[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

a wan , a wireless lan and a vpn , really confusing need help

Posted on 2003-10-28
4
Medium Priority
?
292 Views
Last Modified: 2010-03-18
basically, my isp provides a static ip addressed wan connection over dsl to my netgear dg824m wireless modem/router, i then server lan addresses via wireless and wired to my lan (can be up to six or eight machines). i have dedicated a lan ip address to my hardware print server and also to a win 2003 server.

i want to set up a vpn on my laptop so i can either dial in via the web or connect via the web (using a friends/workplace dsl connection) .

i am confused as to
a,  configure win2003 server
b,  routing thru my isp wan ipaddress and forwarding that over my lan to my server , wwhich will then allow me access over my lan

what ports typically can i use or assign to my dg824m wireless firewal cable/modem router, so remotly my laptop can access thru on a vpn.

i understand how to set up the vpn connection on my laptop.
just really confused on how to set up a vpn server and allow it to accept connections coming thru my dg824m and get it routes correctly

this is of high importance because i am in the process of getting a business up and running and am getting very frustrated that i can only seem to utilise an ftp server from my lan to shift files around.

this works as long as i cn be on my lan every few days. i really need a proper vpn set up to work remotetly more efficently

thank you

chris

0
Comment
Question by:lambiepie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 

Accepted Solution

by:
energymanz earned 1000 total points
ID: 9639839
Well, on your 2003 server. Go to start, Programs, Administrative Tools, Configure Server. Add a VPN server. This might also be refered to as Routing and Remote Access. Anyway, expecially in 2003 Server, compared to ealier versions of Windows Server, this is a very easy, step by step, explained process. By click the proper help links during the setup and reading all of the info as you install, you will find what ports you will need to forward from your router to your server. Hope this helps : )
0
 
LVL 5

Assisted Solution

by:abhatnagar
abhatnagar earned 1000 total points
ID: 9641231
You have a few issues here. First of all, the default setup for a Microsoft VPN is L2TP/IPSec. Unfortunately, the proper way to utilize this is to setup the IPSec portion with a certificate. There is another setup you can perform that is much easier. Simply use PPTP. Its less secure because your username/password is sent in clear text for the tunnel establishment. This is very simple (Look at the RFC's for the ports used).

L2TP is also the same in that the username/password is sent in clear text. That is why IPSec is coupled with it so that the SA created is encrypted via certificate. This is the default. To change this you must set your registry to disable the default L2TP/IPSec policy on the server and your client then create a custom policy on both the server/client to connect. This is very complicated (Look at the RFC's for the ports used).

Now regarding your firewall/router. Its basic networking, typically a VPN server/gateway will always have two addresses. A public address and a private address. If you slap a second interface card into your server then attach that to your DMZ with a publicly routable address then you would connect to your server with that IP address. This server because it has two interfaces now acts as your router when you RAS into it. So setup static routes if you wish to access other devices on your network. Another solution if you only have one public address (which is probably the case), is to NAT your private address. The way this works is that on your router (if its capable) you must setup your server with a static address and NAT that through your router. So when the packets come into your router it will NAT it and send it straight to your server for authentication. In this scenario your client will attempt to connect to your router. The details of this is simple, the router just adds a port to the IP address so that it can distinguish between your VPN server and other devices. So technically this also known as PAT instead of NAT.

If I may make a suggestion? Get a refurbished cheapo c2500 Cisco router and replace your NetGear router with it. Your capabilities will be so much more and you can setup RAS directly on the router using PPTP. Just shoot your authentication packets through your private lan to the Windows 2003 server with IAS installed on it.

Good luck, hope this helps.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question