Re: VPN router - a routing issue..

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

SG's _can be_ 'real firewalls', they're basically a *nix box.

Out of the box they are a 'more advanced' NAT device but you actually have the ability to directly edit the firewall rules. Takes a bit of *nix firewall knowledge though.

"Leythos" <spam999free@xxxxxxxxxx> wrote in message news:MPG.23dae1d04774ec5b98981d@xxxxxxxxxxxxxxxxxxxxxxx
In article <uojbIbCeJHA.1328@xxxxxxxxxxxxxxxxxxxx>, tom.scott16@g-
nospam-mail.com says...
I have a routing problem, the network is a Broadband modem, Snapgear SG300
router, switch, dual homed SBS2003R2 Standard server (external and internal
NICs), workstations.

The router is new, purchased to provide extra security, the network has been
subject to increasing dictionary hack attacks. What I've found is that these
are mostly PPTP based, and I was hoping to use the routers VPN server to
establish network access.
[snip]

So, you want to PPTP into the Router and then have the router provide
access to your network?

If I understand, then you really need to be a Single NIC solution and
abandon the Dual Nic idea, it's always a mess when you try VPN stuff.

I don't use SnapGear devices - assuming that it provides/acts as a VPN
Server for PPTP sessions, you would have your users VPN directly to the
public IP of the SG router, authenticate with it, then have a RULE in
the SG router that would allow traffic from VPN sessions to the parts of
the network that you want.

Your best bet would actually be to (from your description in another
post of your actual need) setup a small Terminal Server 2003 system,
then allow users to Remote Desktop with Drive Mapping into the Terminal
Server, from there you would have mapped drives on logon that would
permit them to reach the files they need.

You could also setup a authenticated FTP method to let them access
files:

Setup the SG with a user/password that permits FTP ONLY FOR
Authenticated Users, then run FileZilla FTP server on the Server and
then provide FTP access that way. This would lock remote connections out
unless they authenticated with the SG user/password that you create to
ping against the FTP rule.

A better solution would be to purchase a REAL firewall appliance and do
all of this with a lot more security.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)

.

Relevant Pages

  • Re: Linksys CableDsl Router and DHCP etc.
    ... is to keep the router and machines set up ... > can pull out the router and connect the NIC ... a WINS server for simple name resolution. ... Use ftp to ...
    (comp.os.linux.networking)
  • Re: Wanting to place my hosted web on my server
    ... > the router setup page. ... > for FTP hits it - it looks to see if it has a port allocated for FTP on any ... > one with port 80 open. ... >> My server, with business ADSLcame with 5 static IP's. ...
    (microsoft.public.windows.server.dns)
  • Re: FTP question
    ... |> I have one server that has had connectivity issues this past week ... |> directed at trying yet another ftp software. ... |> or an error about the socket connection. ... |> own modem and a Linksey router using Xp 64bit system. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Weird FTP issue : connection fails until next router reboot
    ... No, ISA isn't used. ... I am encountering a weird FTP issue: when accessing an external FTP site, ... Router is D-Link DI-604, rev D 3.15 ... the remote server on port 21, ...
    (microsoft.public.windows.server.sbs)
  • ~~~~~~~~~~~~~~ IP ADDRESS ~~~~~~~~~~~~~~
    ... block my ip address vista windows ... change public ip address linksys router ... setting up a network ip address ... warcraft server ip address ...
    (sci.misc)