Welcome to Ciscos Networking Professionals Connections Virtual Private Network Forum. This conversation will provide you the opportunity to discuss General VPN issues. We encourage everyone to share their knowledge and start conversations on any issue relating to VPN.
Remember, just like in the workplace, be courteous to your fellow forum participants. Please refrain from using disparaging or obscene language or posting advertisements.
Having some problems with a VPN. I'm new to the company and to VPNs. The current VPN layout I 'inherited' isn't working properly and I am hard pressed to find a solution. The layout is a fractional T1 coming into a cisco 1005 router. The router runs into a NIC on our proxy server which also is the server to which users VPN. Apparently, this rig was working but some changes on the proxy server brought things down several months before my arrival and the VPN has not functioned properly since. When a user tries to log in via VPN, the authentication takes place, however, all local network ties becomes severed from the proxy/VPN server and it has to be rebooted. I didn't think you could use a proxy server to support VPN services. Any info. or advice would be greatly appreciated.
I, too, am trying to figure out how to implement a scenario just like yours (including the proxy.) This much I know: some proxies can deal with VPN ( like MS Proxy 2.0) and some cannot (like Winproxy 3.0). Does the degree of difficulty for implementing VPNs go up exponentially if one has a Cisco router on the exterior, a DMZ, AND a Proxy on the interior?
I assume you are using your proxy server as a network gateway for your hosts. If that's the case, **absolutely** you'll need a proxy server that can route "other" IP (besides what you are proxying). Keep in mind though, a software based router for your network may not be the best from performance and stability standpoints. I would point the inside clients at the proxy server for just the http (and whatever other tcp you're using the proxy for), yet set their gateway at the router. Then the proxy server is not getting in the way for other IP routable traffic like your IPSec tunnels or whatever. If you're concerned about outside access without the proxy, lock it down with an access-list on the router or firewall. Does this help? Any other suggestions out there?
It sounds like your proxy server is also the end-point of your VPN tunnel so you are most likely running Microsoft's PPTP VPN solution. You might want to look into a VPN termination point on your internet router and relieving the load on that server. Is it a Microsoft Proxy Server too? Sometimes other vendor's software tend to fight with eachother. Has anyone else seen anomalies with PPTP and Proxy's?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :