Solved

a wan , a wireless lan and a vpn , really confusing need help

Posted on 2003-10-28
4
284 Views
Last Modified: 2010-03-18
basically, my isp provides a static ip addressed wan connection over dsl to my netgear dg824m wireless modem/router, i then server lan addresses via wireless and wired to my lan (can be up to six or eight machines). i have dedicated a lan ip address to my hardware print server and also to a win 2003 server.

i want to set up a vpn on my laptop so i can either dial in via the web or connect via the web (using a friends/workplace dsl connection) .

i am confused as to
a,  configure win2003 server
b,  routing thru my isp wan ipaddress and forwarding that over my lan to my server , wwhich will then allow me access over my lan

what ports typically can i use or assign to my dg824m wireless firewal cable/modem router, so remotly my laptop can access thru on a vpn.

i understand how to set up the vpn connection on my laptop.
just really confused on how to set up a vpn server and allow it to accept connections coming thru my dg824m and get it routes correctly

this is of high importance because i am in the process of getting a business up and running and am getting very frustrated that i can only seem to utilise an ftp server from my lan to shift files around.

this works as long as i cn be on my lan every few days. i really need a proper vpn set up to work remotetly more efficently

thank you

chris

0
Comment
Question by:lambiepie
4 Comments
 

Accepted Solution

by:
energymanz earned 250 total points
ID: 9639839
Well, on your 2003 server. Go to start, Programs, Administrative Tools, Configure Server. Add a VPN server. This might also be refered to as Routing and Remote Access. Anyway, expecially in 2003 Server, compared to ealier versions of Windows Server, this is a very easy, step by step, explained process. By click the proper help links during the setup and reading all of the info as you install, you will find what ports you will need to forward from your router to your server. Hope this helps : )
0
 
LVL 5

Assisted Solution

by:abhatnagar
abhatnagar earned 250 total points
ID: 9641231
You have a few issues here. First of all, the default setup for a Microsoft VPN is L2TP/IPSec. Unfortunately, the proper way to utilize this is to setup the IPSec portion with a certificate. There is another setup you can perform that is much easier. Simply use PPTP. Its less secure because your username/password is sent in clear text for the tunnel establishment. This is very simple (Look at the RFC's for the ports used).

L2TP is also the same in that the username/password is sent in clear text. That is why IPSec is coupled with it so that the SA created is encrypted via certificate. This is the default. To change this you must set your registry to disable the default L2TP/IPSec policy on the server and your client then create a custom policy on both the server/client to connect. This is very complicated (Look at the RFC's for the ports used).

Now regarding your firewall/router. Its basic networking, typically a VPN server/gateway will always have two addresses. A public address and a private address. If you slap a second interface card into your server then attach that to your DMZ with a publicly routable address then you would connect to your server with that IP address. This server because it has two interfaces now acts as your router when you RAS into it. So setup static routes if you wish to access other devices on your network. Another solution if you only have one public address (which is probably the case), is to NAT your private address. The way this works is that on your router (if its capable) you must setup your server with a static address and NAT that through your router. So when the packets come into your router it will NAT it and send it straight to your server for authentication. In this scenario your client will attempt to connect to your router. The details of this is simple, the router just adds a port to the IP address so that it can distinguish between your VPN server and other devices. So technically this also known as PAT instead of NAT.

If I may make a suggestion? Get a refurbished cheapo c2500 Cisco router and replace your NetGear router with it. Your capabilities will be so much more and you can setup RAS directly on the router using PPTP. Just shoot your authentication packets through your private lan to the Windows 2003 server with IAS installed on it.

Good luck, hope this helps.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Resolve DNS query failed errors for Exchange
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now