6 object-group Vital-equipment-access to the network
  Vital-Site-to-Site-access extended access list permits object-group objects object-group DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_7 DM_INLINE_SERVICE_2-group
  pager lines 24
  Enable logging
  exploitation forest asdm warnings
  Outside 1500 MTU
  MTU 1500 Inside1
  management of MTU 1500
  mask IP local pool access remote 10.239.199.11 - 10.239.199.62 255.255.255.192
  ICMP unreachable rate-limit 1 burst-size 1
  ASDM image disk0: / asdm - 621.bin
  don't allow no asdm history
  ARP timeout 14400
  Global (1 interface external)
  NAT (Inside1) 0-list of access Inside1_nat0_outbound
  NAT (Inside1) 1 10.0.0.0 255.0.0.0
  Access-group Outside_access_in in interface outside
  Access-group Inside1_access_in in interface Inside1
  Route outside 0.0.0.0 0.0.0.0 140.239.116.161 1
  Route Inside1 10.192.52.0 255.255.255.0 10.239.192.1 1
  Route Inside1 10.195.64.0 255.255.240.0 10.239.192.1 1
  Route Inside1 10.239.0.0 255.255.0.0 10.239.192.1 1
  Route Inside1 10.239.192.0 255.255.248.0 10.239.192.1 1
  Route out of the Maridian-primary-Net 255.255.255.0 Outside_Interface 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  dynamic-access-policy-registration DfltAccessPolicy
  Enable http server
  http 66.104.209.192 255.255.255.224 outside
  http 192.168.1.0 255.255.255.0 management
  http 10.239.172.0 255.255.252.0 Inside1
  SNMP-server host Inside1 10.239.132.225 community appfirestarter * #*.
  location of Server SNMP Raleigh
  contact Server SNMP Kevin mcdonald
  Server SNMP community appfirestarter * #*.
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Server SNMP traps enable entity config change
  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
  Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
  Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  life crypto ipsec security association seconds 28800
  Crypto ipsec kilobytes of life - safety 4608000 association
  Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
  Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
  Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define security association lifetime 28800 seconds
  cryptographic kilobytes 4608000 life of the set - the association of security of the 65535 SYSTEM_DEFAULT_CRYPTO_MAP of the dynamic-map
  card crypto Outside_map 1 corresponds to the address Outside_cryptomap_1
  card crypto Outside_map 1 peer set VPN-primary-Meridian
  Outside_map 1 transform-set ESP-3DES-MD5 crypto card game
  card crypto Outside_map 1 defined security-association life seconds 28800
  card crypto Outside_map 1 set security-association kilobytes of life 4608000
  card crypto Outside_map 2 corresponds to the address Outside_2_cryptomap
  card crypto Outside_map 2 set peer Meridian_Backup_VPN
  map Outside_map 2 game of transformation-ESP-3DES-MD5 crypto
  card crypto Outside_map 2 defined security-association life seconds 28800
  card crypto Outside_map 2 set security-association kilobytes of life 4608000
  card crypto Outside_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
  Outside_map interface card crypto outside
  crypto ISAKMP allow outside
  crypto ISAKMP policy 5
  preshared authentication
  3des encryption
  md5 hash
  Group 2
  life 86400
  crypto ISAKMP policy 30
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  outside access management
  management of 192.168.1.2 - dhcpd address 192.168.1.254
  enable dhcpd management
  !
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  WebVPN
  allow outside
  tunnel-group-list activate
  internal strategy of State civil-access to the network group
  Group Policy attributes Vital access to the network
  value of server DNS 10.239.192.10
  value of VPN-filter Vital_VPN
  Protocol-tunnel-VPN IPSec webvpn
  Split-tunnel-policy tunnelspecified
  Split-tunnel-network-list value vital-network-Access_splitTunnelAcl
  value of remote access address pools
  internal state civil-Site-to-Site-GroupPolicy group strategy
  Civil-site-a-site-grouppolicy-strategie status of group attributes
  value of VPN-filter Vital-Site-to-Site-access
  Protocol-tunnel-VPN IPSec l2tp ipsec webvpn
  username APPRaleigh encrypted password m40Ls2r9N918trxp
  username APPRaleigh attributes
  VPN-group-policy Vital-network access
  type of remote access service
  username, password kmadmin u8urNz44/I.ugcF. encrypted privilege 15
  tunnel-group 65.118.69.251 type ipsec-l2l
  tunnel-group 65.118.69.251 General-attributes
  Group Policy - by Defaut-vital-site-a-site-grouppolicy
  IPSec-attributes tunnel-group 65.118.69.251
  pre-shared-key *.
  tunnel-group 65.123.23.194 type ipsec-l2l
  tunnel-group 65.123.23.194 General-attributes
  Group Policy - by Defaut-vital-site-a-site-grouppolicy
  IPSec-attributes tunnel-group 65.123.23.194
  pre-shared-key *.
  remote access of type tunnel-group Vital access to the network
  tunnel-group Vital access to the network general-attributes
  Access to distance-address pool
  Group Policy - by default-state civilian access to the network
  tunnel-group Vital access to the network ipsec-attributes
  pre-shared-key *.
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns migrated_dns_map_1
  parameters
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the migrated_dns_map_1 dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect the rtsp
  inspect esmtp
  inspect sqlnet
  inspect the skinny
  inspect sunrpc
  inspect xdmcp
  inspect the sip
  inspect the netbios
  inspect the tftp
  !
  global service-policy global_policy
  context of prompt hostname
  Cryptochecksum:a080b1759b57190ba65d932785ad4967
  : end

