Re: vpn issue
If I understand the situation correctly, you want to route everything coming from a VPN address back through the VPN tunnel and everything else to the internet? I think what you want to do is make the default gateway 192.168.6.250 and create a static route for VPN: route -p add VPN ENDPOINT IP ADDRESS mask 255.255.255.255 192.168.6.1 I'm assuming a single VPN address in this example, the address that is on the other side of the tunnel. If the addresses are not being translated over the VPN, but on another network, you may be able to use the network instead of the vpn endpoint, i.e. 172.16.1.0 (or whatever the addresses look like over there. You will need to adjust the subnet mask if this is the case). hope this helps some. Jeff On Thu, Mar 31, 2011 at 6:27 AM, bruno cantin bruno.can...@genevahelpdesk.com wrote: Hi team. Have a problem i can't figure out… ORIGIN Server Win2k3 configured as TSE server with 1 nic,dedicated to VPN between the main site and a near site : it is setup by the local ISP and impossible to modify without their assistance… Local address 192.168.6.20/255.255.255.0/192.168.6.1 EVOLUTION To be able to connect to the server from ANY place in the world So i've set up a nic (number2) dedicated to a DSL line (with a local modem router than i can manage)…Local address 192.168.6.227/255.255.255.0/192.168.6.250 PROBLEM When i configure the nic2 without a gateway, the VPN from distant site works fine…. When i add the gateway 192.168.6.250 which is my local modem-router address ,the VPN clients on the distant site can't connect anymore …they see an RDP error message Remote desktop can't connect Try to reconnect…. When i disactivate nic1 and let my local modem-router address, i have Internet, ok, and i can connect through RDP from anywhere…but no VPN…. I'm confused….Is Windows able to deal with these 2 nics and this configuration ? Any help VERYY welcome…. Bruno CANTIN ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: VPN issue
I thought you had to move to AnyConnect for Windows Vista and 7 to work? _ From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 12:14 PM To: NT System Admin Issues Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Win7 32 or 64bit ? -sc From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 12:14 PM To: NT System Admin Issues Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
Win 7 32bit. On Tue, May 11, 2010 at 12:17 PM, Steven M. Caesare scaes...@caesare.comwrote: Win7 32 or 64bit ? -sc *From:* Cameron [mailto:cameron.orl...@gmail.com] *Sent:* Tuesday, May 11, 2010 12:14 PM *To:* NT System Admin Issues *Subject:* VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
Windows 7 is only supported with version 5.06+ so I would upgrade the Cisco vpn client first. -- Sent using BlackBerry From: Cameron cameron.orl...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue May 11 12:14:28 2010 Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Cisco just released (as in a few weeks ago) a 64-bit version of the older IPSec client. It is in BETA and not supported... it's just there so users are forced to move if they don't want to/can't. Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 arohy...@dpsciences.commailto:arohy...@dpsciences.com http://www.dpsciences.com/ I want an Anti-Virus system that sends Arnold back in time to kill the hacker as a small child before he invents the virus... There are 10 kinds of people in this world... those who can read binary, and those who can't From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 11, 2010 12:17 PM To: NT System Admin Issues Subject: RE: VPN issue I thought you had to move to AnyConnect for Windows Vista and 7 to work? From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 12:14 PM To: NT System Admin Issues Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
And of course we don't have any Cisco support.. On Tue, May 11, 2010 at 12:24 PM, Damien Solodow damien.solo...@harrison.edu wrote: Windows 7 is only supported with version 5.06+ so I would upgrade the Cisco vpn client first. -- Sent using BlackBerry -- *From*: Cameron cameron.orl...@gmail.com *To*: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Sent*: Tue May 11 12:14:28 2010 *Subject*: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. _ From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 1:16 PM To: NT System Admin Issues Subject: Re: VPN issue And of course we don't have any Cisco support.. On Tue, May 11, 2010 at 12:24 PM, Damien Solodow damien.solo...@harrison.edu wrote: Windows 7 is only supported with version 5.06+ so I would upgrade the Cisco vpn client first. -- Sent using BlackBerry _ From: Cameron cameron.orl...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue May 11 12:14:28 2010 Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Shrewsoft is what I use. It has some minor weirdnesses (it doesn't like bridged network connections or having multiple active routes to the Internet [e.g., one wired, one wireless]). Otherwise, it seems to work pretty well. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 11, 2010 1:29 PM To: NT System Admin Issues Subject: RE: VPN issue Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 1:16 PM To: NT System Admin Issues Subject: Re: VPN issue And of course we don't have any Cisco support.. On Tue, May 11, 2010 at 12:24 PM, Damien Solodow damien.solo...@harrison.edumailto:damien.solo...@harrison.edu wrote: Windows 7 is only supported with version 5.06+ so I would upgrade the Cisco vpn client first. -- Sent using BlackBerry From: Cameron cameron.orl...@gmail.commailto:cameron.orl...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Tue May 11 12:14:28 2010 Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Shrew VPN client Free, and works with 64-bit too. -sc From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 11, 2010 1:29 PM To: NT System Admin Issues Subject: RE: VPN issue Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 1:16 PM To: NT System Admin Issues Subject: Re: VPN issue And of course we don't have any Cisco support.. On Tue, May 11, 2010 at 12:24 PM, Damien Solodow damien.solo...@harrison.edu wrote: Windows 7 is only supported with version 5.06+ so I would upgrade the Cisco vpn client first. -- Sent using BlackBerry From: Cameron cameron.orl...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue May 11 12:14:28 2010 Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? (I spent 3 minutes on the website, so I could be wrong - please correct me if so.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 2:08 PM To: NT System Admin Issues Subject: Re: VPN issue On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
Update. I installed the latest version of the Cisco VPN client (removed the orig first) and it does connect to the concentrator (I can see the session). I'm thinking this is a Windows 7 thing as it shows connected to a public network (which it is, and I can surf). I cannot ping to any device on the LAN though. On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith mich...@smithcons.comwrote: But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? (I spent 3 minutes on the website, so I could be wrong - please correct me if so.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 2:08 PM To: NT System Admin Issues Subject: Re: VPN issue On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Do you still have ipv6 running? _ From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 2:27 PM To: NT System Admin Issues Subject: Re: VPN issue Update. I installed the latest version of the Cisco VPN client (removed the orig first) and it does connect to the concentrator (I can see the session). I'm thinking this is a Windows 7 thing as it shows connected to a public network (which it is, and I can surf). I cannot ping to any device on the LAN though. On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith mich...@smithcons.com wrote: But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? (I spent 3 minutes on the website, so I could be wrong - please correct me if so.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 2:08 PM To: NT System Admin Issues Subject: Re: VPN issue On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
Yes. On Tue, May 11, 2010 at 2:30 PM, David W. McSpadden dav...@imcu.com wrote: Do you still have ipv6 running? -- *From:* Cameron [mailto:cameron.orl...@gmail.com] *Sent:* Tuesday, May 11, 2010 2:27 PM *To:* NT System Admin Issues *Subject:* Re: VPN issue Update. I installed the latest version of the Cisco VPN client (removed the orig first) and it does connect to the concentrator (I can see the session). I'm thinking this is a Windows 7 thing as it shows connected to a public network (which it is, and I can surf). I cannot ping to any device on the LAN though. On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith mich...@smithcons.com wrote: But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? (I spent 3 minutes on the website, so I could be wrong - please correct me if so.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 2:08 PM To: NT System Admin Issues Subject: Re: VPN issue On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Maybe stop it and just use the ipv4 and see if it works? _ From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 2:33 PM To: NT System Admin Issues Subject: Re: VPN issue Yes. On Tue, May 11, 2010 at 2:30 PM, David W. McSpadden dav...@imcu.com wrote: Do you still have ipv6 running? _ From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 2:27 PM To: NT System Admin Issues Subject: Re: VPN issue Update. I installed the latest version of the Cisco VPN client (removed the orig first) and it does connect to the concentrator (I can see the session). I'm thinking this is a Windows 7 thing as it shows connected to a public network (which it is, and I can surf). I cannot ping to any device on the LAN though. On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith mich...@smithcons.com wrote: But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? (I spent 3 minutes on the website, so I could be wrong - please correct me if so.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 2:08 PM To: NT System Admin Issues Subject: Re: VPN issue On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith mich...@smithcons.com wrote: ... OpenVPN But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? D'oh. Whoops. No. No cookie for me. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Can you resolve names on the LAN ? What does a tracert to devices on the LAN look like ? CFee From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 2:27 PM To: NT System Admin Issues Subject: Re: VPN issue Update. I installed the latest version of the Cisco VPN client (removed the orig first) and it does connect to the concentrator (I can see the session). I'm thinking this is a Windows 7 thing as it shows connected to a public network (which it is, and I can surf). I cannot ping to any device on the LAN though. On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? (I spent 3 minutes on the website, so I could be wrong - please correct me if so.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ -Original Message- From: Ben Scott [mailto:mailvor...@gmail.commailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 2:08 PM To: NT System Admin Issues Subject: Re: VPN issue On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.commailto:dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: vpn issue
From what I understand the security enhancements in it kill the activeX control. Maybe someone can elaborate more. All I know is I implement this great SSLVPN for users to remote in from home and if they install SP3 it won't work. From: David Lum [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 4:41 PM To: NT System Admin Issues Subject: RE: vpn issue DOH! Sorry, SP3 hosing things for VPN. Dave From: N Parr [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 1:01 PM To: NT System Admin Issues Subject: RE: vpn issue Which part the ASA or SP3? From: David Lum [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 2:44 PM To: NT System Admin Issues Subject: RE: vpn issue Can you elaborate on that? Dave Lum - Systems Engineer [EMAIL PROTECTED] - (971)-222-1025 ..remember that, in the past, those who foolishly sought power by riding the back of the tiger ended up inside - JFK From: N Parr [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 10:59 AM To: NT System Admin Issues Subject: RE: vpn issue Yep it is for us, that's one of the reason's we started use the Web based RDP through our Cisco ASA. Doesn't matter what the users local range is. But now XP SP3 hoses that up. From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 11:04 AM To: NT System Admin Issues Subject: RE: vpn issue True that. Unfortunately this will probably shape up to be an issue for many of your home users From: Eldridge, Dave [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 8:28 AM To: NT System Admin Issues Subject: RE: vpn issue Change your home network to something other than 192.168.0.x, 192.168.1.x. You'll never have this issue again. You'll never be able to change your clients networks. From: Jesse Rink [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 9:25 AM To: NT System Admin Issues Subject: vpn issue I thought this was odd, but maybe it's normal? My home network is on 192.168.1.0/24. I have a device at 192.168.1.1 and 192.168.1.2 (router and a network printer). When I VPN into another network on my Vista box, I am on their 192.168.1.0/24 network. They have a server I RDP into at 192.168.1.2, however, whenever I try to access that server, my Vista machine accesses the Printer I have at 192.168.1.2 instead of the server over the VPN. Is this normal behaviour? Just seems odd I have never run across this before in that 10-20 places I VPN into... This e-mail contains the thoughts and opinions of the sender and does not represent official Parkview Medical Center policy. This communication is intended only for the recipient(s) named above, may be confidential and/or legally privileged: and, must be treated as such in accordance with state and federal laws. If you are not the intended recipient, you are hereby notified that any use of this communication, or any of its contents, is prohibited. If you have received this communication in error, please return to sender and delete the message from your computer system. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: vpn issue
That would be pretty standard yes. Your vista box is going to assume that by 192.168.1.2 you mean your local subnet, with no router/firewall in between. Either change your printer IP or your subnet Clayton Doige IT Project Manager CME Development Corporation T: 020 7430 5355 M: 07949 255062 E:[EMAIL PROTECTED] W:www.cetv-net.com From: Jesse Rink [mailto:[EMAIL PROTECTED] Sent: 05 August 2008 16:25 To: NT System Admin Issues Subject: vpn issue I thought this was odd, but maybe it's normal? My home network is on 192.168.1.0/24. I have a device at 192.168.1.1 and 192.168.1.2 (router and a network printer). When I VPN into another network on my Vista box, I am on their 192.168.1.0/24 network. They have a server I RDP into at 192.168.1.2, however, whenever I try to access that server, my Vista machine accesses the Printer I have at 192.168.1.2 instead of the server over the VPN. Is this normal behaviour? Just seems odd I have never run across this before in that 10-20 places I VPN into... __ This email has been scanned by the MessageLabs Email Security System. __ __ This electronic mail message and any attached files contain information intended for the exclusive use of the person(s) to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this message or its contents may be subject to legal restriction or sanction. If you have received this message in error, please notify the sender immediately by electronic mail and delete the original message and any attachments without retaining any copies. _ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: vpn issue
