VPN site to Site and SSL VPN
Hey guys,.
I'm working on a solution. I have a Home Office with my data center being there while my DR site is my plant and she nearly 20 users. I have a third place, which is a branch offices with only 2 people.
I intend to deploy a VPN Site to Site between the data center and DR Site while branches can connect via SSL VPN. Please confirm whether this solution is viable or not. Where do I go to a Site for the office too.
Thank you
If we knew more about your environment so we might be able to give more complete answers. But base on what you've described, I believe that a VPN site-to site between the data center and the disaster recovery site and VPN for remote access of the branch is an appropriate solution.
HTH
Rick
Tags: Cisco Network
Similar Questions
-
ASA from Site to Site and SSL VPN stop working
Thanks in advance for any advice
We have an ASA 5510, users were able to connect via to all connect without any problems. We opened a new office with an ASA 5505 and decided to give VPN site-to-site on IPSec. We used the basic wizard and everything went smoothly at both ends. However, users who always used SSL VPN says so that they can connect to the original site, they are no longer in their RDP virtual machines or get anywhere on the network. I don't know why something like this can happen.
You can change the SSL VPN DHCP scope to give a different subnet for IP addresses. Maybe try 192.168.10.0 255.255.255.0. Let me know if you can and if that corrects the issue.
Sent by Cisco Support technique iPhone App
-
Unable to connect to the site Web SSL VPN with firewall zone configured
I recently updated my 2911 company and set up a firewall area. This is my first experience with this and I used Cisco Configuration Professional to build the configuration of the firewall first and then edited the names to make it readable by humans. The only problem I can't solve is to learn site Web SSL VPN from outside. I can navigate the website and connect without problem from the inside, and even if it was useful to verify that the Routing and the site work properly it is really not what I. I don't get anything on the syslog for drops because of the firewall server, or for any other reason but packet capture show that no response is received when you try to navigate to the outside Web site. I am currently using a customer VPN IPSEC solution until I can get this to work and have no problem with it. I have attached a sanitized with the included relevant lines configuration (deleted ~ 400 lines including logging, many inspections on the movement of the area to the area and the ipsec vpn, which I already mentioned). I searched anything about this problem and no one has no problem connecting to their Web site, just to get other features to work correctly. All thoughts are welcome.
See the security box
area to area
Members of Interfaces:
GigabitEthernet0/0.15
GigabitEthernet0/0.30
GigabitEthernet0/0.35
GigabitEthernet0/0.45
area outside zone
Members of Interfaces:
GigabitEthernet0/1
sslvpn area area
Members of Interfaces:
Virtual-Template1
SSLVPN-VIF0
I tried to change the composition of the area on the interface virtual-Template1 to the outside the area nothing helps.
See the pair area security
Name of the pair area SSLVPN - AUX-in
Source-Zone sslvpn-area-zone of Destination in the area
Service-SSLVPN-AUX-IN-POLICY
Name of the pair area IN SSLVPN
Source-Zone in the Destination zone sslvpn-zone
service-policy IN SSLVPN-POLICY
Name of the pair area SELF SSLVPN
Source-Zone sslvpn-area free-zone Destination schedule
Service-SELF-to-SSLVPN-POLICY
Zone-pair name IN-> AUTO
Source-Zone in the Destination zone auto
Service-IN-to-SELF-POLICY policy
Name of the pair IN-> IN box
In the Destination area source-Zone in the area
service-policy IN IN-POLICY
Zone-pair name SELF-> OUT
Source-Zone auto zone of Destination outside the area
Service-SELF-AUX-OUT-POLICY
Name of the pair OUT zone-> AUTO
Source-Zone out-area Destination-area auto
Service-OUT-to-SELF-POLICY
Zone-pair name IN-> OUT
Source-Zone in the Destination area outside zone
service-strategy ALLOW-ALL
The pair OUT zone name-> IN
Source-out-zone-time zone time Zone of Destination in the area
Service-OUT-to-IN-POLICY
Name of the pair area SSLVPN-to-SELF
Source-Zone-Zone of sslvpn-area auto
Service-SSLVPN-FOR-SELF-POLICY
I also tried to add a pair of area for the outside zone sslvpn-zone passing all traffic and it doesn't change anything.
The area of networks
G0/0.15
172.16.0.1 26
G0/0.30
172.16.0.65/26
G0/0.35
172.16.0.129/25
G0/0.45
172.18.0.1 28
Pool of SSL VPN
172.20.0.1 - 172.20.0.14
Latest Version of IOS:
Cisco IOS software, software C2900 (C2900-UNIVERSALK9-M), Version 15.0 (1) M10, RELEASE SOFTWARE (fc1)
Glad works now. Weird question, no doubt.
I guess that on the deployment guide said that the firewall will not support inspection of TCP to the free zone, however, class nested maps are used to accomplish this, to be completely honest, I think it's a mess and the best thing to do is action past to auto for the protocols that you want and then drop the rest.
Let us know if you have any other problems.
Mike
-
ASA5505 VPN Site to site and limiting access - URGENT
I'll admit knowledge limited to the front, so forgive me if I look like a fool. The company that I work began recently to hosting our application for some of our customers. to do this, we are renting rack space, connections and equipment in a data center. We must send data to our request for an application in the center of data of our customers. They have an ASA 5505.
Our data center will support VPN site-to-site and nothing else. Our client find it unacceptable, citing security and the inability to restrict access to only the small number of servers, our application needs to access. I have to be able to talk intelligently and with the facts (and, preferably, examples of configuration on hand) with their staff of the IOC and network in the next day or so.
The ASA 5505 can be configured for a VPM from site to site with our data center which limits our application server to access a limited set of IP addresses within their network? If so, this is quite easily possible? Anyone done this?
Thank you
Leighton Wingerd
Leighton,
Sounds complicated problem - but are simple actuall. Remember that a VPN ensures the transmission from site A to site B on a precarious environment - internet. For example, you can DEFINE the traffic that goes through the VPN, you also DEFINE the traffic that will launch the VPN tunnel in the first place. With these statements said - using your supposed information you would create valuable traffic as the exact traffic you want to allow through the vpn;
access-list permits datacentre_2_client tcp host 1.2.3.4 host 192.168.1.2 eq 1521
And you will use the same ACL to set which can cross traffic. However, I know for a fact that an ODBC Oracle connection uses more than one TCP port!
The confidentiality of data is something else - that your customer needs to define requirements. An SSL connection is fine and dandy - you will just be to encrypt the traffic twice!
-
VPN from Site to Site and easy 871W
I have a problem with the configuration of Site to site and easy both together on the same router 871W
Something is working, but not everything.
x.x.x.x - address IP WAN
a.a.a.a - gw for WAN IP address
z.z.z.z - IP address of the VPN Site-to Site
192.168.201.0/25 - LAN
192.168.200.0/24 - easy VPN address
192.168.151.0/24 - Site-Site LANSite-to-site work properly, everythings fine, but no easy VPN.
Configuration of Cisco VPN Client:
Home - x.x.x.x, group auth name - RemoteGroup, pass *.
user test, pass *.I have a successful connection of Cisco VPN Client (I see a closed lock - connected status)
Connection gave me the address 192.168.200.5.
But I can't see LAN or LAN from Site to Site.
And I don't have any idea what may be wrong.
Finalny config:
Quote: Current configuration: 8860 bytes
!
version 12.4
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
sequence numbers service
!
hostname moj-waw-rtr
!
boot-start-marker
boot-end-marker
!
logging buffered debugging 52000
Select the secret *.
!
AAA new-model
!
!
AAA authentication login default local
AAA authentication login local remoteusers
AAA authorization exec default local
AAA authorization RemoteGroup LAN
!
AAA - the id of the joint session
!
resources policy
!
IP subnet zero
IP cef
!
!
no ip domain search
IP domain name waw.moj.pl
name of the IP-server 194.204.152.34
name of the IP-server 193.178.240.2
!
!
Crypto pki trustpoint TP - self - signed-*.
enrollment selfsigned
the object cn = IOS-Self-Signed - Certificate name-
revocation checking no
rsakeypair TP - self - signed-*.
!
!
crypto TP - self - signed pki certificate chain-*.
certificate self-signed 01
quit smoking
privilege secret 15 user username
username secret privilege test 4 *.
!
!
!
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
ISAKMP crypto key * address y.y.y.y
the local address TOVPNPOOL pool-crypto isakmp client configuration
!
