The dirty dozen Questions on VPN!

Archived from groups: comp.dcom.vpn (More info?)

Hi,
could you tell me what kind of vpn to use in this Windows TCP/IP
network? I read a lot of VPNs last days an have the bad feeling that
i've mixed up with all this now. Further down you see my A.), B.) and
C.) -understanding of VPNs. ;-)

1 W2K Adv. Server in local LAN
DomainController AD, DNS, WINS no DHCP
connected to Internet through DSL-Modem and ISDN-Card

50 WinXP prof. Workstation in local LAN
static IPs

3 WinXP prof. Notebooks in local WLAN
static IPs (reservated)

4 WinXP prof. Notebooks at home offices
connected to internet through whatever kind of DSL-router,
56k-modem or ISDN-modem an of course different ISPs.

The 4 home offices do RAS-DialUp-Connections to the ISDN-Card of the
server. But they want to change to VPN to use local dialin and safe
money. That's the situation.

AFAIK this is a so called Remote-Access-VPN what they are looking for,
isn't?! Anyway. I would like to set up a new W2K-Server and to order a
new DSL-Line (2Mbit) to avoid causing problems in local LAN.

A.) I could put this new Server (W2K-VPN-SRV) directly to the new
DSL-modem. All i need to do is to install a AD, WINS, DHCP, Routing and
RAS for VPN (PPTP or L2TP), and of course the PPPoE Connection to the
DSL-Line.

Q 1.) Isn't that pretty risky, cause there is no firewall in W2K Server?
Q 2.) If i would like to use IPsec., do i need special Software? AFAIK
there is a difference between L2TP (with IPsec.) and IPsec. as an
VPN-protocol itself, but i'm not sure?!
Q 3.) If i setup a new AD, what do i have to look for, because there is
already a DC in the local LAN?
Q 4.) If i setup DHCP, and W2K needs DHCP running for it's VPN-Server,
am i getting problems with all the other Workstations in the local
LAN?
Q 5.) I think i can replicate DNS and WINS with the other W2K Server,
can't i?

B.) Is exactly the same as A.) but i put a router between the DSL-Line
and the W2K-VPN-Server. I would have a NAT-firewall and a SPI-firewall.
Let's say i take the same like i have at home. Netgear WGT624 Wireless
Firewall Router. OK, forget about the wireless thing. The Routers spec.
tells several VPN-tunnel (Pass-Through, 2 IPSec., and several L2TP and
PTPP). In connection with 'Pass-Through' i heard of 'NAT-T'. As you can
guess, there a some more questionmarks now.

Q 6.) What port do i have to forward?
Q 7.) What about that protocol 47 (GRE)? I can't find anything about
that i my routers docs.
Q 8.) If that router is scrap, what kind of (SOHO?)-router should i use?
Q 9.) Is it right to switch off the routers DHCP and to just forward
every VPN port to the W2K-VPN-Router?
Q10.) I've often read about lowering the MTU size, or set a default DMZ.

Isn't that trying to fix something cause the router just wasn't
made to handle VPN?

C.) Same like B.) but instead of the Wireless Firewall Router WGT624 i
put a Firewall/VPN-Router like Netgears FVL328-Router.

Q11.) Sorry, but where is the difference? Is it that i don't have to put
up a VPN-Service through routing and RAS in W2K-VPN-Server?
Q12.) And if i do the VPN-Connection with FVL328, do i need a special
client software to do a VPN-Connection to FVL328?

As you can see, i'm not so confirm with that stuff. So i would like to
stop here and leave a dirty dozen to you. :-)

Bye V.
4 answers Last reply
More about dirty dozen questions
  1. Archived from groups: comp.dcom.vpn (More info?)

    Reply i ment. Not evan one reply. TzTzTz
  2. Archived from groups: comp.dcom.vpn (More info?)

    I'm sorry. The scope of your questions indicate that you shouldn't be looking for free advice in a newsgroup. You should be interviewing qualified professional networking consultants.

    --
    WARNING! Email address has been altered for spam resistance.
    Please remove the -deletethispart-. section before replying directly.
    Mike Drechsler (mike.newsgroup@-deletethispart-.upcraft.com)


    "Verona Busch" <veronabusch@gmx.de> wrote in message news:c823lr$i75$05$3@news.t-online.com...
    > Reply i ment. Not evan one reply. TzTzTz
    >
  3. Archived from groups: comp.dcom.vpn (More info?)

