Solved

a wan , a wireless lan and a vpn , really confusing need help

Posted on 2003-10-28
4
285 Views
Last Modified: 2010-03-18
basically, my isp provides a static ip addressed wan connection over dsl to my netgear dg824m wireless modem/router, i then server lan addresses via wireless and wired to my lan (can be up to six or eight machines). i have dedicated a lan ip address to my hardware print server and also to a win 2003 server.

i want to set up a vpn on my laptop so i can either dial in via the web or connect via the web (using a friends/workplace dsl connection) .

i am confused as to
a,  configure win2003 server
b,  routing thru my isp wan ipaddress and forwarding that over my lan to my server , wwhich will then allow me access over my lan

what ports typically can i use or assign to my dg824m wireless firewal cable/modem router, so remotly my laptop can access thru on a vpn.

i understand how to set up the vpn connection on my laptop.
just really confused on how to set up a vpn server and allow it to accept connections coming thru my dg824m and get it routes correctly

this is of high importance because i am in the process of getting a business up and running and am getting very frustrated that i can only seem to utilise an ftp server from my lan to shift files around.

this works as long as i cn be on my lan every few days. i really need a proper vpn set up to work remotetly more efficently

thank you

chris

0
Comment
Question by:lambiepie
4 Comments
 

Accepted Solution

by:
energymanz earned 250 total points
ID: 9639839
Well, on your 2003 server. Go to start, Programs, Administrative Tools, Configure Server. Add a VPN server. This might also be refered to as Routing and Remote Access. Anyway, expecially in 2003 Server, compared to ealier versions of Windows Server, this is a very easy, step by step, explained process. By click the proper help links during the setup and reading all of the info as you install, you will find what ports you will need to forward from your router to your server. Hope this helps : )
0
 
LVL 5

Assisted Solution

by:abhatnagar
abhatnagar earned 250 total points
ID: 9641231
You have a few issues here. First of all, the default setup for a Microsoft VPN is L2TP/IPSec. Unfortunately, the proper way to utilize this is to setup the IPSec portion with a certificate. There is another setup you can perform that is much easier. Simply use PPTP. Its less secure because your username/password is sent in clear text for the tunnel establishment. This is very simple (Look at the RFC's for the ports used).

L2TP is also the same in that the username/password is sent in clear text. That is why IPSec is coupled with it so that the SA created is encrypted via certificate. This is the default. To change this you must set your registry to disable the default L2TP/IPSec policy on the server and your client then create a custom policy on both the server/client to connect. This is very complicated (Look at the RFC's for the ports used).

Now regarding your firewall/router. Its basic networking, typically a VPN server/gateway will always have two addresses. A public address and a private address. If you slap a second interface card into your server then attach that to your DMZ with a publicly routable address then you would connect to your server with that IP address. This server because it has two interfaces now acts as your router when you RAS into it. So setup static routes if you wish to access other devices on your network. Another solution if you only have one public address (which is probably the case), is to NAT your private address. The way this works is that on your router (if its capable) you must setup your server with a static address and NAT that through your router. So when the packets come into your router it will NAT it and send it straight to your server for authentication. In this scenario your client will attempt to connect to your router. The details of this is simple, the router just adds a port to the IP address so that it can distinguish between your VPN server and other devices. So technically this also known as PAT instead of NAT.

If I may make a suggestion? Get a refurbished cheapo c2500 Cisco router and replace your NetGear router with it. Your capabilities will be so much more and you can setup RAS directly on the router using PPTP. Just shoot your authentication packets through your private lan to the Windows 2003 server with IAS installed on it.

Good luck, hope this helps.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Resolve DNS query failed errors for Exchange
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now