Cisco VPN + WM6 Internet Sharing? - Networking

Anyone get these two to play nice together?
Details:
Cisco PIX 501e at the office
WM6 3g phone (HTC TyTn II)
vista/xp laptop (working properly on either would be great right now )
VPN setup on the pix is, i believe, fine. I could be wrong tho, i set it up by trial and error + reading the manual having never even touched a cisco device before
It works tho and has worked flawlessly for months now with Cisco VPN Client on XP or Vista machines.
Old phone was WM5 and used the clunky and annoying modem emulator to enable a laptop to use it to connect to intarwebs in the middle of nowhere, this was great and after faffing about getting it setup worked fine (required you to be logged in as administrator on vista tho :\ and not just a user account with admin privileges, actually administrator. Annoying.)
New phone is WM6 and uses internet sharing to connect with a laptop, this is a much better solution with no faffing about in vista and XP
Problem: Cisco VPN client connects to the pix through Internet Sharing on the phone just fine, however no traffic gets through.
Cannot ping, web browse, dns, rdc or anything to the network at work. Tried with Cisco VPN client v4.6.00.0049 and v5.0.01.0600 on XP and v5.0.00.0340 on Vista, none work.
This sucks
Now, i know its not a problem with the laptop or the vpn software on the laptop as these work fine when connected over ethernet or wifi.
Its not a problem with the phone's 3g connection, i installed a trial of bluefire vpn client onto it and that connects to the vpn and works just fine when the phone is in standalone mode.
However for the life of me i cannot get the two bloody things to work together.
Plz halp

Hi,
Often times, the inability to ping a local host (computers or other connected devices e.g router, hardware firewall, printer, PPC, etc) or hosts, is due to the firewall not allowing traffic through the router. It can also be that the hosts are incorrectly configured to be on different subnets, even though they are local, as in your own case.
Proceed as follows to troubleshoot:
a). Ping the router
Note that the idea is to see if we can establish communication with the router or hardware firewall such as the Pix.
At command prompt (c:\>) type:
ping 192.168.0.1
(each router manufacturer uses a different default internal IP address for its router) - the one above is for a Netgear or D-Link router - for a Cisco router, you would need to know the Cisco IOS command - see your router manual for this.
b). ipconfig /all
Note: there is a space before the forwardslash.
When it returns the parameters, check to see that the IP addresses are all on the same subnet.
This is crucially important for you to take good note. If you are not able to ping a local host or gateway, it's most likely due to this.
c). Ping the Pix Firewall (using its IP address)
d). Ping a remote IP address, e.g. your ISP's gateway or DNS server
e). Is there traffic? If it returns successfully, then ping the other hosts, including the VPN client.
Pix Firewall
Check to see that the Access Control List is configured correctly by ensuring that the IP addresses of the connected hosts have been entered, with the relevant access rights.
Router
Log on to the router. Whilst there:
Ensure that the hosts (computers, etc) are all on the SAME subnet. If they are on different subnets, you must correct the IP addresses to reflect that they are on the same subnet.
Note: If you do really want them to be on different subnets, then you need to use a default gateway.
Hope this helps.
kiwi992.

Related

Terminal Server/Remote Desktop connection over VPN?

I'm trying to connect to my server at work through the Jasjar's Terminal Services Client over a VPN and it's not working. The VPN connects and I can open up a web site on the server using an internal address, but the Terminal Services Client just times out. I can connect with the Terminal Services Client to other servers without using the VPN and I can connect through the VPN with a PC, so I don't know what's wrong. Any thoughts?
Thanks,
Brett
are you using internal dns name or internal ip, if dns the ip should work and its cos your not internally resolving, i have this prob with when i vpn in to my server, dns does eventually resolve but ip is instant
Is the vpn terminal services restricted by IP address? Are you using gprs or wifi? If gprs maybe the ip range is not set up on the vpn??? If using gprs are you using the apn internet3.voicestream.com?
Sorry, I know, not much help. Mine seems to work
I'm trying to connect by IP address over wifi. The Jasjar does recognize that it should go over the VPN because it will automatically make the VPN connection when I try to start the TSC connection.
I'm glad to hear that it's working for you guys, though, so at least I know it's possible.
Thanks,
Brett
TSC/RDP
I am also having difficulty in this area and havent been able to resolve when using WIFI from my AP at home over ADSL to the Public IP address, then a TSC/RDP connection to the internal network IP address of our TS box.
I can easily get to the TS box via the WIFI AP at work directly, just not from the home AP. I can easily use the home AP for my home laptops to connect to work, so I know the systems at both end are up and operational.
In summary, I just dont know why the JJ doesnt VPN via the home AP over the ADSL to public IP to use the TSC to the internal IP of the TS box.
I just wanted to follow up on this. For some reason both of the servers I was trying to RDP into behind the firewall were in some wierd state and they weren't accepting any connections from anything but my desktop PC. I rebooted them today and that solved the problem I was having.
Thanks,
Brett

