VPN site to Site with the IP address range internal Natting?

Similar Questions

• VPN does not work with the ip address of overlap?

  When I plugged my adsl router and I have ip address is 10.1.1.1/8 can I use remote access vpn closing on firewall and authentication works very well and I put the ip address of the pool is 10.7.0.1/16 but I can not access this local lan if I made up of my pc and got 2x2.102.x.y ip address then I connected I can't access no problem local network and vpn remote access authentication.

  It is question of routing on pc with overlapping ip or not?

  Please clarify or provide useful link

  Thank you

  Hello

  It seems that it is a problem of nat - t.

  Make sure that the head of VPN network has "isakmp nat - t" (if that's a PIX). If a hub, make sure that "IPsec NAt - T" is enabled.

  Additionally, make sure that on the client, "Enable Transparent tunneling" is checked, with IPSec over UDP NAT/PAT selected.

  HTH,

  -Kanishka

• If we have 2 remote sites with the same shared storage, can we mount a drive shared on remote site?

  Dear Experts,

  If we have 2 remote sites with the same shared storage, can mount us a drive on remote site?

  • Assume that the oracle database is on the shared disk (for example HP 3PAR)
  • Primary Oracle server with storage as a common drive (storage shared on sites geographical apart) have all the files database.
  • failure, it is possible to mount the drive even at the remote site and mount the database oracle it?

  There must be no effect on the as it should the same disk that has dismantled master site.

  Thank you and best regards,

  IVW

  Thanks a lot mseberg

  Is it a design valid ?

  • We have remote sites and want to set up DR. As we only SE pare data is therefore no choice.
  • We think of the SAN replication option.

  Have you ever seen / configured such architecture or design?

  Can you please throw some light on this. Thanks in advance for your ideas.

  Thank you best regards &,.

  IVW

• It is a nightmare. Absolute total nightmare. Like a fool, I went to San Luis Obispo staples and bought Adobe Photoshop elements Adobe Premiere elements 14 and 14. I have logged on to your Web site with the code redemption and received your series num

  It is a nightmare. Absolute total nightmare. Like a fool, I went to San Luis Obispo staples and bought Adobe Photoshop elements Adobe Premiere elements 14 and 14. I logged on to your Web site with the redemption code and received your serial number. Of course, he did not.  Any of you have ideas.

  What is the error message?

  It is unacceptable to permit http://helpx.adobe.com/creative-suite/kb/error-serial-number-valid-product.html

• Tabs Panel: How can I designate a default tab? The site with the tab wanted to selected download does not work for me.

  I created a tab panel and applied some styles to tabs. (Drop shadow and change the stacking order so that each tab casts a shadow on that below.) Now everytime the page loads, it will default to the lower tab. The only suggestion that I've seen is to save and load the site with the desired tab is selected and 'active'. This does not seem to solve the problem.

  Hmmm, have you looked into this widget from MuseGrid? It looks like roughly what it takes for this?

  News a new star | Adobe Muse Widget | museGrid.com

• Impossible to connect a network drive by name of host but able to match with the ip address

  is the act as an application server and the file server. We use it as normal, but it is suddenly unable to resolve host name for other machines.

  All servers and workstations are not able to map the drive network under with the name of host, but every server and workstation still able to map the network drive with the IP address.

  When we try to connect the network drive with the host name, it invites with the error shows that there is error authorizcation.

  We tried and discover a few points as below for your reference:

  • Able to ping and resolve the hostname via all other servers and workstations.
  • Able to access the Terminal Server service name
  • Able to network with the IP address drive
  • Power of the card itself with the host name

  Hello

  The question you posted would be better suited in the TechNet Forums. I would recommend posting your query in the TechNet Forums.

  http://social.technet.Microsoft.com/forums/en-us/categories/

• Why have I not spam with the email address for the answer

  Hello

  I posted this because I have a little problem, I Hotmail to send and receive e-mail messages in the 'Sent' folder there are the email address which I replied to and reply with the e-mail address, for example:

  Sent                                                       Reply:

  * E-mail address is removed from the privacy *                  Yo * address email is removed from the privacy *

  * E-mail address is removed from the privacy *                 Hello * address email is removed from the privacy *

  If features Yo, Hi and Hello new features for Hotmail replies that it is something, but have the answer (in the 'Sent' folder) with the email address is another, any help on this, please?

