VPN 3005 concentrator Web Administration fails

Similar Questions

• Recovery password: VPN 3005 concentrator

  How 3005 Concentrator VPN admin password.

  Here is the procedure

  http://www.Cisco.com/en/us/products/HW/vpndevc/ps2284/products_password_recovery09186a008009434f.shtml

• Client VPN vs VPN 3005 concentrator using the Dial - up Internet GPRS connection

  Hello!

  I'm in trouble by using the GPRS Internet connection. I installed a VPN Client to connect to our VPN 3005 and it works fine but only using a V.90 Internet Dial-up regular connection. When I use GPRS I have access to the Internet, my VPN Client to connect successfully to the VPN3005, but I get no access to the Remote LAN (not even the ping test!). Can the overhead of 3DES cause something to do with this topic?

  Kind regards

  Russ

  I also activated the udp encapsulation mode, however I notice that the success rate for the vpn full implementation of IKE (complete Exchange of keys and connection) is only abt 50% of no. some trys. I wonder if you have such an experience... Not sure it's because of the latency in GPRS.

• Cannot access Internet on VPN 3005 concentrator

  I installed a new concentrator 3005. I am able to connect using the Cisco VPN client. Everything seems to work except the Internet. I am able to access everything in the local network, including local intranet Web pages. If I try to access Web pages on the outside, it does not. Any ideas?

  OK, so it seems there is a configuration or a problem with routing somewhere. Concentrator vpn routing table look like? Is there a default route set correctly? You can use ping to ping the default gateway?

  NAT is used? Is it possible the problem is that packages are not properly natted out to internet?

• PIX 515e VPN 3005 concentrator cannot pass phase 1

  My list of vpn access increases, so I know that it is correct. IM testing with ping. Debug configurations and follow. Remote location through VPN connection attempt with THE. Thanks to all who can help. His failure in the first phase which means configuration mess up, but I can't find a miss-match for me? Maybe ive been looking at this for a long time.

  Pix515e config:

  ----------------

  Crypto ipsec transform-set esp - esp-md5-hmac aptset

  aptmap 10 ipsec-isakmp crypto map

  aptmap 10 correspondence address vpn crypto card

  card crypto aptmap 10 peers set yyy.xxx.xxx.131

  card crypto aptmap 10 transform-set aptset

  aptmap interface card crypto outside

  ISAKMP allows outside

  ISAKMP key * address yyy.xxx.xxx.131 netmask 255.255.255.255

  part of pre authentication ISAKMP policy 10

  encryption of ISAKMP policy 10

  ISAKMP policy 10 md5 hash

  10 2 ISAKMP policy group

  ISAKMP life duration strategy 10 86400

  Debugs ipsec, isakmp, ca

  -------------------------

  Peer VPN: ISAKMP: approved new addition: ip:yyy.xxx.xxx.131 Total VPN peer: 1

  Peer VPN: ISAKMP: ip:yyy.xxx.xxx.131 Ref cnt is incremented to peers: 1 Total peer VPN: 1

  ISAKMP (0): early changes of Main Mode

  ISAKMP (0): retransmission of phase 1... IPSEC (key_engine): request timer shot: count = 1,.

  local (identity) = zzz.xxx.xxx.226, distance = yyy.xxx.xxx.131,

  local_proxy = 192.168.33.0/255.255.255.0/0/0 (type = 4),

  remote_proxy = 192.168.65.0/255.255.255.0/0/0 (type = 4)

  ISAKMP (0): retransmission of phase 1...

  ISAKMP (0): delete SA: src zzz.xxx.xxx.226 dst yyy.xxx.xxx.131

  ISADB: Reaper checking HIS 0x81377ad8, id_conn = 0 DELETE IT!