Change your home network to something other than 192.168.0.x, 192.168.1.x. You'll never have this issue again. You'll never be able to change your clients networks. From: Jesse Rink [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 9:25 AM To: NT System Admin Issues Subject: vpn issue I thought this was odd, but maybe it's normal? My home network is on 192.168.1.0/24. I have a device at 192.168.1.1 and 192.168.1.2 (router and a network printer). When I VPN into another network on my Vista box, I am on their 192.168.1.0/24 network. They have a server I RDP into at 192.168.1.2, however, whenever I try to access that server, my Vista machine accesses the Printer I have at 192.168.1.2 instead of the server over the VPN. Is this normal behaviour? Just seems odd I have never run across this before in that 10-20 places I VPN into... This message contains confidential information and is intended only for the intended recipient(s). If you are not the named recipient you should not read, distribute or copy this e-mail. Please notify the sender immediately via e-mail if you have received this e-mail by mistake; then, delete this e-mail from your system. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: vpn issue
What Clayton said, or do some fancy NAT configuration on the VPNs to remote subnets that match yours. From: Doige, Clayton [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 10:28 AM To: NT System Admin Issues Subject: RE: vpn issue That would be pretty standard yes. Your vista box is going to assume that by 192.168.1.2 you mean your local subnet, with no router/firewall in between. Either change your printer IP or your subnet Clayton Doige IT Project Manager CME Development Corporation T: 020 7430 5355 M: 07949 255062 E:[EMAIL PROTECTED] W:www.cetv-net.com From: Jesse Rink [mailto:[EMAIL PROTECTED] Sent: 05 August 2008 16:25 To: NT System Admin Issues Subject: vpn issue I thought this was odd, but maybe it's normal? My home network is on 192.168.1.0/24. I have a device at 192.168.1.1 and 192.168.1.2 (router and a network printer). When I VPN into another network on my Vista box, I am on their 192.168.1.0/24 network. They have a server I RDP into at 192.168.1.2, however, whenever I try to access that server, my Vista machine accesses the Printer I have at 192.168.1.2 instead of the server over the VPN. Is this normal behaviour? Just seems odd I have never run across this before in that 10-20 places I VPN into... __ This email has been scanned by the MessageLabs Email Security System. __ __ This electronic mail message and any attached files contain information intended for the exclusive use of the person(s) to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this message or its contents may be subject to legal restriction or sanction. If you have received this message in error, please notify the sender immediately by electronic mail and delete the original message and any attachments without retaining any copies. _ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: vpn issue
True that. Unfortunately this will probably shape up to be an issue for many of your home users.. From: Eldridge, Dave [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 8:28 AM To: NT System Admin Issues Subject: RE: vpn issue Change your home network to something other than 192.168.0.x, 192.168.1.x. You'll never have this issue again. You'll never be able to change your clients networks. From: Jesse Rink [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 9:25 AM To: NT System Admin Issues Subject: vpn issue I thought this was odd, but maybe it's normal? My home network is on 192.168.1.0/24. I have a device at 192.168.1.1 and 192.168.1.2 (router and a network printer). When I VPN into another network on my Vista box, I am on their 192.168.1.0/24 network. They have a server I RDP into at 192.168.1.2, however, whenever I try to access that server, my Vista machine accesses the Printer I have at 192.168.1.2 instead of the server over the VPN. Is this normal behaviour? Just seems odd I have never run across this before in that 10-20 places I VPN into... This e-mail contains the thoughts and opinions of the sender and does not represent official Parkview Medical Center policy. This communication is intended only for the recipient(s) named above, may be confidential and/or legally privileged: and, must be treated as such in accordance with state and federal laws. If you are not the intended recipient, you are hereby notified that any use of this communication, or any of its contents, is prohibited. If you have received this communication in error, please return to sender and delete the message from your computer system. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: vpn issue
