What are the issues you are facing with your use of VPN? What VPN issues would you like to discuss on the Networking Professionals Connection?
Please let us know by posting your comments to this conversation.
Thank you for visiting the Cisco Networking Professionals Connection.
I have setup a vpn between to sites fourty miles apart using Microsoft vpn and a DSL (netopia dsl router) line which connects into NT server. Without the vpn the DSL router seems to work fine, but when I use the vpn, somehow either the connection fails, computer crashes, and/or the router crashes. I have called Concentric and they couldn't offer any assistance neither could the Microsoft KB. What is causing the mayhem?
Your problem may have to do with the router's capabilities. As I'm sure you're aware encryption is very demanding on the router. I'm guessing your trying to use the router the DSL provider gave you in the package deal. I'd suggest trying the Cisco 1700. That is what we use and it handles both our VPN and normal quite well. I know it can handle PPTP but we use IPSEC.
Have attempted to use a Netopia ourselves. Was located in France and tech support was almost non-existent. Netopia web site indicated that everything was to be supported and passed by the router but it was very version specific requiring the latest version. Our final solution was to have ISP replace with a more suitable piece of equipment (Cisco), then replaced the ISP.
I have a client with a DSL line with a Cisco 675 router. They would like to be able to VPN into their NT Server that is running RAS. I created a entry for PPTP but no requests make it to the server. I have called the ISP for help but would rather talk to the experts to get the right info. The ISP said that if they get a static IP it will work but I have my doubts. I know if I set the router to bridge mode and get them a firewall it will work but they are trying to cut costs. Is there any documentation on VPNing and the 675 router? Please help
From issues I've dealt with in the past, I know PPTP requires a valid IP address. From what you've written it looks like you only have a single port translated address, and that could be your issue. I think you'll need to get another valid IP address for that server so the router can pass the GRE (PPTP) traffic.
I don't think you need another IP address for this. A proper static NAT would be fine with 2 conduits each for PPTP and GRE. I have tested this on PIX and it works fine.
Your idea might work but it won't be reliable. The real solution to this is to have a STATIC NAT from your outside interface to the NT server directly. Once static mapping and you can pass both PPTP and GRE. If you don't have a fixed IP address on your outside, I am afraid, workarounds will only give headaches.
I have a cisco 2600 series router that was configured by Hickory Tech. We are having problems with the vpn setup. I have MS Proxy Server 2.0 on NT 4.0 SP5. I can ping the external interface of the proxy but not the router. Also when the cisco vpn client starts a session on the router the client can't ping the internal network. What might be the problem?
Im going to assume the 2600 isnt a gateway router but a local router internally. One problem that may cause this is if your entire network gateways to your proxy server and not your router. They should gateway at the router and have the browsers point to the proxy. If this doesnt solve the problem Id go back to Hickory Tech and have them look at it since they are familiar with your design.
I have the same problem with the vpn client. I did find that if you ping the client from the internal network the client is able to see the network. Have you found any more information on the problem? I am running the vpn 3000 concentrator behind a netopia router running NAT.
Thanks for your help.
We want to host our customer's Intranet servers in our local network. So we are thinking about using VPN and Private VLAN technologies together. How can we bind them? Is there any idea about this?
I can try helping you if provide me a little more information.
1.Where do you want the VPN and for what purpose?
2.For the servers?
3.VLAN for what?
I am planning to deploy a VPN network for running a varity of IP based services - VoIP/Internet access, LAN to LAN traffic and Hosting services. The POPs would be places at 5 to 10 locations in varoius countries linked by fiber/Satellite connection. I need to know the Tyical infrastucture needed at the POP - 3600/2600 ?? and VPN Concentrator tech to be used ...IPsec/MPLS/GRE tunnels ???Any help is welcome
I want to setup site to site vpn currently I have a hub and spoke configuration. And would like to use most of the existing hardware. At the hub there are two 7200 routers and a 520 PIX. There are about 20 remotes, would the PIX be able to handle all the remotes. Also about half of the remotes are using 2500 routers with 4MB of DRAM and 16MB of flash. Would I be able to use the 2500 routes (with just upgrading the memory) the remotes are under 20 computers each. The rest of the remotes have 2600 routers (what would be the memory requirement for them). Thank in advance
The PIX 520 will not have a problem terminating that many VPNs especially since quite a few of your remote offices have less than 20 users. The 2500s can do 56 bit IP Sec but cant do 3DES. If you go up to the 2600s you can do 3DES. Id suggest using the software upgrade planner on cisco.com to determine your hardware requirements. There are too many combinations of features and router models to give you a recommendation. I can tell you that it looks like your hardware will handle 56 Bit across the board. Like I said though, start with the software upgrade planner its a great tool that I use all the time.
