VPN 3000 Console connection
Hello
I have hub vpn3005 in the office. I used the specially designed console cable. But when I tried to connect it to my terminal server (C2511) I can not get any output. I used a DB9/RJ45 adapter and plug it into the Octal cable of the term server. Is there a solution to this?
Respectfully,.
Lorenz
A straight-through cable with a terminal adapter DB9 on each end is the console cable, that's what I use with the VPN3030s
Tags: Cisco Security
Similar Questions
-
Console Cable - Cisco VPN 3000 Concentrator
Where can I get a cable from the console to the Cisco VPN 3000 Concentrator? The place I bought the hub of not sent me one with it.
Thank you
JP
JP,
Console port for the concentrator vpn being complient rs-232, you can buy two female DB9 to RJ45 / adapters, one for the concetrator and one for the PC to use in the COM1 port, then use a regular straight through CAT5 cable, that's the way I do and it is convenient as suppose to use the straight through serial rs-232 cable.
http://www.sealevel.com/product_detail.asp?product_id=787
With regard to the regular cable this hub comes with you can use it.
http://www.stonewallcable.com/product.asp?Dept%5Fid=35&PF%5Fid=SC%2DS9%2DFF
Adidtional information for your initial hub seup -.
http://www.Cisco.com/univercd/CC/TD/doc/product/VPN/vpn3000/3_6/getting/gs2inst.htm#1050260
Concerning
PLS rate useful posts
-
Hello
It is as sure to fix the public interface on a VPN 3000 Concentrator on the internet? Or should there be a firewall in front.
I understand that the public interface is "hardcoded" and only open ports you'd pass firewall anyway, but I just wanted to check with experts to ensure that :-)
Peter
Hi Peter,.
I don't think there are major problems involving the public interface of VPN 3030 Internet. It is means in reality for public access... it is a little hardened to allow only specific protocols... If you have an ID, you can monitor the traffic on this interface and shun unnecessary connections if necessary... you also have filters on the public interface, which allows you to restrict the traffic...
set the vpn behind a firewall increases the complexity of your network. You may as well have this behind, but it will be a little complicated.
I hope this helps... all the best
REDA
-
L2l IPSec VPN 3000 and PIX 501
Hello
I have a remote site that has a broadband internet connection and uses a PIX 501. We wanted to connect them with our main office using our VPN 3000 via VPN site-to-site.
I followed the following documentation:
However the L2L session does not appear on the hub when I check the active sessions.
The network diagram, as well as the PIX config and the screenshots of the VPN configuration for the IPSec-L2L tunnel is attached.
Any help or advice are appreciated.
I just noticed that the PIX firewall, the phase 1 paramateres are not configured. You must configure the same PASE 1 and phase 2 settings on both ends of the tunnel.
For example, on CVPN 3000, you have configured settings Phase 1 as 3DES, pre-shared key etc... We have the same configuration on the PIX firewall too.
Here is an example of sample config
I hope this helps!
-
VPN between a PIX and a VPN 3000
I'm trying to set up a VPN between PIX and a VPN 3000. All configurations are complete, but the tunnel has not been established. On the PIX, to 'see the crypto engine' and ' show isakmp his ' orders, I do not see the tunnel. Of "show ipsec his ' command, I can see the mistakes"#send"continues to increase when I try to connect to the remote network. Here is the copy - paste command:
Tag crypto map: myvpnmap, local addr. 10.70.24.2
local ident (addr, mask, prot, port): (10.70.24.128/255.255.255.128/0/0)
Remote ident (addr, mask, prot, port): (10.96.0.0/255.224.0.0/0/0)
current_peer: 10.70.16.5:0
LICENCE, flags is {origin_is_acl},
#pkts program: encrypt 0, #pkts: 0, #pkts 0 digest
#pkts decaps: 0, #pkts decrypt: 0, #pkts check 0
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, #pkts compr. has failed: 0, #pkts decompress failed:
#send 12, #recv errors 0
local crypto endpt. : 10.70.24.2, remote Start crypto. : 10.70.16.5
Path mtu 1500, fresh ipsec generals 0, media, mtu 1500
current outbound SPI: 0
SAS of the esp on arrival:
the arrival ah sas:
SAS of the CFP on arrival:
outgoing esp sas:
outgoing ah sas:
outgoing CFP sas:
Obviously, the PIX identifies protected traffic but failed to establish the tunnel. I was wondering what could be the reason for these kind of mistakes? That means them growing '#send errors?
Thank you very much!
