VPN through a router that has a dynamic IP; problem?

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi...

I have:

Windows XP Pro SP2 wired via ethernet to BTVOYAGER 2100 ADSL modem/router
and Windows XP Pro SP2 laptop wirelessly connected to the same router.

I am trying to set up a VPN from the desktop to a secure server at work.

In the BTVOYAGER 2100 configuration manager at Virtual Server -> Port
Forwarding - Add new rule, I have:

1) In IP address box I have added the IP of the work server & set the ports
to 1723 (TCP)
2) I have made an exception for port 1723 in the Windows Firewall

The problem I am trying to solve is that the server at work needs to know
which IP the connection is coming from inorder for authentication to succeed;
however, I am told that my ISP, which is BT Broadband creates a new IP
address for my router every time I connect to the internet, which is about
once a day. I have ADSL 1MB/s connection.
The server will only accept an IP address and not a resolved DNS, which I
could have created at www.dyndns.org; is there any way to resolve a dynamic
IP address into a static one, so that I can give the IT guys at work an IP
address that will identify my router.

Thanks...

Charlie
5 answers Last reply
More about router dynamic problem
  1. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Charles Robertson <CharlesRobertson@discussions.microsoft.com> wrote:

    > One last question; am I (home computer) allowed to use the same
    > private LAN IP address (192.168.1.3) as my office computer or does
    > this have to have a different private LAN IP address?

    Not only may you not use the same IP address, you may not use the same IP
    sub-net at each end of the VPN link.

    If your office network uses 192.168.1.xxx addresses, then you may not use
    any 192.168.1.xxx addresses in your home LAN: if necessary you must
    reconfigure your router so that it and its dependent LAN use a different IP
    sub-net.

    --
    Robin Walker [MVP Networking]
    rdhw@cam.ac.uk
  2. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Thanks Robin...

    That is very useful information; I will change the relevant IPs and subnet,
    so that they do not clash and then send you the results...

    However, I do not understand why this is the case?

    Surely if the IP I access the server with is an external IP (public), the
    server's computers will never see my LAN IP; I do not understand why there
    should be a clash...

    Thanks...

    Charlie

    "Robin Walker [MVP]" wrote:

    > Charles Robertson <CharlesRobertson@discussions.microsoft.com> wrote:
    >
    > > One last question; am I (home computer) allowed to use the same
    > > private LAN IP address (192.168.1.3) as my office computer or does
    > > this have to have a different private LAN IP address?
    >
    > Not only may you not use the same IP address, you may not use the same IP
    > sub-net at each end of the VPN link.
    >
    > If your office network uses 192.168.1.xxx addresses, then you may not use
    > any 192.168.1.xxx addresses in your home LAN: if necessary you must
    > reconfigure your router so that it and its dependent LAN use a different IP
    > sub-net.
    >
    > --
    > Robin Walker [MVP Networking]
    > rdhw@cam.ac.uk
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Charles Robertson <CharlesRobertson@discussions.microsoft.com> wrote:

    > That is very useful information; I will change the relevant IPs and
    > subnet, so that they do not clash and then send you the results...
    >
    > However, I do not understand why this is the case?
    >
    > Surely if the IP I access the server with is an external IP (public),
    > the server's computers will never see my LAN IP; I do not understand
    > why there should be a clash...

    You said you were setting up a VPN. The effect of the VPN is to set up a
    virtual link directly between your LAN addresses and the LAN addresses
    behind the office's router: both ends are ignorant of the public IPs of the
    router(s) by which you create the VPN connection.

    For IP routing to work properly on the virtual link, the IP sub-net at the
    far end must be distinct from the IP sub-net at the local end. Once sub-net
    is accessed by broadcasting ARPs on the local LAN, the other sub-net is
    routed via the VPN gateway.

    --
    Robin Walker [MVP Networking]
    rdhw@cam.ac.uk
  4. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Thanks Robin...

    I now totally understand what a VPN is.

    We have changed our LAN IP and subnet, so that:

    Router: 192.168.0.41
    Desktop: 192.168.0.43
    Laptop: 192.168.0.42
    Subnet: 255.255.255.128

    The server we are connecting to:

    Server: 192.168.1.0
    Computer: 192.168.1.193
    Subnet: 255.255.255.0

    In the log view of the Sonicwall Global VPN Client, the connection gets to
    and completes phase 2, which in the help file indicates a successful
    connection; so the connection has got behind the server's firewall!
    However, when I type in 192.168.1.193 into the Remote Desktop Connection,
    after about 30 seconds, I get a message saying that it could not connect with
    remote computer.

    Do you know why this would be?

    Thanks...

