Sign in with
Sign up | Sign in
Your question

The dirty dozen Questions on VPN!

Last response: in Networking
Share
Anonymous
May 12, 2004 7:13:29 PM

Archived from groups: comp.dcom.vpn (More info?)

Hi,
could you tell me what kind of vpn to use in this Windows TCP/IP
network? I read a lot of VPNs last days an have the bad feeling that
i've mixed up with all this now. Further down you see my A.), B.) and
C.) -understanding of VPNs. ;-)

1 W2K Adv. Server in local LAN
DomainController AD, DNS, WINS no DHCP
connected to Internet through DSL-Modem and ISDN-Card

50 WinXP prof. Workstation in local LAN
static IPs

3 WinXP prof. Notebooks in local WLAN
static IPs (reservated)

4 WinXP prof. Notebooks at home offices
connected to internet through whatever kind of DSL-router,
56k-modem or ISDN-modem an of course different ISPs.

The 4 home offices do RAS-DialUp-Connections to the ISDN-Card of the
server. But they want to change to VPN to use local dialin and safe
money. That's the situation.

AFAIK this is a so called Remote-Access-VPN what they are looking for,
isn't?! Anyway. I would like to set up a new W2K-Server and to order a
new DSL-Line (2Mbit) to avoid causing problems in local LAN.

A.) I could put this new Server (W2K-VPN-SRV) directly to the new
DSL-modem. All i need to do is to install a AD, WINS, DHCP, Routing and
RAS for VPN (PPTP or L2TP), and of course the PPPoE Connection to the
DSL-Line.

Q 1.) Isn't that pretty risky, cause there is no firewall in W2K Server?
Q 2.) If i would like to use IPsec., do i need special Software? AFAIK
there is a difference between L2TP (with IPsec.) and IPsec. as an
VPN-protocol itself, but i'm not sure?!
Q 3.) If i setup a new AD, what do i have to look for, because there is
already a DC in the local LAN?
Q 4.) If i setup DHCP, and W2K needs DHCP running for it's VPN-Server,
am i getting problems with all the other Workstations in the local
LAN?
Q 5.) I think i can replicate DNS and WINS with the other W2K Server,
can't i?

B.) Is exactly the same as A.) but i put a router between the DSL-Line
and the W2K-VPN-Server. I would have a NAT-firewall and a SPI-firewall.
Let's say i take the same like i have at home. Netgear WGT624 Wireless
Firewall Router. OK, forget about the wireless thing. The Routers spec.
tells several VPN-tunnel (Pass-Through, 2 IPSec., and several L2TP and
PTPP). In connection with 'Pass-Through' i heard of 'NAT-T'. As you can
guess, there a some more questionmarks now.

Q 6.) What port do i have to forward?
Q 7.) What about that protocol 47 (GRE)? I can't find anything about
that i my routers docs.
Q 8.) If that router is scrap, what kind of (SOHO?)-router should i use?
Q 9.) Is it right to switch off the routers DHCP and to just forward
every VPN port to the W2K-VPN-Router?
Q10.) I've often read about lowering the MTU size, or set a default DMZ.

Isn't that trying to fix something cause the router just wasn't
made to handle VPN?

C.) Same like B.) but instead of the Wireless Firewall Router WGT624 i
put a Firewall/VPN-Router like Netgears FVL328-Router.

Q11.) Sorry, but where is the difference? Is it that i don't have to put
up a VPN-Service through routing and RAS in W2K-VPN-Server?
Q12.) And if i do the VPN-Connection with FVL328, do i need a special
client software to do a VPN-Connection to FVL328?

As you can see, i'm not so confirm with that stuff. So i would like to
stop here and leave a dirty dozen to you. :-)

Bye V.
Anonymous
May 14, 2004 3:28:46 PM

Archived from groups: comp.dcom.vpn (More info?)

Reply i ment. Not evan one reply. TzTzTz
Anonymous
May 15, 2004 2:03:59 AM

Archived from groups: comp.dcom.vpn (More info?)

I'm sorry. The scope of your questions indicate that you shouldn't be looking for free advice in a newsgroup. You should be interviewing qualified professional networking consultants.

--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike.newsgroup@-deletethispart-.upcraft.com)


"Verona Busch" <veronabusch@gmx.de> wrote in message news:c823lr$i75$05$3@news.t-online.com...
> Reply i ment. Not evan one reply. TzTzTz
>
Related resources
Anonymous
May 15, 2004 4:12:13 AM

Archived from groups: comp.dcom.vpn (More info?)

Mike Drechsler - SPAM PROTECTED EMAIL wrote:

> I'm sorry. The scope of your questions indicate that you shouldn't be looking for free advice in a newsgroup. You should be interviewing qualified professional networking consultants.
>
Wow. Should I take it as a compliment? ;-) Nevertheless. Thought these
are fundamental questions I shouldn't discuss with some consultant.

Answers like this

[x] YES
[ ] NO

could be useful enough to me. I would know for what information to look
after.

V
Anonymous
July 13, 2004 9:16:32 PM

Archived from groups: comp.dcom.vpn (More info?)

Simple question, How much money are you willing to spend for a robust
solution?

Verona Busch wrote:
> Hi,
> could you tell me what kind of vpn to use in this Windows TCP/IP
> network? I read a lot of VPNs last days an have the bad feeling that
> i've mixed up with all this now. Further down you see my A.), B.) and
> C.) -understanding of VPNs. ;-)
>
> 1 W2K Adv. Server in local LAN
> DomainController AD, DNS, WINS no DHCP
> connected to Internet through DSL-Modem and ISDN-Card
>
> 50 WinXP prof. Workstation in local LAN
> static IPs
>
> 3 WinXP prof. Notebooks in local WLAN
> static IPs (reservated)
>
> 4 WinXP prof. Notebooks at home offices
> connected to internet through whatever kind of DSL-router,
> 56k-modem or ISDN-modem an of course different ISPs.
>
> The 4 home offices do RAS-DialUp-Connections to the ISDN-Card of the
> server. But they want to change to VPN to use local dialin and safe
> money. That's the situation.
>
> AFAIK this is a so called Remote-Access-VPN what they are looking for,
> isn't?! Anyway. I would like to set up a new W2K-Server and to order a
> new DSL-Line (2Mbit) to avoid causing problems in local LAN.
>
> A.) I could put this new Server (W2K-VPN-SRV) directly to the new
> DSL-modem. All i need to do is to install a AD, WINS, DHCP, Routing and
> RAS for VPN (PPTP or L2TP), and of course the PPPoE Connection to the
> DSL-Line.
>
> Q 1.) Isn't that pretty risky, cause there is no firewall in W2K Server?
> Q 2.) If i would like to use IPsec., do i need special Software? AFAIK
> there is a difference between L2TP (with IPsec.) and IPsec. as an
> VPN-protocol itself, but i'm not sure?!
> Q 3.) If i setup a new AD, what do i have to look for, because there is
> already a DC in the local LAN?
> Q 4.) If i setup DHCP, and W2K needs DHCP running for it's VPN-Server,
> am i getting problems with all the other Workstations in the local
> LAN?
> Q 5.) I think i can replicate DNS and WINS with the other W2K Server,
> can't i?
>
> B.) Is exactly the same as A.) but i put a router between the DSL-Line
> and the W2K-VPN-Server. I would have a NAT-firewall and a SPI-firewall.
> Let's say i take the same like i have at home. Netgear WGT624 Wireless
> Firewall Router. OK, forget about the wireless thing. The Routers spec.
> tells several VPN-tunnel (Pass-Through, 2 IPSec., and several L2TP and
> PTPP). In connection with 'Pass-Through' i heard of 'NAT-T'. As you can
> guess, there a some more questionmarks now.
>
> Q 6.) What port do i have to forward?
> Q 7.) What about that protocol 47 (GRE)? I can't find anything about
> that i my routers docs.
> Q 8.) If that router is scrap, what kind of (SOHO?)-router should i use?
> Q 9.) Is it right to switch off the routers DHCP and to just forward
> every VPN port to the W2K-VPN-Router?
> Q10.) I've often read about lowering the MTU size, or set a default DMZ.
> Isn't that trying to fix something cause the router just wasn't
> made to handle VPN?
>
> C.) Same like B.) but instead of the Wireless Firewall Router WGT624 i
> put a Firewall/VPN-Router like Netgears FVL328-Router.
>
> Q11.) Sorry, but where is the difference? Is it that i don't have to put
> up a VPN-Service through routing and RAS in W2K-VPN-Server?
> Q12.) And if i do the VPN-Connection with FVL328, do i need a special
> client software to do a VPN-Connection to FVL328?
>
> As you can see, i'm not so confirm with that stuff. So i would like to
> stop here and leave a dirty dozen to you. :-)
>
> Bye V.
>
!