I am setting up multiple 1720's to a hub 7120 router via VPN running 3DES. Do I need to use a routing protocol or can I set up an access list on the hub that will allow traffic from one branch to another.
At Y&R Toronto, our primary issues is a large installed base of Mac users (design dept.) who will be left stranded without a Mac-compatible VPN client.
Are there alternatives, even third-party, that anyone can suggest?
Is it possible to do a site-to-site VPN? I think it would be easier to administer than client hosts. If you cant do site-to-site you have two choices. Either wait for Ciscos Universal Client which is being released soon, or get some third party software. Does anyone use a third party Mac client here?
I tried to configure a VPN concentrator(3015) on my company LAN. I configured the public and private interfaces with public and private addresses as per the addressing scheme of our company. My VPN connection established when I tried to connect with the network via Internet but I could not browse my local LAN. I created a user entry in the internal database as well as indicated the authentication from NT server. What I got the user/password dialogue from the internal database server but no dialogue from the NT Server. Any suggestion.
My VPN issue are:
1.Any single VPN chassis can support simultaneous PPTP, L2TP as well as IPSec VPN client access from Internet client (W95,W98,WNT,W2000,Windows ME)through ISPs.
2.Can Server Load Balance or Firewall load balance Layer 7 switch be used for scalability and resiliency of VPN platform(PPTP server, L2TP server etc)?
I have PIX 515 with IOS 5.2(1) and 803 with IOS 12.0(3). Configured the PIX with IPSEC and using VPN Client 1.1 to access the internal network but I'm having problem in connection, one out of five connection tries succeeds. Any ideas why.
Im not sure if anyone can help you here because youll need to do some troubleshooting on this one, like looking at the debugs, etc. I would just call TAC on this one.
Hi, I am experiencing a problem to used the Novell Client 32 v.4.8. The novell client cannot see his Tree neither the Novell Server when I try to logon.
I am connecting with the Cisco VPN Client v.2.5.2 to my VPN concentrator v.2.5.2.
The Client is a Windows NT 4.0 sp6a.
Why the Novell Client cannot see his Tree or Server ???
I could from the Dos prompt ping the Novell server by name and the Tree. Both are defined in the DNS server.
Tks in advance...
I also had problems with using a VPN with Novell.
The issue is with Novell, not the VPN. The workaround I used is to use IP addresses instead of
server names in the login splash screen. Note that
this was with another vendor's VPN solution.
I would like to set up dial backup circuits between two remote sites using a VPN approach over ISDN BRI circuits and the internet. I need to know: 1) what IOS feature set do I need (IP, IP PLUS, etc.)?, 2) where are example configurations for VPN on 800, 1700, and 2600 routers?, 3) how do you manage internet connections that use dynamic addresses. Can you recommend any textbooks on configuring Cisco routers for VPN? Thanks for any help.
I would like to have the discussion on following topics as the discussion can surely lead to purchase of required equipments from cisco itself!!
Would appreciate discussion on specific only
"Access VPN" and not Intranet and Extranet Vpns
- Various products available in market for Access VPNs
- How it actually work.
- Pro's and Con's
- Security threats, if any.
I am at a client location that uses a Cisco 1720 for Internet access. Also using MS Proxy Ver. 2 and Windows 2000 Server VPN solution. The client would like to eliminate the Proxy Server and the Win2K VPN solution. What do I need to put onto the 1720 router that will take over the task of VPN and Proxy / Firewall?
Thanks in advace.
The 1720 router cannot function in the capacity of a web cache like Microsoft Proxy does, but with the right amount of memory and IOS software with firewall and IPSEC support, you can do everything else.