VPN site to Site on a local network with ISA570

Hello!

We have a Cisco Firewall ISA570 in our office and now, I bought a second one for a remote location. Now I aim to connect these two sites via the IPsec Site-to-Site VPN. Since we have no information about the public IP address on the new location, I want to test the VPN connection in our office first. That's what I've done so far:

Office (side A):

WAN port 1: Public internet access

WAN port 2: 10.0.0.1/24

LAN: 192.168.66.1/24

Target VPN: 10.0.0.2/24

Local network VPN: 192.168.66.0/24

The target VPN network: 192.168.67.0/24

Side B (new feature):

WAN port 1: 10.0.0.2/24

LAN: 192.168.67.1/24

Target VPN: 10.0.0.1/24

Local network VPN: 192.168.67.0/24

The target VPN network: 192.168.66.0/24

Unfortunately, this does not work. As soon as I start the connection on A device, the VPN light starts to blink green and after a minute his orange blinker. If I try to start the connection on the Unit B, nothing happens. No even the led starts to Flash.

What I am doing wrong?

Thanks for your help.

Hello

I just did a quick test. Your Setup program should work. Could you send me files of diagnosis of these two ISA500?

Diagnosis should include your configuration and logs.

You use 1.1.17?

Kind regards

Wei

Tags: Cisco Support

Similar Questions

  • ASA 5505 IPSEC VPN connected but cannot access the local network

    ASA: 8.2.5

    ASDM: 6.4.5

    LAN: 10.1.0.0/22

    Pool VPN: 172.16.10.0/24

    Hi, we purcahsed a new ASA 5505 and try to configure IPSEC VPN via ASDM; I simply run the wizards, installation vpnpool, split tunnelling, etc.

    I can connect to the ASA using the cisco VPN client and internet works fine on the local PC, but it can not access the local network (can not impossible. ping remote desktop). I tried the same thing on our Production ASA(those have both Remote VPN and Site-to-site VPN working), the new profile, I created worked very well.

    Here is my setup, wrong set up anything?

    ASA Version 8.2 (5)

    !

    hostname asatest

    domain XXX.com

    activate 8Fw1QFqthX2n4uD3 encrypted password

    g9NiG6oUPjkYrHNt encrypted passwd

    names of

    !

    interface Ethernet0/0

    switchport access vlan 2

    !

    interface Ethernet0/1

    !

    interface Ethernet0/2

    !

    interface Ethernet0/3

    !

    interface Ethernet0/4

    !

    interface Ethernet0/5

    !

    interface Ethernet0/6

    !

    interface Ethernet0/7

    !

    interface Vlan1

    nameif inside

    security-level 100

    IP 10.1.1.253 255.255.252.0

    !

    interface Vlan2

    nameif outside

    security-level 0

    address IP XXX.XXX.XXX.XXX 255.255.255.240

    !

    passive FTP mode

    clock timezone PST - 8

    clock summer-time recurring PDT

    DNS server-group DefaultDNS

    domain vff.com

    vpntest_splitTunnelAcl list standard access allowed 10.1.0.0 255.255.252.0

    access extensive list ip 10.1.0.0 inside_nat0_outbound allow 255.255.252.0 172.16.10.0 255.255.255.0

    pager lines 24

    Enable logging

    timestamp of the record

    logging trap warnings

    asdm of logging of information

    logging - the id of the device hostname

    host of logging inside the 10.1.1.230

    Within 1500 MTU

    Outside 1500 MTU

    IP local pool 172.16.10.1 - 172.16.10.254 mask 255.255.255.0 vpnpool

    no failover

    ICMP unreachable rate-limit 1 burst-size 1

    don't allow no asdm history

    ARP timeout 14400

    Global 1 interface (outside)

    NAT (inside) 0-list of access inside_nat0_outbound

    NAT (inside) 1 0.0.0.0 0.0.0.0

    Route outside 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX 1

    Timeout xlate 03:00

    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

    timeout tcp-proxy-reassembly 0:01:00

    Floating conn timeout 0:00:00

    dynamic-access-policy-registration DfltAccessPolicy

    AAA-server protocol nt AD

    AAA-server host 10.1.1.108 AD (inside)

    NT-auth-domain controller 10.1.1.108

    Enable http server

    http 10.1.0.0 255.255.252.0 inside

    No snmp server location

    No snmp Server contact

    Server enable SNMP traps snmp authentication linkup, linkdown cold start

    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

    Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

    Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

    Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

    Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

    Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

    life crypto ipsec security association seconds 28800

    Crypto ipsec kilobytes of life - safety 4608000 association

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

    Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

    outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

    outside_map interface card crypto outside

    crypto ISAKMP allow outside

    crypto ISAKMP policy 10

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 86400

    Telnet timeout 5

    SSH 10.1.0.0 255.255.252.0 inside

    SSH timeout 20

    Console timeout 0

    dhcpd outside auto_config

    !

