The VPN will drop?

I have a VPN from Site to Site between 2 routers.

The VPN will go down if I change the domain name on the a router on which the tunnel is routed using the below command

IP domain name xxxxxx.com

Hi Jenny,

You have defined counterpart like IP address or the host name?

If you have the peer set IP address (which is normally used), I don't see any problem to do that.

Federico.

Tags: Cisco Security

Similar Questions

  • Check the ISE for the VPN Cisco posture

    Hello community,

    first of all thank you for taking the time to read my post. I have a deployment in which requires the characteristic posture of controls for machines of VPN Cisco ISE. I know that logically once a machine on the LAN, Cisco ISE can detect and apply controls posture on clients with the Anyconnect agent but what about VPN machines? The VPN will end via a VPN concentrator, which then connects to an ASA5555X that is deployed as an IPS only. Are there clues to this?

    Thank you!

    The Cisco ASA Version 9.2.1 supports the change in RADIUS authorization (CoA) (RFC 5176). This allows for the gesticulations of users against the ISE Cisco VPN without the need of an IPN. Once a VPN user connects, the ASA redirects web traffic to the LSE, where the user is configured with a Network Admission Control (NAC) or Web Agent. The agent performs specific controls on the user's computer to determine its conformity against one together configured posture rules, such as the rules of operating system (OS) patches, AntiVirus, registry, Application, or Service.

    The posture validation results are then sent to the ISE. If the machine is considered the complaint, then the ISE can send a RADIUS CoA to the ASA with the new set of authorization policies. After validation of the successful posture and CoA, the user is allowed to access internal resources.

    http://www.Cisco.com/c/en/us/support/docs/security/Adaptive-Security-Appliance-ASA-software/117693-configure-ASA-00.html

  • Itineraries other nets will be lost when using the vpn client?

    I have a very general question. I intend to implement a security solution for the extranet partners to connect to our intranet using VPN client. IPSec will close on the external interface of the Cisco PIX firewall v6.3.

    Now, my consirn is, I downloaded the vpn client to test but I saw no advance settings to define what network traffic will pass through the IPSec tunnel and which will be routed normally. Is it by default all traffic passing through VPN? Is that what it means if there are other networks using their default route, they will not be able to achieve? (i.e. the Internet).

    Thank you.

    That would depend on how you set up the PIX. You can allow the VPN to your site and access to the Internet at the same time. This is called the split tunneling. It is configurable on the PIX, not the customer.

    This link might help you get started, but I'm sure that there stronger links.

    http://www.Cisco.com/en/us/customer/products/sw/secursw/ps2120/products_command_reference_chapter09186a00800ec9ec.html

  • Limited access to the vpn connection

    We have 3 sites connected with the vpn site-to site cisco Pix 515-525-501. We have also 2 cisco 3005 concentrators vpn for users remote access to the system. I have a remote user that needs to connect to one of our servers in order to manage it. Remote users get internal ip address, once they sign in and they get access to all servers and PCs as if they were at the office. Is it possible to block this specific user and give permission to only to a server?

    Thank you

    Haim defending

    [email protected] / * /.

    Hello

    A much better way to filter traffic is using firewall rules. First, assign a separate group of VPN for your users who need to access that server. Assign a pool to this group.

    Then, go to Configuration-> policy Mgmt-> rules: Add a new rule that will be allor traffic from the pool of the group to that specific server (source is the address of the user, the destination is your server). Create another rule for the return shipping.

    Create a new filter (Configuration-> policy Mgmt-> filter): Add the two rules created earlier.

    Go back to the remote access and then apply the filter itself (you can find the firewall drop-down list in the 'Général' tab) and... VOILA

    Rate if all ok.

    See you soon.

