Windows 2003 cannot access remote network via Cisco VPN

Similar Questions

• Cannot access remote network via VPN

  Hello

  I'm trying to set up a router vpn access to my office network. The router is connected to the Internet through using pppoe vdsl.
  There is also a public oriented Web server in the office which must be accessible.

  I can access the Web server from the Internet and the vpn connects successfully. I can also ping the LAN Gateway, however, I can't access all the local machines.

  I'm quite puzzled as to why it does not work. Please could someone help.

  The results of tests and the router configuration are listed below. Please let me know if you need additional information.

  Thank you and best regards,
  Simon

  1. routing on the router table
  Router #sh ip route
  Gateway of last resort is ggg.hhh.125.34 to network 0.0.0.0
  xxx.yyy.zzz.0/29 is divided into subnets, subnets 1
  C XXX.yyy.zzz.192 is directly connected, Vlan10
  GGG.hhh.125.0/32 is divided into subnets, subnets 1
  C GGG.HHH.125.34 is directly connected, Dialer0
  172.16.0.0/32 is divided into subnets, subnets 1
  S 172.16.100.50 [1/0] via mmm.nnn.ppp.sss
  S * 0.0.0.0/0 [1/0] via ggg.hhh.125.34

  2. ping PC remotely (172.16.100.50) local GW (172.16.100.1) successful
  > ping 172.16.100.1
  Ping 172.16.100.1 with 32 bytes of data:
  Response to 172.16.100.1: bytes = 32 time = 24ms TTL = 255
  Response to 172.16.100.1: bytes = 32 time = 10ms TTL = 255
  Response to 172.16.100.1: bytes = 32 time = 10ms TTL = 255
  Response to 172.16.100.1: bytes = 32 time = 11ms TTL = 255

  3. ping PC remotely (172.16.100.50) to the local server (172.16.100.10) failure
  > ping 172.16.100.10
  Ping 172.16.100.10 with 32 bytes of data:
  Request timed out.
  Request timed out.
  Request timed out.
  Request timed out.

  4. ping the router to the successful local server
  router #ping 172.16.100.10
  Type to abort escape sequence.
  Send 5, echoes ICMP 100 bytes to 172.16.100.10, wait time is 2 seconds:
  !!!!!
  Success rate is 100 per cent (5/5), round-trip min/avg/max = 1/1/4 ms

  5 see the version
  Cisco IOS software, software of C181X (C181X-ADVIPSERVICESK9-M), Version 12.4 (15) T1, VERSION of the SOFTWARE (fc2)
  ROM: System Bootstrap, Version 12.3 YH6 (8r), RELEASE SOFTWARE (fc1)
  the availability of router is 1 hour, 9 minutes
  System image file is "flash: c181x-advipservicesk9 - mz.124 - 15.T1.bin".
  Cisco 1812-J (MPC8500) processor (revision 0 x 300) with 118784K / 12288K bytes of memory.
  10 FastEthernet interfaces
  1 ISDN basic rate interface
  Configuration register is 0 x 2102

  6. router Config
  AAA authentication login default local
  connection of local AAA VPN authentication.
  AAA authorization exec default local
  local authorization AAA VPN network
  !
  !
  AAA - the id of the joint session
  !
  !
  !
  !
  crypto ISAKMP policy 1
  BA 3des
  preshared authentication
  Group 2
  !
  Configuration group customer isakmp crypto ASI_Group
  key mykey
  DNS aaa.bbb.cccc.ddd
  domain mydomain.com
  pool VPN_Pool
  ACL VPN_ACL
  !
  !
  Crypto ipsec transform-set esp-3des esp-sha-hmac TS1
  !
  crypto dynamic-map 10 DYNMAP
  game of transformation-TS1
  market arriere-route
  !
  !
  list of authentication of VPN client VPN crypto card
  card crypto VPN VPN isakmp authorization list
  crypto map VPN client configuration address respond
  card crypto 10 VPN ipsec-isakmp dynamic DYNMAP
  !
  !
  !
  IP cef
  !
  !
  !
  Authenticated MultiLink bundle-name Panel
  !
  !
  username admin privilege 15 password mypassword
  Archives
  The config log
  hidekeys
  !
  !
  !
  !
  !
  interface FastEthernet0
  WAN description
  no ip address
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  no ip mroute-cache
  automatic duplex
  automatic speed
  PPPoE enable global group
  PPPoE-client dial-pool-number 1
  !
  interface FastEthernet2
  Description Public_LAN_Interface
  switchport access vlan 10
  full duplex
  Speed 100
  !
  FastEthernet6 interface
  Description Private_LAN_Interface
  switchport access vlan 100
  full duplex
  Speed 100
  !
  interface Vlan1
  no ip address
  !
  interface Vlan10
  Public description
  IP address xxx.yyy.zzz.193 255.255.255.248
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  no ip mroute-cache
  !
  interface Vlan100
  172.16.100.1 IP address 255.255.255.0
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  no ip mroute-cache
  !
  interface Dialer0
  IP unnumbered Vlan10
  no ip unreachable
  IP mtu 1452
  IP virtual-reassembly
  encapsulation ppp
  no ip mroute-cache
  Dialer pool 1
  Dialer-Group 1
  Authentication callin PPP chap Protocol
  PPP chap hostname myhostname
  PPP chap password mychappassword
  PPP ipcp dns request accept
  failure to track PPP ipcp
  PPP ipcp address accept
  VPN crypto card
  !
  IP pool local VPN_Pool 172.16.100.50 172.16.100.60
  !
  !
  no ip address of the http server
  no ip http secure server
  !
  VPN_ACL extended IP access list
  IP 172.16.100.0 allow 0.0.0.255 any
  !
  Dialer-list 1 ip protocol allow
  not run cdp
  !
  !

