I appear to be stuck between a rock and a hard place:
Home network is 2*XP Pro, one with shared ISDN card, the other with a shared printer (in my two kids bedrooms!).
I also wish to connect my work laptop (W2K with Nortel Extranet Client 2.62.33) through the shareable ISDN to my work VPN, and access my work and printer at the same time as my kids are on the Net without using -all- my phone lines
My laptop works and connects to my work when I dial to an ISP and then get a secure link using VPN.
I can connect to both VPN and local LAN (to access shared resources e.g. printers at the same time - to do this I delete the route which prioritises the VPN link for the local private network,intended to reduce the risks associated with bastion hosts- then connect via IP address tothe host with the shareable resource - this was easier with NETBeui!)
I cannot however get my VPN to work through the shared ISDN adapter.
I -believe- that in order to get this to work, I would need to persuade my XP Pro with the ISDN internet connection to do the following:
a) Allow outbound traffic NAT-ed from my laptop on any port
b) Forward inbound Port 500 and Port 1723 on TCP/UDP (probably not necessary to open both TCP and UDP on both ports) to my laptop.
c) Forward inbound Protocol 50 (ESP) to my laptop - this is the encapsulated IPSEC traffic.
I cannot appear to do (c) on standard WinXP Pro - although I am not au fait with the details of it, I believe that this would have to be a specifically coded function, which is available on some, but not all, routers. With the rest, I get as far as apparently having a connection and an IP address assigned from my work's network; packets go out, nothing comes back. This makes sense if I need to forward Protocol 50 to my PC for the actual session traffic. There is no ability to forward anything other than basic TCP/UDP.
Hence 'ipsec is not supported on WinXP Firewall' comments from other people.
Is there any way around this apart from additional hardware? Perhaps a simple personal firewall piece of software on the XP gateway system, a tweak, a patch??
Thanks!
Home network is 2*XP Pro, one with shared ISDN card, the other with a shared printer (in my two kids bedrooms!).
I also wish to connect my work laptop (W2K with Nortel Extranet Client 2.62.33) through the shareable ISDN to my work VPN, and access my work and printer at the same time as my kids are on the Net without using -all- my phone lines
My laptop works and connects to my work when I dial to an ISP and then get a secure link using VPN.
I can connect to both VPN and local LAN (to access shared resources e.g. printers at the same time - to do this I delete the route which prioritises the VPN link for the local private network,intended to reduce the risks associated with bastion hosts- then connect via IP address tothe host with the shareable resource - this was easier with NETBeui!)
I cannot however get my VPN to work through the shared ISDN adapter.
I -believe- that in order to get this to work, I would need to persuade my XP Pro with the ISDN internet connection to do the following:
a) Allow outbound traffic NAT-ed from my laptop on any port
b) Forward inbound Port 500 and Port 1723 on TCP/UDP (probably not necessary to open both TCP and UDP on both ports) to my laptop.
c) Forward inbound Protocol 50 (ESP) to my laptop - this is the encapsulated IPSEC traffic.
I cannot appear to do (c) on standard WinXP Pro - although I am not au fait with the details of it, I believe that this would have to be a specifically coded function, which is available on some, but not all, routers. With the rest, I get as far as apparently having a connection and an IP address assigned from my work's network; packets go out, nothing comes back. This makes sense if I need to forward Protocol 50 to my PC for the actual session traffic. There is no ability to forward anything other than basic TCP/UDP.
Hence 'ipsec is not supported on WinXP Firewall' comments from other people.
Is there any way around this apart from additional hardware? Perhaps a simple personal firewall piece of software on the XP gateway system, a tweak, a patch??
Thanks!