YES, the mistake we made was to use 192.168.1.X internally. ATT also uses this as a default, but more important is for your road warriors. Apparently many hotels, motels, etc haven't bothered to change the default that comes with virtually ALL router manufacturers of using 0 or 1 (mostly 1) as the third digit in the default IP address. Murray From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 11:13 AM To: NT System Admin Issues Subject: RE: vpn issue check your default gateway , AND because it's the same subnet as your own, you're probably not getting past the adjacency test ... when your IP stack goes to send a packet, first thing it'll do is check the destination IP and if it's on the same subnet as the machine you're sending from, just dumps it on the local wire (ARPs for mac for IP x) and then passes it on. You're never making it across the tunnel From: Jesse Rink [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 11:25 AM To: NT System Admin Issues Subject: vpn issue I thought this was odd, but maybe it's normal? My home network is on 192.168.1.0/24. I have a device at 192.168.1.1 and 192.168.1.2 (router and a network printer). When I VPN into another network on my Vista box, I am on their 192.168.1.0/24 network. They have a server I RDP into at 192.168.1.2, however, whenever I try to access that server, my Vista machine accesses the Printer I have at 192.168.1.2 instead of the server over the VPN. Is this normal behaviour? Just seems odd I have never run across this before in that 10-20 places I VPN into... No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.138 / Virus Database: 270.5.12/1592 - Release Date: 8/5/2008 6:03 AM ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: vpn issue
Yep it is for us, that's one of the reason's we started use the Web based RDP through our Cisco ASA. Doesn't matter what the users local range is. But now XP SP3 hoses that up. From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 11:04 AM To: NT System Admin Issues Subject: RE: vpn issue True that. Unfortunately this will probably shape up to be an issue for many of your home users From: Eldridge, Dave [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 8:28 AM To: NT System Admin Issues Subject: RE: vpn issue Change your home network to something other than 192.168.0.x, 192.168.1.x. You'll never have this issue again. You'll never be able to change your clients networks. From: Jesse Rink [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 9:25 AM To: NT System Admin Issues Subject: vpn issue I thought this was odd, but maybe it's normal? My home network is on 192.168.1.0/24. I have a device at 192.168.1.1 and 192.168.1.2 (router and a network printer). When I VPN into another network on my Vista box, I am on their 192.168.1.0/24 network. They have a server I RDP into at 192.168.1.2, however, whenever I try to access that server, my Vista machine accesses the Printer I have at 192.168.1.2 instead of the server over the VPN. Is this normal behaviour? Just seems odd I have never run across this before in that 10-20 places I VPN into... This e-mail contains the thoughts and opinions of the sender and does not represent official Parkview Medical Center policy. This communication is intended only for the recipient(s) named above, may be confidential and/or legally privileged: and, must be treated as such in accordance with state and federal laws. If you are not the intended recipient, you are hereby notified that any use of this communication, or any of its contents, is prohibited. If you have received this communication in error, please return to sender and delete the message from your computer system. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: vpn issue
Can you elaborate on that? Dave Lum - Systems Engineer [EMAIL PROTECTED] - (971)-222-1025 ..remember that, in the past, those who foolishly sought power by riding the back of the tiger ended up inside - JFK From: N Parr [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 10:59 AM To: NT System Admin Issues Subject: RE: vpn issue Yep it is for us, that's one of the reason's we started use the Web based RDP through our Cisco ASA. Doesn't matter what the users local range is. But now XP SP3 hoses that up. From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 11:04 AM To: NT System Admin Issues Subject: RE: vpn issue True that. Unfortunately this will probably shape up to be an issue for many of your home users From: Eldridge, Dave [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 8:28 AM To: NT System Admin Issues Subject: RE: vpn issue Change your home network to something other than 192.168.0.x, 192.168.1.x. You'll never have this issue again. You'll never be able to change your clients networks. From: Jesse Rink [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 9:25 AM To: NT System Admin Issues Subject: vpn issue I thought this was odd, but maybe it's normal? My home