  • ASA Anyconnect VPN do not work or download the VPN client

    I have a Cisco ASA 5505 that I try to configure anyconnect VPN and thought, I've changed my setup several times but trying to access my static public IP address of the external IP address to download the image, I am not able to. Also when I do a package tracer I see he has been ignored through the acl when the packets from side to the ASA via port 443, it drops because of the ACL. My DMZ so will he look like something trying to access the ASA via the VPN's going to port 443. Here is my config

    XXXX # sh run
    : Saved
    :
    ASA Version 8.4 (3)
    !
    hostname XXXX
    search for domain name
    activate pFTzVNrKdD9x5rhT encrypted password
    zPBAmb8krxlXh.CH encrypted passwd
    names of
    !
    interface Ethernet0/0
    Outside-interface description
    switchport access vlan 20
    !
    interface Ethernet0/1
    Uplink DMZ description
    switchport access vlan 30
    !
    interface Ethernet0/2
    switchport access vlan 10
    !
    interface Ethernet0/3
    switchport access vlan 10
    !
    interface Ethernet0/4
    Ganymede + ID description
    switchport access vlan 10
    switchport monitor Ethernet0/0
    !
    interface Ethernet0/5
    switchport access vlan 10
    !
    interface Ethernet0/6
    switchport access vlan 10
    !
    interface Ethernet0/7
    Description Wireless_AP_Loft
    switchport access vlan 10
    !
    interface Vlan10
    nameif inside
    security-level 100
    IP 192.168.10.1 255.255.255.0
    !
    interface Vlan20
    nameif outside
    security-level 0
    IP address x.x.x.249 255.255.255.248
    !
    Vlan30 interface
    no interface before Vlan10
    nameif dmz
    security-level 50
    IP 172.16.30.1 255.255.255.0
    !
    boot system Disk0: / asa843 - k8.bin
    passive FTP mode
    DNS lookup field inside
    DNS domain-lookup outside
    DNS domain-lookup dmz
    DNS server-group DefaultDNS
    Name-Server 8.8.8.8
    Server name 8.8.4.4
    search for domain name
    network obj_any1 object
    subnet 0.0.0.0 0.0.0.0
    network of the Webserver_DMZ object
    Home 172.16.30.8
    network of the Mailserver_DMZ object
    Home 172.16.30.7
    the object DMZ network
    172.16.30.0 subnet 255.255.255.0
    network of the FTPserver_DMZ object
    Home 172.16.30.9
    network of the Public-IP-subnet object
    subnet x.x.x.248 255.255.255.248
    network of the FTPserver object
    Home 172.16.30.8
    network of the object inside
    192.168.10.0 subnet 255.255.255.0
    network of the VPN_SSL object
    10.101.4.0 subnet 255.255.255.0
    outside_in list extended access permit tcp any newspaper object Mailserver_DMZ eq www
    outside_in list extended access permit tcp any newspaper EQ 587 Mailserver_DMZ object
    outside_in list extended access permit tcp any newspaper SMTP object Mailserver_DMZ eq
    outside_in list extended access permit tcp any newspaper of the Mailserver_DMZ eq pop3 object
    outside_in list extended access permit tcp any newspaper EQ 2525 Mailserver_DMZ object
    outside_in list extended access permit tcp any newspaper of the Mailserver_DMZ eq imap4 object
    outside_in list extended access permit tcp any newspaper EQ 465 Mailserver_DMZ object
    outside_in list extended access permit tcp any newspaper EQ 993 Mailserver_DMZ object
    outside_in list extended access permit tcp any newspaper EQ 995 object Mailserver_DMZ
    outside_in list extended access permit tcp any newspaper EQ 5901 Mailserver_DMZ object
    outside_in list extended access permit tcp any newspaper Mailserver_DMZ eq https object
    Note access list ACL for VPN Tunnel from Split vpn_SplitTunnel
    vpn_SplitTunnel list standard access allowed 192.168.10.0 255.255.255.0
    pager lines 24
    Enable logging
    timestamp of the record
    exploitation forest-size of the buffer to 8192
    logging trap warnings
    asdm of logging of information
    Within 1500 MTU
    Outside 1500 MTU
    MTU 1500 dmz
    local pool VPN_SSL 10.101.4.1 - 10.101.4.4 255.255.255.0 IP mask
    ICMP unreachable rate-limit 1 burst-size 1
    ASDM image disk0: / asdm - 647.bin
    don't allow no asdm history
    ARP timeout 14400
    NAT (inside, outside) static source inside inside static destination VPN_SSL VPN_SSL
    NAT (exterior, Interior) static source VPN_SSL VPN_SSL
    !
    network obj_any1 object
    NAT static interface (indoor, outdoor)
    network of the Webserver_DMZ object
    NAT (dmz, outside) static x.x.x.250
    network of the Mailserver_DMZ object
    NAT (dmz, outside) static x.x.x.. 251
    the object DMZ network
    NAT (dmz, outside) static interface
    Access-group outside_in in external interface
    Route outside 0.0.0.0 0.0.0.0 x.x.x.254 1
    Timeout xlate 03:00
    Pat-xlate timeout 0:00:30
    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    Floating conn timeout 0:00:00
    dynamic-access-policy-registration DfltAccessPolicy
    AAA-server protocol Ganymede HNIC +.
    AAA-server host 192.168.10.2 HNIC (inside)
    Timeout 60
    key *.
    identity of the user by default-domain LOCAL
    Console HTTP authentication AAA HNIC
    AAA console HNIC ssh authentication
    Console AAA authentication telnet HNIC
    AAA authentication secure-http-client
    http 192.168.10.0 255.255.255.0 inside
    No snmp server location
    No snmp Server contact
    Server enable SNMP traps snmp authentication linkup, linkdown cold start
    Crypto ca trustpoint localtrust
    registration auto
    Configure CRL
    Crypto ca trustpoint VPN_Articulate2day
    registration auto
    name of the object CN = vpn.articulate2day.com
    sslvpnkey key pair
    Configure CRL
    Telnet 192.168.10.0 255.255.255.0 inside
    Telnet timeout 30
    SSH 192.168.10.0 255.255.255.0 inside
    SSH timeout 15
    SSH version 2
    Console timeout 0
    No vpn-addr-assign aaa

