?
Solved

VPN Setup

Posted on 2005-02-25
19
Medium Priority
?
766 Views
Last Modified: 2008-01-09
Hi, I'm a bit of a newbie, so, not quite sure where to start...

This is what I trying to do:
I want to be able to have my home network (compouters, and maybe printers, if not too complicated) available (as a network neighbourhood?) when I travel, using various computers, both Win and OSx... from static & dynamic IP connections...

This is what I have:
At home, I have a static IP adsl2 connection (up 1Mbit, down 20Mbit), with a Zyxel 660 Modem connected to it. Connected to the modem is a Netgear WGT624 Wireless router, to which all computers are connected (1 Win XP pro, 1 Win2kServer, 1 MAC 10,3 & 1 Linksys USB File Server).

Is this possible? What do I do? I'd love to have specific advice, as I've never set a VPN up before.

Thanks a lot! :-)

0
Comment
Question by:mpaert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 5
  • +1
19 Comments
 
LVL 16

Expert Comment

by:samccarthy
ID: 13408812
You can connect via remote desktop or VPN if you have a machine to configure it on.  For Remote Desktop, just port forward TCP port 3389 to the machine you want to connect to.  You would set this on whatever device provided NAT, (the one that holds that static IP address).

If you had a server behind and setup RRAS (VPN), you would port forward TCP port 1723 to that box.

On the remote machine that you will use to connect with, you will use either Remote Desktop Connection or setup a VPN client.  
0
 

Author Comment

by:mpaert
ID: 13408889
Thanks.

I'm not quite sure about the following....

1:
By connecting through VPN, will all my computers at home appear in the "Network Neighbourhood" page? Or will it be some kind of different interface?

2:
Also, Would I be able to have both, VPN and Remote desktop (PC to PC & MAC to MAC either one or both).

3:
If I want all computers' shares to be visible in the VPN, to which computer do i forward port 1723? after all, all computers are connected to the WGT624... not to a central server...

4:
The VPN connection page asks for IP, user and pass. IP is straight forward, so should be user and pass, but if I don't connect to a specific server (see question 3), when what user and pass should I use?

I'm a little confused... :-]



0
 
LVL 8

Accepted Solution

by:
holger12345 earned 720 total points
ID: 13409524
>>1:
Connecting to a VPN makes a remote computer become part of the local internal network. So the possibilities will be the same like when connecting the computer to the LAN with a cable (only a bit more complicated to setup)

>>2:
remote desktop and VPN are two different means to connect:
Remote Desktop is a software, where the client software can connect to the server software on a remote PC with the ability to control the serving PC virtually
VPN is a software to connect two networks (or possibly only client to network) over an insecure public transfer network, as if both connecting networks were closely tied together. This gives you no means to share resources or remote control a PC - you must have sharing and remote-control software enabled/installed together with the VPN to achieve this

>>3:
For VPN connection you MUST have a VPN server. Sometimes a sophisticated router is used (mostly in bigger network environments), moreoften the router is only connecting to the internet and has to forward the VPN connections to a PC as VPN server. As VPN server you can configure OS like win2k/2k3 server but also a winXPpro machine.
The Drawback is: There are tons of problem forwarding VPN through a router. The router needs VPN passthrough enabled and sometimes they don't support VPN passthrough as you need even if the specs say otherway. For example your WGT624: "However, certain communications functions like VPN may require turning off the SPI feature."

>>4:
see 3: you have to have a VPN server ... and there you configure user/pass ... so you have IP/user/pass ... just enter them at the client

hope this helped
Holger
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 40

Assisted Solution

by:Fatal_Exception
Fatal_Exception earned 720 total points
ID: 13410032
....  My suggestion is just to go with Remote Desktop..  You will have fewer problems, and this is much easier to configure.  All you need is one system within your network to be running XP Pro, which would be considered the RDP Server.  To configure this, just follow these steps (some of which were outlined above)

1.  On the home XP Pro system, set a static IP address
2.  On the Home XP Pro system, configure Remote Desktop (My Computer > Properties > Remote tab > select Allow Users to connect Remotely ckbox / and select the users allowed to have access)
3.  Test your remote connection from within the LAN from the laptop you will be carrying with you.  Start > All Programs > Accessories > Communications > Remote Desktop Connection
4.  If successful, place a shortcut to Remote Desktop on your Desktop for easy access
5.  On the router, you will find a tab for Port Forwarding.  Configure port 3389 to be forwarded to the XP Pro system's ip address.
6.  Make note of your Global (Public) IP address, which is the address you will be using from outside your LAN.
7.  Now, test from outside the LAN.

With this setup, once you are connected to your internal system, you can use it to access all shares on your internal network..