ISAKMP crypto client configuration group RemoteGroup
key *.
pool TOVPNPOOL
ISAKMP crypto vpnclient profile
RemoteGroup group identity match
function identity address 192.168.201.111 255.255.255.255
client authentication list remoteusers
ISAKMP authorization list RemoteGroup
client configuration address respond
!
!
Crypto ipsec transform-set esp-3des esp-sha-hmac vpntowaw
Crypto ipsec transform-set esp-3des esp-md5-hmac vpnwaw
!
Crypto dynamic-map DYNAMICS 10
Set transform-set vpnwaw
vpnclient Set isakmp-profile
market arriere-route
!
!
vpn_wro_waw 1 ipsec-isakmp crypto map
defined peer y.y.y.y
Set transform-set vpntowaw
PFS Group1 Set
match address 104
vpn_wro_waw card crypto 65535-isakmp ipsec dynamic DYNAMICS
!
Bridge IRB
!
!
interface FastEthernet0
spanning tree portfast
!
interface FastEthernet1
spanning tree portfast
!
interface FastEthernet2
spanning tree portfast
!
interface FastEthernet3
spanning tree portfast
!
interface FastEthernet4
Description $ETH - LAN$
IP x.x.x.x 255.255.255.0
IP access-group 102 to
Check IP unicast reverse path
no ip redirection
no ip unreachable
no ip proxy-arp
NAT outside IP
IP virtual-reassembly
route IP cache flow
automatic duplex
automatic speed
vpn_wro_waw card crypto
!
interface Dot11Radio0
no ip address
no ip redirection
no ip unreachable
no ip proxy-arp
route IP cache flow
!
algorithms for encryption tkip encryption mode
!
encryption vlan 1 tkip encryption mode
!
SSID TO - WAW
VLAN 1
open authentication
authentication wpa key management
Comments-mode
WPA - psk ascii *.
!
base speed - 1.0 2.0 basic basic-5, 5 6.0 9.0 basic-11, 0 12.0 18.0 24.0 36.0 48.0 54.0
root of station-role
No dot11 extensions aironet
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no link-status of snmp trap
No cdp enable
Bridge-Group 1
Bridge-group subscriber-loop-control 1
Bridge-Group 1 covering-disabled people
Bridge-Group 1 block-unknown-source
No source of bridge-Group 1-learning
unicast bridge-Group 1-floods
!
interface Vlan1
Description $ETH - SW - LAUNCH, INTF-INFO-HWIC $$ $4ESW
no ip address
no ip redirection
no ip unreachable
no ip proxy-arp
IP virtual-reassembly
route IP cache flow
IP tcp adjust-mss 1452
Bridge-Group 1
!
interface BVI1
IP 192.168.201.1 255.255.255.128
IP access-group 101 in
IP nat inside
IP virtual-reassembly
!
local IP TOVPNPOOL 192.168.200.2 pool 192.168.200.101
IP classless
IP route 0.0.0.0 0.0.0.0 a.a.a.a
!
IP http server
1 class IP http access
local IP http authentication
IP http secure server
IP http timeout policy slowed down 60 life 86400 request 10000
IP nat inside source static tcp 192.168.201.3 80 80 FastEthernet4 interface
IP nat inside source overload map route SDM_RMAP_1 interface FastEthernet4
!
