Category Archives: VPN

How to Install Cisco IPsec VPN on Windows 10 – KB10392392

KB10392392

  1. Uninstall all Cisco VPN clients
  2. Reboot
  3. Uninstall dne update
  4. Reboot
  5. Run winfix.exe found here ftp://files.citrix.com/winfix.exe
  6. Reboot
  7. Install the newest 64 bit sonicwall vpn client ctmp-dc01CT-HelpdeskCiscoCisco VPN ClientsWindows 10sonic64.zip
  8. Reboot
  9. Install the extracted cisco ipsec client.  Ipsecwin10.zip run the vpnclient_setup.msi found here ctmp-dc01CT-HelpdeskCiscoCisco VPN ClientsWindows 10ipsecwin10.zip
  10. Reboot
  11. Disable the internet connection sharing service (found in services.msc)
  12. Open up regedit HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesCVirtA. Delete the “@owem8.inf,%CVirtA_Desc%;” that is in front of “Cisco Systems VPN Adapter”.

442 error using Cisco VPN Client in Windows 7 – KB10391906

KB10391906

Description:  442 error using Cisco VPN Client in Windows 7

Common customer description: Cisco VPN connected once then after reboot it no longer connects.

Probing questions:

Were any updates installed?
Do you share your internet to another computer from your computer?
Does it connect if you uninstall the VPN client and re-install?

Secure VPN Connection terminated locally by the client.
Reason 442: Failed to enable Virtual Adapter

image5

 

Steps to resolve:

Internet Connection Sharing (ICS) service‘s is at fault. If you have this same problem, simply:

1. Stop Cisco Systems, Inc. VPN Service;

2. Stop and disable Internet Connection Sharing (ICS) Service;

3. Restart Cisco System, Inc. VPN Service.

Launch VPN Client again, and the problem is gone.

Note that I am running Cisco Systems VPN Client version 5.0.07.0290 on Windows 7 Professional 64-bit edition.

 

Common Command Line Commands – KB1039998

KB1039998

Common Command Line Commands
* Any of these commands can also use the switch /? for help inside Command Line. *
** Not all of these commands need to be run in an Administrator Command Line, but it is suggested to always run CMD as Admin. **
*** There may be additional switches for these commands. These are just the most commonly used switches. ***
Start Command Prompt – Start -> in search field, type “cmd” without quotes -> right click and click Run as Administrator

1. Ping – Sends a request packet to the target host and waits for a response. It will then display the response in the Command Line window. Usage:

  • ping IpAddress
  • ping ComputerName.DomainName.Local – Does not always need to have .DomainName.Local. If there are issues with pinging via ComputerName, try the Fully Qualified Domain Name.
  • ping ComputerNameOrIpAddress -t – Sends a continuous ping to the device until you cancel it with CTRL+C.
  • ping ComputerNameOrIpAddress -4 – If pings are coming back using IPv6, use the -4 switch to only get IPv4 addresses back.

2. IP Config – Gathers IP information of the device running the command. Common switches are:

  • ipconfig – Displays IP address, subnet mask, and default gateway for each adapter.
  • ipconfig /all – Displays the full TCP/IP configuration for all adapters.
  • ipconfig /flushdns – Clears the DNS resolver cache.
  • ipconfig /registerdns – Initiates manual registration for DNS names.
  • ipconfig /release – Messages the DHCP server to release the IP address configuration. Check with Tier 2 before using this command. You will lose all communication to the computer this is run on.
  • ipconfig /renew – Messages the DHCP to renew IP address configuration.

3. System File Checker – Scans for corruptions in system files and restores corrupted or missing files. Usage:

  • sfc /scannow

4. QWinsta – Displays information about Terminal Sessions. Look for the username of the account that you need to log off and keep in mind the ID of the user. Usage:

  • qwinsta -server ServerNameOrIpAddress

5. RWinsta – Sends commands to the remote session. Use the ID number in order to log off the user that the ID number belongs to. Usage:

  • rwinsta -server ComputerNameOrIpAddress IdNumber

6. NSLookup – Tests and troubleshoots DNS servers. Usage:

  • nslookup – Displays information about the Default DNS server.
  • set type=mx – After you use nslookup, you can specify which records you are looking for. After you set the type, enter the domain name.

7. Telnet – Text oriented communication using a virtual terminal connection. Usage:

  • telnet IpAddressDomainNameOrComputerName PortNumber – telnet smtp.google.com 25. This will test the connection from your computer to smtp.google.com on port 25.

8. System Info – Displays the system’s information in Command Line. Usage:

  • systeminfo | more – You can view system uptime, Operating system, and System Manufacturer.

9. Check Disk – Creates and displays a status report for a disk. Usage:

  • chkdsk (/f /r) – Do not use parenthisis. Chkdsk by itself will display the status report. Using /f will fix errors on the disk. Using /r will locate bad sectors and recover readable data. Both switches will require the computer to be rebooted and will run before boot. This will require approval before using these switches.