    a basic threat threat detection

    Statistics-list of access threat detection

    no statistical threat detection tcp-interception

    WebVPN

    internal group vpntest strategy

    Group vpntest policy attributes

    value of 10.1.1.108 WINS server

    Server DNS 10.1.1.108 value

    Protocol-tunnel-VPN IPSec l2tp ipsec

    disable the password-storage

    disable the IP-comp

    Re-xauth disable

    disable the PFS

    IPSec-udp disable

    IPSec-udp-port 10000

    Split-tunnel-policy tunnelspecified

    value of Split-tunnel-network-list vpntest_splitTunnelAcl

    value by default-domain XXX.com

    disable the split-tunnel-all dns

    Dungeon-client-config backup servers

    the address value vpnpool pools

    admin WeiepwREwT66BhE9 encrypted privilege 15 password username

    username user5 encrypted password privilege 5 yIWniWfceAUz1sUb

    the encrypted password privilege 3 umNHhJnO7McrLxNQ util_3 username

    tunnel-group vpntest type remote access

    tunnel-group vpntest General attributes

    address vpnpool pool

    authentication-server-group AD

    authentication-server-group (inside) AD

    Group Policy - by default-vpntest

    band-Kingdom

    vpntest group tunnel ipsec-attributes

    pre-shared-key BEKey123456

    NOCHECK Peer-id-validate

    !

    !

    privilege level 3 mode exec cmd command perfmon

    privilege level 3 mode exec cmd ping command

    mode privileged exec command cmd level 3

    logging of the privilege level 3 mode exec cmd commands

    privilege level 3 exec command failover mode cmd

    privilege level 3 mode exec command packet cmd - draw

    privilege show import at the level 5 exec mode command

    privilege level 5 see fashion exec running-config command

    order of privilege show level 3 exec mode reload

    privilege level 3 exec mode control fashion show

    privilege see the level 3 exec firewall command mode

    privilege see the level 3 exec mode command ASP.

    processor mode privileged exec command to see the level 3

    privilege command shell see the level 3 exec mode

    privilege show level 3 exec command clock mode

    privilege exec mode level 3 dns-hosts command show

    privilege see the level 3 exec command access-list mode

    logging of orders privilege see the level 3 exec mode

    privilege, level 3 see the exec command mode vlan

    privilege show level 3 exec command ip mode

    privilege, level 3 see fashion exec command ipv6

    privilege, level 3 see the exec command failover mode

    privilege, level 3 see fashion exec command asdm

    exec mode privilege see the level 3 command arp

    command routing privilege see the level 3 exec mode

    privilege, level 3 see fashion exec command ospf

    privilege, level 3 see the exec command in aaa-server mode

    AAA mode privileged exec command to see the level 3

    privilege, level 3 see fashion exec command eigrp

    privilege see the level 3 exec mode command crypto

    privilege, level 3 see fashion exec command vpn-sessiondb

    privilege level 3 exec mode command ssh show

    privilege, level 3 see fashion exec command dhcpd

    privilege, level 3 see the vpnclient command exec mode

    privilege, level 3 see fashion exec command vpn

    privilege level see the 3 blocks from exec mode command

    privilege, level 3 see fashion exec command wccp

    privilege see the level 3 exec command mode dynamic filters

    privilege, level 3 see the exec command in webvpn mode

    privilege control module see the level 3 exec mode

    privilege, level 3 see fashion exec command uauth

    privilege see the level 3 exec command compression mode

    level 3 for the show privilege mode configure the command interface

    level 3 for the show privilege mode set clock command

    level 3 for the show privilege mode configure the access-list command

    level 3 for the show privilege mode set up the registration of the order

    level 3 for the show privilege mode configure ip command

    level 3 for the show privilege mode configure command failover

    level 5 mode see the privilege set up command asdm

    level 3 for the show privilege mode configure arp command

    level 3 for the show privilege mode configure the command routing

    level 3 for the show privilege mode configure aaa-order server

    level mode 3 privilege see the command configure aaa

    level 3 for the show privilege mode configure command crypto

    level 3 for the show privilege mode configure ssh command

    level 3 for the show privilege mode configure command dhcpd

    level 5 mode see the privilege set privilege to command

    privilege level clear 3 mode exec command dns host

    logging of the privilege clear level 3 exec mode commands

    clear level 3 arp command mode privileged exec

    AAA-server of privilege clear level 3 exec mode command

    privilege clear level 3 exec mode command crypto

    privilege clear level 3 exec command mode dynamic filters

    level 3 for the privilege cmd mode configure command failover

    clear level 3 privilege mode set the logging of command

    privilege mode clear level 3 Configure arp command

    clear level 3 privilege mode configure command crypto

    clear level 3 privilege mode configure aaa-order server

    context of prompt hostname

    no remote anonymous reporting call

    Cryptochecksum:447bbbc60fc01e9f83b32b1e0304c6b4

    : end

    Captures we can see packets going from the pool to the internal LAN, but we do not reply back packages.

    The routing must be such that for 172.16.10.0/24 packages should reach the inside interface of the ASA.

    On client machines or your internal LAN switch, you need to add route for 172.16.10.0/24 pointing to the inside interface of the ASA.

  • Easy VPN not able to access the local network

    Hi guys,.

    little hope can help me, I'll give you a run down on the config.