  can you confirm if we have the exact reflection of crypto acl at the other end

  I feel may be you have a 24 10.239.192.0 255.255.255.0 on the other end in the remote network

  can you please confirm that

  also a reason, why you use 10.239.192.0 255.255.255.128 and 10.239.192.128 255.255.255.128 instead of 10.239.192.0 255.255.255.0

• ASA SITE VPN 55XX survey?

  Hi all

  I was wondering if I have a Cisco ASA firewall and there several site to site VPN using pre-shared keys. If I want to add an another VPN Firewall. Do I have to add all the crypto ISAKMP stuff yet or what. Or I can just all ready config VPN in the firewall. I mean besides the new card Crypto, ACLs and the NAT 0 statement that other statements do I need to enter this new site to the other tunnel in the buld order? I don't want to end up ordering more than is necessary.

  No, you don't need to add new isakmp crypto policies if you already have a configured strategies match. You can also reuse the crypto ipsec transform-set political if it is the same on the other site of the LAN-to-LAN tunnel (as long as it matches at both ends).

  You're right, the only statements, you need to add would be the ACL for NAT entry 0 and new sequence card crypto (with crypto ACL, all processing and input of game peer).

  Hope that helps.

• Site to site vpn user name?

  For several years I have implemented no - DMVPN IPSEC VPN.  At the time, it was 515 s Pix.  If I remember correctly, I could set up is a site to site vpn (in which the phase I and phase II card was entered, PSK, etc.) a user remote vpn (where meanings would be implemented with XAUTH for the user credentials, and I think security settings of group for different users). It comes before DMVPN, who simplified a lot of it.

  Anyway, now I have a colleague who bought a RVS4000 with a view to setting up a vpn site-to site with BeeVPN, a site that allows him to work around his ISP followed.  When he asked BeeVPN sheet on how to set up his RVS4000 as one endpoint of IPSEC for site to site vpn, they responded with prison to enter his user name and password as the group name.  What's a sense?  Shouldn't an address of peers, encryption/auth/various-hellman, settings etc. and PSK everything that is required for a vpn site-to site?

  Furthermore, I realize that he may have another problem with his dynamic ip address.  But I was hoping I could get help on the basics first.

  Thank you very much

  You are right.

• A Site VPN PIX501 and CISCO router

  Hello Experts,

  I have an at home test lab, I set up a site to site vpn using a router Cisco PIX501 and CISCO2691, for configurations, I have just a few links on the internet, because my background on VPN configuration is not too good, for the configuration of routers, I followed this link:

  www.Firewall.CX/Cisco-Technical-Knowledgebase/Cisco-Routers/867-Cisco-ro...

  and for configuring pIX I just use the VPN Wizard of pix. All confgurations but ping failed. Hope you can help me with this, don't know what to do here (troubleshooting).

  Joint here is the configuration of my router, topology, as well as the pix configuration. Hope you can help me with this. Thanks in advance.

  Hi Mark,

  I went in the Config of the ASA

  I see that the dispensation of Nat is stil missing there

  Please add the following

  access-list allowed sheep ip 192.168.1.0 255.255.255.0 172.21.1.0 255.255.255.0

  inside NAT) 0 access-list sheep

  Then try it should work

  Thank you

  REDA

• RV180 restrict access to the Site to Site VPN

  Hello

  I'm trying to set up my network so that VPN traffic is routed only to a physical single on the RV180 port or to a certain subset of devices on a network.

  I have a site to site vpn configuration in a Home Office and connect to the corporate network.  The user has a couple of devices on the home network who need to access the corporate network.

  We hope to leave his PC accessible to its home network and the corporate network, but limit other devices to access the vpn.

  I think that I could do playing with the subnet, but I just can't get my head around it.

  It must be something simpleish to do this, isn't there?

  I'd appreciate any help you have.

  Thank you

  Gary

  Hi boys, here's a hypothetical situation.

  VLAN 1 is port 1

  VLAN 2 is port 2

  VLAN 1 has a switch connected to your local network of services

  VLAN 2 has a switch to maintain your VPN.

  The configuration of the port for each port would be the vlan respective unidentified.

  You can disable the router in order to prohibit intervlan communication. But also, and especially, the vpn is a specific meaning, subnet, you specify the specific ip subnet on the config of the tunnel because the config include not a second subnet will not work it's traffic in the tunnel.

  -Tom
  Please mark replied messages useful

• Site to Site VPN - cannot ping remote subnet

  Hi all.