10. Shutdown – Initiates a shutdown command. Usage:

  • shutdown.exe /m ComputerNameOrIpAddress /f /r /t 0 /d p:0:0 – Shuts the computer down and forces (/f) the logoff and a reboot (/r) instantly (specified by /t TimeInSeconds) while sending a report to the system (/d p:0:0) saying it is a planned shutdown. You only need to specify /m ComputerNameOrIpAddress if you are attempting to shut down a remote computer.

11. Net Stat – Displays incoming and outgoing connections. Usage:

  • netstat -an – The -a switch displays all active connections and ports on which the computer is listening. The -n switch displays active connections.
  • netstat -an | find “PortNumber” – Finds all connections that are using the specified port.

12. NBT Stat – Helps troubleshoot NetBIOS name resolution problems. Usage:

  • nbtstat -an IpAddress – Useful tool if you know the IP address of a computer but not the name. This will  return the name and MAC address of the device.

13. Change Directory – Changes the directory of the Command Line to wherever you specify. Usage:

  • DriveLetter: – If you need to change the Command Line to a different drive, use this command.    Example:      c:     will change it to the C: drive.
  • cd c:usersUserName – Changes the Command Line to c:usersUserName.

14. Trace Route – Displays the route information and transit delays to a specific address. Usage:

  • tracert DomainNameOrIpAddress – You will see a list of hops that it takes to get to the destination. If anything fails, you will see where in the route it is failing.

15. Task List – Displays all processes the computer is currently running. Usage:

  • tasklist – Displays process name, process ID, session name, session number, and memory usage. You will only need to look at the process name (Image Name) and process ID (PID).

16. Task Kill – Kills whichever task you specify. Usage:

  • taskkill /switch – /PID PID specifies which process ID you want to kill. /IM ImageName specificies which image name you want to kill. Examples:
    taskkill /pid 2000
    taskkill /im chrome.exe

17. W32TM – Diagnose, view, and change Windows Time information.

  • w32tm /config /update – Updates current time configuration if there were any changes made.
  • w32tm /resync – Resynchronizes computer’s time as soon as possible.
  • To change Windows Time Server, on PDC, run w32tm /config /syncfromflags:manual /manualpeerlist:0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org. You will then need to run w32tm /config /update on the PDC and any device that needs time updated, or you can reboot the machines.

18. Remote Desktop Connection – Connects your computer to a remote computer. Usage:

  • mstsc /switch – Mstsc will start remote desktop. If you add any switches, they can help with the look/layout of the connection window. /F (full screen) is the most common switch. /Console can be used if you cannot connect normally.
  • Example: mstsc /f /console

19. Net Start and Net Stop – Starts or stops services by service name. Usage:

  • netstart ServiceName – Starts service.
  • netstop ServiceName – Stops service.
  • && – Runs multiple commands as soon as possible without delay. Example: net stop explorer.exe && net start explorer.exe.

20. VSS Admin – Manages the Volume Shadow Copy Service. Usage:

  • vssadmin list writers – Lists all subscribed volume shadow copy writers on the system. This can be helpful when troubleshooting backups issues.

VPN Client Setup – The Basics KB1039291

KB1039291

VPN Client Setup

Windows VPN CLients
Cisco IPSec
Cisco SSL
Sonicwall IPSec
Sonicwall SSL
PPTP

MAC VPN CLients
Cisco IPSec
Cisco SSL
Sonicwall SSL
PPTP

What is VPN?
Virtual Private Network. Communicates from remote network to private network.

Why do we need it?
Securely access computers, files, connecting Outlook to Exchange remotely.

How do I set it up?
There are several different VPN clients to use.

What info is needed?
Local user or domain login, public IP/domain name, VPN group name, pre-shared key, username, and password.

Authentication methods
LDAP – Allows applications running on almost any platform to obtain directory info.
RADIUS – Authenticates to a RADIUS server installed on Active Directory.
Local Accounts – Uses local user accounts on the firewall itself.

When is it billable?
VPN client installs are non-billable. Troubleshooting connections are billable.

Public vs Private IPs
There are static and dynamic addresses.
Public IPs face outward to the internet.
Private IPs are for internal networks.

PCF files
Profile Configuration File. Automatically configures VPN client when imported.

TCP and UDP
Transmission Control Protocol (TCP) is a connection-oriented protocol.
User Datagram Protocol (UDP) is a connectionless protocol.
TCP will wait for information if it gets lost during delivery. UDP will not.