  Simon,

  Basically when you connect through a VPN Client PC routing table is updated automatically as soon as the connection is established. If you do not need to manually add routes. You can check this by doing a "route print" once you are connected.

  Ideally, you need to put your pool of VPN on subnet that does not exist on your physical network, the router would be to route traffic between the IP pool and internal subnet.

  Now, you said that you have a web server with a public IP address that you need to access through the VPN, that host also as a private IP addresses on the 172.16.100.0? If it isn't then the ACL that I proposed should work. If she only has a public IP then your ACL VPN address must have something like

  IP 172.16.100.0 allow 0.0.0.255 192.168.100.0 0.0.0.255

  219.xxx.yyy.192 ip 0.0.0.7 permit 192.168.100.0 0.0.0.255

  Who says the router and the client to encrypt all traffic between the subnets behind your router and your VPN pool.

  I hope this helps.

  Luis Raga

• SOLVED: PC Windows 7 cannot access remote shares or the

  Head, meet wall. Wall, meet the leader.

  I have a W7/64 PC that cannot access network shares. He has been installed from the original CD (simple installation) but never worked. Resettlement is not a preferred option because the client already has tons of data and applications on it.

  Other machines can access the local shares of this PC, but it can access any remote shares (on any other PC W7) or his own - in short customer service around file sharing does not work properly, although this machine can see all available actions... She just can't access. Other PC can access machines that cannot do this. Ping works fine in all cases.

  "Remote machines appear in the list of"Network"in Windows Explorer, but trying to access them produces an error: the specified network provider name is invalid.

  No software anti-virus or firewall is currently installed or running.

  Troubleshooting output (the local computer is named GARRYDMK-PC):

  -[snip]-

  Trying to NET USE shares on the local computer:

  View C:\Windows\System32>net
  Server name remark
  --------------------------------------------------------
  \\SERVER
  \\DEREK-PC
  \\GARRYDMK-PC
  \\RECEPTION
  \\WAYNE-PC
  The command completed successfully.

  View C:\Windows\System32>NET \\garrydmk-pc
  Shared resources to the \\garrydmk-pc

  Share name Type used as comment
  --------------------------------------------------------
  Canon iP4200 print Canon iP4200
  Romeo & Juliet disc
  Shared disk
  Users drive
  VIDEO_TS disc
  The command completed successfully.

  C:\Windows\System32>net use g: \\garrydmk-pc\Shared
  The workstation service has not been started.

  More help is available by typing NET HELPMSG 2138.

  C:\Windows\System32>net start workstation
  The requested service has already been started.

  More help is available by typing NET HELPMSG 2182.

  C:\Windows\System32>net view \\server
  Shared resources to \\server

  Share name Type used as comment

  ------------------------------------------------------
  Disc of company Documents
  COMPUTERS-software disk
  The command completed successfully.

  C:\Windows\System32>net use g: \\\server\Company Documents.
  The workstation service has not been started.

  More help is available by typing NET HELPMSG 2138.

  -[/snip]-

  I'm trying to access here to all actions are available to all other machines of W7 in the network. (All machines are W7 boxes).

  Note how the workstation service is said not having started, but in fact has already started summer (which I checked in the list of services). In short, this does not appear be related to a service does not...

  I went through all the standard movements as posted on the Interwebs, including the verification of services, local policies, home groups, convenience stores, and which do not. Note that I tried to start the workstation service via a DOS box as an administrator; If I'm not I get a "system error 5 has occurred" and and "access denied".

  In short, I am completely puzzled. I start the troubleshooting of this PC, but now I want to just pull it. Please help before something bad happens... :-)

  Any suggestions would be greatly appreciated!

  FvW

  Hello

  The question you posted would be better suited to the TechNet community. Please visit the link below to find a community that will provide the support you want.

  http://social.technet.Microsoft.com/forums/en-us/category/w7itpro

  Hope this information is useful.