  Thank you

  Sincerely,

  Frampton rocks

  Hello

  I'm sorry, but we cannot help with hotmail problems in these forums in response to vista

  Please repost your question in hotmail in the hotmail link below forums

  http://windowslivehelp.com/product.aspx?ProductID=1

  Forums

  E-mail client and the appliance issues

  Hotmail Sign In questions

  Lost or deleted emails

  People and Contacts

  Reading, writing, and formatting mail

  Sending and receiving mail

  Sign in, and sign to the top and account security

  Using the Hotmail calendar

  Using Web Messenger

   

   

  Consult with Microsoft Certified Solutions

  How to work the views Active Hotmail?

  Your account has been temporarily blocked

  What to do if you can't connect to Windows Live Hotmail

  Compromised account - unauthorized account access

  Reset your Windows Live ID password

  Error when you try to send an e-mail: your message seems to have triggered our spam filters.

  Change your Windows Live ID password

   

  ____________________________________________

   

   

  For the different Forums for Windows Live Applications, select the link below

   

  Welcome to Windows Live Solution Center

  http://windowslivehelp.com/

• VPN site to Site with the possibility to dial Back-Up

  Hello

  Our network currently uses a lot of Frame-Relay links, for these connections, we use the Cisco 1720 with dial back-up on analog line in case the fials Frame-Relay.

  I am looking for a way to site to site VPN connection and have always the possibility to dial emergency failure of the ISP. We currently have a Cisco Pix 515E who would host connections, what would be my best option on the side of Management Office? Firewalls PIX or Cisco 1720 with modules of VPN, perhaps a combination of the two? Which would be safer?

  Thank you in advance for any help you provide.

  Mauro

  Mauro,

  Do you want to replace EN with VPN links and then save the VPN with ISDN, or keep the FR, retreating to VPN, then falling back to ISDN?

  Whatever it is, the way to go is to use a dynamic routing on the EN and the VPN Protocol, so when a link fails the IP routing protocol address reconverges. This way you can always trigger the ISDN with a static route floating.

  EIGRP (or any other dynamic routing protocol) to via the VPN to allow multicasting neighbourgh through a GRE tunnel.

• ASA VPN Site to Site (WITH the NAT) ICMP problem

  Hi all!

  I need traffic PAT 192.168.1.0/24 (via VPN) contact remote 151.1.1.0/24, through 192.168.123.9 router in the DMZ (see diagram)

  It works with this configuration, with the exception of the ICMP.

  This is the error: Deny icmp src dmz:151.1.1.1 dst foreign entrants: 192.168.123.229 (type 0, code 0)

  Is there a way to do this?

  Thank you all!

  Marco

  ------------------------------------------------------------------------------------

  ASA Version 8.2 (2)
  !
  ciscoasa hostname
  domain default.domain.invalid
  activate 8Ry2YjIyt7RRXU24 encrypted password
  2KFQnbNIdI.2KYOU encrypted passwd
  names of
  name 192.168.1.0 network-remote control
  !
  interface Vlan1
  nameif inside
  security-level 100
  IP 192.168.200.199 255.255.255.0
  !
  interface Vlan2
  nameif outside
  security-level 0
  the IP 10.0.0.2 255.255.255.0
  !
  interface Vlan3
  prior to interface Vlan1
  nameif dmz
  security-level 0
  192.168.123.1 IP address 255.255.255.0
  !
  interface Ethernet0/0
  switchport access vlan 2
  !
  interface Ethernet0/1
  !
  interface Ethernet0/2
  !
  interface Ethernet0/3
  !
  interface Ethernet0/4
  !
  interface Ethernet0/5
  !
  interface Ethernet0/6
  !
  interface Ethernet0/7
  switchport access vlan 3
  !
  passive FTP mode
  DNS server-group DefaultDNS
  domain default.domain.invalid
  the DM_INLINE_NETWORK_1 object-group network
  object-network 151.1.1.0 255.255.255.0
  object-network 192.168.200.0 255.255.255.0
  outside_1_cryptomap list extended access allowed object-group DM_INLINE_NETWORK_1 remote ip 255.255.255.0 network
  inside_nat0_outbound to access extended list ip 192.168.200.0 allow 255.255.255.0 255.255.255.0 network-remote control
  VPN_NAT list extended access allow remote-network ip 255.255.255.0 151.1.1.0 255.255.255.0
  dmz_access_in list extended access permit icmp any one
  outside_access_in list extended access permit icmp any one
  pager lines 24
  Enable logging
  notifications of logging asdm
  Within 1500 MTU
  Outside 1500 MTU
  MTU 1500 dmz
  ICMP unreachable rate-limit 1 burst-size 1
  ICMP allow all dmz
  ASDM image disk0: / asdm - 625.bin
  don't allow no asdm history
  ARP timeout 14400
  Global 1 interface (outside)
  Global (dmz) 5 192.168.123.229
  NAT (inside) 0-list of access inside_nat0_outbound
  NAT (inside) 1 192.168.200.0 255.255.255.0
  NAT (outside) 5 VPN_NAT list of outdoor access
  Access-group outside_access_in in interface outside
  Access-group dmz_access_in in dmz interface
  Route outside 0.0.0.0 0.0.0.0 10.0.0.100 1
  Dmz route 151.1.1.0 255.255.255.0 192.168.123.9 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-registration DfltAccessPolicy
  Enable http server
  http 0.0.0.0 0.0.0.0 inside
  remote control-network http 255.255.255.0 inside
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  life crypto ipsec security association seconds 28800
  Crypto ipsec kilobytes of life - safety 4608000 association
  card crypto outside_map 1 match address outside_1_cryptomap
  card crypto outside_map 1 set pfs Group1
  card crypto outside_map 1 set peer 10.0.0.1
  card crypto outside_map 1 set of transformation-ESP-3DES-SHA
  outside_map interface card crypto outside
  crypto ISAKMP allow outside
  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  dhcpd outside auto_config
  !

