Re: Complete VPN Fundamentals and VPN Router RV042
From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 09/07/04
- Next message: Sean O: "Remote Desktop keeps changing screensaver wait time"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: Complete VPN Fundamentals and VPN Router RV042"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Complete VPN Fundamentals and VPN Router RV042"
- Next in thread: Jeffrey Randow (MVP): "Re: Complete VPN Fundamentals and VPN Router RV042"
- Reply: Jeffrey Randow (MVP): "Re: Complete VPN Fundamentals and VPN Router RV042"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 7 Sep 2004 09:06:14 -0400
There is a new standard, colloquially known as NAT-T, which allows a client
machine to use an IPSEC VPN through a NAT device to a host. This standard
must be supported by both the client and the host. Linksys should be able
to tell you whether or not the router supports this (as the host) and what
client software you need to be running to support this at the client end.
Theres a good chance that making this work well requires the latest firmare
for the router, as well.
<anonymous@discussions.microsoft.com> wrote in message
news:72ca01c494c1$d376be30$a601280a@phx.gbl...
> Thanks Bill:
>
> I am afraid you may be correct. Linksys support which is
> very weak and also are very confused themselves seem to
> insist that it is possible. They make you set up the
> IPsec configuration (Policy) on the PC w/Windows XP with
> two tunnels. Somewhere I read that tunnel mode can do
> VPN over NAT. HOwever I dont know whether creating
> tunnels in the IPsec policy is the same as Tunnel Mode
> IPsec. Nevertheless, a complicating factor is that
> Microsoft has a paper that says that this TUnnel
> configuration is only for a server with two NICs acting
> as a GATEWAY with the other end of the tunnel a
> VPNrouter. The single PC with a NAT address connecting
> to the VPN router seems in their view hopeless.
>
> Has anybody done a VPN over NAT with a single PC w/winXP
> or win2000?
>
> PCw---Router1--Internet--VPNRouter---Server
> Router1 and VPNRouter are doing NAT and providing private
> IPs.
>
> In this diagram which side of Router1 and VPNRouter are
> the VPN end points?? Perhaps the PC Address is one of the
> endpoints?
>
>
>>-----Original Message-----
>>I'm a novice on non-pptp VPN's so take this with a grain
> of salt:
>>
>>I'd rather you tested this without router1, if
> possible. I don't believe
>>you can do what you are trying to do through the average
> NAT.
>>Jeffrey--correct me??
>>
>>As to what happens when you connect in the end--with
> other VPN's I've used,
>>the answer is nothing--just what happens when you plug
> in an ethernet
>>connection. You have an open pipe--you may be able to
> see bytes exchanged
>>if you've chosen to have the connection visible as a
> system tray icon--but
>>you'll need to actually connect to something to "see"
> something happen.
>>
>>
>>"Lewis Giana" <anonymous@discussions.microsoft.com>
> wrote in message
>>news:5ca601c49205$2e4f57a0$a601280a@phx.gbl...
>>>
>>> So far I have a laptop at home, and I want to connect
> to
>>> a server in another house and the situation looks like
>>> this:
>>>
>>> laptop1---Router1--Internet--VPNRouter---Server
>>>
>>> or equivalently:
>>>
>>> NETA---Router1--Internet--VPNRouter---NETB
>>>
>>> Router1 is Linksys BEFW11S4
>>> The VPNRouter is Linksys RV042
>>> www.linksys.com Their manual is almost worthless.
>>> Their support inane.
>>>
>>> The ROUTERS HAVE TOTALLY DIFFERENT INTERNET ipS.
>>> THAT IS, ONE HAS 200.3.34.4, THE OTHER 127.6.32.3
>>> Each provides NAT and Private ips, one to NETA and the
>>> other router to NETB respectively.
>>>
>>>
>>> Laptop has XP Professional
>>> Laptop and server have PRIVATE IPs
>>>
>>> Server is a DOMAN controller. Has Window Server 2003
> and
>>> VPN is NOT configured, since the VPNrouter will do the
>>> VPN job. Is this thinking correct?
>>>
>>> To configure this WHY do we do the following steps? In
>>> other words what are we doing? Can someone explain? One
>>> short paragaph should do wonders.
>>>
>>> 1. On the laptop with Windos XP I create IPsec Policy
>>> FROM the laptop to the VPNrouter. DO I need another
>>> security policy from the VPNRouter to the laptop?
>>>
>>> 2. On the laptop Create two Filter Lists for the
>>> connection from the laptop to the VPN router and
> another
>>> filter list from the connection from the VPN router to
>>> the laptop.
>>>
>>> 3. On the Laptop create security rules for the filter
>>> lists created on step 2. This is where encription and
>>> authentication methods are defined.
>>>
>>> 4. On the laptop create two tunnels for each Filter
> List
>>> on step 2.
>>>
>>> 5. Assign the security policy create on step 1.
>>>
>>> 6. The mising step. WHEN AND HOW THE PREVIOUS STEPS
> are
>>> used or activated to create the VPN?
>>>
>>>
>>> 7. The router for NEtA has vpn passthrough. Is this
>>> correct?
>>>
>>> 8. The VPNrouter for NETB should it have vpn
> passthrough
>>> DISABLED? This router has VPN capabilities and can
>>> establish 30 tunnels they say.
>>>
>>> 9. DO I need to configure the server on NETB just like
>>> the laptop? In other words perform steps 1 through 6 on
>>> the server?
>>>
>>> 10. When all is working properly and the laptop joins
>>> NETB throgh VPN. what happens? Does one see a small
>>> window to login into the server? or does the VPN router
>>> does the authentication and how? Or nothing should
> happen
>>> until one accesses shares on the server?
>>>
>>>
>>
>>
>>.
>>
- Next message: Sean O: "Remote Desktop keeps changing screensaver wait time"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: Complete VPN Fundamentals and VPN Router RV042"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Complete VPN Fundamentals and VPN Router RV042"
- Next in thread: Jeffrey Randow (MVP): "Re: Complete VPN Fundamentals and VPN Router RV042"
- Reply: Jeffrey Randow (MVP): "Re: Complete VPN Fundamentals and VPN Router RV042"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