• Cannot access remote network by VPN Site to Site ASA

  Hello everyone

  First of all I must say that I have configured the VPN site-to site a million times before.  Stuck with it. First of all I can't ping outside the interface of my ASA remote. Secondly, VPN is in place, but no connectivity between local networks

  ASA local:
  hostname gyd - asa
  domain bct.az
  activate the encrypted password of XeY1QWHKPK75Y48j
  XeY1QWHKPK75Y48j encrypted passwd
  names of
  DNS-guard
  !
  interface GigabitEthernet0/0
  Shutdown
  nameif vpnswc
  security-level 0
  IP 10.254.17.41 255.255.255.248
  !
  interface GigabitEthernet0/1
  Vpn-turan-Baku description
  nameif outside Baku
  security-level 0
  IP 10.254.17.9 255.255.255.248
  !
  interface GigabitEthernet0/2
  Vpn-ganja description
  nameif outside-Ganja
  security-level 0
  IP 10.254.17.17 255.255.255.248
  !
  interface GigabitEthernet0/2.30
  Description remote access
  VLAN 30
  nameif remote access
  security-level 0
  IP 85.*. *. * 255.255.255.0
  !
  interface GigabitEthernet0/3
  Description BCT_Inside
  nameif inside-Bct
  security-level 100
  IP 10.40.50.65 255.255.255.252
  !
  interface Management0/0
  nameif management
  security-level 100
  IP 192.168.251.1 255.255.255.0
  management only
  !
  boot system Disk0: / asa823 - k8.bin
  passive FTP mode
  DNS server-group DefaultDNS
  name-server 192.168.1.3
  domain bct.az
  permit same-security-traffic intra-interface
  object-group network obj - 192.168.121.0
  object-group network obj - 10.40.60.0
  object-group network obj - 10.40.50.0
  object-group network obj - 192.168.0.0
  object-group network obj - 172.26.0.0
  object-group network obj - 10.254.17.0
  object-group network obj - 192.168.122.0
  object-group service obj-tcp-eq-22
  object-group network obj - 10.254.17.18
  object-group network obj - 10.254.17.10
  object-group network obj - 10.254.17.26
  access-list 110 scope ip allow a whole
  NAT list extended access permit tcp any host 10.254.17.10 eq ssh
  NAT list extended access permit tcp any host 10.254.17.26 eq ssh
  access-list extended ip allowed any one sheep
  icmp_inside list extended access permit icmp any one
  icmp_inside of access allowed any ip an extended list
  access list nat-ganja extended permit tcp any host 10.254.17.18 eq ssh
  RDP list extended access permit tcp any host 192.168.45.3 eq 3389
  rdp extended permitted any one ip access list
  sheep-vpn access-list extended permits all ip 192.168.121.0 255.255.255.0
  NAT-vpn-internet access-list extended ip 192.168.121.0 allow 255.255.255.0 any
  NAT-vpn-internet access-list extended ip 172.26.0.0 allow 255.255.255.0 any
  NAT-vpn-internet access-list extended ip 192.168.122.0 allow 255.255.255.0 any
  access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 10.40.60.0 255.255.255.0
  access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 10.40.50.0 255.255.255.0
  access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 192.168.0.0 255.255.0.0
  access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 172.26.0.0 255.255.255.0
  access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 10.254.17.0 255.255.255.0
  GHC-ganja-internet access-list extended ip 192.168.45.0 allow 255.255.255.0 any
  Standard access list Split_Tunnel_List allow 192.168.16.0 255.255.255.0
  azans 192.168.69.0 ip extended access-list allow 255.255.255.0 any
  permit inside_nat0_outbound to access extended list ip 192.168.0.0 255.255.0.0 192.168.121.0 255.255.255.0
  permit inside_nat0_outbound to access extended list ip 192.168.0.0 255.255.0.0 192.168.80.0 255.255.255.0
  pager lines 24
  Enable logging
  emblem of logging
  recording of debug console
  recording of debug trap
  asdm of logging of information
  Interior-Bct 192.168.1.27 host connection
  flow-export destination inside-Bct 192.168.1.27 9996
  vpnswc MTU 1500
  outside Baku MTU 1500
  outside-Ganja MTU 1500
  MTU 1500 remote access
  Interior-Bct MTU 1500
  management of MTU 1500
  IP local pool raccess 192.168.121.60 - 192.168.121.120 mask 255.255.255.0
  IP local pool ssl 192.168.121.130 - 192.168.121.200 mask 255.255.255.0
  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  ICMP allow any outside Baku
  ICMP allow access remotely
  ICMP allow any interior-Bct
  ASDM image disk0: / asdm - 621.bin
  don't allow no asdm history
  ARP timeout 14400
