Solved

a wan , a wireless lan and a vpn , really confusing need help

Posted on 2003-10-28
4
287 Views
Last Modified: 2010-03-18
basically, my isp provides a static ip addressed wan connection over dsl to my netgear dg824m wireless modem/router, i then server lan addresses via wireless and wired to my lan (can be up to six or eight machines). i have dedicated a lan ip address to my hardware print server and also to a win 2003 server.

i want to set up a vpn on my laptop so i can either dial in via the web or connect via the web (using a friends/workplace dsl connection) .

i am confused as to
a,  configure win2003 server
b,  routing thru my isp wan ipaddress and forwarding that over my lan to my server , wwhich will then allow me access over my lan

what ports typically can i use or assign to my dg824m wireless firewal cable/modem router, so remotly my laptop can access thru on a vpn.

i understand how to set up the vpn connection on my laptop.
just really confused on how to set up a vpn server and allow it to accept connections coming thru my dg824m and get it routes correctly

this is of high importance because i am in the process of getting a business up and running and am getting very frustrated that i can only seem to utilise an ftp server from my lan to shift files around.

this works as long as i cn be on my lan every few days. i really need a proper vpn set up to work remotetly more efficently

thank you

chris

0
Comment
Question by:lambiepie
4 Comments
 

Accepted Solution

by:
energymanz earned 250 total points
ID: 9639839
Well, on your 2003 server. Go to start, Programs, Administrative Tools, Configure Server. Add a VPN server. This might also be refered to as Routing and Remote Access. Anyway, expecially in 2003 Server, compared to ealier versions of Windows Server, this is a very easy, step by step, explained process. By click the proper help links during the setup and reading all of the info as you install, you will find what ports you will need to forward from your router to your server. Hope this helps : )
0
 
LVL 5

Assisted Solution

by:abhatnagar
abhatnagar earned 250 total points
ID: 9641231
You have a few issues here. First of all, the default setup for a Microsoft VPN is L2TP/IPSec. Unfortunately, the proper way to utilize this is to setup the IPSec portion with a certificate. There is another setup you can perform that is much easier. Simply use PPTP. Its less secure because your username/password is sent in clear text for the tunnel establishment. This is very simple (Look at the RFC's for the ports used).

L2TP is also the same in that the username/password is sent in clear text. That is why IPSec is coupled with it so that the SA created is encrypted via certificate. This is the default. To change this you must set your registry to disable the default L2TP/IPSec policy on the server and your client then create a custom policy on both the server/client to connect. This is very complicated (Look at the RFC's for the ports used).

Now regarding your firewall/router. Its basic networking, typically a VPN server/gateway will always have two addresses. A public address and a private address. If you slap a second interface card into your server then attach that to your DMZ with a publicly routable address then you would connect to your server with that IP address. This server because it has two interfaces now acts as your router when you RAS into it. So setup static routes if you wish to access other devices on your network. Another solution if you only have one public address (which is probably the case), is to NAT your private address. The way this works is that on your router (if its capable) you must setup your server with a static address and NAT that through your router. So when the packets come into your router it will NAT it and send it straight to your server for authentication. In this scenario your client will attempt to connect to your router. The details of this is simple, the router just adds a port to the IP address so that it can distinguish between your VPN server and other devices. So technically this also known as PAT instead of NAT.

If I may make a suggestion? Get a refurbished cheapo c2500 Cisco router and replace your NetGear router with it. Your capabilities will be so much more and you can setup RAS directly on the router using PPTP. Just shoot your authentication packets through your private lan to the Windows 2003 server with IAS installed on it.

Good luck, hope this helps.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question