    DHCP-client update dns
    dhcpd dns 8.8.8.8 8.8.4.4
    dhcpd outside auto_config
    !
    dhcpd address 192.168.10.100 - 192.168.10.150 inside
    dhcpd allow inside
    !
    dhcpd address dmz 172.16.30.20 - 172.16.30.23
    dhcpd enable dmz
    !
    a basic threat threat detection
    Statistics-list of access threat detection
    no statistical threat detection tcp-interception
    authenticate the NTP
    NTP server 192.168.10.2
    WebVPN
    allow outside
    AnyConnect image disk0:/anyconnect-linux-64-3.1.06079-k9.pkg 1
    AnyConnect enable
    tunnel-group-list activate
    internal VPN_SSL group policy
    VPN_SSL group policy attributes
    value of server DNS 8.8.8.8
    client ssl-VPN-tunnel-Protocol
    Split-tunnel-policy tunnelspecified
    value of Split-tunnel-network-list vpn_SplitTunnel
    the address value VPN_SSL pools
    WebVPN
    activate AnyConnect ssl dtls
    AnyConnect Dungeon-Installer installed
    AnyConnect ssl keepalive 15
    AnyConnect ssl deflate compression
    AnyConnect ask enable
    ronmitch50 spn1SehCw8TvCzu7 encrypted password username
    username ronmitch50 attributes
    type of remote access service
    type tunnel-group VPN_SSL_Clients remote access
    attributes global-tunnel-group VPN_SSL_Clients
    address VPN_SSL pool
    Group Policy - by default-VPN_SSL
    tunnel-group VPN_SSL_Clients webvpn-attributes
    enable VPNSSL_GNS3 group-alias
    type tunnel-group VPN_SSL remote access
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    type of policy-card inspect dns preset_dns_map
    parameters
    maximum message length automatic of customer
    message-length maximum 512
    Policy-map global_policy
    class inspection_default
    inspect the preset_dns_map dns
    inspect the ftp
    inspect h323 h225
    inspect the h323 ras
    inspect the rsh
    inspect the rtsp
    inspect sqlnet
    inspect the skinny
    inspect sunrpc
    inspect xdmcp
    inspect the sip
    inspect the netbios
    inspect the tftp
    Review the ip options
    inspect esmtp
    !
    global service-policy global_policy
    context of prompt hostname
    no remote anonymous reporting call
    call-home
    Profile of CiscoTAC-1
    no active account
    http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
    email address of destination [email protected] / * /
    destination-mode http transport
    Subscribe to alert-group diagnosis
    Subscribe to alert-group environment
    Subscribe to alert-group monthly periodic inventory
    monthly periodicals to subscribe to alert-group configuration
    daily periodic subscribe to alert-group telemetry
    Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
    : end

