| All Categories |
Primers
VPN, Firewall, Security ... |
Guides
HowTo, Choosing a VPN ... |
Reference
Articles, FAQs, Whitepapers ... |
Standards
Architectures, Protocols ... |
Downloads
VPN, Firewall, Security ... |
Products & Services
Hardware, Software, Services |
| Organizations |
Business
Market Research, Law ... |
| Forums |
News
Archive, Events, Newsletters ... |
|
|
| |
| VPN labs is an open community for researching, testing, reviewing, and discussing Virtual Private Networks. Get trusted, unbiased advice on just about everything related to VPN. For more detail check: How to use this site. VPN Labs - VIRTUAL PRIVATE NETWORKS - Free VPN Software and Virtual Private Network News. |
|
|
|
|
mattmc97
Member since:
2004-02-05 14:27:30 |  posted: 2004-02-05 14:29:59
setting up vpn w/ win
2000 server
----------
I am trying to set up VPN
between our two offices
so our remote office can
connect into our
network.
I have a
cisco 2611 router with
ver 12.0T IOS and Win 2k
Server at home office and
have win 2000 clients at
my remote site.
I
have done some work with
our cisco router in
converting all our public
ip addresses to now
private addresses, but
that is about the extent
besides setting up the
W32time server (NTP?) to
get the
time.
Anyway, here
is my question. I am
trying to set up the Win
2k server to be the VPN
server as described at
ms-mvps.com and that is
all set up. I am not sure
on how exactly to punch
the hole in the router
for pass through. I have
found two examples but
they don't really
describe which way is
correct.
On a
website I read
:
NOTE: If VPN
traffic is traveling
through a router or
firewall, configure the
router or firewall to
pass PPTP (TCP Port 1723
and IP Protocol ID 47
[GRE - Generic Routing
Encapsulation]) or L2TP
over IPSec (UDP Port 500
and IP Protocol ID 50
[Encapsulating Security
Payload]) traffic to and
from the VPN server.
So if that is the
case, would my command on
the router be like with
HTTP?:
example:
ip
nat inside source static
tcp 192.168.208.1 1723
64.217.xxx.xxx 1723
extendable
ip nat
inside source static gre
192.168.208.1
64.217.xxx.xxx
extendable
or
should it
be:
access-list 110
permit tcp any host
64.217.xxx.xxx eq
1723
access-list 110
permit gre any host
64.217.xxx.xxx
?
My outside IP address
is the 64.217.xxx.xxx and
my vpn server is the
192.168.208.1
Also
, one other quick
question, do the
access-list #s (110) have
any significance, because
I have seen a range of
them???
Thanks in
advance for the
help
mattmc
|
|