    I have a border router that is a no. 2851 connected to the No. 2851 is a switch cisco 3750 running Routing inter - vlan with four VLANS.

    I have easy VPN server on the edge router No. 2851 I am able to connect remotely from a client vpn cisco with a problem but I can't access the local network on the server, I tried everything with no luck.

    I have a cisco VPN client installed on a 64-bit windows system 7 and I also tried with windows xp 32-bit system and still no luck.

    Please I need help I need to get this race to end of trading today.

    I will be copying and pasting the edge router config please if someone get review and see if the config is good.

    You need to change your ACL PAT of standard to extend and to deny traffic to be translated to the Pool of VPN:

    access-list 120 deny ip 10.10.10.0 0.0.0.3 10.10.50.0 0.0.0.255

    access-list 120 deny ip 192.168.XX.0 0.0.0.255 10.10.50.0 0.0.0.255

    access-list 120 deny ip 172.16.XX.0 0.0.0.255 10.10.50.0 0.0.0.255

    access-list 120 deny ip 172.1X.20.0 0.0.0.255 10.10.50.0 0.0.0.255

    access-list 120 deny ip 192.168.XX.0 0.0.0.255 10.10.50.0 0.0.0.255

    access-list 120 allow ip 10.10.10.0 0.0.0.3 all

    IP access-list 120 permit 192.168.XX.0 0.0.0.255 any

    IP access-list 120 permit 172.16.XX.0 0.0.0.255 aniy

    IP access-list 120 permit 172.1X.20.0 0.0.0.255 any

    IP access-list 120 permit 192.168.XX.0 0.0.0.255 any

    overload of IP nat inside source list 120 interface Dialer0

    no nat ip within the source of the list 1 overload interface Dialer0

    clear the ip nat trans *.

    Hope that helps.

  • Unable to access the local network with VPN with some ISPS

    Hello

    We have a VPN Remote Access IPSEC with an ASA5505. Install VPN it correctly but can not access the inside or the ASA to my office.

    But at home with another Internet service provider, it works! You can access inside.

    We are trying with other ISP and it works with 2 and does not work with the other 2!

    Office we also have an ASA5505, but we have another VPN other sites that work properly.

    Any ideas?

    Thank you and sorry for my English.

    Add...

    ISAKMP nat-traversal crypto

    That should do the trick! Please rate if this can help.

  • I can only access local network with WPA/WPA2-PSK compatible. With out security I can connect without any problems.

    Issue of WPA/WPA2-PSK on Vista with SP2

    Belkin F7D2301 router, version1

    Vista Home Premium, Service Pack 2

    Network card: Atheros AR5007 802. 11a / g WiFi. version of the driver. 7.3.201.25.

    I am running 2-1 Vista, 1 Window7 laptop
    IPhone 2
    1 Wii game system

    When I installed initially the new router today, I installed it with WPA - PSK [TKIP] + security WPA2-PSK [AES] option. When in doing so, the Vista Home Premium (32 bit) would not connect to the internet. He would show local only access.

    But when I disable security it can connect to the internet. Rest of my devices are also able to connect to the internet regardless of WPA - PSK [TKIP] + WPA2-PSK [AES] or security number. I am running Vista with SP2.  That seems known problem Vista on Sp1. see http://support.microsoft.com/kb/935222.

    The network adapter I have is an Atheros AR5007 802. 11a / g WiFi with the version of the driver. 7.3.201.25.

    Any help would be very happy... I'm exhausted now try to solve this problem.

    SOLVED by updating the driver for Atheros. Atheros AR5007 802. 11a / g WiFi. It is not available on the official website. Check out this forum.

    http://forums.techguy.org/networking/981134-solved-NETGEAR-WNDR3700-incompatibilty-w.html

    Mysteryis yet to be sloverd

    • Why stop WPA has collaborated with the old version of Atheros AR5007 802. 11a / g WiFi. version of the driver. 7.3.201.25.
    • Why accpeting Linksys WRNT160 V3 ceased any connection.

    Thanks for the support

  • Problems connecting to the local network with NAS

    So we have a private network to work. On this network we have implemented a Synology NAS. We are constantly backup of files, files, adding files, etc. updated excel... There is a lot of traffic on this subject. Recently it was kickoff of people with error messages like "Device name already in use. It could be a problem with just the NAS, but I think it might be a problem with the network or something that I could deal with different parameters. The problem occurs when there are a lot of people on the network, not necessarily work outside the SAR, which has a static IP address. Because of my ignorance of networks, I don't know what information to include to help describe the problem or put in place, so do not hesitate to ask!

    Any help would be greatly appreciated, more on only an opportunity to learn more about networking is also good!

    Hi Michael,

    • What operating system do you use?