Remark SDM_ACL category of access list 1 = 1
access-list 1 permit 192.168.201.0 0.0.0.127
access-list 1 permit 192.168.151.0 0.0.0.255
access-list 1 deny all
Access-list 100 category SDM_ACL = 2 Note
Note access-list 100 IPSec rule
access-list 100 deny ip 192.168.201.0 0.0.0.127 192.168.3.0 0.0.0.255
access-list 100 deny ip 192.168.201.0 0.0.0.127 192.168.2.0 0.0.0.255
access-list 100 deny ip 192.168.201.0 0.0.0.127 192.168.151.0 0.0.0.255
access-list 100 deny ip 192.168.201.0 0.0.0.127 192.168.200.0 0.0.0.255
access-list 100 permit ip 192.168.201.0 0.0.0.127 all
access list 101 remark self-generated by the configuration of the firewall SDM
Note access-list 101 = 1 SDM_ACL category
access-list 101 deny ip x.x.x.x 0.0.0.255 everything
access-list 101 deny ip 255.255.255.255 host everything
access-list 101 deny ip 127.0.0.0 0.255.255.255 everything
access list 101 ip allow a whole
Allow Access - list 101 tcp a whole
access list 101 allow udp a whole
access-list 101 permit icmp any one
access-list 102 permit icmp any host x.x.x.x
access-list 102 permit udp host 194.204.152.34 eq field host x.x.x.x
access-list 102 permit udp host 193.178.240.2 eq field host x.x.x.x
access-list 102 permit udp host host eq non500-isakmp x.x.x.x y.y.y.y
access-list 102 permit udp host host eq isakmp x.x.x.x y.y.y.y
access-list 102 permit esp host host x.x.x.x y.y.y.y
access-list 102 permit ahp host host x.x.x.x y.y.y.y
access-list 102 permit ip 192.168.151.0 0.0.0.255 192.168.201.0 0.0.0.127
access-list 102 permit ip 192.168.200.0 0.0.0.255 192.168.201.0 0.0.0.127
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.201.0 0.0.0.127
access-list 102 permit ip 192.168.3.0 0.0.0.255 192.168.201.0 0.0.0.127
access-list 102 permit ip 192.168.201.0 0.0.0.127 all
access-list 102 deny ip 10.0.0.0 0.255.255.255 everything
access-list 102 deny ip 172.16.0.0 0.15.255.255 all
access-list 102 deny ip 192.168.0.0 0.0.255.255 everything
access-list 102 deny ip 127.0.0.0 0.255.255.255 everything
access-list 102 deny ip 192.168.201.0 0.0.0.127 all
access-list 102 refuse host ip 255.255.255.255 everything
access-list 102 refuse host ip 0.0.0.0 everything
access ip-list 102 permit a whole
access-list 103 allow ip 192.168.200.0 0.0.0.255 any
access-list 103 allow ip 192.168.151.0 0.0.0.255 any
access-list 103 allow ip 192.168.201.0 0.0.0.127 all
access-list 103 permit ip 192.168.2.0 0.0.0.255 any
access-list 103 allow ip 192.168.3.0 0.0.0.255 any
access-list 103 allow y.y.y.y ip 0.0.0.7 one
access-list 103 deny ip any one
Remark SDM_ACL category from the list of access-104 = 4
Note access-list 104 IPSec rule
access-list 104. allow ip 192.168.201.0 0.0.0.127 192.168.151.0 0.0.0.255
access-list 104 allow 192.168.201.0 ip 0.0.0.127 192.168.2.0 0.0.0.255
access-list 104 allow 192.168.201.0 ip 0.0.0.127 192.168.3.0 0.0.0.255
access-list 104 allow 192.168.201.0 ip 0.0.0.127 192.168.200.0 0.0.0.255
not run cdp
allowed SDM_RMAP_1 1 route map
corresponds to the IP 100
!
!
control plan
!
Bridge Protocol ieee 1
1 channel ip bridge
!
Line con 0
no activation of the modem
line to 0
line vty 0 4
access-series 103 in
privilege level 15
entry ssh transport
!
max-task-time 5000 Planner
endBartosz,
If you want to ping on the other side of the IPsec-L2L tunnel system you must change your 104 ACL.
to read
IP RA_VPN_POOL subnet REMOTE_SUBNET_MASK to allow REMOTE_SUBNET.
access-list 104 allow 192.168.201.0 ip 0.0.0.127 192.168.200.0 0.0.0.255<---- this="" means="" ..="" put="" into="" the="" static="" l2l ="" tunnel="" traffic="" from="" my="" local="" subnet="" going="" to="" my="" remote="" access="" vpn="" ...="" seems="">---->
Marcin
-
Dear All/Admin/Tech,
After the upgrade to Firefox 10.0 staff of my company in Indonesia can not rained access gateway SSL for the web of our company and therefore cannot log on to our web database program.In my tests, in Singapore (with the same ISP fiber broadband), I have the same problem.
Both Chrome and IE have no problem, but Firefox stops on error "the connection was reset".
Firefox is now super sensitive to the shift of site Web, allows no ports or y at - there some problem in which Firefox to reject Web page or program?
So far, that seems to happen on Firefox 10.0 and our SSL https web portal. What is good on all other browsers.
Help, please.