VPN Process
How the connection process unfolds

Installation
Communication
Authentication
Establishing a connection
Connected

Picture1

Try the VPN connection on your computer

Connection
Authentication
Group issues

The client only partially installs
Check to see if there is an error code
Uninstall the client
Clear temp files
Remove other VPN clients*
Reboot

Status stuck on “Connecting”
Ping Public IP or VPN domain name
New ISP or other ISP issue
Connectivity at remote location
Office down

Same subnet
192.168.0.x on both remote and office locations

See if their AV blocks communication
Trend Micro
Symantec
AVG

See if their firewall blocks communication
Windows Firewall

Find out if ports are blocked
Telnet
Open Command Prompt
Type telnet PublicIPAddress port

Picture2

Picture3

Common VPN ports
TCP 1723
TCP 1701
UDP 500
TCP 4500

Allow inbound and outbound ports
Start > Control Panel > Windows Firewall > Advanced Settings > Inbound Rules (or Outbound Rules) >
New Rule > Select Port > Click Next > Select which protocol (TCP or UDP) > Select Specific local ports > Type port or port range > Click Next > Select Allow the connection > Click Next > Select Domain, Private, and Public > Click Next > Name the rule > Click Finish >

Picture4

Picture5

Picture6

Picture7

Picture8

Picture9

Picture10

Cannot get past the group name or username screen
Check spelling
Case sensitive usernames
Verify username
Reset password

VPN connects, but there is no access to anything

Same subnet or wrong subnet
192.168.0.x on both office and remote locations
APIPA address – 169.254.x.x

Connect by IP or Fully Qualified Domain Name
Servername.domain.local instead of servername

Reinstall the VPN client.
Remove VPN client
Reboot
Reinstall

Consult Tier 2
Less common issues (Example: DNE Update for Cisco)
Firewall configuration
Escalate

Connecting to a firewall

Find the information to connect to a firewall
Sonicwall
Cisco

 

Put the IP address into a browser
May need to specify https:// and/or port number
Common ports: 8080 and 4443.
https://ipaddress:port

Picture12

Picture13

Picture14 Picture15 Picture16

Multiple consoles
ASDM
SSH (PuTTY)

Setting up a local user in the firewall
Sonicwall
Cisco

Local versus AD accounts


Local

LDAP not supported
Few users allowed
Not using Active Directory
ADPreferred authorization method
Less hassle on user’s end

Connect to Sonicwall Navigate to:
Users > Local Users > Add User… > Enter username and password > Go to Groups tab >

Picture17

Check Groups – Everyone, Trusted Users, and VPN
Highlight group name

Click the right arrow below to send it to Member Of:
Go to VPN Access tab

Picture18

Go to VPN Access tab
Find “Firewalled Subnets” under Networks and Highlight it
Click the right arrow below to send it to the Access List
Click OK

Picture19

Connect to Cisco Navigate to:
Configuration
Remote Access VPN
AAA/Local Users
Local Users
Click Add
Enter username and password
Set privilege to No ASDM, SSH, Telnet, or Console access
Click OK
Click Apply
Click Save

Picture20

Cisco Meraki
Escalate to Tier 2

Domain User Setup
Setting up or modifying a domain user
Active Directory

Suggested account setup
Username = (First initial of first name)(last name)
Password = Password1

Password settings
Uncheck all settings

Picture21

Picture22 Picture23

Uses Routing and Remote Access
Active Directory group
Dial-in tab
Local firewall user

Picture24

VPNs on laptops

Will not affect work functionality

How users might ask
“I need to get to my folders”
Could mean desktop folders (RDP)
Could mean server folders (Mapped Drives)

Verify
Can they access the resources they were calling in about?

Windows Sonicwall SSL Setup KB1039287

KB1039287

Windows Sonicwall SSL Setup

1. Install the client.
a. With some setups, you can go to a website in a browser, login with network username/password, and download the client. This will automatically set up the client for connection. Skip to step 4.

2. Find the information to connect

3. Creating a new connection

a. Open Sonicwall NetExtender client.
b. Enter the Public IP or fully qualified domain name.
c. Enter username/password.
d. Enter domain name.

213

 

4. Attempt connection.
a. Click Connect.
b. You should now be connected. Depending on how the client would like to use their VPN, we may need to set up an RDP connection, mapped drives, Outlook, etc.

Windows Sonicwall IPSec Setup KB1039282

KB1039282

Windows Sonicwall IPSec Setup

1. Install the client.
a. There are 32 bit and 64 bit versions. Be sure that the VPN client version matches the OS version. Go to Start -> right click Computer -> Properties -> System -> System type.

2. Find the information to connect

3. Creating a new connection

a. Open Sonicwall Global VPN Client
b. Click the + sign for a new connection
a. Click Next. Make sure Remote Access is selected. Click Next
b. Enter the Public IP or fully qualified domain name. Give the connection a name. Click Next.
c. Click Finish.

