Windows XP to Windows XP VPNs?

  • Thread starter Thread starter Eric
  • Start date Start date
E

Eric

If a VPN is created between two Windows XP notebooks
connected through different ISPs, will all packets sent for
them in the clear (and not over the VPN) as indicated by
Microsoft concerning VPN clients at
http://www.microsoft.com/technet/pr...elp/9f6ec678-14ad-48d3-9191-8864fd91a6fd.mspx

If so, is there any way to force end user applications to
only use a local 10.x.x.x IP address, thus forcing the
traffic over the VPN and not the Internet connection
between the two Windows XP notebooks? Or does this routing
problem mandate the use of a distinct VPN server (Windows
2003) to create a VPN-independent destination at the server
end?

Thanks,
- Eric
 
By "VPN-independent" I mean VPN server-independent of
course - ie. the notebook's apps are on another IP address
because the gateway VPN server is in a seperate box.

But asssuming the KB article does apply to Windows XP,
could SP2's firewall be used to make the distinction, while
keeping its VPN server port open to the Internet? If so, is
there an easy way for end users to switch between firewall
configs as the VPN goes up and down?

Thanks,
- Eric
 
The situation is that there are two possible routes between the two
machines. The route which is used depends on the IP address used. The
problem (as you suggested) is how you force the application to use the
private IP address (which will be encrypted and encapsulated).

The usual method is to make sure that the firewalls on the machines will
block the file sharing ports. This will block file sharing directly over the
Internet. It will not block file sharing across the VPN. The reason for this
is that,when it passes through the firewall, the VPN data is encrypted and
encapsulated. The firewall only sees the "wrapper", not the encrypted data.
 
Thanks Bill,

I think I understand it more clearly now...

So in the case of Windows XP to Windows XP, if the
firewalls were configured to allow Remote Desktop port
access only on a second static IP private address, whose
network compenent was common between the two machines, the
packets will find their way through the VPN running on the
Internet betweeen them?

- Eric
 
Back
Top