  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  WebVPN
  tunnel-group 10.0.0.1 type ipsec-l2l
  tunnel-group 10.0.0.1 ipsec-attributes
  pre-shared key *.
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect the rtsp
  inspect esmtp
  inspect sqlnet
  inspect the skinny
  inspect sunrpc
  inspect xdmcp
  inspect the sip
  inspect the netbios
  inspect the tftp
  Review the ip options
  !
  global service-policy global_policy
  context of prompt hostname
  call-home
  Profile of CiscoTAC-1
  no active account
  http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
  email address of destination [email protected] / * /
  destination-mode http transport
  Subscribe to alert-group diagnosis
  Subscribe to alert-group environment
  Subscribe to alert-group monthly periodic inventory
  monthly periodicals to subscribe to alert-group configuration
  daily periodic subscribe to alert-group telemetry
  ------------------------------------------------------------------------------------

  Review the link, you have two ways to leave outgoing icmp, good acl or icmp inspection

  http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

• L2l VPN between ASA with the IP address public and CISCO2911 behind the ISP router with port forwarding

  Hi all

  My apologies if this is a trivial question, but I spent considerable time trying to search and had no luck.

  I encountered a problem trying to set up a temporary L2L VPN from a Subscriber with CISCO2911 sitting behind the router of the ISP of an ASA. ISP has informed that I can't ignore their device and complete the circuit Internet on the Cisco for a reason, so I'm stuck with it. The Setup is:

  company 10.1.17.1 - y.y.y.y - router Internet - z.z.z.z - ISP - LAN - 10.x.x.2 - XXX1 - ASA - 10.1.17.2 - CISCO2911 - 10.1.15.1 LAN

  where 10.x.x.x is a corporate LAN Beach private network, y.y.y.y is a public ip address assigned to the external interface of the ASA and the z.z.z.z is the public IP address of the ISP router.

  I have forwarded ports 500, 4500 and ESP on the ISP router for 10.1.17.2. The 2911 config attached below, what I can't understand is what peer IP address to configure on the SAA, because if I use z.z.z.z it will be a cause of incompatibility of identity 2911 identifies himself as 10.1.17.2...

  ! ^ ^ ^ ISAKMP (Phase 1) ^ ^ ^!
  crypto ISAKMP policy 5
  BA 3des
  md5 hash
  preshared authentication
  Group 2
  lifetime 28800
  isakmp encryption key * address no.-xauth y.y.y.y

  ! ^ ^ ^ IPSEC (Phase 2) ^ ^ ^!
  crymap extended IP access list
  IP 10.1.15.0 allow 0.0.0.255 10.0.0.0 0.255.255.255
  Crypto ipsec transform-set ESP-3DES-SHA 3rd-esp esp-sha-hmac
  card crypto 1 TUNNEL VPN ipsec-isakmp
  defined peer y.y.y.y
  game of transformation-ESP-3DES-SHA
  match the address crymap

  Gi0/2 interface
  card crypto VPN TUNNEL

  Hello

  debug output, it seems he's going on IPSEC States at the tunnel of final bud QM_IDLE's.

  What I noticed in your configuration of ASA box, it's that you're usig PFS but not on 2911 router.

  So I suggest:

  no card crypto OUTSIDE_map 4 don't set pfs <-- this="" will="" disable="" pfs="" on="" asa="">

  Then try tunnel initiate.