Accessing SMB shares when using GPRS or 3G data connection troubles

Hi Folks,
I am having trouble trying to access any SMB shares when connected through 3G(or 2G) to my VPN. The VPN connects, and using VXUtils I can see that Host names resolve correctly to IP for my network, I can ping by host name and IP to my devices and I can do an ip range scan and it finds all the hosts connected to my home network. I can use RDP to connect to my XP machine through host name (With or without using pocket hosts) and I can view the setting html pages of my router through internal ip's but I cannot access any shares! Just to make matters a little more complex, if I connect through a wireless network (using the VPN) everything works fine (assuming it is allowing pptp passthrough)!!!
Oh yes, and the VPN itself and forwarding on the router etc is all fine as laptops and desktops can connect remotely (and of course so can I).
It is a Vario 3 on T-mobile.
Any ideas anyone? All I want to do is be able to access my SMB file shares (on a mybook world edition) whilst out on the move.
Thanks.

ICS & VPN with WM6

My searches on the web haven't yielded much help or information so I thought I would come to the experts...
I have a Treo 750 that I just "upgraded" to WM6 2 days ago. I noticed that DUN has gone away and was replaced by ICS. After configuring my laptop to use that instead of DUN I connected and was surfing the web. My problem now is VPN. I travel frequently (luckily I'm in the office until Jan.) and regularly used my phone to connect to the corporate network via VPN. I also work with a lot of other companies and have VPN access to their systems as well. Basically now I can open my Cisco VPN client, connect to a VPN gateway, authenticate, get assigned all the appropriate IP information, but cannot communicate on the network. What gives? Is there a solution to this? If not, what the heck was MS thinking when they did this!? My phone is basically useless for one of the major reasons I bought it...
Any help is appreciated!
thanks!
Ok, further searches found that DUN can be added back into WM6 via a cab that was posted here at the XDA forums. I installed it and the DUN service is now visible again. I unpaired by phone and laptop, re-paired, and included DUN. Now when I try to connect, I get the DUN connection box after the bluetooth connection is initiated but when I click DIAL I get the DIALING... prompt, followed by Error 678: The remote computer did not respond.
Anybody get this working on a Treo 750? Thoughts, ideas suggestions?
What is the ip address you are getting via the cisco vpn client
It maybe that it is in the same subnet as the ip address assigned to the pc from the wm6 ics. The ICS gives the address 192.168.0.1. and if your Cisco is also giving a 192.168 address then you will have two routes for the 192 address range thus giving you the problem when accessing hosts.
If this is the problem Im pretty sure you can change the address allocated via the ICS using a registry editor. If not you may be able to get work to use a different range for you on the cisco vpn.
Our corporate network is 172.x.x.x so it's nowhere near the 192.168.0.x assigned by the phone. When I look at the route in the VPN client I see 192.0.0.0, 10.0.0.0, and 172.0.0.0 so I am assuming 192 is my laptop, 10 is the phone, and 172 is the corporate network.
I'm guessing NATing is the problem. I've been reading that if I use a different APN (isp.cingular instead of wap.cingular) there is no NATing. I've tried both, and I've tried turning off and on the "force AT&T" proxy setting to no avail.
Tried the DUN cab hack that is floating around for WM6 also. The service is active again and I can also add Modem Link back in and my laptop sees my Treo as a modem but when I dial I get an error stating the remote computer did not respond. I'm guessing along with going from WM5 to WM6 AT&T also updated the radio so the old communications protocols don't work anymore?
Hello Sir,
I have exactly the same problem... I have successfully connected via VPN, however unable to communicate with any devices on that network... Then what is the use of VPN on the phone? I've tried searching online for answers, but no luck... People are having the same problem but no one knows how to solve it... I'll try and trouble shoot this problem more as soon as my exams are done...
Hi
Working successfully for me. I am using Imate jasjam wm6. Pc using cisco client connecting via ics on phone. I have telstra 3g connection tested ok on both telstra.internet (Nated ip) and telstra.extranet (real ip).
You are correct it may be an nat issue. Can you check that your transparent tunnelling is on as follows: right click on your connection entry in cisco client and select modify then transport tab. Check that enable transport tunneling is enabled ipsec over udp(Nat/pat).
The other thing to check is that the cisco vpn server aslo has transport over Nat on as well.
Also are you sure your corporate ip range is 172 or is that the range given by the cisco vpn to clients.
Transport tunneling is on (always was). I'll have to check with our network admin and check on the VPN server setting...I guess as long as I have connectivity back to the office, I don't need it that badly for all the customers I need to connect to at various times.
Yep, positive on the corporate IP. Right now it is 172.28.1.87 and I'm in the office.
Thanks for the help so far. Got any other suggestions on how I can troubleshoot further?
One other thought...should I modify the registry on the phone to assign a different IP address to my laptop? Would that help?
Same Problem
MX. I am having the exact same issue but with Securemote VPN. I've looked through the registry and found the assigned address, but I'm wary of changing anything until I can find some more information.
Anyone out there ever change the DHCP configuration for their phone?
Somewhat related question?
Im attempting to route my connection on my mobile through a laptop acting as a wan bridge, then uplinking it into the router. The issue Im having is that XP and WM6 both use the same IP Block. Ive read and read and cant find much to tell me how to change the WM6 IP BLock to something like 192.168.2.1 rather than the default 192.168.0.1
Does anyone have any pointers? Ive looked through the registry. There MUST be a simple way to change a default.
To clarify my setup, I am using ICS Via USB into a UMPC laptop running XP. The UMPC is set to share that same connection back out over Ethernet. The ethernet runs into my WAN Uplink on the router and then back out via wifi/rj-45
This setup works as I have done it using Wifi with other networks, and I can chose the "Lan3" to share under the advanced settings on the UMPC. The reason I dont just share out via Wifi from the start is that Wifi on my Kaiser and Raphael both make the device to hot to charge, thusly killing the battery within a couple hrs of sharing. If I share via USB , it stays pretty cool and still charges.
Anyone have any pointers?
I have already tried tricking XP into using the Lan on another block but as soon as you try to share the USB lan, it reverts back to the 192.168.0.1
The only way I can imagine is a registry modification or a program change in ICS.
Thanks Much!