    XXXX #.

    You do not have this configuration:

     object network DMZ nat (dmz,outside) static interface

    Try and take (or delete):

     object network DMZ nat (dmz,outside) dynamic interface

  • VPN users drops after every 5 minutes

    Hello world

    We have users whose remote VPN drops after every 5 minutes.

    I need to know what things can check to solve the problem?

    The user connects by RSA Token.

    ISP connection is ok is not question.

    Something I can verify in SAA?

    Thank you

    Mahesh

    Client side, have you tested wired vs wireless to see if the problem exists in both?  If it's the only one, but not the other, try to update the drivers.  Also, if it's windows 7, take a look at the power settings in the control panel.  I saw where the aggressive powers will be stop standby network port.  Not that big of a deal in a LAN environment but it wreaks havoc on the VPN.

  • Failures of intermittent connection to the VPN 3000 Concentrator

    Hello

    I managed a VPN 300 hub that works with happiness for several years with no problems. All users are part of the same group and authenticate on a server RSA. We recently moved from Authentication Manager RSA RSA 7.1 Authentication Manager 6.1. Continuous everthing works well for several weeks, then at the beginning of this week we started having users intermittently failing to connect to the VPN. I don't know if this problem is related to our new server RSA, but we have other devices on the network that authenticate on it without any problem, so I guess the problem is with the Concentrator VPN itself.

    When users fail they just get a generic error message 'Reason 427 completed peer connection'. Live event log shows "group = vpn, status = is not off duty" when their connection fails. Other times they connect normally and no error messages appear. There seems to be no real reason, sometimes your connection fails, but if you keep trying you will get eventually in [However it may take several attempts in the course of an hour or two until you succeed, or you can get immediately without a problem].

    I don't think that it's a network problem, because I ran continuous for the hub and the RSA server pings while users are experiencing these problems and there are no drops.

    Authentication RSA server monitor always shows that the user is authenticated successfully, the connection of users actually succeed or not. I'm tempted to reboot just the hub, but we have tunnels VPN site-to-site connected on it and I'm a little worried if it is faulty you can not come back at all.

    Has anyone encountered this problem before?

    Thanks in advance

    Hi Graham,

    My guess is that the new RSA server is slower to react, causing the Timeout vpn3000 sometimes - this would explain all the symptoms (nature intermitten's not in service, the success of logs on the server).

    I don't have a vpn3k at hand to check, but I think that in the config server aaa where you set the ip address etc. of the RSA server, you can also set a time-out value - see if increasing this value help.

    HTH

    Herbert

  • New air pods seems it will drop earrings without ear easily hook, isn't it?

    New air pods seems it will drop earrings without ear easily hook, isn't it?

    Since they have not been released, it is difficult to say. Tim Cook told a CBS correspondent that it was their use and they have yet to fall again. You will have to wait until they are released and have been tested. You can also view some tech sites that report on Apple products. There were a few minor events of them at the same in San Francisco and information was written.

  • Drives and airport Extreme Base Station to disconnect after connection to the VPN

    At home when I'm on WIFI, everything works fine. At the moment where I connect to the VPN to do office work, the base station will disconnect and accessible either.

    Any help?