  Peer VPN: ISAKMP: ip:yyy.xxx.xxx.131 Ref cnt decremented to peers: 0 Total of VPN peer: 1

  Peer VPN: ISAKMP: deleted peer: ip:yyy.xxx.xxx.131 VPN peer Total: 0

  results of ' show crypto isamkp his. "

  -----------------------------------

  Total: 1

  Embryonic: 1

  Src DST in the meantime created State

  YYY.xxx.xxx.131 zzz.xxx.xxx.226 MM_NO_STATE 0 0

  Error messages on the concentrator 3005

  ------------------------------------

  11:14:47.640 57 07/01/2004-SEV = 4 RPT IKE/48 = 23 yyy.xxx.xxx.226

  Support useful treatment of error: ID payload: 1

  11:15:02.770 58 07/01/2004-SEV = 4 RPT IKE/48 = 24 yyy.xxx.xxx.226

  Support useful treatment of error: ID payload: 1

  3005 page concentrator Lan-To-Lan settings

  -----------------------

  Activated

  External interface

  Answer only

  YYY.xxx.xxx.226 peer

  Digital cert: no (use preshared keys)

  Transmission of the CERT: (full certification chain)

  Preshared key: {same on pix}

  AUTH: esp, md5, hmac-128

  encryption: des-56

  proposal of IKE: IKE-DES-MD5

  Filter: none

  IPSec NAT - T not verified

  No bandwidth policy

  Routing: no

  I noticed that you have a lifetime and a pfs group configured on the pix. The pfs group is 2 which I think will not work with-although I'm not positive, as I have only used with 3des. Diffie-Hellman Group1 should work with simple.

  In any case, recheck the config vpn 3000 to see if a group and life expectancy have been speced on config. If not, or if you are not sure, then remove the two outside the pix and run the command of his clear cry on the pix. Then try again and let me know what you find.

• How to export the list of internal users from VPN 3005 concentrator?

  I would like to be able to export the list of users for the purpose of documentation. Is this possible to do with the 3005?

  Thank you

  Raul

  It's not easy passing just to get the list of name of user, but you can get the whole config and then grab users ot there in a couple of ways.

  In XML format, which is easier to read, go to Admin - Mgmt - XML Export file and export the config file to any file name. Then under the file Mgmt section this file that will appear in a separate window. Search to find the sections of the user names and passwords.

  Text (a bit like an in the Windows .ini file), go to settings to access Admin - rights of access - and no Config File Encryption value. Save the configuration. Then go to file Mgmt and display the CONFIGURATION file, search for [user *. 1] to find all of the names of users and their values. This way is not very useful to be honest.

• VPN 3005 remote access concentrator

  I inherited 2 VPN 3005 one in production with a weird config, probably because the one who set up was having a similar problem. The other I'm trying to configure correctly and will then move users who him. It has a public IP address and the private port has an address on the local network. I have installed a swimming pool with a different subnet. My client connects but cannot get on the local network. I ping the local of the 3005 but nothing past interface.

  Thank you

  Eric

  Hello

  As I understand it, the tunnel is to establish properly (so no problem on the VPN config).

  If you check under surveillance | Sessions make you see the session to set up remote access? Also see packets received/transmitted?

  I would check that the internal LAN has a default gateway pointing to the internal IP address of the hub (or at least a route to access) to be able to send packets to the VPN clients.

  Federico.

• Cisco PIX 501 to Cisco 3005 concentrator via remote access

  Hello people,

  I need your help.

  We got a Cisco PIX 501 in one place and this pix is configured for pppoe connection. The pix connects to internet via the pppoe client. an official ip address ping works well.

  So what I want to do is to establish a tunnel von between this pix and a cisco 3005 concentrator.

  But I failed to establish it.

  Here are the pix config. the acl? s are only for the test and will be replaced if it works.