remote desktop problem

Hi everyone,
I would like to connect to my laptop next room from local network. I can connect perfectly when I type in my IP address into the first textbox (Computer), but I can't connect when I type in my Computer Name (full computer name) instead. I tried MyPCName as Computer, \\MyPCName as Computer, forwarding port 3389 to my IP, leaving domain name empty, putting in my workgroup name as a domain, putting in my computer name as a domain, putting in myPCName\MyUserName as Username, \\MyPCName as Computer, still the same. It won't connect unless I put in the IP address. I would like to do this since my workplace assigns a different IP to my laptop then I assign at home, but naturally I have the same computer name at both places, so I would like to have a permanent setting for both places.
I'm running Windows 7 64 bit on my laptop and 1.66.405.2 ROM on my HTC HD2.
Many thanks in advance.
can you connect to it ok using another computer? might be a dns issue at a guess...
I can connect from other computers fine. Also on my HD2 I can see the host names of PC's under Resco Explorer and map them. However, remote desktop mobile refuses to work with the Computer Name. I can ping my Laptop's IP and also Computer name from pingbox2. Only in Remote Desktop Mobile there is a problem.
windows 7 by default blocks remote desktop connections from different versions of remote desktop. if you right click computer and select properties, then choose remote settings on the right hand side and select the middle option (accept connections from all verions of remote desktop). havent tried this my self but it solves most issues when using different versions of windows
OK, I sort of figured it but would still appreciate some help. Here is how I got it to work:
I had OpenDNS IP under DNS settings for wireless adapter. I deleted them. If I don't do this, pinging my computer name from HD2 always brings 67.215.65.132, which is opendns and not my true local IP, i.e. 192.168.x.x. I also had to disable the data connection (3G) and only have wireless. If I don't disable 3G, I can only connect with IP and not computer name. Only after doing these 2, when I pinged my computer name, I got the true local IP and I was able to connect with Remote Desktop Mobile using computer name. Now my question is:
1- I don't want to quit using opendns, is it possible?
2- I don't want to disable 3G connection every time, is it possible?
thanks in advance.
For me it works with MyPCName in computer and empty domain, both for XP and 7.
Something seems strange with your phone's networking configuration. At a guess (and this is a long shot), I would check your VPN settings on your phone to make sure you're not connecting to a different domain over 3G as this might explain why it works when you turn off the data connection on the phone and why it works by IP address.
As I said though, it's a long shot and is the only thing I could think of that fits your particular symptoms...
ozkaya said:
OK, I sort of figured it but would still appreciate some help. Here is how I got it to work:
I had OpenDNS IP under DNS settings for wireless adapter. I deleted them. If I don't do this, pinging my computer name from HD2 always brings 67.215.65.132, which is opendns and not my true local IP, i.e. 192.168.x.x. I also had to disable the data connection (3G) and only have wireless. Only after doing these 2, when I pinged my computer name, I got the true local IP and I was able to connect with Remote Desktop Mobile using computer name. Now my question is:
1- I don't want to quit using opendns, is it possible?
2- I don't want to disable 3G connection every time, is it possible?
thanks in advance.
Click to expand...
Click to collapse
about the open dns issues, I suspect that can be solved by making sure your router lets the incoming connection into your home network (you say it resolves to 66.whatever when open dns is used, shouldn't be a problem do long as you don't forget that will be your home ip address so that connection will neef to be allowed through the router and then forwarded by your routers virtual server (our whatever your router software calls out) to your laptops internal ip address.
as for the 3g it should use wifi over 3g by default..... mine certainly does, no need for me to disable it.
tomallen35 said:
Something seems strange with your phone's networking configuration. At a guess (and this is a long shot), I would check your VPN settings on your phone to make sure you're not connecting to a different domain over 3G as this might explain why it works when you turn off the data connection on the phone and why it works by IP address.
As I said though, it's a long shot and is the only thing I could think of that fits your particular symptoms...
Click to expand...
Click to collapse
I think you're right, when the 3G is on (and also Wifi on), Resco shows computers from all around the country when I click computers near me and not my local network. When only wifi is on I can see my local computers. 3G probably has precedence over Wifi? How can I correct this?
samsamuel said:
about the open dns issues, I suspect that can be solved by making sure your router lets the incoming connection into your home network (you say it resolves to 66.whatever when open dns is used, shouldn't be a problem do long as you don't forget that will be your home ip address so that connection will neef to be allowed through the router and then forwarded by your routers virtual server (our whatever your router software calls out) to your laptops internal ip address.
as for the 3g it should use wifi over 3g by default..... mine certainly does, no need for me to disable it.
Click to expand...
Click to collapse
But the 66.whatever address is generic openDNS lookup IP and same for everyone. Are you suggesting me to route this IP to my local IP, i.e. 192.168.x.x? Oh, one more thing, I can also connect when 3g and wifi are both on, but only through computer's IP and not computer name. Can you connect with computer name while both are on and connected?