    Charlie

    "Robin Walker [MVP]" wrote:

    > Charles Robertson <CharlesRobertson@discussions.microsoft.com> wrote:
    >
    > > That is very useful information; I will change the relevant IPs and
    > > subnet, so that they do not clash and then send you the results...
    > >
    > > However, I do not understand why this is the case?
    > >
    > > Surely if the IP I access the server with is an external IP (public),
    > > the server's computers will never see my LAN IP; I do not understand
    > > why there should be a clash...
    >
    > You said you were setting up a VPN. The effect of the VPN is to set up a
    > virtual link directly between your LAN addresses and the LAN addresses
    > behind the office's router: both ends are ignorant of the public IPs of the
    > router(s) by which you create the VPN connection.
    >
    > For IP routing to work properly on the virtual link, the IP sub-net at the
    > far end must be distinct from the IP sub-net at the local end. Once sub-net
    > is accessed by broadcasting ARPs on the local LAN, the other sub-net is
    > routed via the VPN gateway.
    >
    > --
    > Robin Walker [MVP Networking]
    > rdhw@cam.ac.uk
    >
    >
    >
  5. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Robin I forgot to add that when I generate a report for the VPN connection,
    the following lines may be of interest to you; these lines are generated,
    when I start the Remote Desktop Connection:


    2005/02/03 17:07:07:785
    Information 195.152.75.254
    calling NetUserGetInfo: Server: \\D289LZ0J, User: charles robertson, level: 3

    2005/02/03 17:07:07:786
    Information 195.152.75.254
    NetUserGetInfo returned: home dir: , remote dir: , logon script:

    2005/02/03 17:07:11:502
    Information 195.152.75.254
    Sending dead peer detection request.

    2005/02/03 17:07:11:518
    Information 195.152.75.254
    Received dead peer detection acknowledgement.

    2005/02/03 17:07:28:940
    Information 195.152.75.254
    Received dead peer detection request.

    2005/02/03 17:07:28:941
    Information 195.152.75.254
    Sending dead peer detection acknowledgement.

    2005/02/03 17:15:41:518
    Information 195.152.75.254
    Sending phase 2 delete for 192.168.1.0/255.255.255.0.

    2005/02/03 17:15:41:519
    Information 195.152.75.254
    Sending phase 1 delete.

    2005/02/03 17:15:41:846
    Information 195.152.75.254
    Starting ISAKMP phase 1 negotiation.

    2005/02/03 17:15:42:018
    Information 195.152.75.254
    Starting aggressive mode phase 1 exchange.

    2005/02/03 17:15:42:019
    Information 195.152.75.254
    NAT Detected: Local host is behind a NAT device.

    2005/02/03 17:15:42:020
    Information 195.152.75.254
    The SA lifetime for phase 1 is 28800 seconds.

    2005/02/03 17:15:42:021
    Information 195.152.75.254
    Phase 1 has completed.

    2005/02/03 17:15:42:034
    Information 195.152.75.254
    Received request for policy version.

    2005/02/03 17:15:42:035
    Information 195.152.75.254
    Sending policy version reply.

    2005/02/03 17:15:42:065
    Information 195.152.75.254
    Received policy change is not required.

    2005/02/03 17:15:42:066
    Information 195.152.75.254
    Sending policy acknowledgement.

    2005/02/03 17:15:42:067
    Information 195.152.75.254
    The configuration for the connection is up to date.

    2005/02/03 17:15:49:502
    Information 195.152.75.254
    Starting ISAKMP phase 2 negotiation with 192.168.1.0/255.255.255.0:*:*:*.

    2005/02/03 17:15:49:503
    Information 195.152.75.254
    Starting quick mode phase 2 exchange.

    2005/02/03 17:15:49:534
    Information 195.152.75.254
    The SA lifetime for phase 2 is 28800 seconds.

    2005/02/03 17:15:49:535
    Information 195.152.75.254
    Phase 2 with 192.168.1.0/255.255.255.0:*:*:* has completed.

    2005/02/03 17:15:49:536
    Information 195.152.75.254
    NetWkstaUserGetInfo returned: user: charles robertson, logon domain: D289LZ0J

    2005/02/03 17:15:51:784
    Information 195.152.75.254
    NetGetDCName failed: Could not find domain controller for this domain.


    Could this be something to do with why the Remote Desktop Connection is
    failing? I refer to the last 2 entries...

    Thanks...

    Charlie


    "Robin Walker [MVP]" wrote:

    > Charles Robertson <CharlesRobertson@discussions.microsoft.com> wrote:
    >
    > > That is very useful information; I will change the relevant IPs and
    > > subnet, so that they do not clash and then send you the results...
    > >
    > > However, I do not understand why this is the case?
    > >
    > > Surely if the IP I access the server with is an external IP (public),
    > > the server's computers will never see my LAN IP; I do not understand
    > > why there should be a clash...
    >
    > You said you were setting up a VPN. The effect of the VPN is to set up a
    > virtual link directly between your LAN addresses and the LAN addresses
    > behind the office's router: both ends are ignorant of the public IPs of the
    > router(s) by which you create the VPN connection.
    >
    > For IP routing to work properly on the virtual link, the IP sub-net at the
    > far end must be distinct from the IP sub-net at the local end. Once sub-net
    > is accessed by broadcasting ARPs on the local LAN, the other sub-net is
    > routed via the VPN gateway.
    >
    > --
    > Robin Walker [MVP Networking]
    > rdhw@cam.ac.uk
    >
    >
    >
Ask a new question

Read More

Routers Servers IP Windows XP