Sending error mean simply the PIX is grateful to encrypt this traffic, but there is no built tunnel and so it must drop the package.
you will need to look at why the tunnel is not under construction however, "sending error" are just a byproduct of some other configuration issue. On the PIX, it looks like you would have something like:
Crypto ip 10.70.24.128 access list allow 255.255.255.128 10.96.0.0 255.224.0.0
On the 3000 under the L2L section and the Local and remote network, you need the exact opposite of the latter, then it would be:
/ Local network mask = 10.96.0.0/0.31.255.255
/ Remote network mask = 10.70.24.128/0.0.0.127
If you have something else the tunnel will fail to come. Otherwise, we see that the Cryptography debugs the PIX and the trunk of the 3000 when the tunnel is built.
-
Hello world
It is possible more make a VPN Tunnel from a single address IP VPN 3000 using the protcol PPTP?
because what attempt trevaler of my company to connect from the same IP (valid Internet) is not working. for example, when they all are within any society, it is only a valid IP address on the Internet only a VPN tunnel is possible VPN 3000
I need more than one connection from a single address IP VPN 3000 using the PPTP protcol
It is possible?
Thank you
Yes, it is possible on the VPN3000 himself, however, most of the time the problem is on the network device so that they cross where they are attempting to connect from. Some device/network firewall they pass through does not support several PPTP connections. Will they have for example an ASA firewall, then they will have to turn on PPTP inspection:
http://www.Cisco.com/en/us/docs/security/ASA/asa80/command/reference/i2.html#wp1721656
In short, the problem is not on your VPN3000 but on the network where are made the PPTP connections from.
Hope it's a no-brainer.
-
LAN-to-LAN tunnel between VPN 3000 and Cisco 1721
Hello
I have a current LAN-to-LAN tunnel configuration between VPN 3000 (3.6) and Cisco 1721 (12.2 (11) T).
When I use the encryption = authentication and Des-56 = ESP\MD5\HMAC-128 for the IPSec Security Association, everything works fine.
However, I would like to Turn off encryption for some time getting the speed improvements, so I changed
Encryption = null esp (in 1721) and to "null" in VPN-3000.
Now the tunnel is setup but I can spend only ICMP traffic. When I pass the traffic UDP\TCP the message below appears the Cisco 1721
% C1700_EM-1-ERROR: error in packet-rx: pad size error, id 75, hen offset 0
Has anyone seen this behavior?
All those put in place an IPSec Tunnel with only the ESP authentication and NO encryption between VPN-3000 and Cisco 1721?
Thanx------Naman
Naman,
Disable you the vpn Accelerator? "no accel crypto engine. Sure that you can't do with a null module vpn.
Kurtis Durrett
-
Hi guys,.
I'm working on the creation of a vpn between a vpn 3000 and a
point of control, the problem I have on the vpn3000 is that if I do not have
Select "reverse road injection" it won't establish the vpn.
I thought she might have because the roads of local lan did not exist
on the vpn 3000, so I added static to match the list of the network, but it
still wouldn't go out, as soon as I activate the reverse road injection it
works very well.
any ideas?
Thank you
Adam Baxter.
Adam,
Take out the static routes and also injection Road opposite say-able.
Activate the logs on the hub of gravity 1-13 for IPSEC & IPSECDBG, IKE, AUTH, IKEDBG, AUTHDBG.
Try to send a ping to the interesting traffic. Capture logs and send them to this post, let me take a look and see if there is a question that jumps.
See you soon
Gilbert
-
Hello
I'm trying to use CIsco ACS 5.4 for RADIUS authentication for VPN by using VPN concentrator 3000 users.
I added the VPN 3000 on ACS and added GBA on VPN group with a shared secret authentication server. When I do a test on the authentication server using the local account that I created on ACS it happens as no response was received from the server so that I can see the RAIDUS AAuth in green.
Any help would be much appreciated.
Concerning
AR
Hey,.
What is the report on GBA?
"RAIDUS AAuth in green"
If so, a pcap help between the two.
Concerning
Ed
-
VPN Client TCP connection to router IOS
Hello
I try to get a VPN client to connect via TCP to a router. I currently have the router put in place (and work) in using a VPN - UDP. Unfortunately one of the sites I visit will not allow VPN traffic outside of their firewall. I have searched all over the site of Cisco and can't find any information on the IOS configuration to accept TCP - VPN connections. I would like to change the TCP port 80, so my VPN traffic looks like just standard internet browsing my client firewall. Any links/pointer would be greatly appreciated.
Thanks in advance!