    I suggest you to send your query to the TechNet Forum for better support.

    https://social.technet.Microsoft.com/forums/Windows/en-us/home?category=Windows10ITPro

    Kind regards

  • VPN site to Site with restrictions (vpn-filter)

    VPN site to site, I installed and it works fine and two site can meet but I question after the vpn enforcement - run under Group Policy

    restrict users in the local site for dial-up networking with specific tcp ports, the vpn does not not like after order question «sh l2l vpn-sessiondb»

    This works but users can't access something in the remote site

    Note > after rising online in ACL at the end with this

    US_SITE ip access list allow a whole

    new to works well again

    example of a line of Access-List

    US_SITE list extended access permit tcp host 10.68.22.50 host 192.168.10.23 HTTP_HTTPS object-group
    US_SITE list extended access permit tcp host 10.68.22.50 host 192.168.10.24 HTTP_HTTPS object-group

    local network: 10.68.22.50

    remote network: 192.168.10.24

    is that correct or not?

    attributes of the strategy group x.x.x.x
    value of VPN-filer US_SITE

    tunnel-group General y.y.y.y
    x.x.x.x by default-group-policy

    Note: allowed sysopt active vpn connection

    The syntax on ACL that is used as a vpn-filter is different from what is normally expected. These VPN filters is not a direction, it should be noted the traffic we want to allow incoming and outgoing of the VPN in an ACL. The syntax for this is:

    access-list X permit/deny REMOTE-DEFINITION LOCAL-DEFINITION

    Example: You want to allow local users to access the RDP on the remote site:

    access-list VPN-ACL permit tcp host 192.168.10.24 eq 3389 10.68.22.0 255.255.255.0
    Disadvantage: This is all really confusing, and you can't afford things like Ping in one direction.

  • VPN site-to-site to package tracers

    Hello

    I configured both local networks with NAT. There is an ISP router inbetween these routers to emulate the internet.

    I would like to set up a VPN site-to site between these two routers.

    Here is the configuration of R1 and R3:

    R1:

    hostname R1

    no ip cef

    No ipv6 cef

    !

    crypto ISAKMP policy 1

    BA aes

    preshared authentication

    Group 2

    !

    ISAKMP crypto key 0 address 209.123.123.33

    !

    86400 seconds, duration of life crypto ipsec security association

    !

    Crypto ipsec transform-set aes - esp esp-sha-hmac yasser

    !

    auDA 100 ipsec-isakmp crypto map

    defined by peer 209.123.123.33

    PFS group2 Set

    86400 seconds, life of security association set

    Set transform-set yasser

    match address ramzy

    !

    pvst spanning-tree mode

    !

    interface FastEthernet0/0

    IP 172.16.1.21 255.255.248.0

    automatic duplex

    automatic speed

    !

    interface FastEthernet0/0.10

    encapsulation dot1Q 10

    IP 172.16.8.99 255.255.248.0

    IP nat inside

    !

    interface Serial0/3/0

    IP 209.123.123.1 255.255.255.240

    NAT outside IP

    clock speed of 128000

    auda crypto card

    !

    router ospf 1

    router ID - 15.15.15.15

    Log-adjacency-changes

    network of 172.16.8.0 0.0.7.255 area 1

    209.123.123.0 network 0.0.0.15 area 0

    !

    IP nat inside source list ADDRESSES interface Serial0/3/0 overload

    IP classless

    !

    IP flow-export version 9

    !

    standard access IP ADDRESSES list

    permit of 172.16.8.0 0.0.7.255

    ramzy extended IP access list

    172.16.8.0 IP allow 0.0.7.255 172.16.40.0 0.0.7.255

    !

    Line con 0

    !

    line to 0

    !

    line vty 0 4

    opening of session

    !

    end

    R3:

    p, li {white-space: pre wrap ;}}

    hostname R3

    !

    no ip cef

    No ipv6 cef

    !

    crypto ISAKMP policy 1

    BA aes

    preshared authentication

    Group 2

    !

    ISAKMP crypto key 0 address 209.123.123.1

    !

    86400 seconds, duration of life crypto ipsec security association

    !

    Crypto ipsec transform-set aes - esp esp-sha-hmac yasser

    !

    auDA 100 ipsec-isakmp crypto map

    defined by peer 209.123.123.1

    PFS group2 Set

    86400 seconds, life of security association set

    Set transform-set yasser

    match address ramzy

    !

    pvst spanning-tree mode

    !

    interface FastEthernet0/0

    IP 172.16.1.22 255.255.248.0

    automatic duplex

    automatic speed

    !

    interface FastEthernet0/0.40

    encapsulation dot1Q 40

    IP 172.16.40.99 255.255.248.0

    IP nat inside

    !

    interface Serial0/3/1

    IP 209.123.123.33 255.255.255.240

    NAT outside IP

    auda crypto card

    !

    router ospf 1

    router ID - 25.25.25.25

    Log-adjacency-changes

    network 172.16.40.0 0.0.7.255 area 2

    209.123.123.32 network 0.0.0.15 area 0

    !

    IP nat inside source list ADDRESSES interface Serial0/3/1 overload

    IP classless

    !

    IP flow-export version 9

    !

    standard access IP ADDRESSES list

    172.16.40.0 permit 0.0.7.255

    ramzy extended IP access list

    IP 172.16.40.0 allow 0.0.7.255 172.16.8.0 0.0.7.255

    !

    Line con 0

    !

    line to 0

    !

    line vty 0 4

    opening of session

    !

    end

    Try to ping of PC - A (172.16.8.1) PC - C (172.16.40.1) does not work.