  global (outside-Baku) 1 interface
  global (outside-Ganja) interface 2
  3 overall (RAS) interface
  azans access-list NAT 3 (outside-Ganja)
  NAT (remote access) 0 access-list sheep-vpn-city
  NAT 3 list nat-vpn-internet access (remote access)
  NAT (inside-Bct) 0-list of access inside_nat0_outbound
  NAT (inside-Bct) 2-nat-ganja access list
  NAT (inside-Bct) 1 access list nat
  Access-group rdp on interface outside-Ganja
  !
  Router eigrp 2008
  No Auto-resume
  neighbor 10.254.17.10 interface outside Baku
  neighbor 10.40.50.66 Interior-Bct interface
  Network 10.40.50.64 255.255.255.252
  Network 10.250.25.0 255.255.255.0
  Network 10.254.17.8 255.255.255.248
  Network 10.254.17.16 255.255.255.248
  redistribute static
  !
  Access remote 0.0.0.0 0.0.0.0 85.*. *. * 1
  Outside-Baku route 10.0.11.0 255.255.255.0 10.254.17.10 1
  Outside-Baku route 10.0.33.0 255.255.255.0 10.254.17.10 1
  Outside-Baku route 10.0.150.0 255.255.255.0 10.254.17.10 1
  Outside-Baku route 10.0.170.0 255.255.255.0 10.254.17.10 1
  Route outside Baku 10.254.17.24 255.255.255.248 10.254.17.10 1
  Route outside Baku 10.254.17.32 255.255.255.248 10.254.17.10 1
  Route outside Baku 192.1.1.0 255.255.255.0 10.254.17.10 1
  Outside-Baku route 192.168.27.0 255.255.255.0 10.254.17.10 1
  Outside-Baku route 192.168.39.0 255.255.255.0 10.254.17.10 1
  Route outside-Ganja 192.168.45.0 255.255.255.0 10.254.17.18 1
  Route outside-Ganja 192.168.66.0 255.255.255.0 10.254.17.18 1
  Route outside-Ganja 192.168.69.0 255.255.255.0 10.254.17.18 1
  Outside-Baku route 192.168.80.0 255.255.255.0 10.254.17.11 1
  Access remote 192.168.121.0 255.255.255.0 85.132.43.1 1
  Route outside-Ganja 192.168.184.0 255.255.255.0 10.254.17.18 1
  Route outside Baku 192.168.208.16 255.255.255.240 10.254.17.10 1
  Route outside-Ganja 192.168.208.112 255.255.255.240 10.254.17.18 1
  Route inside-Bct 192.168.254.0 255.255.255.0 10.40.50.66 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-registration DfltAccessPolicy
  AAA-server protocol Ganymede GANYMEDE +.
  AAA-server GANYMEDE (Interior-Bct) 192.168.1.8
  key *.
  AAA-server GANYMEDE (Interior-Bct) 192.168.22.46
  key *.
  RADIUS protocol AAA-server TACACS1
  AAA-server TACACS1 (Interior-Bct) host 192.168.1.8
  key *.
  AAA-server TACACS1 (Interior-Bct) host 192.168.22.46
  key *.
  authentication AAA ssh console LOCAL GANYMEDE
  Console to enable AAA authentication RADIUS LOCAL
  Console Telnet AAA authentication RADIUS LOCAL
  AAA accounting ssh console GANYMEDE
  Console Telnet accounting AAA GANYMEDE
  Enable http server
  http 192.168.1.0 255.255.255.0 management
  http 192.168.1.0 255.255.255.0 Interior-Bct
  http 192.168.139.0 255.255.255.0 Interior-Bct
  http 192.168.0.0 255.255.255.0 Interior-Bct
  Survey community SNMP-server host inside-Bct 192.168.1.27
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-3des esp-md5-hmac RIGHT
  Crypto ipsec transform-set newset aes - esp esp-md5-hmac
  Crypto ipsec transform-set esp-3des esp-sha-hmac myset2
  Crypto ipsec transform-set esp-3des esp-md5-hmac raccess
  Crypto ipsec transform-set esp-3des esp-sha-hmac vpnclienttrans
  Crypto ipsec transform-set vpnclienttrans transport mode
  life crypto ipsec security association seconds 2147483646
  Crypto ipsec kilobytes of life security-association 2147483646
  raccess 1 set transform-set vpnclienttrans crypto dyn1 dynamic-map
  correspondence address card crypto mymap 10 110
  card crypto mymap 10 peers set 10.254.17.10
  card crypto mymap 10 transform-set RIGHT
  correspondence address card crypto mymap 20 110
  card crypto mymap 20 peers set 10.254.17.11
  mymap 20 transform-set myset2 crypto card
  card crypto mymap interface outside Baku
  correspondence address card crypto ganja 10 110
  10 ganja crypto map peer set 10.254.17.18
  card crypto ganja 10 transform-set RIGHT
  card crypto interface outside-Ganja ganja
  correspondence address card crypto vpntest 20 110
  peer set card crypto vpntest 20 10.250.25.1
  newset vpntest 20 transform-set card crypto
  card crypto vpntest interface vpnswc
  vpnclientmap 30 card crypto ipsec-isakmp dynamic dyn1
  card crypto interface for remote access vpnclientmap
  Crypto ca trustpoint ASDM_TrustPoint0
  registration auto
  name of the object CN = gyd - asa .az .bct
  sslvpnkeypair key pair
  Configure CRL
  map of crypto DefaultCertificateMap 10 ca certificate