    The problem you are experiencing is perhaps due to the type of VPN tunnel that you use to connect to your workplace. There are basically two types: 1) full or partial) 2. Note: The different VPN clients can use other words, but these are usually options when you set up a tunnel.

    When you use a complete tunnel, all traffic between your computer and the VPN of your working server, through the tunnel. No traffic is allowed on your local network, and therefore, all local resources are not available. With a partial tunnel, your computer data traffic, may as well go through the tunnel and also to your local network. One reason to use a partial tunnel, for example, is that you have a local printer, you need to perform printing. You can be connected to this type of tunnel for access to the documents and then, be able to print on this printer... otherwise, with a tunnel of full, you would print to a printer at your place of work.

  • readers of connection but the VPN network not showing

    I have a couple of Windows machines that work very well, so I certainly have the correct information for VPN.

    When I hit 'Connect', it does not seem to connect to the VPN with success and I can see the data traffic in both directions.

    After that, I tried "Go to server" and if I navigate or enter the details of the server manually, it will not connect to network server actions.

    I think I have the completely straight oblique lines around and I tried to add the username at the end of the address of the server, which is an SME.

    I put as follows

    SMB://server/folder/

    I also tried smb://server/folder/username

    No joy. Can anyone help please?

    Thank you

    Navigation uses Hello and Hello does not normally work through non-local connections, so it will not work on a VPN connection. It should be possible to connect through a VPN by using one of the following URL format in "connect to Server".

    AFP://192.168.1.10

    or

    AFP://fileserver.domain.com

    AFP://fileserver.local will not work since it is reserved for the Hello that as I mentioned does not work over remote links.

    Note: Not everyone gets their properly configured VPN system for searching DNS is possible that afp://fileserver.domain.com may also fail but the numeric address should work.

    Note: Again according to the VPN configuration, they may need to define a static route and have failed to do so, it would break digital even answer, however if numeric address works for Windows, they must work for Macs.

    It is always interesting to try to PING tests.

  • Get 810 error message when you try to connect to the VPN using L2TP protocol

    Original title: L2TP will not let me connect.

    I am in Workstation 9 and in each virtual machine, I have an AD - DC (2K8R2Enterprise), CA and RRAS (2K8R2Enterprise) and my last vm is a win7 (they are all tests).  All are not updated, but the PPTP, IKEv2 work without problem.  The second server that has the CAs and RRAS is a member of the AD - DC server.  The Win7 is not on the domain and I have Win7 a client certificate.  I have ensured that the CA root of trust is in the user store and computer Trusted Root CA.  I have also ensured that the Win7 client certificate is in the user store and personal computer.  I get a 810 error message when I try to connect to the VPN using the L2TP protocol.  I have exhaustively studied this problem and I can't find a solution to this problem.  I also raise the functional level of the domain to 2K8R2.

    I think this should be a simple and easy solution, but where can I find the answer?
    Please help me.
    Thank you for your time.
    Allan.

    Hi Allan,

    The question you posted would be better suited in the TechNet Forums. I would recommend posting your query in the Forum TechNet site:

    http://social.technet.Microsoft.com/forums/en/category/w7itpro

    If you need any other assistance, let know us and we would be happy to help you.

  • Why users need to disconnect and reconnect to the VPN to RDP?

    Most of the time our VPN works perfectly, but sporadically users must reconnect to the VPN to use remote desktop. Is that the user can log on to the VPN and access to things like network drives, but not other features like RDP. If they disconnect and then reconnect to the VPN, poof, everything works fine. No matter if it is minutes or hours in the VPN connection, it still requires reconnection. It seems that it is always on the second attempt at the nick of this post point called 'the second time's a charm

    We are using RRAS in SBS 2008 and the problem is multiple users tempting to VPN in XP and Win7 machines. We replaced the switches (now using Dell Powerconnects) and the router (now using Cisco RV042) and the problem persists.

    Suggestions or responses are greatly appreciated.