Thank you and best regards,
Joel LiI also have problems with 10 FF and Fortinet VPN.
It helped me a little... http://social.technet.Microsoft.com/forums/en-us/w7itprosecurity/thread/e6e8ada8-BC12-4f6f-8de3-1d3fd2ff4931
The problems seems to be in the Microsoft Security Update KB2585542, that TLS and SSL fixes. Apparently some websites that use SSL do not work properly because of this.
I had to disable the update of security KB2585542, then downgrade to FF 9.0.1.
BUT I don't want to remain unpatched and with an older version of FF. A way around this problem without downgrading?
EDIT: Just to be clear, even after I disabled the patch MS that I kept getting "the connection was reset" in FF10. Everything worked great until I upgraded to FF10 even with the patch on.
-
I'm having trouble finding information on SSL VPN for ASR1K, when we bought the boxes told us that SSL VPN was on the roadmap of the software, but that was back in 2010 and now I can not find anything nor can I get the right information.
Does anyone have a recommendation on what to do or who to ask?
PLS, contact your Cisco account manager as he or she would be able to provide additional information.
There is normally a long list of features to add to the product, and SSL VPN is one of them who was asked to appear on the ASR. However, depending on the needs, it might be on the top of the list of the road map, or to the bottom of the list. Your Cisco AM should be able to get information from the product team.
-
AnyConnect and SSL - VPN without client
Are there problems in running Cisco AnyConnect and SSL - VPN without client side by side?
I am currently looking into adding features for an ASA AnyConnect who currently set up to operate without SSL - VPN client. The system without client is not removed. I don't know how to set it up, I wonder if someone has already set up this or if there is no problem with this Setup?
Hi Daniel
It's a little complicated if you want a granular authentication and authorization, but it works.
I'm running an ASA with IPSec, SSL Client and clientless SSL.
Each of these virtual private networks with user/one-time-password name and certificate based authentic.
The main challenge is to put in place its own structure of profile cards, connection profiles, group policies and dynamic access policies.
Feel free to ask questions...
Stephan
-
Windows IPSEC and SSL VPN client on the same machine
Matches (coexistence) installation of IPSEC and SSL vpn clients that are supported on the same computer, windows (XP and Win7)?
As mentioned by Patricia and Jennifer (5 stars), you can install two clients on the same machine without any problem.
The tricky part comes when you are trying to connect two clients at the same time, that's when you may encounter unexpected problems.
However, if your intention is to install both clients and connect them individually and not at the same time, you'll be fine.
If you have any other questions, please mark this question as answered and note all messages that you have found useful.
Thank you.
Portu.
Post edited by: Javier Portuguez
-
When I connect to secure Web sites (that is to say the National Bank aust) a message pops up saying not approved Web site and the security certificate is not valid? I can also book flights on qantas and Virgin site? Help, please. I could do all this 24 hours but now can not do something like this.
Try to upgrade to a newer version of Firefox 3.6.x or 6.0.x.
Your current version of Firefox 3.0.19 can exceeded SSL certificate expired.
Also check the date and time of the clock on your computer: (double) click on the clock icon in the Windows taskbar.- Firefox 6.0.x: http://www.mozilla.com/en-US/firefox/all.html
- Firefox 3.6.x: http://www.mozilla.com/en-US/firefox/all-older.html
-
I work in a wbe site and it say Blocker is on when I show it is off - why?
I followed the instructions via the menu to activate the pop-up blockers out of a particular web site, and the system shows they are now closed but the site continues to block what I try to do and said pop up blocks are on. Why and what I can do to remove them from this site. This is a corporate site and I really need to have access to it as soon as possible.
Thank youYou see special icons as an icon of the pop-up block to the left or to the right end of the address bar?
Start Firefox in Safe Mode to check if one of the extensions (Firefox, Tools/menu key > Modules > Extensions) or if hardware acceleration is the cause of the problem.
- Put yourself in the DEFAULT theme: Firefox, Tools/menu key > Modules > appearance
- Do NOT click on the reset button on the startup window Mode safe
- https://support.Mozilla.org/KB/safe+mode
- https://support.Mozilla.org/KB/troubleshooting+extensions+and+themes
Try to delete the permissions.sqlite to reset all the permissions.