-Joe
Take a look at this:
http://www.Cisco.com/en/us/docs/iOS/12_2t/12_2t8/feature/guide/ftunity.html#wp1310210
http://www.Cisco.com/en/us/docs/iOS/12_2t/12_2t8/feature/guide/ftunity.html#wp1305478
http://www.Cisco.com/en/us/docs/iOS/12_2t/12_2t8/feature/guide/ftunity.html#wp1315635
Please rate if useful.
Concerning
Farrukh
-
I keep to err msge "mask/area bad ip address/subnet mask/generic id" when you attempt to add a class C network to the list a VPN 3000 Concentrator using the CLI. Here's my entry 192.168.51.0/0.0.0.255. The number and the wildcard mask seem ok. Isn't the right syntax?
Vincent, you're very welcome and thank you for the update... happy all worked... Please rate as solved post.
Rgds BST
Jorge
-
I get a "parse error" when you try to manually create an SSL certificate in the web interface of a VPN 3000; has anyone ever seen anything like that?
Hi Chaplin,
This is usually caused by the corruption of software certificate, you may need to call the TAC for specific steps to solve this problem.
Kind regards
Aamir Waheed,
Cisco Systems, Inc.
CCIE #8933
-=-=-
-
Cisco vpn client to connect but can not access to the internal network
Hi all
I have a VPN configured on cisco 5540. My vpn was working fine, but suddenly there is a question that the cisco vpn client to connect but can not access to the internal network
Any help would be much appreciated.
Hi Samir,
I suggest that you go to the ASA and check the configuration to make sure that it complies with the requirements according to the reference below link:
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00805734ae.shtml
(The link above includes split tunneling, but this is just an option.
Please paste the output of "sh cry ipsec his" here so that we can check if phase 2 is properly trained. I would say as you go to IPSEC vpn client on your PC and check increment in packets sent and received in the window 'status '.
Let me know if this can help,
See you soon,.
Christian V
-
Hi all
I have a question about the software for the VPN 3000 goes on the side of cisco, the new 4.2.7.I of 3 August 2006, I found last week, and now I found a newer version with vpn3000 - 4.1.7.O - k9.bin on August 15, 2006.
It's a bit confusing to me.
can someone explain to me what to use for a VPN Conc 3030 with 128 MB mem?
Thanks in advance
Klaus
What is your server VPN hardware part number if it takes support 3DES, you can use vpn3000 - 4.1.7.O - k9.bin no. otherwise.
-
VPN 3000 and wildcard peer IKE
The order PIX (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#wp1027312) reference:
ISAKMP key address
To configure a preshared authentication key and associate the key with a host name or the IPSec peer address, use the address isakmp key command. Use the address no. isakmp key command to remove a preshared authentication key and its associated IPSec peer address.
A 0.0.0.0 netmask. may be entered as a wildcard indicating that any peer IPSec with a preshared key valid given is a valid counterpart.
Question: Is it possible to do the same thing on the VPN 3000? I have a bunch of PIX firewall, they use DSL w / DHCP. I need them to operate in the Mode of Extension of network, but unlike PIX, I can't seem to get the VPN 3000 to accept the '0.0.0.0' as you can do it with PIX. Anyone has any idea if this is possible or another way to achieve the goal? Any ideas would be greatly appreciated.
Yep, it's possible, even if it's not too obvious how you do :-) The following configuration example shows how do:
The key option is the "Default pre-shared key" under the core group.
Maybe you are looking for
-
Cannot update Firefox becuse Norton will not update utility password for beta
WHY Firefox keep releasing Betas and not a new final version? Whenever Firefox has a new version, my Norton password utility stops working. Certainly, I have any Norton except disabled password utility, but I need that. I learned to not update Firefo
-
Satellite 2410-404: which HARD disks are supported
Hello one of our phones, to a new hard drive. What toshiba product are compatible to our Toshiba Satellite 2410 404? concerningJan Wernecke
-
Just got my setup Q180 last night. It is connected to my wireless N. Note that, while I watch YouTube videos is often missing from buffer. Has decided to perform a speed test www.speedtest.net. The results show .65mb speed and 6.5 MB speed. My servic
-
How to hide error in or controls?
In LabVIEW 2009, I can't hide the error in or on the Fron Panel controls. If I select one of the controls and right click, I get instead the palette function in the context menu. I know that I might be able to hide the controls by using the Visible p
-
How can I restore HP Quick Launch and keyboard filter driver after upgrading OS to Win7?
I've recently updated my windows vista Home Premium x 32 to windows 7 Home Premium x 32 now, I was aware that drivers wernt going to be supported but had clicked next and now my Quick launch buttons do not work, or my keyboard filter that when I run