    Hello

    The question you have posted is related to Technet and would be better suited to the Technet community. Please visit the link below to find a community that will provide the best support.
    http://social.technet.Microsoft.com/forums/en-us/w7itpronetworking/threads

  • HP 8500 has more scan not scan - I hear a fast spin and the book will not draw in the charger

    HP 8500 has more scan not scan - I hear a fast spin and the book will not draw in the charger. I tried a reboot, including disconnect the motor from the power analysis. A software update was just pushed through today as well, but the problem with the scanner was before this update. This update took place after the power has been turned off, then on again.

    The problem occurred this morning during a prior scan + back. I heard a click or pop/fast spin, something that indicates something was wrong, when he tried to feed on the 1st backsheet through for the scan of the back. Now, it won't take what anyone, even to make a copy using the feeder.

    When I look at the roll holder bar above paper, I noticed that it does not drop down to make contact with the paper he move to the scanner itself. I remember having this problem once before - there are 2 years, while the warranty was still in effect and does not remember how it was resolved.

    Any suggestions would be welcome. I don't want to buy another printer just to get the scanner to feed again. The printer itself is fine and scan from the bed is not affected.

    For anyone interested, I sloved the problem of roller scanner do not push the paper into the ADF.

    I turned off the printer last night. Today, I removed the power cable at the back of the printer and then unplugged the power cord from the wall. It was off for about 30 minutes. I reconnect the cable to the printer and the wall, the printer running and waited about 10 minutes. So tired the charger scanner again. It worked and I don't know why.

    Yesterday, I tried a version of what I found in the documentation for HP support. He said to do, but not to turn the printer off first. He has not worked for me.

    I don't know if my path has really had no effect on the results, but it works now and I don't have to think about buying a new printer for awhile yet. I like this idea!

  • How to configure the VPN for Xperia phones

    I know that this does not work for many after the upgrade to KitKat but I just wanted to know how other users were using previously.

    Could you give me the settings or help me how to use these settings.

    VPN does not of course for a lot, but I guess that Sony will do something so he can fix it. But tell me how you used earlier. I am interested in knowing. Never used because I found it difficult. People told me that it is a sort of proxy to surf the net anonymously.

    Sachin4u wrote:

    ... VPN works of course not for many...

    Where did you get this info? I had this problem a few weeks in this forum channel and no useful response has been posted.

    But anyway: on Android 4.3, I added a VPN connection with the 'IPSec Xauth PSK' type and the pre-shared key. At the opening of the connection, I entered username and password. A few secconds later than the VPN connection to my home network with router Fritz Box has been implemented.

    Hopefully, I could help you, Titus

  • E3000 resets occasionally wired port when connecting to the VPN PPTP using Windows 7.

    I've had an E3000 for a few months now and a couple of times per week that the router loses wired Ethernet connectivity while PPTP VPN connects via Windows 7. The router does not actually resets itself... but darkens light of wired connection, the computer establishing VPN, and connectivity to the router is lost. Within 30 to 45 seconds, the port becomes active, once more, and to establish the VPN connection. I've not seen this on a wireless connection, but I do not often, which may be why. Similarly, I have not seen this on my Vista or XP wired computers using the Windows VPN client... but then again I can't use them often enough to meet the problem.

    I see this mostly on my Windows 7 (x 64) SP1, it also appeared pre - SP1, development equipped PC IP6 disabled on the PPTP VPN. And I don't see that on the establishment of a connection... once the connection has been made I can be operational for hours (5/6 or more a day) with no issue.

    While this issue causes me all real headaches like this doesn't happen on the connection... I thought someone should know.

    abandoned,

    Gave to your suggestion to try, but did nothing to eliminate the problem. The router was already on the version the most recent but re-flashed in any case. I ran 3 days on an old Windows XP machine connected to a different port on the router, I had 3 days to do work, and I've never had the drop on the VPN port. But this morning back on my Windows 7 machine... the port fell during my first attempt... I then had no problem, the rest of the day. Despite her disconnect and reconnect a PPTP VPN a few times more. Go figure.

    Let's consider this resolved... as I don't want to lose too much everyones time hassling with something that seems to be minor. Thanks for the help!

Maybe you are looking for