small buisness and vpns

[Awoll]

Hello,

Posting yet once again. Getting frustrated like normal. Still looking for a
solution to hook up any home net work, and most small buisness out there
with vpn access that use a dsl or cable connection. Most places have only
one connection and one ip ... most even with dynamicaly assigned addresses.
With only one valid IP range for multiple computers to access the internet
they need a router, ICS, or NAT configured on a server. How can one machine
connect to the internet, and allow VPN using one of these configurations?
ICS is out of the question because it won't work with VPN on the same
connection. So that one is gone. But what about the other 2. If only one
internet ready IP is assigned to a router, then how would a vpn connect to
the vpn server? I don't know if most of the small routers are smart enough
to allow funtions like that. They have pppt pass through options. But that
is to go out only. So is it possible for NAT to be configured, to allow more
than one computer access to the internet, and configure VPN to allow a
couple of incoming connections on the same line?

Any help would be cool.

Aaron

 

[Doug Sherman [MVP]]

Win2k Server can can provide NAT for an internal network and accept multiple
simultaneous VPN connections. There are also many low cost hardware devices
which provide both NAT and multiple VPN connections - eg. Dlink -
http://dlink.com/products/resource.asp?pid=59&rid=283

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

 

[Steven L Umbach]

With one ip address and usining nat you could configure a W2K server to be a
pptp vpn remote access device behind the nat router - that is what I do to
vpn to home from work. My W2K rras/vpn has only one physical nic [a virtual
one is created also] and uses the nat/router as its default gateway and port
1723 is configured on the router to forward to my W2K rras/vpn server's lan
ip address. The Linksys 4 port wired device will work in that configuration
as long as you have pptp pass through enabled and SPI disabled on it.
Multiple computers can still access the internet, you just need to configure
them to use the nat/router device as their default gateway. Keep in mind
that if the public ip address that you use from your ISP is not static, then
you are going to have difficulty maintaining vonnections when ip addresses
change.

A better solution may be to use ipsec/vpn endpoint devices between the two
networks. The Netgear FVS318 works well for this and can have up to eight
separate ipsec vpn tunnels. The Netgear costs only about $115 each and as a
bonus is a true SPI firewall and can also allow netbios traffic if you
ant. --- Steve

http://www.netgear.com/products/prod_details.asp?prodID=129

 

[Lucky One]

Take a look for VPN

http://www.onecomputerguy.com/networking/xp_vpn.htm
http://www.onecomputerguy.com/networking/xp_vpn_server.htm
http://www.onecomputerguy.com/w2k/w2k_vpn/w2k_vpn.htm

Since you have dynamic IPs at each end... Look at No-IP.com which maps an
alias (usually of your
choice) to a DHCP assigned IP address. A small program runs on your PC and
contacts the No-IP.com
servers on a periodic basis. The server then maps the IP of your PC to the
alias and propagates that
over the public internet. It works very well for me and its FREE.... Go to
http://www.no-ip.com for
help. Additional like services, some FREE and some $$$$, can be found on
this page...

Thanks to Al Jarvi (MS-MVP Windows Networking for this info

Hope this will help you