  Kind regards

  Jan

• Site to Site with the subnets overlap

  Hi all

  Search for comfirmation on what is / is not possible. In short, we have a requirement of site but our local LAN varies from conflict. I am aware of how this get up and running with the help of a pool of IP addresses that is a basic ASA/IOS device can NAT behind but I wonder if it is possible to NAT behind a single IP address. NAT is also in place for the general internet traffic, but I hope that the image attached best describes our scenario.

  Any help / advice appreciated.

  Kind regards

  Martyn

  Hello

  You will need to do NAT on both ends to get the installation work.

  With these types of configurations, I more often just a 24 natted network to 24 another network on both sites.

  You can configure one of the sites use a PAT address towards the other end, but the other end must have protected by some sort of NAT static between the hosts unique or equal to 24 networks.

  If you would happen to configure both sites with a PAT translation, you couldn't really initiate connections between the site because no real host on networks 192.168.1.0/24 would have their own specific NAT IP to connect to.

  So in short

  • Both sites need NAT network
  • Use 1:1 NAT static is between host addresses or complete networks on both sites
    • The two sites could start the connection to any host on the remote end every single host has its own IP NAT staticly assigned address
  • Use of PAT for site and other NAT static 1:1 with the addresses of host or complete networks on the other site
    • Site with unique PAT IP address can connect to all hosts of remote sites, since they have staticly NAT IP addresses assigned.
    • Homepage is not able to connect to any host at his remote site that the remote site has only a PAT address facing their way.

  If you had 2 ASAs with 8.2 or UNDER software your static NAT configurations could be e.g.

  Basic information

  • Site1: 192.168.1.0/24
  • Site1 NAT: 10.10.1.0/24
  • Site2: 192.168.1.0/24
  • Site2 NAT: 10.10.2.0/24

  Static configuration NAT of policy site1

  permit L2L-VPN-POLICYNAT from the list of access ip 192.168.1.0 255.255.255.0 10.10.2.0 255.255.255.0

  public static (inside, outside) 10.10.1.0 - L2L-VPN-POLICYNAT access list

  Static configuration NAT of policy site2

  permit L2L-VPN-POLICYNAT from the list of access ip 192.168.1.0 255.255.255.0 10.10.1.0 255.255.255.0

  public static (inside, outside) 10.10.2.0 - L2L-VPN-POLICYNAT access list

  PAT configuration at each end

  permit L2L-VPN-POLICYPAT from the list of access ip 192.168.1.0 255.255.255.0 10.10.x.0 255.255.255.0

  Global 10.10.x.1 of xxx (outside)

  NAT (inside) xxx access-list L2L-VPN-POLICYPAT

  If you had 2 ASAs with 8.3 or above software your static NAT configurations could be for example (same information base)

  Static configuration NAT of policy site1
  

  the object of the LAN network

  subnet 192.168.1.0 255.255.255.0

  network of the LAN - NAT object

  10.10.1.0 subnet 255.255.255.0

  network of the REMOTE object

  255.255.255.0 subnet 10.10.2.0

  static (inside, outside) 1 static source LAN LAN - NAT static destination REMOTE

  Static configuration NAT of policy site2

  the object of the LAN network

  subnet 192.168.1.0 255.255.255.0

  network of the LAN - NAT object

  255.255.255.0 subnet 10.10.2.0

  network of the REMOTE object

  10.10.1.0 subnet 255.255.255.0

  static (inside, outside) 1 static source LAN LAN - NAT static destination REMOTE

  PAT configuration at each end

  the object of the LAN network

  subnet 192.168.1.0 255.255.255.0

  network of the LAN-PAT object

  Home 10.10.x.1

  network of the REMOTE object

  10.10.x.0 subnet 255.255.255.0

  static (inside, outside) 1 dynamic source LAN LAN-PAT destination static REMOTE

  -Jouni

• System crashes, moreover, it freezes during playback of the media or on a site with the media.

  If I go on a site with video, it stops, and a sound is heard.  It crashes sometimes.  These are the messages I had

  Stop: OxOOOOO8E (Ox805BC1E9, OxBA287c7c, OxcOOOOOO5, OXOOOOOOOO)

  ALSO

  BCCode: 1000008e BCP1: C0000005 BCP2: 805BC1E9 BCP3: BA287C7C
  BCP4: 00000000 OSVer: 5_1_2600 SP: 3_0 product: 256_1

  Please provide additional information on your system:
  What is your system brand and model?
  What is your version of XP and the Service Pack?
  Describe your current antivirus and software anti malware situation: McAfee, Norton, Spybot, AVG, Avira
  !, Defender, ZoneAlarm, PC Tools, MSE, Comodo, etc..
  Click Start, run and enter in the box:
  Msinfo32
  Click on OK and when the system info summary appears, click on Edition, select all, copy, and then paste the information here.
  For information about video drivers, expand components, click view, click on edit, select all, copy and then paste the information here.
  For more audio information, expand components, click on Sound Device, click on edit, select all, copy and then paste the information here.
  There will be some personal information (such as the user name and the name of the system), and anything that turns information private for you, simply delete the pasted information.
  This will minimize back Q & A and eliminate guesswork.
  Download BlueScreenView here:
  http://www.NirSoft.NET/utils/blue_screen_view.html
  Unzip it and run it (BSV installs nothing) and let him complete the digitization of all of your files to dump.
  If you double-click on depressed, you will get information on it (including the field caused by the driver) and you should be able to spot the problem right away - especially if you see a model in landfills where Caused by field pilot is the same (beginning with this driver).
  Select (highlight) one or more of the most recent dump files by clicking on them and hold down the CTRL key to select multiple files.  Try to select only the most recent links that relate to your problem (perhaps five or six to start dump files).
  Click on file, save selected items and save information from the dumps to a text file on your desktop called BSOD.txt.  Open BSOD.txt with a text editor, copy the text and paste it in your next reply.
  Here's an example of report ASB to a single BSOD I initiated on purpose that indicates the cause of the accident as the pilot i8042prt.sys belonging to Microsoft Corporation:
  ==================================================
  Dump file: Mini062110 - 01.dmp
  Crash time: 21/06/2010-11:51:31
  Bug Check String: MANUALLY_INITIATED_CRASH
  Bug check code: 0x000000e2
  Parameter 1: 0x00000000
  Parameter 2: 0x00000000
  Parameter 3: 0x00000000
  Parameter 4: 0x00000000
  Caused by the driver: i8042prt.sys
  Caused by the address: i8042prt.sys + 27fb
  Description of the file: i8042 Port driver
  Product name: Microsoft® Windows® Operating System
  Company: Microsoft Corporation
  File version: 5.1.2600.5512 (xpsp.080413 - 2108)
  Processor: 32-bit
  Computer name:
  Full path: C:\WINDOWS\minidump\Mini062110-01.dmp
  ==================================================
  Send information from 5 last memory dumps.
  No matter what you use for protection against malware, please follow these steps:
  Download, install, update and do a full scan with these free malware detection programs:
  Malwarebytes (MMFA): http://malwarebytes.org/
  SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
  It can be uninstalled later if you wish.

  Do not guess what the problem might be - understand and resolve it. I need YOUR voice and the points for helpful answers and propose responses. I'm saving for a pony!

• A web site with the IIS configuration network location

  Is there information on how to set up a web site to a network location.  I have a shared directory of Mac that I have access to my Windows Vista pc.  I have a Server IIS Web on this PC and want to test the Mac files with the IIS Web server on the Windows computer.  I created a site in IIS and pointed on the shared drive, this resulted in an error: cannot read the web.config configuration file.  I tried a different approach: create a local site to wwwroot, then create a virtual directory.  This brought the same error: the requested page cannot be accessed because the configuration data of the page are invalid.  I have IIS 7 on Windows Vista Business Edition.

  Hello

  Your question of Windows Vista is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the public on the forums of IIS. Please post your question in the following link for assistance:

  Link to the forum:

  http://forums.IIS.NET/1047.aspx

• How to implement multi-site with the same URL field in the ATG

  Hi guys,.

  I have a multisite transposition obligation with the same url domain but ATG does not support same domain URL for multisite. Can someone please help me with this problem?

  David.De - Oracle

  Thank you

  Vivek

  As I said use custom filters to read the parameter when the user clicks on the link for the site of CA and set the site context.

  You can store a cookie that determines the site for subsequent applications.

  Peace

  Shaik

• How can I download the new update on my Macbook pro when the password is not working? When I connect to the Adobe site with the same user name and password it DOES not work. I don't understand why.

  So I have a macbook pro - and she advised me that I had to update my Adobe flash player. So I go through all the steps and I'm stuck at the last stage, where he asks me my user name and password. I go in there correctly - several times and it does NOT connect. He shakes to show that there's an error. Double check my file AND I go to the Adobe site to connect with the same information. and it works very well.

  WHAT IS THE PROBLEM? Help please.

  Could you please try ComputerName administrator as username and the password as password.

  I hope this works.

  Concerning

  Hervé Khare