Virtual Private Networking

My question is about VPN. using win 98.
We have a firewall here at work, and we want someone to be able to acces the network from home using virtual private network. Problem, we've never used it before, and we would like to know the answeres to the following:

1. What software is needed to install it
2. Is it complicated to Use.
3. What's needed to install it
4. How long does it take to get up and running.

Thank you,

Please Help!

Basil
LVL 1
Auerelio VasquezETL DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dew_associatesCommented:
Hi Basil,

This is easy enough, but let me address your questions first.

Dennis
===============================
<<1. What software is needed to install it.>>

VPN is a service and is available via Add/Remove Programs, Windows Setup, Communications, Virtual Private Networking. Everything is on the Win98 CD.

<<2. Is it complicated to Use.>>

No, but it takes some reading to make sure that everything is setup correctly, and a Windows 98 Resource Kit would be beneficial to you.

<<3. What's needed to install it.>>

See my response to #1 above. Beyond this, you will need the help of your network supervisor at work with the RAS (Remote Access Service) setup.

<<4. How long does it take to get up and running.>>

Normally, if everything is setup correctly, about an hour or less.

Microsoft has released an update for Microsoft Windows 95 and Windows 98 Virtual
Private Networking (VPN) that addresses several known issues and is designed to
enhance the protection of both dial-up and VPN connections by strengthening
several aspects of password management and data encryption.
 
This update, which was released in July, 1999, includes (and replaces) the
Windows 98 Dial-up Networking Security Upgrade (Dun40.exe) that was released in
August, 1998

http://www.microsoft.com/windows98/downloads/corporate.asp
 
This update can be installed only on computers running Windows 98 (version
4.10.1998 with or without Service Pack 1) or Windows 95 that have installed the
Dial-Up Networking 1.3 Update. The Dial-Up Networking 1.3 Update is available
from the following Microsoft web site:

This update is included with and does not need to be installed in
Microsoft Windows 98 Second Edition.


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Auerelio VasquezETL DeveloperAuthor Commented:
ok, i understand, but what ip address do we use ? the router ? the server we want to log into ? these are behind a firewall, what setting do we use ? do we have to do somethign to the server to authenticate a VPN user ? or will it just look like the user is on the network ? sorry to be so vague ? but we have installed it. and it's asking us for these settings. and we don't know what ot put in. thaks
0
Auerelio VasquezETL DeveloperAuthor Commented:
what do we need to do with RAS ??
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

dew_associatesCommented:
Your servers will need to be running some form of remote access service in order to permit access by the Win98 PC.
0
Auerelio VasquezETL DeveloperAuthor Commented:
i understand to install ras, but how do i tell the windows 98 client machine which ip address i want to access ? i read an article in msdn.microsoft.com that said how to do it for a machine running windows NT or NT Server, but nothing on Windows 98. ?? this is sooo frusterating. so now that i've installed nt RAs and PPTP on ther server, i should be able to get it by ip address right ? i keep getting an error saying that PPTP is not configured properly. should i try this from outside ? i've called up through the ISP, then clicked on the VPN adapter and i still can't get connected.

thanks so much
0
dew_associatesCommented:
Basile, the following URL's should help you a little. As I mentioned above, you really need to have a copy of the Windows 98 Resource Kit. There is a lite version on either the Win98 or Win98SE cd rom, but I really don't know how much info it has. We use the resource kit, but there are just too many pages to post here.

http://support.microsoft.com/support/windows/InProductHelp98/vpn_network.asp?LNG=ENG&SA=PER

http://support.microsoft.com/support/kb/articles/Q217/7/66.ASP?LNG=ENG&SA=PER
0
ajcortezCommented:
I think we're missing a vital step here.  The firewall.  What kind of firewall is it?  Are the IP addresses behind NATted?  Does it have it's own protocol?

Using RAS and PPTP is fairly straightforward, but you have to get that info lined up first.

