Re: VPN difficulties with netgear adsl router D824M

From: Joe (joe_at_jretrading.com)
Date: 12/17/04 

Date: Fri, 17 Dec 2004 20:41:59 +0000

In message <082D8F92-35EB-4075-8AA0-627E89B674A2@microsoft.com>, Lankor
<Lankor@discussions.microsoft.com> writes
>
>hi guys,
>
>thats great info!
>
>just 1 last question (esp for joe :) )
>
>For 'LAN Server IP address' Do i enter my laptop ip such as 192.168.0.5
>(e.g.) or my server ip address at 62.XXX.XXX.XXX
>
I'm now not quite clear which is where. I had assumed your laptop was at
home, and you connect to an SBS server through a Netgear router at the
SBS end. Is this right?

The router needs to allow inbound connection at the end which receives
the VPN. It must also forward the connection to the machine where the
VPN terminates.

If there is also a firewall on the home Internet connection, and there
certainly should be, it should not need any configuration. It should
allow anything out, and should accept the replies to your outbound
connections.

If the home machine runs a 'personal' firewall (other than the XP one),
then this must be set to allow outgoing VPN connections. Usually this
kind of program pops up a dialog box if something unauthorised on your
machine tries to connect out. After a few attempts, and your permission,
it will normally add appropriate rules to its list. If you have already
used a VPN to the server by another route, this will all have been taken
care of already.

>Do i need to set anything setting for WAN user and DMZ server?
>

You can restrict who can connect by using the WAN entry. If you will
always connect from one IP address, or one IP address range, you can
specify it here to improve security. If not, you're relying on the user
names and passwords of the people allowed to connect by VPN to keep the
bad guys out. If you might use one of several IP addresses, or ranges,
you can add several separate rules.

The default DMZ server gets anything that your rules do not specifically
mention, so is fully exposed to the Internet. *The default reject rule
of the router does not work for this machine.* You probably don't want
anything here. It's not a true DMZ, as the server is part of the
internal network. A real DMZ is a separate subnetwork which is not
connected to the internal one. 

-- 
Joe

Relevant Pages

  • RE: VPN issue on SBS2003
    ... I understand that you encountered VPN connection issue when you use VPN to ... Internet clients or VPN to external VPN Server from SBS Client computers? ... Configure E-mail and Internet Connection Wizard ... Total GRE packets sent = 1 ...
    (microsoft.public.windows.server.sbs)
  • RE: PPTP VPN connection problems
    ... The problem is that the VPN does not disconnect. ... However after some idle period I can not send packets across the connection. ... A ping to the server would result in "Request timed out". ... If I connect with the VPN client locally to the internet ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Ports to Open
    ... the VPN connection after you change the firewall before SBS. ... On the server, please stop the Routing and Remote Access service. ... Total GRE packets sent = 1 ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows 2003 VPN Default Gateway Issues
    ... Ethernet adapter Local Area Connection: ... If the VPN server is configured to use a static IP address ... the default gateway on the client is not the problem. ...
    (microsoft.public.windows.server.networking)
  • Re: Outgoing POP3 email missing/lost/not received
    ... ISP's mail server instead of the domain name on the ... SUMMARY OF SETTINGS FOR CONFIGURE E-MAIL AND INTERNET ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)