    I tried several times to get the traffic through the tunnel with no success. Can someone tell me where I'm wrong?

    Thank you

    Josh

    Hi Josh,.

    Around this deployment, you will not be able to ping or reach the other side because of the NAT, NATting is dynamically IP addresses, you must do the following:

    R! :

    no nat ip inside source list ADDRESSES interface Serial0/3/0 overload

    no standard ip access list ADDRESSES

    permit of 172.16.8.0 0.0.7.255

    IP extended access.list ADDRESSES_NAT

    refuse the 172.16.8.0 ip 0.0.7.255 172.16.40.0 0.0.7.255

    overload of IP nat inside source list ADDRESSES_NAT interface Serial0/3/0

    R3:

    no nat ip inside the overload of source list ADDRESSES interface Serial0/3/1

    no standard ip access list ADDRESSES

    172.16.40.0 permit 0.0.7.255

    ADDRESSES_NAT extended IP access list

    deny ip 172.16.40.0 0.0.7.255 172.16.8.0 0.0.7.255

    IP nat inside source list ADDRESSES Overload: NAT interface Serial0/3/1

    with this show commands you make to phase 1 and phase 2 is in place and work:

    -show crypto isakmp his

    -show crypto ipsec his

    I hope this helps!

    Please note and mark it as correct the helpful post!

    David Castro,

    Concerning

  • Unknown Local network connection

    I have a Windows Server 2008r2, who has trouble downloading Windows updates.  As I looked at the IP address configuration I see an unknown connection to the local network with an address 169.254 and also a DHCP address on the connection.  I put 2 static address for this card and they work. It is an Exchange Server and the mails are very well, but updates and Internet connections are slow at best.  I think that updates may be trying to use this connection to the LAN 9 below.

    How can I get rid of the DHCP address on local network 2 and 9 LAN connection?  There is no other adapter appear in the devices hidden or anywhere where I can see.
    Configuration for interface "Local Area Connection * 9.
    DHCP enabled: no
    IP address: 169.254.1.60
    Subnet prefix: 169.254.0.0/16 (mask 255.255.0.0)
    InterfaceMetric: 5
    Configuration for interface "Local 2 network connection"
    DHCP enabled: no
    IP address: 10.10.30.116
    Subnet prefix: 10.10.0.0/16 (mask 255.255.0.0)
    IP address: 10.10.31.116
    Subnet prefix: 10.10.0.0/16 (mask 255.255.0.0)
        IP address: 10.10.40.17 -from our DHCP range
    Subnet prefix: 10.10.0.0/16 (mask 255.255.0.0)
    Default gateway: 10.10.0.2
    Metric Bridge: 256
    InterfaceMetric: 5
    Configuration for interface "Loopback Pseudo-Interface 1"
    DHCP enabled: no
    IP address: 127.0.0.1
    Subnet prefix: 127.0.0.0/8 (mask 255.0.0.0)
    InterfaceMetric: 50

    Hello
     
    Your question of Windows 7 is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the TechNet Windows 7 networking forum.
     
    http://social.technet.Microsoft.com/forums/en-us/w7itpronetworking/threads

  • Computer disconnects from the local network after a while

    Hello

    the place I work has a local network with nearly 20 computers.
    One of them is used only to receive some PDF files from the scanner and there our database (PostgreSQL).

    The problem is that, after some time we can not access it via Explorer by typing '\\server' on the address bar, but the connection to the PostgreSQL Bank will continue to operate.

    I have already disabled the drive for energy savings computer network mode.

    What can happen and what can do?

    Thanks in advance,
    Felipe Sousa

    Hi Felipe,.

    Thanks for posting your query on the Microsoft Community.

    According to the description, I understand that your computer disconnects from the local network.

    I suggest you post your query on the TechNet forums , because we have experts working on this type of questions and for you help the better.

    Check out the link:

    https://social.technet.Microsoft.com/forums/Windows/en-us/home?category=w7itpro

    Hope this information helps. Please let us know if you need any other help with Windows in the future. We will be happy to help you.

  • C168i: unlocked from at & t, but unable to connect to the network with the new SIM card

    I brought my c168i from the USA and I can't use it in my home country. I unlocked the phone to at & t, but it connects to the local network with the new SIM in there. It shows "not available" or "no service". What is going on??

    If you look at Australia GSM worldwide site, you will see which bands are available in your area. If the bands including the phone does not match the country you are located in the phone up with will not get service. Not all bands are available in all areas. In my view, that the phone only has GSM 850/1900 GPRS. This would mean that you get only service when GSM 850 is available that I don't see 1900 in Australia.

    Mark

    Support Forums Manager

  • Cannot access a local network of off Site 2 Site VPN

    I have cisco ASA 5515-X and 8818 cisco router device

    I configured vpn site-to-site. the cisco ASA is a new device but the router is a device in another location and contain several tunnel work, now the tunnel is up but I can't ping LAN on the site of the ASA firewall and some time tunnel at the end of the asa will disappear while it will show again at the end of the router

    Here is the config of the SAA.