    Mike Drechsler - SPAM PROTECTED EMAIL wrote:

    > I'm sorry. The scope of your questions indicate that you shouldn't be looking for free advice in a newsgroup. You should be interviewing qualified professional networking consultants.
    >
    Wow. Should I take it as a compliment? ;-) Nevertheless. Thought these
    are fundamental questions I shouldn't discuss with some consultant.

    Answers like this

    [x] YES
    [ ] NO

    could be useful enough to me. I would know for what information to look
    after.

    V
  4. Archived from groups: comp.dcom.vpn (More info?)

    Simple question, How much money are you willing to spend for a robust
    solution?

    Verona Busch wrote:
    > Hi,
    > could you tell me what kind of vpn to use in this Windows TCP/IP
    > network? I read a lot of VPNs last days an have the bad feeling that
    > i've mixed up with all this now. Further down you see my A.), B.) and
    > C.) -understanding of VPNs. ;-)
    >
    > 1 W2K Adv. Server in local LAN
    > DomainController AD, DNS, WINS no DHCP
    > connected to Internet through DSL-Modem and ISDN-Card
    >
    > 50 WinXP prof. Workstation in local LAN
    > static IPs
    >
    > 3 WinXP prof. Notebooks in local WLAN
    > static IPs (reservated)
    >
    > 4 WinXP prof. Notebooks at home offices
    > connected to internet through whatever kind of DSL-router,
    > 56k-modem or ISDN-modem an of course different ISPs.
    >
    > The 4 home offices do RAS-DialUp-Connections to the ISDN-Card of the
    > server. But they want to change to VPN to use local dialin and safe
    > money. That's the situation.
    >
    > AFAIK this is a so called Remote-Access-VPN what they are looking for,
    > isn't?! Anyway. I would like to set up a new W2K-Server and to order a
    > new DSL-Line (2Mbit) to avoid causing problems in local LAN.
    >
    > A.) I could put this new Server (W2K-VPN-SRV) directly to the new
    > DSL-modem. All i need to do is to install a AD, WINS, DHCP, Routing and
    > RAS for VPN (PPTP or L2TP), and of course the PPPoE Connection to the
    > DSL-Line.
    >
    > Q 1.) Isn't that pretty risky, cause there is no firewall in W2K Server?
    > Q 2.) If i would like to use IPsec., do i need special Software? AFAIK
    > there is a difference between L2TP (with IPsec.) and IPsec. as an
    > VPN-protocol itself, but i'm not sure?!
    > Q 3.) If i setup a new AD, what do i have to look for, because there is
    > already a DC in the local LAN?
    > Q 4.) If i setup DHCP, and W2K needs DHCP running for it's VPN-Server,
    > am i getting problems with all the other Workstations in the local
    > LAN?
    > Q 5.) I think i can replicate DNS and WINS with the other W2K Server,
    > can't i?
    >
    > B.) Is exactly the same as A.) but i put a router between the DSL-Line
    > and the W2K-VPN-Server. I would have a NAT-firewall and a SPI-firewall.
    > Let's say i take the same like i have at home. Netgear WGT624 Wireless
    > Firewall Router. OK, forget about the wireless thing. The Routers spec.
    > tells several VPN-tunnel (Pass-Through, 2 IPSec., and several L2TP and
    > PTPP). In connection with 'Pass-Through' i heard of 'NAT-T'. As you can
    > guess, there a some more questionmarks now.
    >
    > Q 6.) What port do i have to forward?
    > Q 7.) What about that protocol 47 (GRE)? I can't find anything about
    > that i my routers docs.
    > Q 8.) If that router is scrap, what kind of (SOHO?)-router should i use?
    > Q 9.) Is it right to switch off the routers DHCP and to just forward
    > every VPN port to the W2K-VPN-Router?
    > Q10.) I've often read about lowering the MTU size, or set a default DMZ.
    > Isn't that trying to fix something cause the router just wasn't
    > made to handle VPN?
    >
    > C.) Same like B.) but instead of the Wireless Firewall Router WGT624 i
    > put a Firewall/VPN-Router like Netgears FVL328-Router.
    >
    > Q11.) Sorry, but where is the difference? Is it that i don't have to put
    > up a VPN-Service through routing and RAS in W2K-VPN-Server?
    > Q12.) And if i do the VPN-Connection with FVL328, do i need a special
    > client software to do a VPN-Connection to FVL328?
    >
    > As you can see, i'm not so confirm with that stuff. So i would like to
    > stop here and leave a dirty dozen to you. :-)
    >
    > Bye V.
    >
Ask a new question

Read More

vpn Servers Networking