  I have a site to site VPN IPSEC between a 5510 (HQ) and 5505 (Remote). Everything works on the tunnel. Crypto cards and ACL is symmetrical. I see that the tunnel is in place for the required subnets. However, I can not ping of internal subnets inside 5510 to Remote LAN inside 5505 and vice versa. I have other rays VPN 5510 where I can ping within remote LAN successfully x.x.x.x. Can figure out what I'm missing. I can ping internet points, but cannot ping HQ.

  Any suggestions?

  I'm also an instant learn the ASAs, so I'm not an expert.  I know that I encouraged outside ICMP. My statement SHEEP and crypto are running off of the same group of objects that lists subnets of HQ.

  Thanks in advance.

  5505 lack the command:

  management-access inside

  Federico.

• "your security settings do not allow for this file to download" - AGAIN!

  Hello

  I can't download apps and programs. I received a lot of help on the forum, but nothing helped. More recently, I went to https://support.microsoft.com/en-us/kb/929135 and follow the instructions. Nice instructions. Had no effect. Also made sure anti-viral and firewall is absent.

  Examples of what I tried to download is 'amazon games and software downloader' and 'Amazon kindle app for pc.

  I am running windows 7 starter edition.

  There is something fundamentally wrong with my Windows. Yes?

  If you think you have a fix for this, you can come back. It's my Windows community sixth or eighth in this test.

  Al

  To solve your problem, follow these steps:

  Note: Download only the files and programs on trusted sites. Downloading files at risk since it can contain malware and viruses that can damage the system. Change the security settings for download at your own risk. Make sure you have an Antivirus running on the bottom before downloading programs.

  (Make sure to close any browser you use before performing the steps)

  1. click on Start > Control Panel

  2. click on network and Internet > Internet Options

  3. click on the Security tab, click custom level... button (see image below).

  

  4. now scroll down to the download section and under file download, choose Activate.

  An update on the results.

• Windows 7; Windows firewall prevents the discovery network, files and printers, sharing, public folder sharing and streaming media

  Windows Home Premium SP1, completely up to date.  Windows Firewall is enabled.

  Try to keep the file sharing and printers on a home network.  Try changing the settings on the control panel; All Control Panel items: Center network and sharing; Advanced sharing settings.

  When I try to change the option buttons for sharing, then click on save changes at the bottom of the page, the screen jumps to the network and sharing Center.  Object entering the settings advanced, no parameters have been recorded.   The comoputer restarting does not help.  I checked that the following services are running and set to automatic according to the http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/cant-turn-on-network-discovery-and-media-streaming/98654e71-4bff-4dd3-acec-ffc3524d44a4;

  The base filtering engine
  DNS client
  Function Discovery Provider Host
  Function Discovery Resource Publication
  HomeGroup listener
  HomeGroup provider
  Server
  SSDP Discovery
  UPnP device host
  Windows Firewall

  When I stop the Windows Firewall service, I can activate the sharing I want.  Of course the windows firewall prevents sharing I would do on my network.

  I'm uncomfortable with Miss having a firewall work on my computer.  How to configure my Win 7 machine windows firewall to allow communications with my homegroup?  I tried to restore the default values.  This did not allow the communication.  I tried to find the homegroup settings in the advanced settings of the windows firewall.  No luck there.

  What should I do to configure my windows firewall to allow network discovery and file sharing of printers and media streaming and sharing?

  Hi stephanie,.

  Thanks for joining us out on Microsoft Community Forums.

  Looks like the Windows firewall prevents the discovery network, files and printers, sharing, public sharing of files and streaming media. We will analyze and identify the cause of the problem.

  You have a third-party antivirus installed on the computer program?

  Method 1:

  To turn on network discovery
  
  1. Open advanced sharing settings by clicking the Start button, then Control Panel. In the search box, type network, click Network and sharing Center, and then, in the left pane, click on change settings for sharing advanced.
  2. click on the chevron to expand the current network profile.
  3. click turn on network discovery and then click on save changes. If you are prompted for an administrator password or a confirmation, type the password or provide
  confirmation.

  The article below explains all about the network discovery:
  http://Windows.Microsoft.com/en-us/Windows7/enable-or-disable-network-discovery

  If any of these responses not solve the issue, let us then run the sfc scan and check if any file system is corrupt. I also recommend to perform a clean boot in order to find the root cause of the problem.

  Method 2:

  Use the (SFC.exe) System File Checker tool to determine which file is causing the problem and then replace the file. To do this, follow these steps:

  a. open an elevated command prompt. To do this, click Start, click programs, accessories principally made, right-click Guest, and then click Run as administrator. If you are prompted for an administrator password or a confirmation, type the password, or click on allow.

  b. type the following command and press ENTER:
  sfc/scannow

  The sfc/scannow command. analyzes all protected system files and replaces incorrect versions with appropriate Microsoft versions.

  More information on SFC scan found in this document:
  http://support.Microsoft.com/kb/929833

  See also:

  Open a port in Windows Firewall

  http://Windows.Microsoft.com/en-in/Windows7/open-a-port-in-Windows-Firewall

  Allow a program to communicate through Windows Firewall

  http://Windows.Microsoft.com/en-in/Windows7/allow-a-program-to-communicate-through-Windows-Firewall

  Hope this information helps. Get back to us if you have more queries about Windows.