network is on 192.168.1.0/24. I have a device at 192.168.1.1 and 192.168.1.2 (router and a network printer). When I VPN into another network on my Vista box, I am on their 192.168.1.0/24 network. They have a server I RDP into at 192.168.1.2, however, whenever I try to access that server, my Vista machine accesses the Printer I have at 192.168.1.2 instead of the server over the VPN. Is this normal behaviour? Just seems odd I have never run across this before in that 10-20 places I VPN into... This e-mail contains the thoughts and opinions of the sender and does not represent official Parkview Medical Center policy. This communication is intended only for the recipient(s) named above, may be confidential and/or legally privileged: and, must be treated as such in accordance with state and federal laws. If you are not the intended recipient, you are hereby notified that any use of this communication, or any of its contents, is prohibited. If you have received this communication in error, please return to sender and delete the message from your computer system. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: vpn issue
Which part the ASA or SP3? From: David Lum [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 2:44 PM To: NT System Admin Issues Subject: RE: vpn issue Can you elaborate on that? Dave Lum - Systems Engineer [EMAIL PROTECTED] - (971)-222-1025 ..remember that, in the past, those who foolishly sought power by riding the back of the tiger ended up inside - JFK From: N Parr [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 10:59 AM To: NT System Admin Issues Subject: RE: vpn issue Yep it is for us, that's one of the reason's we started use the Web based RDP through our Cisco ASA. Doesn't matter what the users local range is. But now XP SP3 hoses that up. From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 11:04 AM To: NT System Admin Issues Subject: RE: vpn issue True that. Unfortunately this will probably shape up to be an issue for many of your home users From: Eldridge, Dave [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 8:28 AM To: NT System Admin Issues Subject: RE: vpn issue Change your home network to something other than 192.168.0.x, 192.168.1.x. You'll never have this issue again. You'll never be able to change your clients networks. From: Jesse Rink [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 9:25 AM To: NT System Admin Issues Subject: vpn issue I thought this was odd, but maybe it's normal? My home network is on 192.168.1.0/24. I have a device at 192.168.1.1 and 192.168.1.2 (router and a network printer). When I VPN into another network on my Vista box, I am on their 192.168.1.0/24 network. They have a server I RDP into at 192.168.1.2, however, whenever I try to access that server, my Vista machine accesses the Printer I have at 192.168.1.2 instead of the server over the VPN. Is this normal behaviour? Just seems odd I have never run across this before in that 10-20 places I VPN into... This e-mail contains the thoughts and opinions of the sender and does not represent official Parkview Medical Center policy. This communication is intended only for the recipient(s) named above, may be confidential and/or legally privileged: and, must be treated as such in accordance with state and federal laws. If you are not the intended recipient, you are hereby notified that any use of this communication, or any of its contents, is prohibited. If you have received this communication in error, please return to sender and delete the message from your computer system. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: VPN Issue
Thanks Phil, That's what I'm getting from Sonicwall. Management here wants us to create a miracle and make this happen with the equipment we have available and it just isn't going to happen. Time to call Paciolan and get another server license for the Access management software. Thanks for your time sir. Tom -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2008 4:07 PM To: NT System Admin Issues Subject: Re: VPN Issue The wireless-equipped SonicWALL firewalls are specifically designed to put wireless clients on a separate subnet from the wired clients. I've never used a TZ170 Wireless, but I have used the now-ancient SOHO TZW and the newer devices aren't all that different - there is no way to bridge the wireless subnet with the wired subnet. If the wireless scanners *MUST* be on the same subnet as the server (which I presume is wired), and the built-in wireless on your firewall is on a separate subnet and *CAN NOT* be configured otherwise... Time to go shopping for an AP. Tom Strader wrote: Here's one for all you network guru's. Maybe someone can give me some insight on how to accomplish this. I've been task to establish a VPN connection between two sites, our main site and another EVenue. That, in itself is not a problem, I can get that done easily. Here's the problem... An application server on our main site communicates with wireless handheld scanners to scan tickets to verify they are valid. The handhelds must have a static IP on the same subnet as the application server. As anyone knows, you cannot have overlapping networks at two separate sites. Has anyone ran across this scenario before and made it work. EXP: Server's IP: 10.0.0.7 Handhelds: 10.0.0.20 through 10.0.0.30 static At our main site, we have a Sonicwall Pro 4060 with enhanced O/S At the remote site, a Sonicwall TZ170SP (wireless) with standard O/S. Sonicwall support says it can be done, but no one has ponied up to give me the correct configuration. Any assistance would be appreciated. I was thinking it could be done using CIDR maybe?? -- Phil Brutsche [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: VPN Issue
