headers
Jean-Francois Dive | 1 Oct 2003 12:35

Re: VPN Help

use the split tunneling option to only access your office network and
not 0.0.0.0/0.

J.

On Tue, 2003-09-30 at 17:50, Anand Baghel wrote:
> Hi,
> 
> Please help me on solving this problem. Forgive me if this was discussed 
> before, but I do not see a way to search the archives.
> 
> I am using VPN between two offices for transferring data. I have a single 
> machine that would need to be able to have multiple machines connected to 
> it.
> 
> I have Office1 and Office2. I have VPN server in Office1 and VPN client at 
> Office2 on Machine1. Office 2 has other machines on LAN. Lets say Machine2 , 
> Machine3, Machine4, Machine5.......
> 
> Office1             Office2
> PC-1------------|-------Machine1
>                   |-------Machine2
>                   |-------Machine3
> 
> 
> Here is the problem, when Machine1 is connected to the VPN server at 
> Office1, it disconnects itself with other machines i.e. Machine1 looses 
> connection with Machine2, Machine3.........
> 
> I am using CISCO PIX server / firewall at Office1 and VPN CISCO PIX Client
(Continue reading)

Permalink | Reply | 0 comments |
headers
Galeotos, John | 1 Oct 2003 16:26
Picon

VPN and broadband.


	Hello,

	Mostly I just read the list and try to digest the information, but
currently I've
	run into a situation where I could use some help. We have one user
that has
	never been able to access the VPN using his Bresnan broadband
account.
	I have several users that utilize the same service and have never
run into any
	problems. I suspect it is something physical at his home, whether it
is cabling
	or something similar. This is coming from a stance of very limited
knowledge
	about his set up. We did look at the laptop and we were able to get
VPN'd in
	using dial up ISP. We are using Cisco client on XP laptops and this
is the 
	only PC that has had any problems. Possibly a network config
problem? Any
	idea where I should go next? Just troubleshooting here so any ideas
would
	be appreciated. Thanks in advance.

	John E. Galeotos
Permalink | Reply | 2 comments |
headers
Nick | 2 Oct 2003 01:34
Picon

Re: VPN Help!

Andy,

I believe you are UK based, if so, then try http://www.adslguide.org.uk/
for more information.

If the connection is a standard 'basic' business ADSL package, then you
will have a 256Kbps upload, with a 20:1 contention ratio i.e. sharing
the 256Kbps with up to 19 other users. This is also rate adaptive, the
upload speed will vary with line length / quality between 100Kbps and
256Kbps. The expected increase in speed may not materialise.

There are various options; upgrade data rate / reduce contention ratio,
or if you are in London then look at SDSL. 

Regards,

Nick

> -----Original Message-----
> From: Andrew Burnett [mailto:ABurnett <at> saneline.org] 
> Sent: Monday, September 29, 2003 4:22 AM
> To: vpn <at> lists.shmoo.com
> Subject: [VPN] VPN Help!
> 
> 
> Hi
> 
> I am working for the Mental Health charity SANE, helping out on their IT
> side. My experience is as a Business Analyst/Project Manager in
> Application Development not Networking.
(Continue reading)

Permalink | Reply | 2 comments |
headers
Alberto Fabiano | 2 Oct 2003 13:58
Picon

RES: FreeSWAN CA 2.02 x PIX - Trouble in phase 2

Hi Jean-Francois,

	I already made some experiences, but now I verified that the trouble there
is in the following point:

	- ignoring informational payload, type NO_PROPOSAL_CHOSEN

	- max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable
response to our first Quick Mode message: perhaps peer likes no proposal

      I found several references on this message (some 18 in Google) but up
to now I didn't get to identify indeed what is, maybe for my poor experience
with FreeSWAN.

	Thankful to all for the helps, but I still seek a light! :-)

Att.
[]´s++

./alberto -fabiano

> -----Mensagem original-----
> De: Jean-Francois Dive [mailto:jef <at> linuxbe.org]
> Enviada em: terça-feira, 30 de setembro de 2003 08:02
> Para: Alberto Fabiano
> Cc: Vpn
> Assunto: Re: [VPN] FreeSWAN CA 2.02 x PIX - Trouble in phase 2
>
>
> you dont see the answer from the PIX, sounds like the problem is in the
(Continue reading)

Permalink | Reply | 1 comment |
headers
Jean-Francois Dive | 2 Oct 2003 15:44

Re: RES: FreeSWAN CA 2.02 x PIX - Trouble in phase 2

well yes, so you need to set both side to appropriate settings. Check
algorithms, protocols and selectors, they must match exactly (well lets
say exactly) to get the negociation to suceed. The debugs on the PIX
should show you the proposals. 

Again, if you want you should send your PIX ipsec config and freeswan
ipsec.conf file and one should be able to see what's not correctly
configured.

J.

On Thu, 2003-10-02 at 13:58, Alberto Fabiano wrote:
> Hi Jean-Francois,
> 
> 	I already made some experiences, but now I verified that the trouble there
> is in the following point:
> 
> 	- ignoring informational payload, type NO_PROPOSAL_CHOSEN
> 
> 	- max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable
> response to our first Quick Mode message: perhaps peer likes no proposal
> 
>       I found several references on this message (some 18 in Google) but up
> to now I didn't get to identify indeed what is, maybe for my poor experience
> with FreeSWAN.
> 
> 	Thankful to all for the helps, but I still seek a light! :-)
> 
> 
> Att.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Adam Mazza | 2 Oct 2003 15:54

Re: VPN and broadband.