  crypto isakmp identity address
  ISAKMP crypto enable vpnswc
  ISAKMP crypto enable outside-Baku
  ISAKMP crypto enable outside-Ganja
  crypto ISAKMP enable remote access
  ISAKMP crypto enable Interior-Bct
  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  md5 hash
  Group 2
  life 86400
  crypto ISAKMP policy 20
  preshared authentication
  aes encryption
  md5 hash
  Group 2
  life 86400
  crypto ISAKMP policy 30
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  crypto ISAKMP policy 40
  preshared authentication
  aes encryption
  sha hash
  Group 2
  life 86400
  Crypto isakmp nat-traversal 30
  No vpn-addr-assign aaa
  Telnet timeout 5
  SSH 192.168.0.0 255.255.255.0 Interior-Bct
  SSH timeout 35
  Console timeout 0
  priority queue outside Baku
  queue-limit 2046
  TX-ring-limit 254
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  Server NTP 192.168.1.3
  SSL encryption, 3des-sha1 rc4 - md5 aes128-sha1 sha1-aes256
  SSL-trust point ASDM_TrustPoint0 to vpnlb-ip remote access
  SSL-trust ASDM_TrustPoint0 remote access point
  WebVPN
  turn on remote access
  SVC disk0:/anyconnect-win-2.4.1012-k9.pkg 1 image
  enable SVC
  tunnel-group-list activate
  attributes of Group Policy DfltGrpPolicy
  Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
  internal group ssl policy
  attributes of group ssl policy
  banner welcome to SW value
  value of DNS-server 192.168.1.3
  Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
  group-lock value SSL
  WebVPN
  value of the SPS URL-list
  internal vpn group policy
  attributes of vpn group policy
  value of DNS-server 192.168.1.3
  Protocol-tunnel-VPN IPSec l2tp ipsec
  disable the PFS
  BCT.AZ value by default-field
  ssl VPN-group-strategy
  WebVPN
  value of the SPS URL-list
  IPSec-attributes tunnel-group DefaultL2LGroup
  ISAKMP retry threshold 20 keepalive 5
  attributes global-tunnel-group DefaultRAGroup
  raccess address pool
  Group-RADIUS authentication server
  Group Policy - by default-vpn
  IPSec-attributes tunnel-group DefaultRAGroup
  pre-shared key *.
  ISAKMP retry threshold 20 keepalive 5
  IPSec-attributes tunnel-group DefaultWEBVPNGroup
  ISAKMP retry threshold 20 keepalive 5
  tunnel-group 10.254.17.10 type ipsec-l2l
  IPSec-attributes tunnel-group 10.254.17.10
  pre-shared key *.
  ISAKMP retry threshold 20 keepalive 5
  type SSL tunnel-group remote access
  attributes global-group-tunnel SSL
  ssl address pool
  Authentication (remote access) LOCAL servers group
  Group Policy - by default-ssl
  certificate-use-set-name username
  Group-tunnel SSL webvpn-attributes
  enable SSL group-alias
  Group-url https://85. *. *. * / activate
  tunnel-group 10.254.17.18 type ipsec-l2l
  IPSec-attributes tunnel-group 10.254.17.18
  pre-shared key *.
  ISAKMP retry threshold 20 keepalive 5
  tunnel-group 10.254.17.11 type ipsec-l2l
  IPSec-attributes tunnel-group 10.254.17.11
  pre-shared key *.
  ISAKMP retry threshold 20 keepalive 5
  type tunnel-group DefaultSWITGroup remote access
  attributes global-tunnel-group DefaultSWITGroup
  raccess address pool
  Group-RADIUS authentication server
  Group Policy - by default-vpn
  IPSec-attributes tunnel-group DefaultSWITGroup
  pre-shared key *.
  !
  type of policy-card inspect dns migrated_dns_map_1
  parameters
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the migrated_dns_map_1 dns
  inspect the rsh
  inspect the rtsp
  inspect sqlnet
  inspect sunrpc
  inspect xdmcp
  inspect the netbios
  Review the ip options
  class flow_export_cl
  flow-export-type of event all the destination 192.168.1.27
  class class by default
  flow-export-type of event all the destination 192.168.1.27
  Policy-map Voicepolicy
  class voice
  priority
  The class data
  police release 80000000
  !
  global service-policy global_policy
  service-policy interface outside Baku Voicepolicy
  context of prompt hostname

  Cryptochecksum:4f35f975ba7a0c11f7f46dfd541d266f
  : end
  GYD - asa #.

