VPN

[Craig Lyon]

Hi all

Just a quick question regarding setting up a VPN using Win 2k server (latest
SP)

We currently have 5 IP address's assigned to us from our ISP. At the moment
we are using a NAT router which has one of the live IP address and then all
the machines are using the NAT box as the gateway. This works fine for all
traffic, SMTP etc. The NAT has limited functionality in that it has port
forwarding and port filtering etc.

My question is that I need to set up a VPN and I have a strong suspicion
that I can't sit the VPN server behind the firewall and use port forwarding
due to how NAT handles data packets. So what I was thinking of doing is
putting two network cards into the server, one connected to the internal
network and the other connected to the 'net and then using that as the VPN
server.

This sounds very unsecure but I'm wondering if it is just me being paranoid


I would be grateful of other recommendations.

Cheers

Craig

 

[ddesjardins]

Your concerns are valid, this would be unsecure. If your
NAT can port forward all you have to do is forward port
1723(pptp) to the internal server that is setup as VPN
server. Then you give all the vpn clients the ip of your
router. This is much more secure sense you will only have
to worry about attacks on port 1723(pptp). If you setup a
dual nic server, then you expose your server and internal
network and have to worry about all ports.

If you still need to dual nic the server I suggest at
least putting a software firewall on that machine. Or if
you have a extra pIII with a decent amount of memory in it
lying around dual nic that machine, load a software
firewall, and make that a vpn server. If you every have
any trouble you can always shut that machine down till you
get the problem fixed, and your whole network won't be
down.