- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- WAN Routing
- >
- Re: IPSec VPN PC-to-Site HP A-MSR900 (H3C msr900)
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2011 04:13 PM
10-31-2011 04:13 PM
IPSec VPN PC-to-Site HP A-MSR900 (H3C msr900)
Hey folks,
I've been trying to do this for a while and I haven't been able to do it, all the information that I find on the Internet is about sites to sites vpn, and I don't want that, I just want to give access to some users to my local LAN through a VPN connection...
It's for a client and they are starting to push me, I need to solve this quickly, I need some help...
Thanks...
- Tags:
- vpn
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2011 04:11 PM
11-03-2011 04:11 PM
Re: IPSec VPN PC-to-Site HP A-MSR900 (H3C msr900)
I have the same problem, Have you maybe found a solution ? In manual are only site-to-site examples.
I have got 2 examples with L2TP over IpSec with Ms Windows client and INode client. I am trying with Microsoft but I cannot make it running, still getting errors in log: ike packet droped: no payload choosen from proposal ......
regards
I would appriaciate any help
Karol
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2011 01:03 AM
11-26-2011 01:03 AM
Re: IPSec VPN PC-to-Site HP A-MSR900 (H3C msr900)
Hei guys.
I have the same problem. Went and asked a friend that works at HP and he told me this:
- There is a very long and painful process of getting the Windows VPN client to work with the IPSec VPN from HP MRS routers. The problem is, as always, with Microsoft's implementation of IPSec VPN. Too Cisco like...
So the problem has been solved using Shrew VPN Client. I got it working after a couple of hours.
Used the steps described in H3C user manual (from H3C website) for configuring Client IPSec VPN.
One hint: the DHCP does not work with Shrew VPN Client so you must configure each client with it's own static IP address (IP, Mask, Gateway and DNS). This can be done in the Shrew VPN virtual adapter configuration.
I also got some info that HP is working on a VPN client of their own (just like Cisco and Juniper). Not sure when this will be available and if it will be free but until then Shrew does the job.
Regards,
Alex
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2011 04:07 AM
12-12-2011 04:07 AM
Re: IPSec VPN PC-to-Site HP A-MSR900 (H3C msr900)
Hi Alex
Thanks for your nice post, gives some hope :)
I also have tried with Shrew VPN ( I use it as my basic VPN client) but had a problem with this dhcp, tried with static but without success.
Could you send a examplary configuration on the and router shrew client side ?
Regards
Karol
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2012 06:16 PM
01-03-2012 06:16 PM
Re: IPSec VPN PC-to-Site HP A-MSR900 (H3C msr900)
Hi :)
Thanks for sharing this method.
I tried using Shrew VPN and manage to get a connection tunnel with static IP address. However I am unable to ping or access any network equipments in my office.
I have a default route of 0.0.0.0 0.0.0.0 to try and route everything however I am still unable to access any internal office device given the static IP I have given my shrew VPN client.
i have also tried dhcp over ipsec, however upon connecting there are errors stating unable to get the source of dhcp
Please advise :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2012 11:14 AM
02-02-2012 11:14 AM
Re: IPSec VPN PC-to-Site HP A-MSR900 (H3C msr900)
Alex,
Do you have a link to the H3C Client IPSEC VPN configuration procedure document?
Thanks,
Kelly
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-03-2012 01:09 AM
02-03-2012 01:09 AM
Re: IPSec VPN PC-to-Site HP A-MSR900 (H3C msr900)
Hi Alex
Could You send a link to this document ?
I have documents about L2TP over IpSec, do you have something else ?
Could you send example configuration ?
thanks
Karol
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2012 01:00 AM
02-24-2012 01:00 AM
Re: IPSec VPN PC-to-Site HP A-MSR900 (H3C msr900)
Hi, thanks a lot
I have downloaded it from the site. But have some problems.
The version which for Windows 7/Vista contains iNODE Intelligent Management center and probably no INODE vpn client , so there is no version for Win7/Vista, maybe you have got this version ?
I've got also problem with connecting L2TP over Ipsec over WAn and NAT links. I have tried but only got success in making only L2TP connection, while when I try through LAN, it is ok.
My colleagues from HP told that they also encounter problem with NATed links and that support work on it.
Have you encountered similar problem ?
best regards
Karol
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2012 09:57 AM
03-31-2012 09:57 AM
Re: IPSec VPN PC-to-Site HP A-MSR900 (H3C msr900)
Hello Guys.
Sorry for the late reply.
I have found a way (and trested it for the last 4 hours) to get this wotking.
Here it goes:
1. General info
- the VPN tunnels are created for each user using their first and last name
- each user has a specific IPSec VPN tunnel
- this is the first release so please feel free to update or improve my work
- x represents a number from 1 to ... given to each vpn user - it is important because it will be used for the tunnel
- the ip address for each VPN tunnel is 192.168.20x.1 / 24 where x is the number assigned to the user so, for example, if you are configuring the third user, x is 3 and the ip address for the interface is 192.168.203.1 / 24
- you have to do all the config from below for each user
2. Router config
ike local-name vpn.yourdomain.com
ike peer x
exchange-mode aggressive
pre-shared-key <enter the pre shared key for the vpn tunnel>
id-type name
remote-name firstname.lastname
nat traversal
ipsec profile firstname.lastname
pfs dh-group2
ike-peer x
proposal 3des
sa duration time-based 86400
interface Tunnel x
ip address 192.168.20x.1 255.255.255.0
tunnel-protocol ipsec ipv4
source <external IP address>
ipsec profile firstname.lastname
3. Shrew config
- manual IP address form the same class as 192.168.20x.1 / 24
- nat traversal enabled
- you can use yout internal dns if you have one for reloving lan names
- authentication mutual psk
- local: FQDN: firstname.lastname
- remote: FQDN: vpn.yourdomain.com
- credentials: PSK: the key you entered
- phase 1: aggressive, group1, des, sha
- phase 2: esp-3des, md5, group2, disabled
- policy: require + obtain topology automatically
Hope it helps.
If I find a way to create a bridged tunnel and to use internal IP adresses for VPN users I will post a reply.
Regards,
Alex