  6.3 (4) version PIX

  interface ethernet0 10baset

  interface ethernet1 100full

  ethernet0 nameif outside security0

  nameif ethernet1 inside the security100

  activate the password xxx

  passwd xxx

  hostname PIX - to THE

  domain araukraine.ua

  fixup protocol dns-length maximum 512

  fixup protocol ftp 21

  fixup protocol h323 h225 1720

  fixup protocol h323 ras 1718-1719

  fixup protocol http 80

  fixup protocol they 389

  fixup protocol rsh 514

  fixup protocol rtsp 554

  fixup protocol sip 5060

  fixup protocol sip udp 5060

  fixup protocol 2000 skinny

  fixup protocol smtp 25

  fixup protocol sqlnet 1521

  fixup protocol tftp 69

  names of

  outside ip access list allow a whole

  inside_access_in ip access list allow a whole

  pager lines 24

  opening of session

  Monitor logging warnings

  logging warnings put in buffered memory

  MTU outside 1456

  MTU inside 1456

  IP address outside pppoe setroute

  IP address inside 192.168.x.x 255.255.255.0

  alarm action IP verification of information

  alarm action attack IP audit

  PDM location 192.168.x.x 255.255.255.224 inside

  forest warnings of PDM 500

  history of PDM activate

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

  outside access-group in external interface

  inside_access_in access to the interface inside group

  Timeout xlate 0:05:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

  H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

  Timeout, uauth 0:05:00 absolute

  GANYMEDE + Protocol Ganymede + AAA-server

  AAA-server GANYMEDE + 3 max-failed-attempts

  AAA-server GANYMEDE + deadtime 10

  RADIUS Protocol RADIUS AAA server

  AAA-server RADIUS 3 max-failed-attempts

  AAA-RADIUS deadtime 10 Server

  AAA-server local LOCAL Protocol

  the ssh LOCAL console AAA authentication

  Enable http server

  255.255.x.x 192.168.x.x http inside

  No snmp server location

  No snmp Server contact

  SNMP-Server Community public

  No trap to activate snmp Server

  enable floodguard

  255.255.x.x telnet inside 192.168.x.x

  Telnet timeout 5

  SSH 194.39.97.0 255.255.255.0 outside

  SSH timeout 5

  management-access inside

  Console timeout 0

  VPDN group pppoe_group request dialout pppoe

  VPDN group pppoe_group localname [email protected] / * /

  VPDN group ppp authentication pap pppoe_group

  VPDN username [email protected] / * / password *.

  encrypted privilege 15

  vpnclient Server 212.xx.xx.xx

  vpnclient mode network-extension-mode

  vpntest vpngroup vpnclient password *.

  vpnclient username pixtest password *.

  Terminal width 80

  the hub, I created a user pixtest, a group vpntest and I? ve created the rules of the network for example to what server, users behind the pix will be able to access.

  And that? s all.

  I couldn't send you exit pix or hub because I don't have an error or a message that the tunnel will be established.

  What can be wrong?

  Thanks for the replies

  This configuration example shows how to create an IPsec tunnel to a computer that is running the Client VPN Cisco's (4.x and later versions) to a Cisco VPN concentrator 3000 to allow the user to safely access the network inside the VPN concentrator.

  http://www.Cisco.com/en/us/products/HW/vpndevc/ps2284/products_configuration_example09186a008026f96c.shtml

• VPN 3060 concentrator error

  I have a Cisco VPN 3060 concentrator and sometimes I get the following message from syslog. What does this error mean?

  Local7.warning, SEV 2 RPT EVENT/42 = 30 = save to FTP server failed (9)

  It seems that you configure the VPN concentrator to send the log saved on an FTP file.

  You can check the following for parameters:

  Configuration | System | Events | FTP backup

  These are the 2 FTP options which can be configured on the VPN concentrator.

• Console Cable - Cisco VPN 3000 Concentrator

  Where can I get a cable from the console to the Cisco VPN 3000 Concentrator? The place I bought the hub of not sent me one with it.