    # show running-config
    : Saved
    :
    ASA 9.1 Version 2
    !
    CITGroup hostname
    activate the encrypted password of V9WHcFD3Zaeul5Lr
    names of

    !
    interface GigabitEthernet0/0
    nameif outside
    security-level 0
    address IP A.A.A.A 0.0.0.0
    !
    interface GigabitEthernet0/1
    nameif inside
    security-level 100
    address IP B.B.B.B 0.0.0.0
    !
    interface GigabitEthernet0/2
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    interface GigabitEthernet0/3
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    interface GigabitEthernet0/4
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    interface GigabitEthernet0/5
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    interface Management0/0
    management only
    nameif management
    security-level 100
    IP 192.168.1.1 255.255.255.0
    !
    boot system Disk0: / asa912-smp - k8.bin
    passive FTP mode
    network obj_any object
    subnet 0.0.0.0 0.0.0.0

    OFFICE of extended access list permit ip (IP local ASA) (local IP of the router)
    outside extended access list permit tcp any any eq ssh
    outside allowed extended access list tcp any host (local IP address of ASA) eq ssh
    outside extended access list permit icmp any one
    outside extended access list permit tcp host (the router's local IP) host (local IP address of ASA) eq ssh

    pager lines 24
    asdm of logging of information
    Outside 1500 MTU
    Within 1500 MTU
    management of MTU 1500
    no failover
    ICMP unreachable rate-limit 1 burst-size 1
    ASDM image disk0: / asdm - 713.bin
    don't allow no asdm history
    ARP timeout 14400
    no permit-nonconnected arp
    !
    network obj_any object
    NAT dynamic interface (indoor, outdoor)
    Route outside 0.0.0.0 0.0.0.0 D.D.D.D 1
    Timeout xlate 03:00
    Pat-xlate timeout 0:00:30
    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    Floating conn timeout 0:00:00
    dynamic-access-policy-registration DfltAccessPolicy
    identity of the user by default-domain LOCAL
    the ssh LOCAL console AAA authentication
    Enable http server
    http 192.168.1.0 255.255.255.0 management
    No snmp server location
    No snmp Server contact
    Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
    Crypto ipsec transform-set esp-aes-256 TEST esp-sha-hmac ikev1
    Crypto ipsec pmtu aging infinite - the security association
    crypto map outside_map 1 is the OFFICE address
    card crypto outside_map 1 set k.k.k.k counterpart
    outside_map 1 set transform-set TEST ikev1 crypto card
    outside_map interface card crypto outside
    trustpool crypto ca policy
    Crypto ikev1 allow outside
    IKEv1 crypto policy 1
    preshared authentication
    3des encryption
    sha hash
    Group 2
    life 86400
    IKEv1 crypto policy 2
    preshared authentication
    3des encryption
    md5 hash
    Group 2
    lifetime 28800
    Telnet timeout 5
    SSH 0.0.0.0 0.0.0.0 outdoors
    SSH 0.0.0.0 0.0.0.0 inside
    SSH timeout 5
    SSH group dh-Group1-sha1 key exchange
    Console timeout 0
    management of 192.168.1.2 - dhcpd address 192.168.1.254
    enable dhcpd management
    !
    a basic threat threat detection
    Statistics-list of access threat detection
    no statistical threat detection tcp-interception
    username admin password encrypted JtdUVwNnMzvEjPfJ
    nairtime Fyp1BJjsayu55viz username encrypted password
    tunnel-group k.k.k.k type ipsec-l2l
    k.k.k.k group of tunnel ipsec-attributes
    IKEv1 pre-shared-key *.
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    type of policy-card inspect dns preset_dns_map
    parameters
    maximum message length automatic of customer
    message-length maximum 512
    Policy-map global_policy
    class inspection_default
    inspect the preset_dns_map dns
    inspect the ftp
    inspect h323 h225
    inspect the h323 ras
    inspect the rsh
    inspect the rtsp
    inspect esmtp
    inspect sqlnet
    inspect the skinny
    inspect sunrpc
    inspect xdmcp
    inspect the sip
    inspect the netbios
    inspect the tftp
    Review the ip options
    inspect the icmp
    !
    global service-policy global_policy
    context of prompt hostname
    no remote anonymous reporting call
    Cryptochecksum:e658de2652c6702c61a0cc854a47415f
    : end

    You are missing a nat exemption, follow the example below, replace IP subnet object-group, depending on your environment.

    object-group network local-ASA-lan
    object-network 10.10.1.0 255.255.255.0

    object-group network remote-router-lan
    object-network 10.200.0.0 255.255.255.0

    NAT source (indoor, outdoor) static local-ASA-lan lan-ASA-local destination distance-router-lan lan-router-remote control no-proxy-arp static

    Thank you

    Rizwan James

  • remote VPN and vpn site to site vpn remote users unable to access the local network

    As per below config remote vpn and vpn site to site vpn remote users unable to access the local network please suggest me a required config

    The local 192.168.215.4 not able ping server IP this server connectivity remote vpn works fine but not able to ping to the local network vpn users.

