Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Will My VPN setup work 1

Status
Not open for further replies.

Murugs

Technical User
Joined
Jun 24, 2002
Messages
549
Location
US
Hello Gurus
I have enabled routing and remote access in my w2k server.
T1 Internet - Router - Firewall PIX 501 - Hub - Lan clients is our office setup.

W2k server has a static IP address (10.0.0.2) and acts as a DHCP for all clients in LAN.

On one of the client XP Pro machine in my internal network I tried connecting to the VPN server and it worked fine. I gave my server's IP - 10.0.0.2 and it got connected.

I am going to try the same from my home and I am sure it will not work if I give my IP as 10.0.0.2. Should I give my WAN IP. I am eagerly waiting for the evening to go and try at home. But will be dejected if it doesn't work.

Since I am able to connect to VPN from my internal network..Is my setup correct..? Also If I give my WAN Ip will it work from home. Any important things do I need to note it down before I start messing around at home.

 
Ok..Some update here.I arranged a dial up account rightaway and tried connecting to my VPN server ..It is giving me error 800. As expected this is not as easy as I thought.

any suggestions

MP
 
MP,

Is your VPN server multi-homed,(has 2 NIC's one for the LAN side, IP 10.X.X.X, and one for the WAN side, real Internet IP)?

Greg
 
Thanks for the reply.
No..One NIC only.
We have a 2nd NIC but it is not configured though.

Also a quick question. The cisco pix 501 also has some VPN capabalities. Do we have a choice of which one to setup. Is it possible to setup a VPN on the PIX. Just confused with so many VPN options.
 
Murugs,

You have a few options here. I do believe the PIX unit offers IPSec/IKE VPN solutions, so that's one way to go. I'm not familiar with that unit so I'll not talk about that option, though many folks on this board have knowledge on that unitl. Given that you have a Win2K server, another way to go is to set this unit up (as you suggested earlier) as a VPN server using PPTP or L2TP. The thing is, in order for a remote user to connect to your network using the VPN services on that server, you need to make the unit available to your remote users.

Option 1 - Install a second NIC on the Win2K server, (called multihoming) and make the second NIC available to the public (Internet). Attach VPN services to the second NIC.
Option 2 - Port forward PPTP, L2TP, GRE, and any other proto/ports to the internal LAN NIC installed currenlty on the Win2K VPN server using an Internet router/appliance that support port forwarding.
Option 3 - Use IPSec/IKE to establish the IP portion of the connection, then use the internal LAN NIC installed currently on the Win2K server for VPN services.

I realize that the summarys above are very vague, so let me know if you need more info on one of them.

Good luck.
 
gacollier..Thanks for your detailed explanation.
I now understand that CISCO PIX can also act as a VPN server which I am not going to meddle with.
I am going to go with the w2k vpn server option.

I read somewhere that if the vpn is behind a router/firewall there is no need of a second NIC. Not sure though. Is is true?

If it is true I will go with your option2. But not sure how to open ports. Do I need to do something in firewall or in my router which is configured with a static IP. Here router is installed by the ISP and I dont have access to it , But I have access to the firewall using PDM.

 
Murugs,

You'll actaully have to both open proto's and ports in the firewall as well as port forward the router. In order to do Option 2 you'll need administrative access to a router/VPN Appliance that has both a real Inet IP and the ability to port forward. You mentioned that your ISP has control of your Internet connection router, but can you put a device behind that router that has a real IP and use their router strictly as a gateway router to the Internet. Most ISP's refer to this type of setup if you purchase a subnet that will allow more than one IP (i.e. 5).

Let me know.

Greg
 
Greg
Thanks for the answer.
I cannot add a router. I am going to request the ISP to do some configuration changes to get my VPN working. I will post back if I get some luck :)
Thanks

Murugs
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top