Win2k VPN configuration?

Post #61,848 by dlevitt 11/8/02 10:22:48 AM Reply	Win2k VPN configuration? A client would like to establish a VPN link from a remote W2K laptop [eventualy via a G3 wireless connection - just an internet connection for now] to a LAN [connected via a low end, VPN compatible router] For the prototype, we're using a Linksys BEFVP41 [need to verify the firmware revision]. I've been rying to build an ipSec tunnel, using documentation from Linksys and Microsoft. Some outstanding issues Is an ipSec tunnel appropriate? The W2K configuration for the filters uses a fixed IP adress for the tunnel endpoints - the router / workstation addresses are assigned by the ISP using DHCP - I expect that a wireless workstation address will be quite volatile. How to test / force a connection? [I've downloaded M$'s netdiag utility - and it reports the configuration matches what I thought I put in - I'm following audit instructions from a M$ article now] Can I force a connection by adding a known host name into LMHOSTS and performing net view //hostname ? Any success stories with VPN's? Dave Levitt I'm not unemployed - I'm a consultant!
Post #61,859 by pwhysall 11/8/02 11:06:56 AM Reply	Re: Win2k VPN configuration? If there is any NAT in the equation anywhere along the route you want to establish the IPSec connection on, then you cannot use IPSec alone to establish the VPN. You're probably better off using IPSec over something like PPTP or L2TP, NAT notwithstanding. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #61,895 by dlevitt 11/8/02 3:00:27 PM Reply	Re: Win2k VPN configuration? Thought it might be somthing involving NAT - even the ISP involved [Cablevision] uses the 10.0.0.0 net internally. Time to stock up on smoke, mirrors and sacrifical chickens [KFC, Popeye's or Boston market?].
Post #61,900 by wharris2 11/8/02 3:11:10 PM Reply	Smoke, mirrors, and sacrificial chicken wings Preferably at Hooters.
Post #61,930 by pwhysall 11/8/02 8:12:48 PM Reply	Rationale: IPSec depends on the IP header on the packet being unchanged. NAT does change these, and so IPSec breaks. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #62,167 by boxley 11/11/02 9:05:25 AM Reply	you need 2 static public IP addresses for VPN yes you can do it other ways but it is a mofo. thanx, bill will work for cash and other incentives [link\|http://home.tampabay.rr.com/boxley/resume/Resume.html\|skill set] "Fifty-one percent of a nation can establish a totalitarian regime, suppress minorities and still remain democratic." Correction: All that can be achieved with 51 percent of the voters!" Ilanna Mercer

Welcome to IWETHEY!