  ASA remote:
  ASA Version 8.2 (3)
  !
  ciscoasa hostname
  activate the encrypted password of XeY1QWHKPK75Y48j
  2KFQnbNIdI.2KYOU encrypted passwd
  names of
  DNS-guard
  !
  interface Ethernet0/0
  nameif inside
  security-level 100
  IP 192.168.80.14 255.255.255.0
  !
  interface Ethernet0/1
  nameif outside
  security-level 0
  IP 10.254.17.11 255.255.255.248
  !
  interface Ethernet0/2
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Ethernet0/3
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Management0/0
  Shutdown
  nameif management
  security-level 100
  no ip address
  management only
  !
  boot system Disk0: / asa823 - k8.bin
  passive FTP mode
  access-list 110 scope ip allow a whole
  192.168.80.0 IP Access-list extended sheep 255.255.255.0 allow 192.168.0.0 255.255.0.0
  pager lines 24
  Enable logging
  asdm of logging of information
  Outside 1500 MTU
  management of MTU 1500
  Within 1500 MTU
  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  ICMP allow all outside
  ICMP allow any inside
  ASDM image disk0: / asdm - 621.bin
  don't allow no asdm history
  ARP timeout 14400
  NAT (inside) 0 access-list sheep
  Route outside 0.0.0.0 0.0.0.0 10.254.17.9 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-registration DfltAccessPolicy
  Enable http server
  http 192.168.1.0 255.255.255.0 management
  http 192.168.80.0 255.255.255.0 inside
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-3des esp-md5-hmac RIGHT
  Crypto ipsec transform-set newset aes - esp esp-md5-hmac
  Crypto ipsec transform-set esp-3des esp-sha-hmac myset2
  life crypto ipsec security association seconds 2147483646
  Crypto ipsec kilobytes of life security-association 2147483646
  correspondence address card crypto mymap 10 110
  card crypto mymap 10 peers set 10.254.17.9
  mymap 10 transform-set myset2 crypto card
  mymap outside crypto map interface
  crypto ISAKMP allow outside
  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  md5 hash
  Group 2
  life 86400
  crypto ISAKMP policy 20
  preshared authentication
  aes encryption
  md5 hash
  Group 2
  life 86400
  crypto ISAKMP policy 30
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  crypto ISAKMP policy 40
  preshared authentication
  aes encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  WebVPN

  tunnel-group 10.254.17.9 type ipsec-l2l
  IPSec-attributes tunnel-group 10.254.17.9
  pre-shared key *.
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns migrated_dns_map_1
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the migrated_dns_map_1 dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect the rtsp
  inspect esmtp
  inspect sqlnet
  inspect the skinny
  inspect sunrpc
  inspect xdmcp
  inspect the sip
  inspect the netbios
  inspect the tftp
  Review the ip options
  !
  global service-policy global_policy
  context of prompt hostname

  Cryptochecksum:1c1ac60e2fb84f65269d15d53f27c21b
  : end
  ciscoasa # $

  Still, I can't ping ASA remote outside from outside of the Local interface. And there is no connectivity between the 192.168.80.0 distance and local don't say 192.168.1.0. I have run out of ideas

  Would appreciate any help. Thank you in advance...

  If the tunnel is up (phase 1), but no traffic passing the best test is the following:

  Add order management-access to the Interior , and then try to PING the intellectual property inside ASA counterpart.

  inside x.x.x.x ping --> x.x.x.x is the IP of the ASA peer inside

  The test above shows if the traffic passes through the tunnel (check encrypted/decrypted packets of sh cry ips its).

  Test on both directions.

  Please post the results.

  Federico.

• Easy traffic between remote sites via Cisco VPN

  We have a Cisco 2921 router at Headquarters (Easy VPN Server) and deployed Cisco 887VA (EasyVPN - Extension of remote network) for remote offices using EasyVPN. We allow voice traffic and data via VPN.  Everything has been great to work until this problem has been discovered today:

  When a remote user behind Cisco 887VA calls another remote user also behind Cisco 887VA, the call connects and Avaya IP phone rings but no voice in both feel.

  Calls from Headquarters and external mobile/fixed are very good. Only calls between two remote sites are affected.

  There is no need for DATA connection between the remote desktop, our only concern is the voice.

  By the looks of it, I think that "hair - pinning" traffic on the interface VPN is necessary. But need some advice on the configuration. (Examples configs etc.).

  Thanks in advance.

  Thanks for your quick response.

  I am sorry, I assumed that the clients have been configured in client mode.

  No need to remove the SDM_POOL_1, given that customers already have configured NEM.

  But add:

  Configuration group customer isakmp crypto CliniEasyVPN

  network extension mode

  You are able to ping to talked to the other?

  Please make this change:

  105 extended IP access list

  Licensing ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255

  * Of course free to do trafficking of translated on the shelves.

  Let me know if you have any questions.

  Thank you.

  Portu.

