Do I need a Public IP address to connect to my company router? 1

[smans]

Hi,

I have a win 2000 pro edition, connected with a Direcway satellite connection USB interfacing, connected by a switch hub to 6 computers. I’m using Nortel contivity VPN to connect to my company's server.

when I’m trying to connect there are no responding, when I ping my company's IP address I don’t get 4 replays, 2 or 3 only. my Internet is a static IP address, do I need a public IP address to get connected to my company's server?

and I will be able to connect two VPN on two computers that they are connected to the same network? Am I will be able to browse on the internet while I’m connected to the VPN?

My ISP that I will never trust , says that I need a public IP address to VPN with my company’s server? Is that true?


Please guys, I need your advise.

Thanx so much for you help.

 

[ntwrkadmn]

You wrote: "my internet is a static IP address, do I need a public IP address to get connected to my company's server?"

No, I don't think you do. Something to check is the IP address of your home network and the network your making the VPN connection to. If there the same you will have problems. Example, if your home network is providing a 192.168.16.X ip address and the network your connecting to is on the 192.168.16.X network it won't work. If this is the case change your home network to 192.168.1.X network and try a VPN connection.

 

[ntwrkadmn]

As I wrote the above I realize you wrote "connect to company router" you mean "connect to company server" amd I right?

What is your setup at home (or wherever the offsite location is)? Is your computer sitting behind a firewall? I think your remote setup is wrong more than the server your trying to connect to. Please provide more informatioin about the remote network (static IP address - is it behind a router, etc).

 

[crazynoodle]

If you have 6 computers connected to your home network and they can all access the internet then you are doing NAT (Network Address Translation)more specifically NATP or PAT - which is "many to one" - this means that all the private addresses on your home network sharing the public IP of your Direcway equipment. So under normal circumstances VPN is possible as long as your VPN Client supports UDP encapsulation of the IPSEC packets. I found some information regarding Direcway and VPN - they do state that you need a static address but I am suspicious. Talk to your network admin at work that maintains the Nortel Contivity and ask him/her about accessing the VPN behind a NAT device and they can give you the correct Nortel VPN Client configuration. With the Cisco VPN client its as easy as clicking a checkbox and then your goood to go - which is what I use behind a Cable modem. I will tell you that I have heard that VPN over Satellite is terrible and hit or miss. If at all possible drop the Direcway and get Cable or DSL. Well I have probably been too wordy here - but check these links out for more information.

Good Luck.

~CN~

http://www.jc2h.com/jc2h/docs/direcwayvpn.pdf

http://www.g2satellitesolutions.com/direcway/VPNs.htm

 

[smans]

Thank you so much Guys,
I will tell you what I have here exactly,

My office based in Baghdad which there are no DSL cables and Phones, so I have to use the satellite connection, the Direcway that I’m using is a terminal that works on a privet IP address and gateway, I cant change these, otherwise it will never work, if the problem is to get connected through my static IP address through my network here, I even cant get connected on my server which is windows 2000 pro, our company’s server based in Los Angeles, they told me that if your ISP is using NAT not IPsec the VPN will not work, the other problem that I have that the Nortel don’t have any options to change I mean I don’t have any setting to change, I will show some of the advises that my Server and ISP offered me:
My question was:
I am trying to use Nortel contivity, to connect to my company’s VPN, which uses IPsec. My ISP is DirecWay, which is a two-way satellite modem which connects to my PC via USB. I have no way to connect with my company's server. When I try to connect to the VPN from my PC, there is no response. Any suggestions?

The answer was:

Unfortunately, I’m afraid you may be out of luck. Like many ISPs (including cable, DSL, and satellite), DirecWay’s consumer-oriented broadband service uses network address translation (NAT) to assign private, non-routable addresses to clients.
The problem isn’t that your address is dynamically assigned. The problem is that your address is private—that is to say, not routable.
On a network where NAT is enabled, the source address of outgoing packets must be eventually replaced with a global IP address (usually that of the border router) so they can they can traverse the Internet.
IPsec encrypts the entire IP packet, including the source address header. When the packet leaves your network, its source address is changed, so the encryption checksum of the packet is modified. When the packet gets to your company’s VPN server, it fails authentication and is dropped.
Many broadband routers have the capability to pass through IPsec packets unaltered, allowing IPsec and NAT to coexist. As you pointed out though, this is not an option for you since your satellite-based gateway connects via USB rather than an Ethernet port.

After that my ISP says that a Public IP address will solve the problem. Is that true?

I’m grateful to you guys,

 

[crazynoodle]

Hello - I am sure that Public address will solve the problem.

I still believe that if your Nortel Client supports Nat-Traversal which is the same as UDP encapsulation and the target VPN Device supports it - you should be able to fly behind the Nat device. But it would have to be configured on both.

What version of the VPN Client are you running?

This is from the Nortel Version 4.65 Release notes:

"NAT Traversal allows a number of devices
on a private network to access the Internet simultaneously without each requiring its own external IP address. Most hotels and airports that provide Internet connectivity use NAT to connect to the Internet."

Good Luck.

~CN~

 

[smans]

Thanx a lot ~CN~,
the version of Nortel that I’m using is: 4_15.6, any way, My server Admn says, if your ISP using NAT and not allowing the IPsec it will not work,

And the ISP says that you need a public IP address,

You answered me about that and you sure that the public IP will solve the problem, I’m grateful to you.

My other question to you was, will I be able to run more than one VPN on the same terminal? And will I be able to browse on the Internet while I’m connected to VPN?


Thanx ~CN~

 

[crazynoodle]

Hello - I guess I don't agree with your Server Admin, because there is no way I know of that the ISP can not permit IPSEC because it goes back to the Nat Traversal and the way it operates - The VPN Client determines that it needs to encapsulate the IPSEC packet with UDP wrapper (another header) and it sends out.. The ISP is making routing/forwarding decisions on the destination IP address of the packet but is not looking inside.

I have a cable modem for my broadband access which is then connected to my router which is performing NAT so that all the machines in my house can share the single public address and access the internet. My Cisco VPN Client is configured to use UDP/TCP encapsulation.. The Cisco VPN3000 also is configured to accept this type of connection.

I however have never worked on or seen a DirecWay configuration but NAT is being applied somewhere along the way if not right at your equipment.. I could be missing something..

No - I don't think there is any way to launch two VPN Client connections from the same PC/Workstation..

Good Luck.

 

[smans]

Thanx a lot ~NC~.

the last question to you, I know I’m asking too much, but trust me its the last question.

is there any way to connect more than one VPN on my workstation?



Thanx a lot

 

[crazynoodle]

Hello,

No, I don't believe that is technically feasible to launch 2 vpn connections from the same pc. I know that I cant.

Good luck.

~CN~