You can use this button to go to the current Firefox profile folder:- Help > troubleshooting information > profile directory: see file (Linux: open the directory;) Mac: View in the Finder)
- http://KB.mozillazine.org/Profile_folder_-_Firefox
Your security software might also block pop-ups.
Start the computer in Mode safe mode with network support Windows (on the startup screen, press F8) to see if that helps.
-
We have site and only works with Firefox 3.0 Setup. so, can we have this version Offline Installer?
Why is your site, not be able to be consulted in current Firefox?
Firefox 3.0 is now rather old and vulnerable.
If you must use a version of Firefox 3.0.x for that one site then try the portable version of Firefox 3.0.12. English is near the bottom of the list.
http://sourceforge.NET/projects/PortableApps/files/Mozilla Firefox 2% C Portable ed. / Mozilla Firefox Portable edition 3.0.12 %2C.^ copy + paste the url above.
Installs it portable Firefox is autonomous, that it does not touch your version of Firefox or normal profiles for her.
-
Hello I have problem with my site, and mozilla. Google chrome, safari, explorer, opera work ok. I have Sobipro for both the company and the logos and images without work!
When I try to open the url is this:http://www.athens-dayandnight.gr/images/sobipro/entries/288/587_img.jpgwhith mozilla is the following: /images/sobipro/entries\288\587_img.jpg when ichange it------with this / work.
any idea?
Thank you
Hello, the URLS that contain-in their path are not valid. Firefox is less tolerant to errors in this respect than other browsers.
Correct the path to http://www.athens-dayandnight.gr/images/sobipro/entries/288/587_img.jpg in the source code of this site or if you don't control the contact of the site their webadmin to do... -
In a new tab (+) window, I get a full screen of the Bing site, and I do not see the gear of NEW CONTROLS TAB.
I tried dragging one bookmark in this window and then had this site full-screen. But when I exit Firefox and restart it, it is by default to the Site of Bing - I HATE BING
I do not see the gear for new tab controls, and so I can't put it: 'display your top sites '.
I uninstalled Firefox and installed the latest version - I found myself with the same thing, I had - including my homepage and exactly the same problem - your help would be appreciatedWhat do you see on the page, just nothing?
Could you come back: config, filter using newtab again once and if browser.newtab.url is bold claims to be 'set of users", right click and click Reset in the menu bit
If you open a new tab, which solve this problem?
Edit: sorry for typo's fault: browser.newtab.url
-
When I try to open CompuServe, which I used for several years on Firefox, a screen appears saying: this isn't a trusted site and it wont let me.
Here's what's on the screen that appears when I try to open CompuServe and AOL CompuServe of owner:
___________________________________________________________
This connection is Untrusted
You asked Firefox to connect safely to my.screenname.aol.com, but we cannot confirm that your connection is secure.
Normally, when you try to connect safely, sites will present a reliable identification to prove that you're in the right place. However, the identity of this site cannot be verified.
_____________________________________________________________There was a security of Firefox auto update on Friday, August 7, 2015 after which this problem started to occur. On my other computer, I use very often and on which I also use Firefox, I can easily open CompuServe.
You allowed the information to be included in the details of your system more when you posted. Look to the right of your original post, where it is said more details of the system.
Maybe you are looking for
-
Satellite 5100-503 "locked" maybe BIOS
I had recently bought a new HARD drive because of problems in the previous, then the HDD have nothing in it. But when I thought everything was fixed, I discovered a new problem.Whenever I turn on the computer a try to access the boot priority to choo
-
How to extract the text from corrupted pages file
Really appreciate if someone of you knows a way to extract text from a page files of 9 MB that contains text and images and which does not: Error message: file format not valid. Change the type of file and opening in various programs (Word, Acrobat,
-
Cannot get my dvd = rw ts l632H tsscorp to work
I have a dell d630 and does not recognize my dvd rw ts L632H any cd or dvd
-
How to copy a DVD with BUP files on my computer?
When I try copy and save the files to my computer the computer says that he doesn't know what software to use. He ordered me to use the internet to understand. I find myself on a page that lists a bunch of websites where I can download the software
-
I tried the free 30-day subscription 10 images, I cancelled before 30 days and then was charged $ 175 for a year of subscription. After contact with the cat online, I was told that I will get a refund within 2-3 business days. It was June 1, I should