  Thank you

  JP

  JP,

  Console port for the concentrator vpn being complient rs-232, you can buy two female DB9 to RJ45 / adapters, one for the concetrator and one for the PC to use in the COM1 port, then use a regular straight through CAT5 cable, that's the way I do and it is convenient as suppose to use the straight through serial rs-232 cable.

  http://www.sealevel.com/product_detail.asp?product_id=787

  With regard to the regular cable this hub comes with you can use it.

  http://www.stonewallcable.com/product.asp?Dept%5Fid=35&PF%5Fid=SC%2DS9%2DFF

  Adidtional information for your initial hub seup -.

  http://www.Cisco.com/univercd/CC/TD/doc/product/VPN/vpn3000/3_6/getting/gs2inst.htm#1050260

  Concerning

  PLS rate useful posts

• Can a VPN 3005 cause multiple IP addresses on the external interface?

  Nice day

  Can a VPN 3005 cause several IPS on an external interface?

  I expect to use it in an environment that has 2 ADSL connections to an internet service provider. For the sake of the exercise, we could call them ROUTER1 and ROUTER2.

  We have a few VPN we always want to spend by ROUTER1 and some VPN we always want going through ROUTER2.

  Is this possible?

  Thank you very much

  No, not possible, sorry.

• Duplicate first detected package - VPN 3005

  We had a few problems to connect to a remote office associated with our Head Office of neighborhoods using an ADSL link, with only 1 IP address public. Remote Desktop doesn't have any VPN equipment, so we use only customer Cisco VPN on W2K and W98.

  Everything works for the first customer, it connects and works very well. The problem is that other equipment use the same IP to the Internet, so I think the VPN 3005 answers the request of session to the computer that it is already connected and the second PC expects a response until it delays.

  Any ideas? Is it necessary to get a VPN on the other side equipment and LAN to LAN VPN?

  Thanks in advance,

  Juan Diego

  The VPN client and the hub have a feature in them called NAT - T, where they detect that they're going through a NAT device and automatically encapsulate everything for UDP port 4500 packages, which should then be PAT would have correctly.

  Check this is enabled in the properties of customers, and on the hub under Config transparency - system - Tunnelling profits - IPSec - Nat, you must be good after that.

• Router VPN 3005 and 7500

  Hi all

  Could you someboy help me on that?

  I have a network like this:

  Internet Internet

  | |

  router VPN - 3005

  |

  Internal

  I can set up Lan to Lan VPN 3005 and other PIX aside, but I can't ping internal network with the back of my internal network. I've already put the static route to the subnet of setbacks in the router and my subnet route internal VPN. What should I do? Thanks in advance.

  Banlan

  in fact the 3000 can do a ping will depend on your network-lists / lists access so that my not be a relevant question.

• Update IOS for vpn 3005

  I use this version of ios on vpn 3005:

  vpn3005 - 4.0.4.A - k9.bin

  What is the upgrade that I need to perform:

  vpn3005 - 4.1.7.O - k9.bin GOLD

  vpn3005 - 4.7.2.I - k9.bin

  Please advise,

  Aurélie neslie

  Yanic,

  In your case, you can improve is updated the VPN3005 to 4.1 or 4.7 and both should be OK. Make sure you have enough RAM to upgrade to 4.1 code or 4.7 and read the detailed release notes to avoid surprises

  Release notes:

  4.1

  http://www.Cisco.com/univercd/CC/TD/doc/product/VPN/vpn3000/4_1/417fcn3k.htm#wp28723

  4.7

  http://www.Cisco.com/univercd/CC/TD/doc/product/VPN/vpn3000/4_7/472con3k.htm

  I hope it helps.

  Kind regards

  Arul

  * Please note all useful messages *.

• I'm trying to download the trial version for Acrobat DC edit PDF files, but when download initializes, it gets to 11%, gets stuck, then gives the message "request from Web Get failed. I canceled, downloaded the installer again and got the same result.  I'

  I'm trying to download the trial version for Acrobat DC edit PDF files, but when download initializes, it gets to 11%, gets stuck, then gives the message "request from Web Get failed. I canceled, downloaded the installer again and got the same result.  I'm on a PC running Windows 8. Any suggestions?

  Hiddm93421458,

  Restart your system and then try again to install Acrobat Reader DC using this link Download Adobe Acrobat free trial | Acrobat Pro DC.

  Let me know if the problem persists.

  Kind regards

  Nicos