 

4. Attempt connection.
a. Highlight the connection. Click Enable.
b. Enter pre-shared key.
c. Enter credentials.
d. You should now be connected. Depending on how the client would like to use their VPN, we may need to set up an RDP connection, mapped drives, Outlook, etc.

 

MAC Sonicwall SSL Setup KB1039278

KB1039278

Mac Sonicwall SSL

1. Find the information to connect

2. Install the client.
a. With some setups, you can go to a website in a browser, login with network username/password, and download the client. This will automatically set up the client for connection. Skip to step 4.
b. Client can be found in the App Store under Sonicwall Mobile Connect. It is free to download.

3. Creating a new connection
a. Open Sonicwall NetExtender client.
b. Click Add Connection.
c. Enter the display name of the connection.
d. Enter the Public IP or fully qualified domain name. Click Next.
e. Enter username/password.
f. Enter domain name. Click Save.

 

4. Attempt connection.
a. Click Connect.
b. You should now be connected. Depending on how the client would like to use their VPN, we may need to set up an RDP connection, mapped drives, Outlook, etc.

Windows VPN PPTP Setup KB1039263

KB1039263

Windows VPN Settings

Start > Control Panel > Network and Sharing Center > choose “Setup a new connection or network”

1

Then choose “Connect to a workplace”

2

You may be prompted to use a connection that you already have. Choose “No, create a new connection”
Next you need to choose “Use my internet connection (VPN)”

3
Now you will need to enter the Internet Address. In our case it is mail.srweidema.com, and check the box at the bottom “Don’t connect now, just set it up so I can connect later”

4

You will then be prompted for a Username/Password/Domain. We can just leave these blank for the time being. Click “Create”
Locate the VPN we just created under Start > Control Panel > Network and Sharing > Look in the top left for “Change adapter settings”

5

Now find the VPN you just created. Right click on the VPN and create a shortcut ( will be placed on the desktop)

6

Locate your VPN icon on the desktop and double click it.

7

Fill out the username, password ( these are the same credentials the users would use to log into their desktops) and the domain.

8

Then choose Properties on that window. On the top of the properties box you will have a couple tabs. Choose the “Security” tab and make sure the Type of VPN: Is Point to Point Tunneling Protocol.

9

That is all you will have to do to configure the VPN on a new workstation. BUT we still need to give the new user rights to access the network remotely.
To give a user rights to use the VPN log into the SR2k8 Server with admin rights and open Active Directory Users and Computers. ( Start menu -> Administrative tools)
Expand SRWeidema.local, then expand “My Business”, expand “Users”, then expand “SBSUSERS” and locate the user we want to allow VPN rights and double click their name.

10

This will open the Properties for that user. Under the properties menu you need to select the “Dial In” tab and check “Allow access”

11

That is it! The user Paul Carter now has access to use our VPN with his credentials.

Mac PPTP Setup KB1039236

KB1039236

Mac PPTP

Mac OS systems are able to connect to the PPTP VPN client quite easily and is built into the Operating system natively.  To do this follow these instructions:

1. Find the information to connect

2. Creating a new connection

3. Click on the Apple icon in the top left corner:

1

4. In the menu, select System Preferences:

3

5. The System Preferences console will open, this is basically control panel for Macs. Open up Network:

4
6.Once the Network console is open You will need to hit the + button in the bottom left corner:

5

7. Once here you will need to go into the drop down for Interface and select VPN:

6

8. After VPN is selected, you will need to select the VPN Type, in the drop down select PPTP. Name your VPN and select Create:

7

9. At this point you will be presented with 2 fields, Server Address and Account Name. The server Address is where you put in the external IP of the Firewall, and the Username is usually the Active Directory information, or it might be local users on the firewall. This information is from Step 2. It should look like this:

10. After filling out the information select Authentication Settings. Make sure that Password is selected and enter the Password. Click OK:
9
11. Attempt connection.

12. Click connect.

13. Enter username and password if it prompts you again.

14. You should now be connected. Depending on how the client would like to use their VPN, we may need to set up an RDP connection, mapped drives, Outlook, etc.

Windows Cisco SSL Setup KB1039233

KB1039233

Windows Cisco SSL Setup

1. Install the client.

2. With some setups, you can go to a website in a browser, login with network username/password, and download the client. This will automatically set up the client for connection. Skip to step 4.

3. If you are installing this on your computer, open the folder cisco anyconnect client install extracted and run setup.exe.

4. If you are installing this on a remote computer, send the folder cisco anyconnect client install zipped.zip to them, extract, and run setup.exe.

5. Find the information to connect

6. Creating a new connection

7. Open Cisco AnyConnect Secure Mobility client.

8. Enter the Public IP or fully qualified domain name.

9. Attempt connection.

10. Click connect.

11. Enter username and password.

12. You should now be connected. Depending on how the client would like to use their VPN, we may need to set up an RDP connection, mapped drives, Outlook, etc.