This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cisco VPN Client

Can any one show me step by step how to config Cisco VPN clinet.

i'm able to connecet with the clinet and get an Ip from the Pool. 192.160.0.1

But the Defualt Gateway in the same IP Address. but NO DNS.

and i can Ping the Interface the I did conect from (External Interface) 192.168.1.200 but i cant ping the internal interfece.

please show me how to be able to access the internat network & how to be able to access the Internet trough the VPN.

This thread was automatically locked due to age.

Parents

0 BAlfson over 16 years ago
This is a summary of some of the best practices mentioned here over the last year:
Activate the DNS Proxy.
Set the Allowed Networks to the Host definition of your internal Name Server; do not use Internal (Network)'.
To the Astaro, add the desired external 'Forwarders' which you've had listed in your internal DNS. In your Internal DNS, replace all the forwarders with the IP of the Astaro's 'Internal (Address)'. Now, your internal devices will look to your internal DNS for name resolution, it will look to the Astaro to resolve names not in its own cache and the Astaro will query your ISP's name servers for any names not in its cache.
Extra points! - Add 'Request Routing' so that reports have computer names instead of IP addresses for your internal devices:
'30.20.10.in-addr.arpa → [internal DNS]' for an internal subnet of 10.20.30.0/24.

Cheers - Bob
PS With thanks to BarryG and BruceK who taught me some of this.
Cancel
Vote Up 0 Vote Down

Cancel
0 madifor over 16 years ago in reply to BAlfson

Perhaps i am to blond / stupid.. [:S] but i can't get it working.
Is it possible to make a short doc with screen shots where is explained where what to set..
If i compare when i create a vpn tunnel to a cisco router, on a cisco router i can specify all kind of dhcp pool option, so also the dns server.
Is this going to be built-in in a next release ??

regards
Cancel
Vote Up 0 Vote Down

Cancel
0 madifor over 16 years ago in reply to madifor

Not sure if the problem with DNS which we are trying to solve is related to the following but it is a thing i want to share.
Currently i have 2 interfaces configured on my Security Gateway (Normal Pc running versiom 7.405, 2 dual NIC 10/100Mbit)
WAN NIC has IP 192.168.1.248.
LAN NIC has IP 192.168.10.248

When I connect via Cisco VPN Client to my WAN Interface (192.168.1.248) from the WAN Network , the vpn connection is established.

Ipconfig output below
Ethernet adapter LAN:

        Physical Address. . . . . . . . . : 00-0C-29-8E-BA-B6
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.10
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 192.168.1.1
        Lease Obtained. . . . . . . . . . : Friday, August 21, 2009 11:19:16 AM
        Lease Expires . . . . . . . . . . : Friday, August 28, 2009 11:19:16 AM

Ethernet adapter VPN:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Cisco Systems VPN Adapter
        Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.242.5.1
        Subnet Mask . . . . . . . . . . . : 255.0.0.0
        Default Gateway . . . . . . . . . : 10.242.5.1

As shown the vpn connection doesn't get a DNS Server assigned
And a other strange thing is the Subnet assigned.
In the VPN Pool assignment subnet of 255.255.255.0 is declared but the pc get a subnet of 255.0.0.0

I think i have found where the problem is.

For this example i selected a website (Webwereld) as example

Name:    Webwereld
Address:  213.244.172.155

When i perform a traceroute from the connected pc to site the first HOP is 192.168.1.248, followed by my ISP DSL modem etc...) as shown below.

C:>tracert 213.244.172.155

Tracing route to 213.244.172.155 over a maximum of 30 hops

  1    12 ms     1 ms     1 ms  192.168.1.248
  2     3 ms     2 ms    12 ms  192.168.1.1
  3    20 ms    20 ms    20 ms  85.145.252.1
  4    25 ms    24 ms    25 ms  194.134.154.149
  5   144 ms   222 ms     *     194.134.161.21
  6    26 ms    25 ms    79 ms  194.134.161.161
  7    27 ms    32 ms    25 ms  194.134.41.129
  8    31 ms    29 ms    29 ms  194.25.211.34
  9    36 ms    28 ms    29 ms  4.69.139.170
10    30 ms    29 ms    32 ms  212.72.45.164
11    52 ms    29 ms    29 ms  213.244.172.155

Trace complete.