AJC
0
dew_associatesCommented:
ajcortez, have you even setup a VPN tunnel? The client comes in through a pre-existing internet connection to the server, thus its already ported past the server. NATed is not an issue, there is no other protocol and there's no "info to line up".
0
Auerelio VasquezETL DeveloperAuthor Commented:
i accept the answer, because you have given me sooo much help and i appreciate it, the articles were very informative. i may need to ask you another question or two, i hope you are still available to make comments. thank you very much.
0
dew_associatesCommented:
Anytime Basil!  I'll be here.
0
ajcortezCommented:
Dew

I've set up dozens of VPNs and you've missed a step.  If the router is doing the NAT it has to be configured to pass PPTP and forward it to a specified IP address or the traffic dies.

Once again.  If you don't have the facts in place, you can't give a complete answer

AJC
0
dew_associatesCommented:
AJC, I'm not going to argue the point with you, hiwever you would only implement NAT when the firewall doesn't have a proxy in place. Thus, my recommendation that Basil review the resource kit and sit with his network admin.
0
Auerelio VasquezETL DeveloperAuthor Commented:
Dew Associates,

If your still around, can you tell me a viable alternative to Using vpn ? can you use PPTP to tunnel two computers ? for instance, can i have my server set up for the user to call into, and if she can gain access to the server, would she be able to see the other computers on the network ?
0
dew_associatesCommented:
Basil, she can direct dial via RAS, and based upon the permission settings, she can have access to anything she wishes. In essence (short version) set her up to dial in just like you would dial to your ISP.
0
Auerelio VasquezETL DeveloperAuthor Commented:
do you mean to have her add a dial up networking entry as the number of our computer ?? remember that she is using windows 98. is there anything special i have to do in NT to have her be able to call us up ? do i have to set it up as a host, or should i just have the modem connected, and she should be able to call right in using RAS ?
0
dew_associatesCommented:
Basil,

Remember, much of this depends upon how your network is setup. In our labs, tech can dial direct and be assigned an IP address via dhcp and a script sets up the share. I'm aware that she is using 98, but the basic principles are the same. As for what to set up, you would use RAS/RRAS and I have provided a URL below that should help you.

http://www.microsoft.com/technet/network/default.htm?RLD=188

0
Auerelio VasquezETL DeveloperAuthor Commented:
do you mean to have her add a dial up networking entry as the number of our computer ?? remember that she is using windows 98. is there anything special i have to do in NT to have her be able to call us up ? do i have to set it up as a host, or should i just have the modem connected, and she should be able to call right in using RAS ?
0
dew_associatesCommented:
Basil, don't be offended here, but do you have any clue how to setup RAS/RRAS on an NT server?

<<do you mean to have her add a dial up networking entry as the number of our computer??>>

Yes, this can be done!

<<remember that she is using windows 98.>>

The principle is the same regardless of whether it is Windows 3.x, 95, 98 or NT.

<<is there anything special i have to do in NT to have her be able to call us up?>>

Yes, implement a RAS/RRAS server.

<<do i have to set it up as a host, or should i just have the modem connected, and she should be able to call right in using RAS?>>

A server is always a host, and of course you have to have a modem connected, how else would she access the server. And yes, she should be able to access the server via RAS as long as you set it up properly.

0
Auerelio VasquezETL DeveloperAuthor Commented:
do you mean to have her add a dial up networking entry as the number of our computer ?? remember that she is using windows 98. is there anything special i have to do in NT to have her be able to call us up ? do i have to set it up as a host, or should i just have the modem connected, and she should be able to call right in using RAS ?
0
dew_associatesCommented:
Basil, is there some sort of problem here. You have posted the same thing three times in a row!
0
ajcortezCommented:
Dew,

Now you see why more info is needed for a proper explanation.

You can tunnel to several points in a VPN. You can tunnel to a router with a WAN IP address and different Ethernet IP address and then have the router forward the packet to a firewall then the firewall passes it to the NT server for PPTP RAS. [Rare but useful for the paranoid set]

You can tunnel to the firewall and then have it forward the request to the server.

Or you can tunnel directly to the address of the server.

The only constants in these scenarios are RAS or RRAS and PPTP ports installed on the NT server.

That's what I mean about lining up the information.

That said, perhaps an explanation of the configuration would clear it up.

AJC
0
dew_associatesCommented:
AJ, forgive me for saying this, however if you have read what has been posted here, you will see that Basil apparently has no control over the server operations, as if he had, he would have responded early on.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.