when your phone does a dns lookup on the name it resolves to the open dns assigned address (not the same for everyone, otherwise the open fns system wouldn't work) so to connect to your computer the phone sends its request to open dns who forward that request to your current actual address.at home that address is your home ip address BUT it isn't your laptops address it is your routers address.(stop reading here if you don't have a router).
so the router needs to be told "if you get a connection request in port (whatever the remote desktop port is) please forward it to (laptop ip address)
its called port forwarding in some routers, virtual server in others.
samsamuel said:
so the router needs to be told "if you get a connection request in port (whatever the remote desktop port is) please forward it to (laptop ip address)
its called port forwarding in some routers, virtual server in others.
Click to expand...
Click to collapse
You're mixing up things a bit - he's not using dns but the computer netbios name. The point is that he has wifi on and connected as well as 3G, thus with an "intranet" ip address on Wifi... so the program/phone should be looking up the name on that connection, where it would find it, instead of looking up over the 3G connection. As the netbios protocol is not routable, it has no chance of finding the computer name over 3G/internet and back home, even with port mappings.
kilrah said:
You're mixing up things a bit - he's not using dns but the computer netbios name. The point is that he has wifi on and connected as well as 3G, thus with an "intranet" ip address on Wifi... so the program/phone should be looking up the name on that connection, where it would find it, instead of looking up over the 3G connection. As the netbios protocol is not routable, it has no chance of finding the computer name over 3G/internet and back home, even with port mappings.
Click to expand...
Click to collapse
you're totally right, I have a router and its port is forwarded to my laptop IP, but this is only good (and works well too) when I want to connect from Internet to my local network. I tried OpenDNS exceptions for VPN and defined an exception named as MyComputerName but it didn't work. Then I tried a dyndns solution, but it only works for external connections and not local network, i.e. it can't map local IP's. What I need is a dynamic client which can update my local IP.
I also tried to edit hosts entry in the registry with MyComputerName. It works for a single IP, but I'm not sure if I can write multiple IP adresses (my work and home local IP) into that. If I could maybe everything would be OK.
I've just tried a couple of things and it really works fine for me. If I connect Wifi only, I can remote desktop with the computer name. If I then connect data connection, it still works. Disabling wifi and obviously it doesn't work anymore. Re enabling wifi, it doesn't work at first, but does again after ~30 seconds once the netbios protocol has done its host lookup procedures.
There simply shouldn't be anything special to do.
kilrah said:
I've just tried a couple of things and it really works fine for me. If I connect Wifi only, I can remote desktop with the computer name. If I then connect data connection, it still works. Disabling wifi and obviously it doesn't work anymore. Re enabling wifi, it doesn't work at first, but does again after ~30 seconds once the netbios protocol has done its host lookup procedures.
There simply shouldn't be anything special to do.
Click to expand...
Click to collapse
thank you very much for your time, I appreciate it. You're right in that waiting a bit resolves the issue (it's a bit more than 30 secs for me that's why I thought it wasn't working when 3G is enabled) but only when OpenDNS is not used. I assume you don't use OpenDNS, right? Once I put that one into equation, it takes over NetBIOS protocol and returns its IP instead of the local IP(192.168.x.x). As far as I understand, DNS lookup has precedence over NETBIOS and if the name is not found in DNS it consults NETBIOS protocol. However OpenDNS has this nice "feature" where it finds the name with its own IP. There are several posts about this on its webpage and they say to either disable the typo correction or put exceptions for Netbios names, but sadly none of them works for me right now.
Nope, no OpenDNS, never actually heard of it.
How does it work? Do you enter their DNS server address in the network settings of your pc/phone, or is it an app you run?
you click Start/Settings/All Settings/Connections/Wifi/First Button/Switch to Network Adapters tab/Select Broadcom 802.11 DHD Network Adapter/Switch to Name Servers Tab/Type in 208.67.222.222 for primary DNS and 208.67.220.220 for secondary DNS, click OK. that's all. Could you try if it's not so much trouble? Thanks.
OK, remote desktop doesn't work either with the OpenDNS servers in.
I'm pretty sure it must be a limitation of the remote desktop app itself, as resco explorer can still navigate and/or discover the network shares of my other PCs with no problem. NBTStatCE also finds everybody.
Wouldn't even surprise me, as that Remote desktop mobile has always been troublesome. I don't remember exactly, but in the WM5 days it was pretty much impossible to use on a local network due to a weird handling of names... if I remember well all "local" (NetBIOS) addresses without a '.' entered in the remote desktop app would be redirected to the "Work" connection, while "remote" ones with a period would be directed on the "Internet" connection. As a network card can only be defined as one of them, if you wanted it to work in both cases through Wifi you had to switch the card from Work to Internet and back all the time. And of course when it's on Work it breaks some other things that use the default system handling like mail.