• Win 7 VPN client cannot access remote resources beyond the VPN server

  I have a Win 7 laptop with work and customer Win 7 VPN set up, and through it that I can access everything allowed resources on the remote network.

  I built a new computer, set up the Win 7 client with the exact same parameters everywhere, connected to the VPN with success, but can not access any of the resources on the remote network that I can on my laptop.

  Win 7 64 bit SP 1

  I did research online and suggestions have already had reason of my new set up.  In addition, I have a second computer that I've set up the VPN client, and I'm having the same problem.  VPN connects successfully, but is unable to access the resources.

  Tested with firewall off the coast.

  Troubleshooting Diagnostic reports: your computer seems to be configured correctly, distance resources detected, but not answered do not.

  I created another VPN client on the new computer to another remote network and everything works perfectly.

  Remember the old VPN connection to the remote network that does not work on the new computer works perfectly on Win 7 64 bit laptop computer.

  So, what do I find also different between identical configurations "should be" where we work and two new machines is not?

  It must be something stupid.

  Hello

  This question is more suited for a TechNet audience. I suggest you send the query to the Microsoft TechNet forum. See the link below to do so:
  https://social.technet.Microsoft.com/forums/Windows/en-us/home?Forum=w7itpronetworking

  Please let us know if you have more queries on Windows.

• Cannot access the network ERR_NETWORK_ACCESS_DENIED

  I have Windows 7.  Nothing works, I tried chrome (which will not even load) and Firefox (it has been a constant problem with gmail for well over a year).

  Cannot access the network

  ERR_NETWORK_ACCESS_DENIED
  Google Chrome has access to the network.

  Maybe it's because your firewall or antivirus software wrongly think that Google Chrome is an intruder on your computer and it blocks to connect to Internet.

  Chrome allow access to the network in your firewall or anti-virus settings.

  If it is already listed as a program allowed to access the network, try to remove from the list and Add again.

  I tried the above, but can't seem to solve the problem.  Thank you.

  Hello Paul,

  Thanks for posting your question on the Microsoft Community.

  I would like to know some information about the problem so that we can help you better.

  The same problem occurs when you use Internet explorer?

  Thank you for details on the question and your efforts to resolve.

  If the problem also occurs when you use Internet explorer, I suggest you use the steps in this article and check if it helps.
  Reference:
  Can't access some Web sites in Internet Explorer
  https://support.Microsoft.com/en-us/KB/967897

  Note: The feature reset the Internet Explorer settings can reset security settings or privacy settings that you have added to the list of Trusted Sites. Reset the Internet Explorer settings can also reset parental control settings. We recommend that you note these sites before you use the reset Internet Explorer settings. Reset Internet Explorer is not reversible, and all the previous settings are lost after reset.

  Also see this article:
  Understanding Windows Firewall settings
  http://Windows.Microsoft.com/en-us/Windows/understanding-firewall-settings#1TC=Windows-7

  Note: Firewall and Antivirus software can help protect your computer against viruses and other security threats. In most cases, you should not turn off your antivirus software and firewalls. If you need to disable temporarily to install other software, you should reactivate as soon as you are finished. If you are connected to the Internet or a network, while your antivirus software and firewall are disabled, your computer is vulnerable to attacks.

  To get help on Google chrome, I suggest you post your question on Google chrome forums.
  http://productforums.Google.com/d/Forum/chrome

  I hope this information helps.

  Please let us know if you need more help.

  Thank you

• Windows Vista cannot find any networks after reformat

  Windows Vista cannot find any networks after reformatting. Help!

  Go to the website of the manufacturer of your computer/notebook > drivers and downloads Section > key in your model number > look for it last network adapters Vista drivers > download/install the.

  The computer you are using now if you have an Internet connection with the other > download / save drivers > copy them into Flash Drive > transfer / install on another computer/laptop.

  See you soon.

  Mick Murphy - Microsoft partner

• 10.1.7 drive Windows xp, cannot access all just to get the hotfix package unrecognized message

  Drive 10.1.7 with windows xp, cannot access all or delete, just to get this patch package unrecognized messages. Either Runtime error help please

  Uninstall the damaged drive using http://labs.adobe.com/downloads/acrobatcleaner.html

  Reinstall the latest version of http://get.adobe.com/reader/enterprise/

• SSLVPN via Cisco VPN Client (simultaneous use)

  Hi, I'm working on a new show: 1) connect to the first network with Cisco VPN client. (2) to leave this connection, road to another Cisco SSLVPN device and perform a SSL - VPN connection. Has anyone tried this before? Are there problems, workarounds? Thanks in advance!

  I do it all the time without any problems.

  HTH >

• Windows 7 cannot access the cliché in server 2003

  Hello world:

  I using windows 7 pro,
  my company has a server and version is windows server 2003,
  function of shadow copy are already active on the server.
  However, when I map the network drive to share the Server 2003 folder in my pc.
  I want to check the previous version on the network drive on my pc,
  but it does not show NO previous version available.
  When I using my PC to refuel, windows xp version checks the card reader.
  Well Yes, the previous version is show all.
  I was wondering why windows 7 cannot see any previous version?
  kindly help me, thank you very much!

  Hello

  The question you posted would be better suited to the TechNet community. Please visit the link below to find a community that will support what ask you

  http://social.technet.Microsoft.com/forums/en/category/WindowsServer/

• Cannot access network resources - Cisco VPN client

  Please see attached the network topology.

  I can connect using the Cisco VPN client and access to all resources of the 192.168.3.0 network

  I can't ping / access to all hosts on the network 192.168.5.0.

  Any ideas?

  Thanks for the help in advance

  AD

  Quite correct.

  Please add has the access list:

  CPA list standard access allowed 192.168.5.0 255.255.255.0

• Cannot access remote resources - Cisco VPN Client

  I'm having a problem with my Cisco VPN Client. I am new to VPN configuration, so this is probably something easy I'm missing. I have a my internet gateway for my LAN 2611XM router and my VPN server. I do all my tests of a society with a high card laptop mobile broadband. VPN connects, but anytime I ping anything in the network Cabinet, he returned with the public IP address of the external interface. I have NAT overload configured so any network can access the internet, inside which it looks like may be causing my problem. I don't know how to fix it. My config running is attatched. No one knows what might happen.

  Oh, almost forgot to add. When I remove the nat overload on my interface fa0/1, the vpn will connect to any resource on the inside.

  Your nat configuration seems to be the origin of the problem. If you are using an ACL to match the source for NAT, then it will be necessary to add the line 1A refuse for the local ip pool for your vpn clients to one only. try that to see how it goes.

  Sent by Cisco Support technique iPhone App

• Cannot access the network - Get unspecified error 0 x 80004005

  Hi all

  I have a strange problem that I hope someone can help me with.

  I have a PC Windows Vista Ultimate, newly installed, all the patches applied. Any other installed apps don't except MS Office.

  Not my problem, I have a NAS drive on my network and can be accessed by different machines on my network (IE. \\NAS)

  However for some reason any my Vista machine has ceased to recognize this. Now I can only connect via an IP address (IE. ( \\192.168.0.2).

  Whenever I have try type \\NAS he says "Windows cannot access \\NAS... etc etc" with a "unspecified error 0 error Code 80004005 x.

  He used to work, but now it does which is very weird. When I click on diagnose says that it cannot find \\NAS. However, as this network drive has a web front end, when I type its IP address there is no problem at all and I can access it, but not through windows Explorer! I use a TP-Link wireless adapter. I have a LAN connector normal that I disabled and enabled with no effect (although I have not physically connected them)

  I can navigate to Windwos Vista machine to it seems to work very well.

  Any ideas?

  Thanks in advance.

  Neal.

  If the regular way, you connect a reader could not be used and that you were forced to connect by ip, get error 80004005 would make sense, because it means that the rights or false refused/insufficient access permissions. Your network can have a parameter saying denied access by ip address, so either you might find this setting, or find a way to solve the original problem, making it impossible to connect as normal to you.

  I would check the firewalls, because your firewall or the firewall of the NAS could have been changed to not connect to the NAS or do not allow you to connect, respectively.

• Urgent! Users of remote access VPN connects but cannot access remote LAN (ping, folder,...)

  Hello

  I am setting up a VPN on a Cisco ASA 5510 version 8.4 remote access (4) 1.

  When I try to connect via the Cisco VPN client software, I am able to connect however I am unable to access network resources.

  However, I can ping the servers in the other site that is connected through the VPN site-to site to the main site!

  VPN client--> main site (ping times on)--> Site connected with the main site with VPN S2S (successful ping)

  Please help me I need to find a solution as soon as POSSIBLE!

  Thank you in advance.

  Hello

  Please remove the NAT exemption and the re - issue the command but with #1, so it will place the NAT as first line:

  No nat (SERVERS, external) static source SERVERS_LAN SERVERS_LAN NETWORK_OBJ_10.10.40.8_29 NETWORK_OBJ_10.10.40.8_29 non-proxy-arp-search of route static destination

  NAT (SERVERS, external) 1 static source SERVERS_LAN SERVERS_LAN NETWORK_OBJ_10.10.40.8_29 NETWORK_OBJ_10.10.40.8_29 non-proxy-arp-search of route static destination

  After re-configured this way, make sure that this command is also available:

  Sysopt connection permit VPN

  This sysopt will allow traffic regardles any ACL a fall, just in case. Please continue to run a package tracer and post it here,

  Packet-trace entry Server icmp XXXXXX 8 0 detailed YYYYY

  XXXX--> server IP

  AAAA--> VPN IP of the user

  Don't forget to do the two steps and a just in case, capture Please note and mark it as correct the useful message!

  Thank you

  David Castro,