trimelater
Technical User
I currently have SWbell that uses DHCP to give me an ip address. Since I cannot seem to ping my server at home from work, do I need to buy a static ip address from SWbell?
Trimelater
Trimelater
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Do I need to have a static IP for VPN
- Thread starter trimelater
- Start date
- Status
GlenJohnson
MIS
Could you give us more details as to how you are set up and what you're trying to do? You mentioned VPN. Is your server behind a VPN? Also, can you ping msn.com for the fun of it? Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us
![[americanflag]](/data/assets/smilies/americanflag.gif "[americanflag] [americanflag]")
"Don't ever take a fence down until you know the reason why it was put up."
Gilbert Keith Chesterton (1874-1936); English writer.
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us
"Don't ever take a fence down until you know the reason why it was put up."
Gilbert Keith Chesterton (1874-1936); English writer.
- Thread starter
- #3
trimelater
Technical User
Sorry Glen, I will try my best to give as much detail.
I have a Windows 2000 Server that has DNS, DHCP, PPTP, a linksys router which port 500, 47, and 1723 is open. I also have the Windows 2000 server DMZ open.
I am able to connect to the VPN server on my local network. I basically use the same LAN IP address. I see it get authenticated and I am also able to browse.
My current Internet connection is SWBELL DSL. I called them up asking if I need a static ip address for VPN. They told me they do not support it.
That all I know since this is my first time setting up VPN.
Trimelater
I have a Windows 2000 Server that has DNS, DHCP, PPTP, a linksys router which port 500, 47, and 1723 is open. I also have the Windows 2000 server DMZ open.
I am able to connect to the VPN server on my local network. I basically use the same LAN IP address. I see it get authenticated and I am also able to browse.
My current Internet connection is SWBELL DSL. I called them up asking if I need a static ip address for VPN. They told me they do not support it.
That all I know since this is my first time setting up VPN.
Trimelater
We've been fighting with SBC for 2 months now trying to get VPN to work over DSL. All of our cable user get in without a hitch but DSL just won't work. We're using a Cisco concentrator with the Cisco client. If anyone knows of a solution I'd like to hear it too. 
GlenJohnson
MIS
I don't have a lot of knowledge about VPN's, but I'll tell you what I know about ours. We have a cisco 3000 vpn. It has two IP address'. One is called private, which is on our side of the network, the other is called public, which is what the outside world sees. It sounds like you're using a w2k server to act as a vpn. I would think you would still have to have two ip's. Which one are you trying to ping, public or private? Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us
"Don't ever take a fence down until you know the reason why it was put up."
Gilbert Keith Chesterton (1874-1936); English writer.
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us
"Don't ever take a fence down until you know the reason why it was put up."
Gilbert Keith Chesterton (1874-1936); English writer.
tlcscousin
Technical User
Have seen it working on DSL before cant remember all the settings, but you can set up the vpn through the wizard and have it use the internet connection to get to the server.You do need to give the user dial in permissions.They must setup the vpn using a user name and password that is enabled on the network.
The user can type in the ip address of the server in the browser. We were using TS for the clients so they just tsac'd into the server and authenticated.
The user can type in the ip address of the server in the browser. We were using TS for the clients so they just tsac'd into the server and authenticated.
- Thread starter
- #7
trimelater
Technical User
Glenn, I thought W2K is setup to have VPN services. What you are suggesting is that I need to buy a VPN router to access my server from work. If this will solve the problem,then I am willing to fork over the money.
Futuretech204, do I need a public static ip address? I don't know how to setup TS. I am trying to setup the VPN and then TS next. Should I setup TS first then VPN?
Has anyone setup SWBELL DSL with VPN?
Trimelater
Futuretech204, do I need a public static ip address? I don't know how to setup TS. I am trying to setup the VPN and then TS next. Should I setup TS first then VPN?
Has anyone setup SWBELL DSL with VPN?
Trimelater
GlenJohnson
MIS
No, I mean you probably need two ip addresses. This would mean two nics in the vpn server. Since I've never set one up, I'll default to those who have more knowledge of vpns. You DO NOT need to buy another piece of hardware. We just happened to have purchased one before w2k came out with a vpn built in. Good luck. Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us
"Don't ever take a fence down until you know the reason why it was put up."
Gilbert Keith Chesterton (1874-1936); English writer.
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us
"Don't ever take a fence down until you know the reason why it was put up."