    ASA Version 8.2 (2)
    !
    host name
    domain kunchevrolet
    activate r8xwsBuKsSP7kABz encrypted password
    r8xwsBuKsSP7kABz encrypted passwd
    names of
    !
    interface Ethernet0/0
    nameif outside
    security-level 0
    PPPoE client vpdn group dataone
    IP address pppoe
    !
    interface Ethernet0/1
    nameif inside
    security-level 50
    IP 192.168.215.2 255.255.255.0
    !
    interface Ethernet0/2
    nameif Internet
    security-level 0
    IP address dhcp setroute
    !
    interface Ethernet0/3
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    interface Management0/0
    Shutdown
    No nameif
    no level of security
    no ip address
    management only
    !
    passive FTP mode
    clock timezone IST 5 30
    DNS server-group DefaultDNS
    domain kunchevrolet
    permit same-security-traffic intra-interface
    object-group network GM-DC-VPN-Gateway
    object-group, net-LAN
    access extensive list ip 192.168.215.0 sptnl allow 255.255.255.0 192.168.2.0 255.255.255.0
    192.168.215.0 IP Access-list extended sheep 255.255.255.0 allow 192.168.2.0 255.255.255.0
    tunnel of splitting allowed access list standard 192.168.215.0 255.255.255.0
    pager lines 24
    Enable logging
    asdm of logging of information
    Outside 1500 MTU
    Within 1500 MTU
    MTU 1500 Internet
    IP local pool VPN_Users 192.168.2.1 - 192.168.2.250 mask 255.255.255.0
    ICMP unreachable rate-limit 1 burst-size 1
    enable ASDM history
    ARP timeout 14400
    NAT-control
    Global 1 interface (outside)
    NAT (inside) 1 0.0.0.0 0.0.0.0
    Route outside 0.0.0.0 0.0.0.0 59.90.214.1 1
    Timeout xlate 03:00
    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-registration DfltAccessPolicy
    the ssh LOCAL console AAA authentication
    AAA authentication LOCAL telnet console
    AAA authentication http LOCAL console
    AAA authentication enable LOCAL console
    LOCAL AAA authentication serial console
    Enable http server
    x.x.x.x 255.255.255.252 out http
    http 192.168.215.0 255.255.255.252 inside
    http 192.168.215.0 255.255.255.0 inside
    No snmp server location
    No snmp Server contact
    Server enable SNMP traps snmp authentication linkup, linkdown cold start
    Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
    life crypto ipsec security association seconds 28800
    Crypto ipsec kilobytes of life - safety 4608000 association
    Crypto-map dynamic dynmap 65500 transform-set RIGHT
    card crypto 10 VPN ipsec-isakmp dynamic dynmap
    card crypto VPN outside interface
    card crypto 10 ASA-01 set peer 221.135.138.130
    card crypto 10 ASA - 01 the transform-set RIGHT value
    crypto ISAKMP allow outside
    crypto ISAKMP policy 10
    preshared authentication
    3des encryption
    sha hash
    Group 2
    life 86400
    crypto ISAKMP policy 65535
    preshared authentication
    the Encryption
    sha hash
    Group 2
    lifetime 28800
    Telnet 192.168.215.0 255.255.255.0 inside
    Telnet timeout 5
    SSH 0.0.0.0 0.0.0.0 outdoors
    SSH timeout 5
    Console timeout 0
    management-access inside
    VPDN group dataone request dialout pppoe
    VPDN group dataone localname bb4027654187_scdrid
    VPDN group dataone ppp authentication chap
    VPDN username bb4027654187_scdrid password * local store
    interface for identifying DHCP-client Internet customer
    dhcpd dns 218.248.255.141 218.248.245.1
    !
    dhcpd address 192.168.215.11 - 192.168.215.254 inside
    dhcpd allow inside
    !
    a basic threat threat detection
    Statistics-list of access threat detection
    no statistical threat detection tcp-interception
    Des-sha1 encryption SSL
    WebVPN
    allow outside
    tunnel-group-list activate
    internal kun group policy
    kun group policy attributes
    VPN - connections 8
    Protocol-tunnel-VPN IPSec
    Split-tunnel-policy tunnelspecified
    Split-tunnel-network-list value split tunnel
    kunchevrolet value by default-field
    test P4ttSyrm33SV8TYp encrypted password username
    username kunauto password bSHrKTGl8PUbvus / encrypted privilege 15
    username kunauto attributes
    Strategy Group-VPN-kun
    Protocol-tunnel-VPN IPSec
    tunnel-group vpngroup type remote access
    tunnel-group vpngroup General attributes
    address pool VPN_Users
    Group Policy - by default-kun
    tunnel-group vpngroup webvpn-attributes
    the vpngroup group alias activation
    vpngroup group tunnel ipsec-attributes
    pre-shared key *.
    type tunnel-group test remote access
    tunnel-group x.x.x.x type ipsec-l2l
    tunnel-group ipsec-attributes x.x.x.x
    pre-shared key *.
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    type of policy-card inspect dns preset_dns_map
    parameters
    maximum message length automatic of customer
    message-length maximum 512
    Policy-map global_policy
    class inspection_default
    inspect the preset_dns_map dns
    inspect the ftp
    inspect h323 h225
    inspect the h323 ras
    Review the ip options
    inspect the netbios
    inspect the rsh
    inspect the rtsp
    inspect the skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect the tftp
    inspect the sip
    inspect xdmcp
    inspect the icmp
    !
    global service-policy global_policy
    context of prompt hostname
    call-home
    Profile of CiscoTAC-1
    no active account
    http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
    email address of destination [email protected] / * /
    destination-mode http transport
    Subscribe to alert-group diagnosis
    Subscribe to alert-group environment
    Subscribe to alert-group monthly periodic inventory
    monthly periodicals to subscribe to alert-group configuration
    daily periodic subscribe to alert-group telemetry
    Cryptochecksum:0d2497e1280e41ab3875e77c6b184cf8
    : end
    kunauto #.