Wait a second, obviouslly this isn't ideal, but can't you just create an IP on the local network that port forwards traffic sent to it to the remote box? Just as if you were doing it to port forwards traffic from the WAN to a remotely unreachable box on the LAN? Tom Strader [EMAIL PROTECTED] 03/26/2008 08:29 AM Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com cc Subject RE: VPN Issue Thanks Phil, That's what I'm getting from Sonicwall. Management here wants us to create a miracle and make this happen with the equipment we have available and it just isn't going to happen. Time to call Paciolan and get another server license for the Access management software. Thanks for your time sir. Tom -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2008 4:07 PM To: NT System Admin Issues Subject: Re: VPN Issue The wireless-equipped SonicWALL firewalls are specifically designed to put wireless clients on a separate subnet from the wired clients. I've never used a TZ170 Wireless, but I have used the now-ancient SOHO TZW and the newer devices aren't all that different - there is no way to bridge the wireless subnet with the wired subnet. If the wireless scanners *MUST* be on the same subnet as the server (which I presume is wired), and the built-in wireless on your firewall is on a separate subnet and *CAN NOT* be configured otherwise... Time to go shopping for an AP. Tom Strader wrote: Here's one for all you network guru's. Maybe someone can give me some insight on how to accomplish this. I've been task to establish a VPN connection between two sites, our main site and another EVenue. That, in itself is not a problem, I can get that done easily. Here's the problem... An application server on our main site communicates with wireless handheld scanners to scan tickets to verify they are valid. The handhelds must have a static IP on the same subnet as the application server. As anyone knows, you cannot have overlapping networks at two separate sites. Has anyone ran across this scenario before and made it work. EXP: Server's IP: 10.0.0.7 Handhelds: 10.0.0.20 through 10.0.0.30 static At our main site, we have a Sonicwall Pro 4060 with enhanced O/S At the remote site, a Sonicwall TZ170SP (wireless) with standard O/S. Sonicwall support says it can be done, but no one has ponied up to give me the correct configuration. Any assistance would be appreciated. I was thinking it could be done using CIDR maybe?? -- Phil Brutsche [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: VPN Issue
Hey Ben, They (Sonicwall) thought of that but they still couldn't get the packets to pass correctly. There is a way to do it, but it would be problematic at best so we've decided to pursue this from another angle. One: we're looking to replace our firewall with something more flexible. Sonicwall devices have a tendency to work only with other Sonicwall devices. We've experienced that recently when trying to establish a VPN from a TZ170 to a Cisco router, the VPN would connect but no packets were passing. Two: We are pursuing Paciolan to give us a temporary license for the server software that normally costs 20K for us to use for this one event. We'll see what happens from here. Thanks for your time sir. Tom -Original Message- From: Ben Scott [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2008 5:51 PM To: NT System Admin Issues Subject: Re: VPN Issue On Tue, Mar 25, 2008 at 3:31 PM, Tom Strader [EMAIL PROTECTED] wrote: ... application server ... handhelds must have a static IP on the same subnet as the application server. Call the application vendor and tell them to fix their crappy software or you'll switch to the competition. Any assistance would be appreciated. I was thinking it could be done using CIDR maybe?? CIDR alone won't help you, as the application server will think everyone on the CIDR subnet is on the local broadcast domain, and try to ARP for them, rather than sending packets to the gateway. You might be able to do something with static host routes. On the server, you'd have to add a host route to each handheld, with the gateway being the VPN gateway/router. Not sure this would work. It makes my head hurt. It might be possible to use static one-to-one NAT between sites, and I think that would be better if so. For example: Make the main site 10.1.1.0/24. Make the remote site 10.2.2.0/24. Route and VPN between them as normal. Put the handhelds at the remote site on 10.2.2.32/28. Have the intermediate gateways translate 10.2.2.32/28 to 10.1.1.32/28 and back again. Also have the gateway for the main site do proxy ARP for the handhelds at the remote. This won't work if the IP payload embeds the handheld IP address, but a lot of applications just grab it from the IP headers. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: VPN Issue