WHen performing a nslookup it still tries to use the DNS server from my provider dsl modem).

C:\>nslookup Webwereld
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address 192.168.1.1: Timed out
*** Default servers are not available
Server:  UnKnown
Address:  192.168.1.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

When performing nslookup towards the WAN IP i get the same output.
C:\>nslookup Webwereld 192.168.1.248
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address 192.168.1.248: Timed out
Server:  UnKnown
Address:  192.168.1.248

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

When i do the same but using the LAN IP it works fine.

C:\>nslookup www.webwereld.nl 192.168.10.248
Server:  asg.demuldriaan.org
Address:  192.168.10.248

Non-authoritative answer:
Name:    www.webwereld.nl
Address:  213.244.172.155
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 madifor over 16 years ago in reply to madifor

Not sure if the problem with DNS which we are trying to solve is related to the following but it is a thing i want to share.
Currently i have 2 interfaces configured on my Security Gateway (Normal Pc running versiom 7.405, 2 dual NIC 10/100Mbit)
WAN NIC has IP 192.168.1.248.
LAN NIC has IP 192.168.10.248

When I connect via Cisco VPN Client to my WAN Interface (192.168.1.248) from the WAN Network , the vpn connection is established.

Ipconfig output below
Ethernet adapter LAN:

        Physical Address. . . . . . . . . : 00-0C-29-8E-BA-B6
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.10
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 192.168.1.1
        Lease Obtained. . . . . . . . . . : Friday, August 21, 2009 11:19:16 AM
        Lease Expires . . . . . . . . . . : Friday, August 28, 2009 11:19:16 AM

Ethernet adapter VPN:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Cisco Systems VPN Adapter
        Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.242.5.1
        Subnet Mask . . . . . . . . . . . : 255.0.0.0
        Default Gateway . . . . . . . . . : 10.242.5.1

As shown the vpn connection doesn't get a DNS Server assigned
And a other strange thing is the Subnet assigned.
In the VPN Pool assignment subnet of 255.255.255.0 is declared but the pc get a subnet of 255.0.0.0

I think i have found where the problem is.

For this example i selected a website (Webwereld) as example

Name:    Webwereld
Address:  213.244.172.155

When i perform a traceroute from the connected pc to site the first HOP is 192.168.1.248, followed by my ISP DSL modem etc...) as shown below.

C:>tracert 213.244.172.155

Tracing route to 213.244.172.155 over a maximum of 30 hops

  1    12 ms     1 ms     1 ms  192.168.1.248
  2     3 ms     2 ms    12 ms  192.168.1.1
  3    20 ms    20 ms    20 ms  85.145.252.1
  4    25 ms    24 ms    25 ms  194.134.154.149
  5   144 ms   222 ms     *     194.134.161.21
  6    26 ms    25 ms    79 ms  194.134.161.161
  7    27 ms    32 ms    25 ms  194.134.41.129
  8    31 ms    29 ms    29 ms  194.25.211.34
  9    36 ms    28 ms    29 ms  4.69.139.170
10    30 ms    29 ms    32 ms  212.72.45.164
11    52 ms    29 ms    29 ms  213.244.172.155

Trace complete.

WHen performing a nslookup it still tries to use the DNS server from my provider dsl modem).

C:\>nslookup Webwereld
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address 192.168.1.1: Timed out
*** Default servers are not available
Server:  UnKnown
Address:  192.168.1.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

When performing nslookup towards the WAN IP i get the same output.
C:\>nslookup Webwereld 192.168.1.248
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address 192.168.1.248: Timed out
Server:  UnKnown
Address:  192.168.1.248

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

When i do the same but using the LAN IP it works fine.

C:\>nslookup www.webwereld.nl 192.168.10.248
Server:  asg.demuldriaan.org
Address:  192.168.10.248

Non-authoritative answer:
Name:    www.webwereld.nl
Address:  213.244.172.155
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data