FE
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 13410037
Hmm.. one more thing..  if you are using a software firewall on your internal systems, be sure configure it to allow incoming RDP sessions..
0
 
LVL 8

Expert Comment

by:holger12345
ID: 13410616
I would try the VPN server as there is more functionality and the environment looks well suited:
- The win2k server exist at the home LAN
- The IP is static
- You have full control like you are directly connected to the LAN - even a remote desktop (or VNC or PC anywhere) can be used over the VPN

Drawback:
- the router can hinder a proper connection - but that has to be tested

First view of VPN:
http://www.wown.com/articles_tutorials/vpn.html

Holger
0
 
LVL 16

Assisted Solution

by:samccarthy
samccarthy earned 560 total points
ID: 13410870
When you connect via VPN, either with a Router or Firwall providing it or a VPN server, your machine becomes part of the network and is assigned an IP on that network.  It will be just like it is in the next room, but on a slower connection.

You can have both RDP and VPN.  At work, I port forward RDP to the computer I use most, (2 connections maximum).  I port forward a different set of ports for another remote access tool, PCAnywhere to a different PC, (1 connection maximum).  I also port forward the 1723 port to my VPN server for everyone to use, (No limit on connections).  Having said that, you can alweays RDP into a remote box and then RDP to any other boxes on that remote network.  I have 1 firestation without a server.  So, to remotely get to any box there, I RDP into the one that the port is fordwarded to and then rdp from there to the box I need to work on.  I had to do that last night.  Since RDP is only sending screen shots, it is very fast.

The RDP and PCAnywhere actually connect me to a specific computer where anything I do is processed.  Your remote computer basically just gets screen shots of what is happening remotely.  On the other hand, VPN connects you to the network and your local computer then becomes the place where everything happens.  Any data requested travels the vpn for execution on your computer.

RDP and PCAnywhere can terminate on a workstation at the remote site.  A VPN will terminate on a Server OR very common now a days, on a firewall or router. You will have to use your Wind2k Server, enabling RRAS for your VPN.  Your wireless device doesn't have VPN capabilities in itself.

If you share files on your existing network, you need to do nothing about the shares.  Any machine on the network, either wired, wireless or VPN will be able to see them.  

You will port forward 1723 to the IP address of your Win2k server to use that as the VPN endpoint.  Users will logon to the Win2K server over the VPN tunnel established and will be able to do anything a local computer can do on the network.  Be sure to allow dial-in access for the users.  It is actually very easy to do.

0
 

Author Comment

by:mpaert
ID: 13411800
Thanks very much guys, Points split for collective effort.
0
 
LVL 8

Expert Comment

by:holger12345
ID: 13411868
thx to you... Holger
0
 

Author Comment

by:mpaert
ID: 13411947
one other quick question - woudln't it be best to have a hardware router that can do VPN - my win2k server is only a tired old machine, used for DVR and FTP...
0
 
LVL 16

Expert Comment

by:samccarthy
ID: 13411978
Either will do fine.  If you only have a few users, save the money.  If you have many and your 2k machine is feeling the load, then a hardware VPN will take the load off of the server.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 13412053
Hardware VPNs are quite reasonable right now too..  and in my opinion, easier to administer..  but as Sam says, it is more a personal preference.

and Thanks,

FE
0
 

Author Comment

by:mpaert
ID: 13412141
I just realized that I own a Symantec Firewall 100, isn't this just the tood to do it? (This was my last question, I promise) he he
0
 
LVL 8

Expert Comment

by:holger12345
ID: 13412154
"Ensures secure, cost-effective access to networks for remote offices and business partners through an integrated IPSec VPN "
LOL .. yes it is! ... but if you don't want or need it - i'll pay the shipment over to me *hehe*

regards Holger
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 13412172
Perhaps we should hold an auction!  :)

FE
0
 
LVL 8

Expert Comment

by:holger12345
ID: 13412176
from symantec:
---------------------------------------------------------------------------------------------------
                                                   MODEL 100         MODEL 200          MODEL 200R
Firewall                                          Yes                     Yes                     Yes
Gateway to Gateway VPN                 Yes                      Yes                    Yes
Remote client to Gateway VPN          No                       No                      Yes
---------------------------------------------------------------------------------------------------

... seems your 100 can handle only initiating VPN sessions, not as a VPN server
But you have to study the manual well ... perhaps there's a better way to use it !
0
 

Author Comment

by:mpaert
ID: 13412213
I say...

Well, thanks again... I'll be back in a new Q&A thred... :-D

[$1M, no offers]
0
 
LVL 16

Expert Comment

by:samccarthy
ID: 13412248
You need a Symantec 200R to do the unlimited client to gateway.  I have yads of experience with them and after my last issues, I replaced every single one of them, 9 in all, with Watchguard units.  The Gateway to Gateway VPN's were not stable nor were they holding long RDP or VPN sessions from outside.  For a stand alone unit, some worked better than others.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 13412281
You do realize that RDP sessions are encrypted, right?  (Not as secure as a VPN, but in your case, probably secure enough)...
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question