Don't know Sonicwall stuff, but I'm guessing that the word you're looking for is 'bridge'. Kurt On Tue, Mar 25, 2008 at 12:31 PM, Tom Strader [EMAIL PROTECTED] wrote: Here's one for all you network guru's. Maybe someone can give me some insight on how to accomplish this. I've been task to establish a VPN connection between two sites, our main site and another EVenue. That, in itself is not a problem, I can get that done easily. Here's the problem... An application server on our main site communicates with wireless handheld scanners to scan tickets to verify they are valid. The handhelds must have a static IP on the same subnet as the application server. As anyone knows, you cannot have overlapping networks at two separate sites. Has anyone ran across this scenario before and made it work. EXP: Server's IP: 10.0.0.7 Handhelds: 10.0.0.20 through 10.0.0.30 static At our main site, we have a Sonicwall Pro 4060 with enhanced O/S At the remote site, a Sonicwall TZ170SP (wireless) with standard O/S. Sonicwall support says it can be done, but no one has ponied up to give me the correct configuration. Any assistance would be appreciated. I was thinking it could be done using CIDR maybe?? Thanks, Tom Strader Server Systems Administrator NC Blumenthal Performing Arts Center Charlotte, NC 28202 O: 704.379.1285 | F: 704.444.2098 http://www.linkedin.com/in/tstrader .¸¸.·´¯`·.¸(((º Swim on over ¸.·´¯`·.´¯`·.¸¸.·´¯`·.¸(((º to the PAC ¸.·´¯`·.´¯`·.¸.·´¯`·.´¯`·.¸.·´¯`·.¸(((º and catch some culture ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: VPN Issue
The wireless-equipped SonicWALL firewalls are specifically designed to put wireless clients on a separate subnet from the wired clients. I've never used a TZ170 Wireless, but I have used the now-ancient SOHO TZW and the newer devices aren't all that different - there is no way to bridge the wireless subnet with the wired subnet. If the wireless scanners *MUST* be on the same subnet as the server (which I presume is wired), and the built-in wireless on your firewall is on a separate subnet and *CAN NOT* be configured otherwise... Time to go shopping for an AP. Tom Strader wrote: Here's one for all you network guru's. Maybe someone can give me some insight on how to accomplish this. I've been task to establish a VPN connection between two sites, our main site and another EVenue. That, in itself is not a problem, I can get that done easily. Here's the problem... An application server on our main site communicates with wireless handheld scanners to scan tickets to verify they are valid. The handhelds must have a static IP on the same subnet as the application server. As anyone knows, you cannot have overlapping networks at two separate sites. Has anyone ran across this scenario before and made it work. EXP: Server's IP: 10.0.0.7 Handhelds: 10.0.0.20 through 10.0.0.30 static At our main site, we have a Sonicwall Pro 4060 with enhanced O/S At the remote site, a Sonicwall TZ170SP (wireless) with standard O/S. Sonicwall support says it can be done, but no one has ponied up to give me the correct configuration. Any assistance would be appreciated. I was thinking it could be done using CIDR maybe?? -- Phil Brutsche [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: VPN Issue
Wireless-equipped SonicWALLs don't support bridging the wireless and wired interfaces. Kurt Buff wrote: Don't know Sonicwall stuff, but I'm guessing that the word you're looking for is 'bridge'. -- Phil Brutsche [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: VPN Issue
On Tue, Mar 25, 2008 at 3:31 PM, Tom Strader [EMAIL PROTECTED] wrote: ... application server ... handhelds must have a static IP on the same subnet as the application server. Call the application vendor and tell them to fix their crappy software or you'll switch to the competition. Any assistance would be appreciated. I was thinking it could be done using CIDR maybe?? CIDR alone won't help you, as the application server will think everyone on the CIDR subnet is on the local broadcast domain, and try to ARP for them, rather than sending packets to the gateway. You might be able to do something with static host routes. On the server, you'd have to add a host route to each handheld, with the gateway being the VPN gateway/router. Not sure this would work. It makes my head hurt. It might be possible to use static one-to-one NAT between sites, and I think that would be better if so. For example: Make the main site 10.1.1.0/24. Make the remote site 10.2.2.0/24. Route and VPN between them as normal. Put the handhelds at the remote site on 10.2.2.32/28. Have the intermediate gateways translate 10.2.2.32/28 to 10.1.1.32/28 and back again. Also have the gateway for the main site do proxy ARP for the handhelds at the remote. This won't work if the IP payload embeds the handheld IP address, but a lot of applications just grab it from the IP headers. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~