Re: VPN Router Setup Question

From: Frank McCallister SBS MVP (anonymous)
Date: 10/16/04 

Date: Sat, 16 Oct 2004 09:16:25 -0500

Hi Merv

Thanks for the link. Some of the Caymans need to have the Firmware updated
though to use the Nat Default Host feature to forward All Hosts. I just
happened to do this yesterday at a client site. 

-- 
Frank McCallister SBS MVP
COMPUMAC
"Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message 
news:ukpb8Y4sEHA.2536@TK2MSFTNGP11.phx.gbl...
> Hi Steve:
>
> http://www.netopia.com/en-us/equipment/tech/c_faq.html#ph_no_1
>
> The term "configuring a pinhole" with a Netopia router looks like it's the
> same as the term "port forwarding" for most other routers.  Basically, all
> external (WAN) traffic hits the router and, if allowed by the rules you 
> set
> up on the router, is forwarded to your LAN network for processing.  In 
> order
> for ISA to function as a firewall and process this traffic, you'll need 2
> NICs (an "internal" and an "external") in your SBS server.  Let SBS handle
> DHCP service and turn DHCP off on the router.  Then set up the network
> according to the diagram at: (the text is mostly for SBS 2000 setup):
>
> http://www.smallbizserver.net/Default.aspx?tabid=50
>
> Once you have your network setup, run Connect to the Internet (CEICW) and
> Configure Remote Access from the To Do list in Server Management on the 
> SBS.
> If CEICW asks to automatically set up the router (UPNP), decline because 
> you
> will need to set it up manually.
>
> Then go into your router and "configure a pinhole" to forward all VPN
> traffic to the external NIC on your SBS.  The Netopia FAQ  link above has 
> a
> section on how to do this:
>
> How do I configure a pinhole to allow remote users to connect to my 
> internal
> MicrosoftT NT server running VPN service?
> 1.  Browse into the CaymanŽ Series gateway.
> 2.  Click on the "Expert Mode" link.
> 3.  Click on the "Pinhole" link.
> 4.  In the Pinhole Entry table, in the first line, type the name you would
> like associated with the pinhole.
> 5.  Protocol "TCP" should be selected.
> 6.  In the "External Port Start" and "External Port End" field, type 1723.
> 7.  In the "Internal IP Address" field, type the internal IP of the 
> machine
> running MicrosoftT VPN service.(Example 192.168.1.1)
> 8.  In the "Internal Port" field, type 1723.
> 9.  Then click add. The table will expand one row ready to accept another
> entry.
> 10.  NEXT:
> 11.  Again type the name you would like associated with this pinhole.
> 12.  In the new field, select the "PPTP" protocol.
> 13.  In the "External Port Start" and "External Port End" field, type 0
> (zero).
> 14.  In the "Internal IP Address" field, again type the internal IP of the
> machine running MicrosoftT VPN service. (Example 192.168.1.1)
> 15.  In the "Internal Port" field, type 0 (zero).
> 16.  Then click add. The table will expand one row ready to accept another
> entry.
> 17.  When finished, click the "Home" button. Now, at the home page, 
> restart
> the CaymanŽ Series gateway to allow the changes to take effect.
>
> Now, with SBS 2003, RWW (Remote Web Workplace) all but replaces the need 
> for
> a straight VPN as a secure method for remote administration or remote
> control of workstations/servers, provided your workstations are WinXP Pro.
> RWW requires ports 443 and 4125 to be forwarded to your external NIC.
>
> -- 
> Merv  Porter  [SBS MVP]
> ===================================
> "Steve McGrath" <smcgrath@no-spam.org> wrote in message
> news:uWliOe3sEHA.1924@TK2MSFTNGP10.phx.gbl...
>> Hi,
>> I'm in the process of having my first attempt at configuring vpn. One
>> question I have is relating to the router config on
>> http://www.smallbizserver.net/Default.aspx?tabid=49 where it shows having
>> all ports routed to the external facing NIC on the sbs server. Presumably
>> this means that all ports map directly to the server and is similar to
>> having your server 'directly' connected to the internet. I presume this 
>> is
>> ok to do since I'm also running ISA (sbs2003 premium). The modem I have 
>> is
> a
>> Netopai Cayman, and one of their articels describes configuring a
> 'pinhole'
>> through NAT. Would this work for VPN or is the suggested setup better?
>> Thanks,
>> Steve
>>
>>
>
>