Setting up Security for a VPN

[NTesla]

I have a Linksys BEFVP41 Router. I am trying to set up a VPN so that I can access my Network though a dial up connection. However I get as fair as Verifing User Name and password, and I get a an Error 721: The remote computer is not responding.

My remote system is Windows 2000 Professional
My system I'm trying to gain access to is Windows 2000 Server

I do have a security policy set up, that I can give settings to if necessary.

 

[NTesla]

I again do not uderstand what differance it makes weather I use Public, Private, IPv6 or IPX/SPX. If my VPN does not work using Public address it will not make a differance if I us private address. It does not matter what cisco did or did not teach me. I have three DNS numbers in my DHCP the first one is for my network (200.0.107.21), the other two are my from my Broad Band ISP.

I connect my notebook to my network on site and the DHCP assigns it an address and I use it until I need to go off site. Then I use my modem to connect to a dial up ISP, from the dialup ISP I get a class A, which again I will not reveal for obvious reasons. My broad band ISP also gives me a class A address, which again I will not reveal for obvious reasons in different networks of course (for security will say 75.X.X.X and 77.X.X.X respectivilty, they really are two apart as shown here). When I try to connect to the VPN I call the Class A address I got from the Broand Band providor. The router pushes all VPN traffic to my Server. Right now I get ERROR 721: Remote Compter not Responding.

I have had it this way since atleast the begining of the year if not longer. I have not had DNS issues of any kind to date. I get to where I want to go and when. None of the desktop systems use a modem to dial out to anything, the only system that goes off site is my notebook. However all systems on the network use DHCP so as soon as I shutdown my notebook I lose the 200.0.107.X address I had. I go off site dial up though my dial up account. Because I released the dynamic address from my NIC it will not be seen by my dial up account. Their is no confussion here!

When I'm connect to the network on site, behind NAT and call up site

http://www.whatever.com,

the first place it looks is in my own network, if it is not found it goes outside my network. Because I'm behind a router running NAT again this address will not be seen by my Broad Band provider. Their is No confussion here!

I understand what your are saying and why, but I do not understand how it pretains to my situation. Nor do I understand why it should matter to you or any one else. I could understand if these systems were making it to the internet but they are not. They are all using the same address on the internet, the address on the WAN side of the router I recevied from the Broad Band Provider. You do know and understand what NAT is don't you.

Now with all that said, just for you I'm now using 192.168.1.X. Now can we get back to my VPN situation. I beleive the last suggestion was to disable IPSec, which did not work, so I beleive we can rule out a security issue.

 

[bcastner]

Ntesla,

You did the right thing by using the reserved private IPs for the NAT side of your LAN.

You can get Windows IPSec working with BEFSX41 by following the instructions provided by Linksys in their site; however, the only sensible IPSec client is SSH Sentinel.

The instructions can be found here:

http://forum.homenethelp.com/tm.asp?m=5590&p=1&tmode=1&smode=1

And the software here:

http://www.olin.wustl.edu/computing/reference/wireless/ipsec.cfm

IPSec is very secure, but the Windows endpoint client is not worth spending time on. Use SSH with Sentinal.

 

[mjinks61]

This thread, and the tone by the one needing help, is starting to remind me of a thread Bcastner started in the ethics forum entitled "when do you stop giving advice?"
thread717-634603

Isn't it 5:00PM yet?

 

[bcastner]

5:15
Thanks mjinks61

Bill