befsx41 to befsx41 vpn

[lakewoodbob]

was able to set up vpn between 2 befsx41 both connected to cable modems using 191.168.2.0 and 191.168.1.0 as my two subnets -- my question concerns remote gateways -- my ISP runs a DHCP server with 3 day leases -- i almost always keep saame IP unless there is a system re-config -- so I filled in actual IP for gateways -- doc says to use "ANY" which i'm loathe to do for what i believe to be security reasons (maybe i'm off base on this) -- i rather have to occasionally reconfigure if necessary (every couple of months)

could i use ANY for my remote gateway on both machines? or is there a better solution

 

[IfAtFirst]

We had an SX41 where we saw that an interloper was getting on through our wireless access point.

We were able to burrow into the SX41 info, and find the MAC address of their adaptor, and write a filter giving them no access.

Now, they weren't coming through the tunnel, but...

If you are afraid of "any," then consider using "any," but dabbling with filters that allow only the LAN IPs you know you have inbound.

I haven't played with the logical combinations of "deny" and "allow" filters, and the defacto "allow" that an established tunnel implies, but it might be worth a try.

Be sure to look at other things, such as whether you have an insecure Wireless Access Point. You might be doing more for your security by paying attention to this than by worrying about wandering VPN interlopers.