VPN Problem

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

The company that I works for is wanting to be able to connect to the office
remotely. I figured that a VPN would be ideal for this situation. However,
our current setup is frustrating me and I need to get some more answers
before I continue.

We are running a peer-to-peer network, via a cable modem, a linksys router,
and a 16 port switch.

Is it possible to have a vpn and dial into the network here? I have tried
almost everything to get it to work. I have tried the settings on the
router, which the documentation for it says a vpn is accessible. The
computers all have a dynamic ip assigned by dhcp. The operating system that
will be receiving incoming messages has Win2kpro on it. I know you can use
it as a vpn server, yet I am unsure if our current setup will allow it.

The router will allow ip forwarding, I have all the necessary protocols
enabled, does anyone out there have any other suggestions.

Thanks!
 
You have no "VPN Server" to connect to. You can't use the Linksys Box the
relay the Tunnel to anything because there is nothing to relay it to.
Window2kPro is not a VPN Server.

Either the Linksys box is capable of acting as a VPN Server and you will
have to set it up to do so,....or you will have to replace it with something
that does. The VPN Tunnel will terminate *at* the Linksys box,..not go
through it to anywhere.

Part of your problem is you are running a commercial envorinment on "home
user" equipment. But *commercial* grade firewalls like Watchgaurd, Cisco
PIX, MS ISA Server, and others like Windows Server RRAS,...all have the
ability to act as a VPN Server on behalf of the LAN that is behind them.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
 
Actually, you can use W2K pro as a VPN server (for a limited number of
connections - either 5 or 10, I can't remember which). Cable modems are
tricky beasts, and you'll really need a static IP address on the public
(Internet) side in order for it to work reliably (your IP address can change
if it's not). When you access the router, it should have a _PUBLIC_ IP
address on it's WAN, not a 192.168.x.x address. If you don't have a public
IP address, check your cable modem's documentation on how to set it up to be
a bridge (most of the time it's just the order you turn thins on). If you
have the public address, you'll need to set the W2K Pro box up with a static
IP address. Your router LAN settings should tell you which address range is
used for DHCP. Use something outside that range for the static. Then forward
port 1723 to the static IP address of the W2K box and make sure "VPN
Pass-thru" or "GRE Protocol" is enabled. On the W2K box, start the network
connections wizard and choose "allow incoming connections" (or whatever).
Choose a static pool and set up a range of IP addresses outside of the DHCP
scope, and different than the static address you chose for the LAN adapter.
You'll need one address for each incoming connection + 1 more. On the
remotes (clients), run the wizard and make choices to "connect to my
workplace" or whatever. Fill in the public IP address of the router (or the
private address for testing from the inside). An administrator should be
able to connect by default. A plain user may need to have their profile
tweaked to allow dial-in or remote access (sorry I don't have all of the
exact terminology right in front of me). If any are XP pro, make sure
firewall is disabled for testing.

Test on a LAN computer first! Don't try to troubleshoot too many things at
once. Once you can get a VPN connection going from the LAN, you can try one
from the outside.

....kurt
 
"Fill in the public IP address of the router (or the
private address for testing from the inside). "

This should have read:
"Fill in the public IP address of the router (or the
private address OF THE SERVER for testing from the inside). "

....kurt
 
Back
Top