    Hello

    Looking at the configuration, there is an access list this nat exemption: -.

    192.168.215.0 IP Access-list extended sheep 255.255.255.0 allow 192.168.2.0 255.255.255.0

    But it is not applied in the States of nat.

    Send the following command to the nat exemption to apply: -.

    NAT (inside) 0 access-list sheep

    Kind regards

    Dinesh Moudgil

    P.S. Please mark this message as 'Responded' If you find this information useful so that it brings goodness to other users of the community

  • VPN site-to-Site: several remote networks

    Examples of VPN Site to Site ASA configuration that I have met has only a single network at both sites.

    If the network/remote site multi-network for example DMZ1, DMZ2, etc. from the INSIDE how can it be added via the wizard of Site to Site VPN ASDM.

    Thank you.

    Hello

    I have not seen an example of specific configuration with the addition of several networks for tunnel l2l IPSEC via ASDM.

    Generally speaking, you would just follow the same process in the Sub URL, but add all the multiple networks local and remote networks that you want to be protected IPSEC.

    http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_configuration_example09186a00805a87f7.shtml

    http://www.Cisco.com/en/us/docs/security/ASDM/6_1/user/guide/vpn_wiz.html#wp999348

    Kind regards

    Arul

    * Rate pls if it helps *.

  • [VPN Site-to-Site] Network that overlap

    Hello

    We have a Cisco ASA 9.1 and many VPN clients that work very well to this topic.

    Now, he must connect to a partner with VPN Site to Site site.

    We have a few problems:

    • Duplication of IP address (we use 10.145.0.0/16 10.0.0.0/8 and partner use)
    • Partner cannot use NAT on the router

    What are the best solutions to configure the VPN Site to Site?

    Thanks for your help,

    Patrick

    Hi Patrick,

    Best option here is that you can specify the required subnets only in the field of /encryption cryptomap...

    said in other 10.0.0.0/8 need access only a few subnets 10.1.0.0/24, 10.10.20.0/24... You can specify only in your crypto acl... Alternatively, you can use refuse instruction for the specific 10.145.0.0/16 crypto card but am not sure if this gives you the best result.

    If you have the required access is mixed with several 10.x.x.x/8 instructions... then you can have the crypto ACL like sub areas of encryption... Here you jump only 10.145.0.0/16 of the subnet range...

    10.0.0.0/9 to 10.145.0.0/16
    10.128.0.0/12 to 10.145.0.0/16
    10.146.0.0/15 to 10.145.0.0/16
    10.148.0.0/14 to 10.145.0.0/16
    10.152.0.0/13 to 10.145.0.0/16
    10.160.0.0/11 to 10.145.0.0/16

    10.192.0.0/10 to 10.145.0.0/16

    but make sure you have not all servers in 10.145.0.0/16 on your local network that the client requires access...

    Link to have refuse to crypto ACL'; s

    https://supportforums.Cisco.com/discussion/10909276/crypto-ACL-question

    Concerning

    Knockaert

Maybe you are looking for

  • PC connection and wireless network?

    Only, I ordered my mom a HP Envy 5530 and have looked through the manual. I'm a little still well confused on which method to use to connect to the wireless network. Currently, she has a Canon printer & scanner connected to a PC via USB and I could l

  • patch from 12/05/10, one of my laptops made inadmissible

    Notified of patch on the laptop to closing down. Patch started with the automatic update. Has started this morning that CPU is at 100%, x red on Internet, selected network and sharing Center twice only get blank window twice may not close by alt + f4

  • Duplexing HP LaserJet CP2025dn. never STOP

    I have a HP LaserJet CP2025dn, with duplex print jobs. Default print: Shortcuts printing - print on both sides Option - the value 'No'. -Of Document - finishing options NOT checked Even when I put the Device settings: Installation options - duplexer

  • Dual Boot Linux & Windows

    DualBOOT Linux & Windowssimple question, looking for a simple answermay or may not Linux & Windows dual Boothave no performance degradation?

  • Nothing happens when I save as PDF/A

    When I have several documents to save as pdf/a, it is danger very PAH if it will work. It will work normally for the first document I try and beyond that nothing will happen. Can I do to solve this problem?I work in Adobe Acrobat X 10.1.6 on Mac OS X