New to VPN, need help if you have a momment

I have a simple home net using mostly windows vista and 7 computers, some printers, external hd servers for backup storage and cameras in a workgroup static ip setup behind an off the shelf router. i set one of the computers as the vpn server since i dont want to buy a dedicated hardware vpn in a vista ultimate machine thats on 24/7 anyway with an incomming server... with the correct ports forwarded from the router to the vpn host.
my remote vpn laptop connects to the vpn fine and can see the network resources, however, has no internet connection once the vpn is connected. do i have to set the host vpn computer to do some sort of its own dns assignments to the incomming connection? its set for dhcp so i dont know why it would assign a valid IP to an incomming but not any other info.
in other words, on my remote laptop, i can connect to a random wireless internet hotspot and have full internet access. I can then enable vpn and log in to my home network and see all the network resources, however if i try to use an internet browser, there appears to be no internet. if i disconnect the vpn, the internet resumes to work fine and obviously the vpn resources are no longer accessable.
what am i missing? under incomming connection properties general tab, "allow others to make private..." is checked, under users the correct user is selected along with "require all users to secure...", and under networking ipv4 "allow callers to access..." is checked, and assign ip auto using dhcp is checked so I would think it should be working fine at this point, however it doesn list anywhere a gateway or dns to assine to incomming connections, only ip's.
host vpn computer is vista ultimate with static ip behind a retail router also assigned a static ip via my home isp.
the remote laptop is running ubuntu 12. just for kicks and to rule out ubuntu causing some problem, i set my android phone up for vpn use via 4g network, and the same thing happens. connects vpn fine, has local resources, but loses internet.
i also was curious as to having a vpn log in for the existing user account on the vpn host machine... in other words, should i just add the username on the host computer as a vpn client, and log in vpn using those credentials? and will that even work if that account is logged in, or will i have to remember to log out when im on the road to use the vpn connection.
thanks all!

Categories

Resources