Snapgear Pro+ VPN router/firewall HELP Please!

[crypller99]

I just purchased the Snapgear pro+ router. I am running 2000 server on a lan with 8 other pc's. I setup the server without domain. All default settings with latest service packs. Sql server standard edition. We are running a Database application specific to our tanning salon.(salontouch). I have 8 remote stores that need to vpn into the server and access the database.

I purchased static ip from time warner.(34-38) My server ip is 24.173.74.36 : 255.255.255.248 subnet. I cannot access the server from outside the lan at this time.

My router (i think from looking at config file) has ip of 24.173.74.34 : gateway 24.173.74.33: network 24.173.74.32 and broadcast 24.173.74.39(not even a valid ip according to my isp...why?)
network=ip of actual cable modem
broadcast ip=?????

The router allows for 25 server tunnels if i can utilize it properly. However, I am confused as to the role of my server in this vpn cloud. What services do i need running on my 2000 server to properly receive vpn connections through this nice router?

I hope someone can help me to break this down a little better. thanks in advance!

 

[hogboystc]

Assumming the Snapgear is at your main location the 24.173.74.32/29 network should be external to the SnapGear and your LAN & Server on the internal network using 192.168.x.x or some other private subnet.

If the stores are on dialup you can just dial into your ISP and then use PPTP to access the main location's Snapgear. If the stores have dedicated connections you'll probably want to buy Snapgears and build a tunnels between the those stores and the main using PPTP or IPSEC.

Your server really has nothing to do with the vpn connections, when they are built between the firewalls then it will just think it's talking to another server on your network.

When you use variable subnetting to get small blocks some of the ips in that block are used to define the network. If you really care go to

http://www.cisco.com

and search on variable subnets. Most of our customers don't.

24.173.74.32 is the network
24.173.74.33 - 38 can be used for hosts
24.173.74.39 is the broadcast address for your network

Hope this helps. The Snapgear knowledge base has alot of info that should help you get going.

http://www.snapgear.com/faqomatic/public_html/fom-serve/cache/64.html

Chris

 

[crypller99]

The snapgear was almost too simple to configure. I just added port forward 3389 for remote desktop in the router and added my private ip for my server.
then for vpn i just added client username/pass into the router. vpn clients connect.

However, the clients are not able to browse the network. I have read similar problems with different routers here and i will try to locate what they did to speed up.

I did add the ms-dns line to the options.pptp file, but no luck. any help?

 

[DaWorm]

I encounter the same problem with the snapgear SME530. Although the user gets authenticated, I can't browse the network, but I can ping the other PCs of the network. Also interesting is that I can surf our intranet. I noticed that the gateway assigned to the vpn client (Win2k SP4) is always the IP of the client.

 

[DaWorm]

I just went thru the FAQ and found this:

http://www.snapgear.com/faqomatic/public_html/fom-serve/cache/70.html

The SnapGear does not forward broadcast packets across a network link. This has the side effect of not allowing browsing when logged in to the SnapGear using PPTP.

If you have a WINS server you can enable this and will be able to browse the network. More information on this is available in the Knowledge Base article found at

http://www.snapgear.com/cgi-bin/fom?file=38

If you do not have a WINS server, then you can use an LMHOSTS file.