Re: VPN Router Setup Question

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Merv Porter [SBS-MVP] (mwport_at_no_spam_hotmail.com)
Date: 10/16/04 

Date: Sat, 16 Oct 2004 10:30:48 -0500

That's good info. Thanks Frank.

"Frank McCallister SBS MVP" <anonymous> wrote in message
news:umUJ$q4sEHA.3872@TK2MSFTNGP15.phx.gbl...
> Hi Merv
>
> Thanks for the link. Some of the Caymans need to have the Firmware updated
> though to use the Nat Default Host feature to forward All Hosts. I just
> happened to do this yesterday at a client site.
>
> --
> Frank McCallister SBS MVP
> COMPUMAC
> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
> news:ukpb8Y4sEHA.2536@TK2MSFTNGP11.phx.gbl...
> > Hi Steve:
> >
> > http://www.netopia.com/en-us/equipment/tech/c_faq.html#ph_no_1
> >
> > The term "configuring a pinhole" with a Netopia router looks like it's
the
> > same as the term "port forwarding" for most other routers. Basically,
all
> > external (WAN) traffic hits the router and, if allowed by the rules you
> > set
> > up on the router, is forwarded to your LAN network for processing. In
> > order
> > for ISA to function as a firewall and process this traffic, you'll need
2
> > NICs (an "internal" and an "external") in your SBS server. Let SBS
handle
> > DHCP service and turn DHCP off on the router. Then set up the network
> > according to the diagram at: (the text is mostly for SBS 2000 setup):
> >
> > http://www.smallbizserver.net/Default.aspx?tabid=50
> >
> > Once you have your network setup, run Connect to the Internet (CEICW)
and
> > Configure Remote Access from the To Do list in Server Management on the
> > SBS.
> > If CEICW asks to automatically set up the router (UPNP), decline because
> > you
> > will need to set it up manually.
> >
> > Then go into your router and "configure a pinhole" to forward all VPN
> > traffic to the external NIC on your SBS. The Netopia FAQ link above
has
> > a
> > section on how to do this:
> >
> > How do I configure a pinhole to allow remote users to connect to my
> > internal
> > MicrosoftT NT server running VPN service?
> > 1. Browse into the CaymanŽ Series gateway.
> > 2. Click on the "Expert Mode" link.
> > 3. Click on the "Pinhole" link.
> > 4. In the Pinhole Entry table, in the first line, type the name you
would
> > like associated with the pinhole.
> > 5. Protocol "TCP" should be selected.
> > 6. In the "External Port Start" and "External Port End" field, type
1723.
> > 7. In the "Internal IP Address" field, type the internal IP of the
> > machine
> > running MicrosoftT VPN service.(Example 192.168.1.1)
> > 8. In the "Internal Port" field, type 1723.
> > 9. Then click add. The table will expand one row ready to accept
another
> > entry.
> > 10. NEXT:
> > 11. Again type the name you would like associated with this pinhole.
> > 12. In the new field, select the "PPTP" protocol.
> > 13. In the "External Port Start" and "External Port End" field, type 0
> > (zero).
> > 14. In the "Internal IP Address" field, again type the internal IP of
the
> > machine running MicrosoftT VPN service. (Example 192.168.1.1)
> > 15. In the "Internal Port" field, type 0 (zero).
> > 16. Then click add. The table will expand one row ready to accept
another
> > entry.
> > 17. When finished, click the "Home" button. Now, at the home page,
> > restart
> > the CaymanŽ Series gateway to allow the changes to take effect.
> >
> > Now, with SBS 2003, RWW (Remote Web Workplace) all but replaces the need
> > for
> > a straight VPN as a secure method for remote administration or remote
> > control of workstations/servers, provided your workstations are WinXP
Pro.
> > RWW requires ports 443 and 4125 to be forwarded to your external NIC.
> >
> > --
> > Merv Porter [SBS MVP]
> > ===================================
> > "Steve McGrath" <smcgrath@no-spam.org> wrote in message
> > news:uWliOe3sEHA.1924@TK2MSFTNGP10.phx.gbl...
> >> Hi,
> >> I'm in the process of having my first attempt at configuring vpn. One
> >> question I have is relating to the router config on
> >> http://www.smallbizserver.net/Default.aspx?tabid=49 where it shows
having
> >> all ports routed to the external facing NIC on the sbs server.
Presumably
> >> this means that all ports map directly to the server and is similar to
> >> having your server 'directly' connected to the internet. I presume this
> >> is
> >> ok to do since I'm also running ISA (sbs2003 premium). The modem I have
> >> is
> > a
> >> Netopai Cayman, and one of their articels describes configuring a
> > 'pinhole'
> >> through NAT. Would this work for VPN or is the suggested setup better?
> >> Thanks,
> >> Steve
> >>
> >>
> >
> >
>
>

Quantcast