Gilbert Keith Chesterton (1874-1936); English writer.
trimelater,
if you want to find your vpn server (tunnel server) over the internet, you will need a public ip address associated with one nic card and another interface with your a local ip address.
it is possible to use a dynamic address and i have done it using a dial up account, getting the address assigned by the isp and then re-pointing my clients to this newly assigned address. good for initial testing but not a good idea for the real world.
anyway, here is a link with some good info.
you have to config RRAS on your server with the correct addresses. all in all, it is quite simple to use w2k server as a tunnel server. start with PPTP connections, get it working, then read up on L2TP, get your certificate services working and disable the PPTP.
from my experiences, the dsl and NAT will give you headaches. we use both T1 connections and dial-up.
there is a lot of info on this subject. query the net for w2k vpn ...
scottie
if you want to find your vpn server (tunnel server) over the internet, you will need a public ip address associated with one nic card and another interface with your a local ip address.
it is possible to use a dynamic address and i have done it using a dial up account, getting the address assigned by the isp and then re-pointing my clients to this newly assigned address. good for initial testing but not a good idea for the real world.
anyway, here is a link with some good info.
you have to config RRAS on your server with the correct addresses. all in all, it is quite simple to use w2k server as a tunnel server. start with PPTP connections, get it working, then read up on L2TP, get your certificate services working and disable the PPTP.
from my experiences, the dsl and NAT will give you headaches. we use both T1 connections and dial-up.
there is a lot of info on this subject. query the net for w2k vpn ...
scottie
mithrilhall
Programmer
Couldn't a service like work in place of your dynamic IP address?
I have a dynamcic IP and am currently running a W2K advanced server which has web,ftp, and terminal services running. gives me the function of just using mithrilhall.no-ip.com in place of my IP address. ====================================
I love people. They taste just like
chicken!
I have a dynamcic IP and am currently running a W2K advanced server which has web,ftp, and terminal services running. gives me the function of just using mithrilhall.no-ip.com in place of my IP address. ====================================
I love people. They taste just like
chicken!
- Thread starter
- #11
trimelater
Technical User
Thanks so much for all the information you guys have given me.
Glen, sorry if I sound so dumb. I have to have two "STATIC" IP address. I also have to have two NIC card since I only have one in my server.
Bikin, I now understand that I need two NIC. The ISP is not too nice to me because they are SWBELL. They told me that they don't support any changes or redirecting which make this really hard for me to work with. That is why I am asking if I need a static IP address.PPTP is way to complicated for me and I am trying my best to understand how it works. I have been through most article posted for VPN and read some saying to stay away from L2TP because of headaches. I don't know why, but I will look into it. L2TP sound so complicated as PPTP. I think I got PPTP working on my local network since I get authenticated.
Mithrilhall, I will take a look at your suggestion. Thanks for the information.
Trimelater
Glen, sorry if I sound so dumb. I have to have two "STATIC" IP address. I also have to have two NIC card since I only have one in my server.
Bikin, I now understand that I need two NIC. The ISP is not too nice to me because they are SWBELL. They told me that they don't support any changes or redirecting which make this really hard for me to work with. That is why I am asking if I need a static IP address.PPTP is way to complicated for me and I am trying my best to understand how it works. I have been through most article posted for VPN and read some saying to stay away from L2TP because of headaches. I don't know why, but I will look into it. L2TP sound so complicated as PPTP. I think I got PPTP working on my local network since I get authenticated.
Mithrilhall, I will take a look at your suggestion. Thanks for the information.
Trimelater
Hi there, the answer is that your router needs 50, 51, and 500 open. Assign public IP to the "remote" or "External" interface on the router and the internal IP to a non routable private IP for your LAN. You shouldn't need a static IP, however, if your ISP changes your lease, the tunnel won't work.
Check your VPN keys too
Check your VPN keys too
- Thread starter
- #13
trimelater
Technical User
jthiessen, in addtion to port 500, 47, and 1723, I need to open 50, 51, and 500 (already open) to my linksys router? What do you mean to assign public IP to the "remote" or "External" interface on the router? Could you pls give me a step by step setting this up?
Trimelater
Trimelater
GlenJohnson
MIS
Trimelater, you didn't sound dumb. This is how we learn.
Try this.
Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us
"Don't ever take a fence down until you know the reason why it was put up."
Gilbert Keith Chesterton (1874-1936); English writer.
Try this.
Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us
"Don't ever take a fence down until you know the reason why it was put up."
Gilbert Keith Chesterton (1874-1936); English writer.
- Thread starter
- #15
trimelater
Technical User
Thanks Glenn for being so nice to me.
Trimelater
Trimelater
Hmm, not sure the config on a Linksys...but when you create the tunnel both sides need an IP to point to. Imagine a VPN as a "straw" through the internet. Both sides need a specific IP address to resolve to. This IP address should be the public side of your router (public IP address). Your router will have 2 interfaces...public and private...public is the IP from your ISP, the private is your internal IP address. Public IP on most router configs is listed as external.
As for ports, VPN's are autheticated though IPsec. IPsec needs 50 51 and 500 open to allow the authentication traffic...best bet is let me TS to your server...hehe just kidding.
As for ports, VPN's are autheticated though IPsec. IPsec needs 50 51 and 500 open to allow the authentication traffic...best bet is let me TS to your server...hehe just kidding.
tlcscousin
Technical User
tlcscousin
Technical User
I should have mentioned the second link in my previous post has a good explanation on setting up the server with images of the different screens.
- Thread starter
- #19
trimelater
Technical User
futuretech204, thanks for the link. I am poop out today trying to setup VPN. I am going to go get a good rest and tackle VPN tommorow. Thanks!
Trimelater
Trimelater
- Status
Similar threads
- Locked
- Question
- Locked
- Question
