Re: Router-to-router VPN
- From: daveg <daveg@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 9 May 2006 13:07:02 -0700
Okay lets try just one scenario
Review –
Setup info: Site 1 - Win2k3 sbs server dc - dhcp – dns – wins
and sonicwall tz170 router
Site 2 - WinXP Pro wks's w/SP2
and Netgear prosafe fvs114
Have made sucessful router to router vpn connection - great!
We are able to ping the sbs server by ip adderss but NOT by name.
We are NOT able to browes the network.
We are NOT able to connect to exchange
We are unable to connect to any network shares - when we try this we receive
a logon prompt. No domain user accounts work the only account name that works
is the administrator.
"Phillip Windell" wrote:
"daveg" <daveg@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message.
news:BDAFA593-7F02-4EF5-ABC0-34ADE28E5473@xxxxxxxxxxxxxxxx
Tunnel isHave opened both 1723 and 47 ports. - no problems
Why?? There is no such traffic passing "over" the firewalls,...the
between them and terminates on them.
For use to traveling laptops that vpn to the server.
Doesn't matter.
They are VPN'ing to them, not through them. That is, assuming the
"firewall" is acting as the VPN Server and that the VPN Server is not behind
the firewall.
Also, 47 is not a "port",...it is a protocol,..it is "Protocol-47". I
believe it is the same thing as the GRE Protocol. The only port involved is
1723. The process of passing the GRE packets is a specialized thing and not
all firewalls have the ability. But this is all a "moot point" since the
"Tunnel" is not passing "through" the firewalls, instead it is only
terminating at the firewalls which is not the same thing. Passing the
Tunnel past the firewall to a VPN Server sitting behind the firewall is
commonly refered to as "VPN Passthrough" which is a special function that
includes dealing with the GRE packets, and not all firewalls can handle
this.
But I think there is a lot of confusion with this post. You started out
talking about a Router-to-Router VPN which takes place *only* between the
two firewalls and the Tunnel terminates directly on the two firewalls. This
has nothing to do with traveling laptops which use *only* Remote Access VPN.
Remote Acess VPN and Router-to-Router VPN are two entirely different things
that live on two different planets. Getting one of the two to function does
not in any way get the other one to function,..they are totally separate
from each other.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
- Prev by Date: Windows XP Pro Clients Hang When Applying Computer Settings
- Next by Date: Re: Any Way to Not Assign DNS Name to IP Address?
- Previous by thread: Windows XP Pro Clients Hang When Applying Computer Settings
- Next by thread: Windows 2003 DHCP Server service recovery failure restart problem
- Index(es):
Relevant Pages
|
