Jmaambo
asked on
VPN Connections
Hi
Iam new to Networking.Though i have done the MCSE training,certain tasks prove so challenging.I have been given a task of setting up some form of VPN to members of staff at a small company..I have 5 routers;
1.Intelligent Gateway 1800
2.Linksys WRT54g router
3.Linksys WAG354G ADSL router
4.Sparkcom ADSL Router
5.D-Link DI-524 Wireless Router
all i need to do is provide users with a VPN connections to a server running windows 2003 that stores a Database.There will only be a max of 10 concurrent connections to the server via VPN at any one time.These clients will connect either from their homes or on the road where ever they have internet connections.We use the Intelligent gateway to connect to the internet.This gateway connects to a LAN so all of our pcs at the office connect to the net through the Broadband Router.Is it possible for me to use any of these routers to configure VPN connections?If so can someone please take me through the process so i can clearly understand what iam supposed to do? .I need a Hardware related VPN than software coz i want use this as an opportunity to learn how these devices are configured.I can also do with some knowledge of DMZ and how to configure it.A simple sketch using arrows would be:
Mobile users------->ISP------>int
Your help will be higly appreciated.
Jmaambo
Iam new to Networking.Though i have done the MCSE training,certain tasks prove so challenging.I have been given a task of setting up some form of VPN to members of staff at a small company..I have 5 routers;
1.Intelligent Gateway 1800
2.Linksys WRT54g router
3.Linksys WAG354G ADSL router
4.Sparkcom ADSL Router
5.D-Link DI-524 Wireless Router
all i need to do is provide users with a VPN connections to a server running windows 2003 that stores a Database.There will only be a max of 10 concurrent connections to the server via VPN at any one time.These clients will connect either from their homes or on the road where ever they have internet connections.We use the Intelligent gateway to connect to the internet.This gateway connects to a LAN so all of our pcs at the office connect to the net through the Broadband Router.Is it possible for me to use any of these routers to configure VPN connections?If so can someone please take me through the process so i can clearly understand what iam supposed to do? .I need a Hardware related VPN than software coz i want use this as an opportunity to learn how these devices are configured.I can also do with some knowledge of DMZ and how to configure it.A simple sketch using arrows would be:
Mobile users------->ISP------>int
Your help will be higly appreciated.
Jmaambo
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Great, let us know how you make out.
--Rob
--Rob
ASKER
I have configured the win 2003 server as instructed above.I have not made any changes to the default settings on the RRAS server.I have set the port forwarding according to the 2Wire instrictions above.
I have also configured one of the XP clients.I tried to initiate a connection from this XP client computer within the network,it goes all the way to displaying the message "Verifying username and Password..."and then displays"Disconnected:Erro
Thanks
I have also configured one of the XP clients.I tried to initiate a connection from this XP client computer within the network,it goes all the way to displaying the message "Verifying username and Password..."and then displays"Disconnected:Erro
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will try to connect from outside and see what happens,for now let me go to the 2-wire firewall settings and check the settings, but then i followed all the instructions listed in the link you gave me.
Will update you,let me try again
thanks
Will update you,let me try again
thanks
>>"followed all the instructions listed in the link you gave me."
Unfortunately the link (PortForward.com) doesn't show GRE configurations.
Unfortunately the link (PortForward.com) doesn't show GRE configurations.
ASKER
I have tried to look at the firewall settings on the router to try and look for the option to allow GRE configurations.Am unable to correct the error 721.What other options do i have to come around this error?I tested the connection from outside the network but same error.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It seems this Router am using is abit tricky,i will try the Linksys WAG354G and see if it will allow it.As i was doing some more research,i came across this link where this guy explains a problem similar to mine.He is using a 2wire router but a different version.have a look at this,he talks about enabling the passthrough option which i assumed was on one of the pages on this router.here is the link:
http://www.governmentsecurity.org/archive/t15714.html
http://www.governmentsecurity.org/archive/t15714.html
ASKER
by the way!no other router connected,what i have is :
Internet-----2Wire----->sw
Internet-----2Wire----->sw
Yes, I saw that page when I was digging, but there are quite a few models.
ASKER
Rob
Thanks for all the help,you have been Excellent,I eventually just followed your advice to change the router from 2wire to Linksys WAG354G.I followed the instructions in the link and 'Bung! game on! established the connection instantly from even inside the network.I havent tested it from the outside but i guess it will still work.One more thing please Rob,What advice can you give me with regard to the security of the VPN,how do i configure the security on these connections,what approach to security should i take?
Many that for the solution
Thanks for all the help,you have been Excellent,I eventually just followed your advice to change the router from 2wire to Linksys WAG354G.I followed the instructions in the link and 'Bung! game on! established the connection instantly from even inside the network.I havent tested it from the outside but i guess it will still work.One more thing please Rob,What advice can you give me with regard to the security of the VPN,how do i configure the security on these connections,what approach to security should i take?
Many that for the solution
There is really only two major concerns with VPN security;
-everybody has the Windows VPN client, therefore it is important to use strong passwords, and keep them protected
-all traffic in a VPN tunnel is encrypted and therefore protected, but the tunnel itself is a wide open back door to your network, from the remote location. Try to control what hardware users are using to connect to your network. I won't allow users to use their home, family computer that Johny uses to play on-line games. If that computer were compromised, your network could become compromised. You have now placed a remote computer dead center in your business network. Treat it as such.
On the same note; there is a security feature in the VPN client that blocks local connections, including local Internet access, to protect the office/remote network. I recommend keeping this enabled, it is by default. It is located on the client in; control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | leave enabled/checked "Use default gateway on remote network"
There are also more secure VPN's that use IPSec and certificates if really concerned, but you need more expensive equipment.
Thanks Jmaambo.
Cheers !
--Rob
-everybody has the Windows VPN client, therefore it is important to use strong passwords, and keep them protected
-all traffic in a VPN tunnel is encrypted and therefore protected, but the tunnel itself is a wide open back door to your network, from the remote location. Try to control what hardware users are using to connect to your network. I won't allow users to use their home, family computer that Johny uses to play on-line games. If that computer were compromised, your network could become compromised. You have now placed a remote computer dead center in your business network. Treat it as such.
On the same note; there is a security feature in the VPN client that blocks local connections, including local Internet access, to protect the office/remote network. I recommend keeping this enabled, it is by default. It is located on the client in; control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | leave enabled/checked "Use default gateway on remote network"
There are also more secure VPN's that use IPSec and certificates if really concerned, but you need more expensive equipment.
Thanks Jmaambo.
Cheers !
--Rob
ASKER
Jmaambo