Does he have any kind of broadband router? I know certain routers either
need a firmware upgrade, or don't handle the ipsec traffic well at all. On
a Linksys AP/Router before the firmware was upgraded I would see the cisco
client connect, but then no traffic would get passed at all.

Regards,

Adam Mazza

On Wed, 1 Oct 2003, Galeotos, John wrote:

>
> 	Hello,
>
> 	Mostly I just read the list and try to digest the information, but
> currently I've
> 	run into a situation where I could use some help. We have one user
> that has
> 	never been able to access the VPN using his Bresnan broadband
> account.
> 	I have several users that utilize the same service and have never
> run into any
> 	problems. I suspect it is something physical at his home, whether it
> is cabling
> 	or something similar. This is coming from a stance of very limited
> knowledge
> 	about his set up. We did look at the laptop and we were able to get
> VPN'd in
> 	using dial up ISP. We are using Cisco client on XP laptops and this
(Continue reading)

Permalink | Reply | 0 comments |
headers
Joe S | 2 Oct 2003 16:33
Picon
Favicon

Re: VPN and broadband.

My best guess is this: many companies are now filtering out IPSEC ports 50, 51 and 500 to keep VPN off their
networks, unless you pay a premium. Comcast is one of the culprits, which has a major impact to many
customers. Standard cable internet service is $30 a month, their pro service which does nothing more but
pass these ports and allow you to host if you are so inclined. 

The moral to this story, if there is one, is that connection services are no longer going to offer the free
ride that the 'Net is famous for. Time to change the business model, again.

-----Original Message-----
From: "Galeotos, John" <john.galeotos <at> us.army.mil>
Sent: Oct 1, 2003 9:26 AM
To: vpn <at> lists.shmoo.com
Subject: [VPN] VPN and broadband.

	Hello,

	Mostly I just read the list and try to digest the information, but
currently I've
	run into a situation where I could use some help. We have one user
that has
	never been able to access the VPN using his Bresnan broadband
account.
	I have several users that utilize the same service and have never
run into any
	problems. I suspect it is something physical at his home, whether it
is cabling
	or something similar. This is coming from a stance of very limited
knowledge
	about his set up. We did look at the laptop and we were able to get
VPN'd in
(Continue reading)

Permalink | Reply | 2 comments |
headers
Siddhartha Jain | 2 Oct 2003 16:54
Picon
Favicon

Re: VPN and broadband.

I believe the Cisco VPN client has a logging option.
Turn it on and see what it says.

Apart from that DSL connections have a problem with
MTU size on PPPoE. See this
http://www.dslreports.com/faq/695

 --- "Galeotos, John" <john.galeotos <at> us.army.mil>
wrote: > 
> 	Hello,
> 
> 	Mostly I just read the list and try to digest the
> information, but
> currently I've
> 	run into a situation where I could use some help.
> We have one user
> that has
> 	never been able to access the VPN using his Bresnan
> broadband
> account.
> 	I have several users that utilize the same service
> and have never
> run into any
> 	problems. I suspect it is something physical at his
> home, whether it
> is cabling
> 	or something similar. This is coming from a stance
> of very limited
> knowledge
> 	about his set up. We did look at the laptop and we
(Continue reading)

Permalink | Reply | 0 comments |
headers
Siddhartha Jain | 2 Oct 2003 16:59
Picon
Favicon

Re: VPN PIX-FreeSwan established but no connection

On the PIX, do "debug crypto ipsec" and see the
output. 

How do you know the IPSec tunnel is established?

 --- jmondaca <at> entelsa.entelnet.bo wrote: > 
> 
> 
> 
> Looking the IPSEC and ISAKMP debugs at the PIX, the
> VPN between this boxes
> are already established but when someone behind the
> FreeSwan network tries
> to connect to the inside PIX network there are no
> results (no pings, no
> telnets).
> 
> If someone have any idea what could it be please.
> 
> 
> Jorge Mondaca
> 
> _______________________________________________
> VPN mailing list
> VPN <at> lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn 

________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://mail.messenger.yahoo.co.uk
(Continue reading)

Permalink | Reply | 0 comments |
headers
Bill Yazji | 3 Oct 2003 02:00

RE: VPN and broadband.

I don't think that's 100% true yet.. Comcast WAS talking about it - but I
don't believe anyone has done the deed yet.

The best pay around any ISP lock, UDP encapsulate your VPN :) they won't
know that your UDP port 40xxx is carrying IPSec :)

-----Original Message-----
From: vpn-bounces+byazji=psualum.com <at> lists.shmoo.com
[mailto:vpn-bounces+byazji=psualum.com <at> lists.shmoo.com]On Behalf Of Joe
S
Sent: Thursday, October 02, 2003 9:33 AM
To: Galeotos,John; vpn <at> lists.shmoo.com
Subject: Re: [VPN] VPN and broadband.

My best guess is this: many companies are now filtering out IPSEC ports 50,
51 and 500 to keep VPN off their networks, unless you pay a premium. Comcast
is one of the culprits, which has a major impact to many customers. Standard
cable internet service is $30 a month, their pro service which does nothing
more but pass these ports and allow you to host if you are so inclined.

The moral to this story, if there is one, is that connection services are no
longer going to offer the free ride that the 'Net is famous for. Time to
change the business model, again.

-----Original Message-----
From: "Galeotos, John" <john.galeotos <at> us.army.mil>
Sent: Oct 1, 2003 9:26 AM
To: vpn <at> lists.shmoo.com
Subject: [VPN] VPN and broadband.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane