VPN

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Have hardware VPN between two locations for internet phone connection using
two firewall/VPN routers. Computers at each site sit behind their respective
firewalls. Can I add a connection to my remote XP system for access to the
main office Win 2k domain?
 
howard said:
Have hardware VPN between two locations for internet phone connection using
two firewall/VPN routers. Computers at each site sit behind their respective
firewalls. Can I add a connection to my remote XP system for access to the
main office Win 2k domain?
Click to expand...

You don't need a "connection". It isn't that complex. A VPN link, by nature
and by definition, is already part of your private LAN. Without knowing
more about your LAN's design, I'd say all you need is the proper Static
Route to be able to cross the VPN link.

If you have a regular LAN Router (not an Internet NAT Device) that would
already be all the machine's Default Gateway, then you'd simply add a Static
Route to the LAN Router so that it knows that anything destined for the
remote LAN is to use the VPN Device as the "gateway". If you run a single
subnet, then the Static Route *might* be able to work from your Internet
Sharing Device, assuming it is the Default Gateway of all the machines and
that it can accept Static Routes. If that doesn't work, then your last
option is to add the Static route to every desktop machine individually.

The same process most likely will have to be repeated on the other remote
LAN.
 
You're right - I already have connectivity and it must be through the VPN
(typing "\\192.168.16.2" in the 'Run' window brings up the network shares of
that machine after I provide login info) Can I presume my VPN tunnel is
providing the routing function? Guess my next step is to create the
necessary WINS and/or DNS entries.

Howard
 
howard said:
You're right - I already have connectivity and it must be through the VPN
(typing "\\192.168.16.2" in the 'Run' window brings up the network shares of
that machine after I provide login info) Can I presume my VPN tunnel is
providing the routing function?
Click to expand...

Yes you are already working
Guess my next step is to create the necessary WINS and/or DNS entries.
Click to expand...

Just do WINS and use the netbios names of the target machines or the IP#.
Leave the DNS and the FQDNs out of it unless you are going to crete a Trust
between the two Domains at the opposite ends of the link.
 
Can you use netbios names if 'other site' machines are using same netbios
names as 'this site' machines?
I have two sites and they are configured very simillar (same IP addresses -
192.168.0.0, server and client names).
I looked in TechNet (Connecting Remote Sites,
http://www.microsoft.com/technet/pr...Kit/119050c9-7c4d-4cbf-8f38-97c45e4d01ef.mspx)
so I made a static route for VPN connection and I can ping remote server, but
not other clients. All examples in TechNet uses different IP addressing for
each site (one site uses 172.16.1.0 and other 172.16.2.0) so static route
looks different. Should I use this approach or is there another way?

Thank you,
Robert
 
you should use the different IP range, for example, 192.168.0.x and 192.168.1.x.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
Can you use netbios names if 'other site' machines are using same netbios
names as 'this site' machines?
I have two sites and they are configured very simillar (same IP addresses -
192.168.0.0, server and client names).
I looked in TechNet (Connecting Remote Sites,
http://www.microsoft.com/technet/pr...Kit/119050c9-7c4d-4cbf-8f38-97c45e4d01ef.mspx)
so I made a static route for VPN connection and I can ping remote server, but
not other clients. All examples in TechNet uses different IP addressing for
each site (one site uses 172.16.1.0 and other 172.16.2.0) so static route
looks different. Should I use this approach or is there another way?

Thank you,
Robert
 
Thanks Robert, I will do that... What about netbios machine names? Probably
also use different?
 
Thank you, it worked! However I can only ping other-site-machines by IP
address, not by name. What should I check?

Regards,
Robert
 
This name resolution issue. If you don't have WINS server, you can use lmhosts.

vpnbrowsing issues
Assuming you don't have DNS, WINS or other name resolution option to resolves
.... If WINS address is not distributed upon connection to VPN, LMHOSTS should ...
www.chicagotech.net/vpnbrowsingissues.htm

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Thank you, it worked! However I can only ping other-site-machines by IP
address, not by name. What should I check?

Regards,
Robert
 
Back
Top