VPN DSL Win NT and Win XP-newbie

[joekos]

I've never setup a VPN tunnel before and when our company finally was able to get DSL, the boss wanted to setup his home computer to be able to connect to work using our new DSL lines.

We have a small network of about 20 computers all running Windows XP Pro, our server though is still Windows NT 4.0 sp6 (I know it's out of date, we hope to upgrade before the end of the year). These are all behind a Linksys BEFVP41 v2 VPN Router. The router goes into a switch were all including the server get connected to. As long as I've been here we've accessed the internet this way (we had ISDN before the DSL). We use DHCP from the NT server to get local addresses (192.168.x.x) The server has a fixed IP.

At the boss' home the computer is Windows XP Pro behind the same Linksys BEFVP41 v2 router. This gets it's IP from the router, which is setup as a DHCP server.

I have the VPN tunnel connected, my trouble is in getting the remote computer to be able to log into any computer at work. I can ping the computers but can't connect. What needs to be setup so that this can happen? On the remote I use the Network Connection Wizard. Since I use DHCP I have been putting the name of the computer itself in the HOST NAME/HOST IP box. Is this correct? How about what name and password to use? I've tried several, local name, name from network server, administrator name, nothing seems to let me connect. The error I get is "Error 800: unable to establish the VPN connection. The VPN server may be unreachable or security parameters may not be configured properly for this connection." I can't seem to find anything that would cause a problem with security parameters.

I'm getting a little frustrated, I'm hoping someone is willing to offer some advice.

Thank You

 

[roydiculous]

It looks to me like you are making direct tunnel from the office BEFVP41 to the boss's home BEFVP41. If that is correct, your VPN tunnel is already established (with IPSec). That error that you are refering to seems to be associated with WinXP Pro's VPN Client SOFTWARE (a PPTP solution.

If your IPSec tunnel is already set up, all you need to do is make sure that access to the "local secure group" is at 192.168.1.0 (with 0 allowing access to the whole entire network).

After this is set up, make sure you can ping the boss's computer. If you can, then all you need to do is have your boss "allow" remote connections on his office computer by right clicking My Computer > Properties > Remote > Allow users to connect remotely to the computer.

You boss then needs to go to Start>Accessories>Communications>Remote Desktop connection and type in the STATIC IP address of his work computer (ie: 192.168.1.100) and you are good to go.

We are using a BEFVP41 at work and wiht DSL running 1.5MB/128kbps download/upload, it works like a charm.

Oh I think that the IP groups on the BEFVP41 routers need to be different: 192.168.1.x and 192.168.2.x

 

[joekos]

Thank you for your reply.

I tried what you said and it worked. I have a few follow up questions.

Does the address in the Remote Desktop connection have to be Static? I can easily set their computer as a static IP, but the right now we run the office using DHCP. I just put in the current IP number when I ran Remote Desktop Connection. Is it possible to use a host name instead (ie the computer name)?

Is it possible to just make a mapped network drive to the info on the server? (which is what the boss wants anyway)

Thanks again for the help.

 

[roydiculous]

Yes. With the remote desktop connection, you can use applications and check email but you cannot grab files. To grab files, you need to MAP A NETWORK DRIVE to the server. Because you cannot use \\Server\SharedFiles, you need to use \\192.168.1.100\Sharedfiles (where the IP is the server address).

Now do you see the important of having Static IPs. If the Dynamic IP of the server changes, than your Mapped Server Drive (S will not access.. You can still keep the network as DCHP and change the server to 192.168.1.100 - it will shuffle everyone around so that the server will always have 1.100. For the most part, anyone that needs to connect remotely will need a Static IP b/c the other IPs will change, especially if you have alot of people turning on and off your computers.

You cannot use a hostname, only the IP address unless you install some kind of Host Name WINS or something like that - I haven't gotten that far in my pursuits, yet.