Re: Complete VPN Fundamentals and VPN Router RV042

anonymous_at_discussions.microsoft.com
Date: 09/07/04 

Date: Tue, 7 Sep 2004 03:02:47 -0700

Thanks Bill:

I am afraid you may be correct. Linksys support which is
very weak and also are very confused themselves seem to
insist that it is possible. They make you set up the
IPsec configuration (Policy) on the PC w/Windows XP with
two tunnels. Somewhere I read that tunnel mode can do
VPN over NAT. HOwever I dont know whether creating
tunnels in the IPsec policy is the same as Tunnel Mode
IPsec. Nevertheless, a complicating factor is that
Microsoft has a paper that says that this TUnnel
configuration is only for a server with two NICs acting
as a GATEWAY with the other end of the tunnel a
VPNrouter. The single PC with a NAT address connecting
to the VPN router seems in their view hopeless.

Has anybody done a VPN over NAT with a single PC w/winXP
or win2000?

PCw---Router1--Internet--VPNRouter---Server
Router1 and VPNRouter are doing NAT and providing private
IPs.

In this diagram which side of Router1 and VPNRouter are
the VPN end points?? Perhaps the PC Address is one of the
endpoints?

>-----Original Message-----
>I'm a novice on non-pptp VPN's so take this with a grain
of salt:
>
>I'd rather you tested this without router1, if
possible. I don't believe
>you can do what you are trying to do through the average
NAT.
>Jeffrey--correct me??
>
>As to what happens when you connect in the end--with
other VPN's I've used,
>the answer is nothing--just what happens when you plug
in an ethernet
>connection. You have an open pipe--you may be able to
see bytes exchanged
>if you've chosen to have the connection visible as a
system tray icon--but
>you'll need to actually connect to something to "see"
something happen.
>
>
>"Lewis Giana" <anonymous@discussions.microsoft.com>
wrote in message
>news:5ca601c49205$2e4f57a0$a601280a@phx.gbl...
>>
>> So far I have a laptop at home, and I want to connect
to
>> a server in another house and the situation looks like
>> this:
>>
>> laptop1---Router1--Internet--VPNRouter---Server
>>
>> or equivalently:
>>
>> NETA---Router1--Internet--VPNRouter---NETB
>>
>> Router1 is Linksys BEFW11S4
>> The VPNRouter is Linksys RV042
>> www.linksys.com Their manual is almost worthless.
>> Their support inane.
>>
>> The ROUTERS HAVE TOTALLY DIFFERENT INTERNET ipS.
>> THAT IS, ONE HAS 200.3.34.4, THE OTHER 127.6.32.3
>> Each provides NAT and Private ips, one to NETA and the
>> other router to NETB respectively.
>>
>>
>> Laptop has XP Professional
>> Laptop and server have PRIVATE IPs
>>
>> Server is a DOMAN controller. Has Window Server 2003
and
>> VPN is NOT configured, since the VPNrouter will do the
>> VPN job. Is this thinking correct?
>>
>> To configure this WHY do we do the following steps? In
>> other words what are we doing? Can someone explain? One
>> short paragaph should do wonders.
>>
>> 1. On the laptop with Windos XP I create IPsec Policy
>> FROM the laptop to the VPNrouter. DO I need another
>> security policy from the VPNRouter to the laptop?
>>
>> 2. On the laptop Create two Filter Lists for the
>> connection from the laptop to the VPN router and
another
>> filter list from the connection from the VPN router to
>> the laptop.
>>
>> 3. On the Laptop create security rules for the filter
>> lists created on step 2. This is where encription and
>> authentication methods are defined.
>>
>> 4. On the laptop create two tunnels for each Filter
List
>> on step 2.
>>
>> 5. Assign the security policy create on step 1.
>>
>> 6. The mising step. WHEN AND HOW THE PREVIOUS STEPS
are
>> used or activated to create the VPN?
>>
>>
>> 7. The router for NEtA has vpn passthrough. Is this
>> correct?
>>
>> 8. The VPNrouter for NETB should it have vpn
passthrough
>> DISABLED? This router has VPN capabilities and can
>> establish 30 tunnels they say.
>>
>> 9. DO I need to configure the server on NETB just like
>> the laptop? In other words perform steps 1 through 6 on
>> the server?
>>
>> 10. When all is working properly and the laptop joins
>> NETB throgh VPN. what happens? Does one see a small
>> window to login into the server? or does the VPN router
>> does the authentication and how? Or nothing should
happen
>> until one accesses shares on the server?
>>
>>
>
>
>.
>

Relevant Pages

  • Re: VPN Advice...do I need a purchased static ip address on the external interface?
    ... >> Server then that server must have a been assigned a purchased static IP ... >> if I was to try and use Windows 2000 SBS as the server for the VPN, ... >> If I used a router instead then the router would have this purchased IP ... > supports dynamic dns, then users connect to the dynamic dns name and ...
    (comp.dcom.vpn)
  • Re: vpn probl
    ... not to vpn server, so when workstations needed to reply to the ping requests ... they were trying to respond though their gateway that was the adsl router ... static route 172.16.x..x pointing to vpn remote router in rras, ...
    (microsoft.public.windows.server.networking)
  • Re: Problem
    ... telephoned the office where the server was and asked her to re-boot the ... Once I saw the config of the VPN router there, I knew what to do on the ... on the remote site and see if they have the connection manager installed. ...
    (microsoft.public.windows.server.sbs)
  • Re: Please Help Site-To-Site without ISA
    ... You can configure more than one site to site VPN connection on the ... You set up a new demand-dial interface and configure a new site to ... public IP of the VPN server at the second site on the front. ... to router connection. ...
    (microsoft.public.windows.server.networking)
  • Re: vpn probl
    ... fact that you have ISA server at one end and not at the other. ... site to site link in ISA creates a file to configure the "answering" router. ... hub (as all other sites have a VPN link to the hub). ... > static routes redirecting the their needs. ...
    (microsoft.public.windows.server.networking)