Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN newbie question

Status
Not open for further replies.
webfuture

webfuture

MIS
Jan 17, 2003
65
CA
Hi all,

Just starting to play around with VPN... Here's what I plan on doing... any comments suggestion are welcomed.

Internet --- FW(netgear FVL328) -- VPN server -- domain (dns)

on the FW, I have configured a second static IP to point to the second IP of the VPN server. everything is on 10.1.1.x segment. The VPN server connected on my domain as two IP, one for the intranet and one for the internet. So the FW rule point to the second IP on the server.

For now I can connect from a client to the VPN, but I cannot authenticate. Either I have a timeout or a bad user/pass.

Thanks for all comments and help

Simon
 
Sort by date Sort by votes
I did another test, if I use only one IP on the vpn server with no ip-filtering, everything is ok. So the problem seems to be related to the way I use the two IP...

VPN server config... that does not work
10.1.1.223 (intranet side) -- Server -- 10.1.1.4 (internet side) -- FW

VPN server config that works (no ip filters)
FW -- 10.1.1.223 -- server

Still investigating the two IP config that I need...

Anyone?
 
Upvote 0 Downvote
Update:

When I do my setup with two IP but without the IP filters, the VPN works. Do there is a problem with my 2 IP setup and IP filters combination.

Anybody seen those problems

Thanks,

Simon
 
Upvote 0 Downvote
1st setup, why you use the same subnetting for lan and wan?
what ip filter do you use? it's very difficult for us to help you if you give only little bit of info
 
Upvote 0 Downvote
I think I have some limitations on my firewall, the test I did running on 2 different subnet is not working. Cannot connect.

My lan is 10.1.1.x
On my firewall I have tried connecting my second WAN static IP to a 192.168.2.x network but that did not work.

Now my setup works with this

Lan -- 10.1.1.223 (VPN server) 10.1.1.4 -- Wan -- FW

The problem I have now is when I use ip filters, done automatically by the windows 2003 wizard, the connecting either timeout or give bad user/pass pair.

The IP filters is on the 10.1.1.4 side and looks like this:
Inbound Outbound :
Thanks for any help

Simon
 
Upvote 0 Downvote
off course you can't connect, as you see, the filter allow to connect only to your VPN server and only allow the traffic from your vpn server to your client.

Try to add the filter (input) from any to your DC for any protocol and add output filter from your DC to any client.
 
Upvote 0 Downvote
after that you still have to add another filter to access to the other servers or if you don't care just remove the filter.
 
Upvote 0 Downvote
Ok thanks... it works if I put those rules... What is the potential problem if I remove those filters, is there any way a hacker can do stuff from the web...

Thanks
 
Upvote 0 Downvote
Usually we use filters to allow specific users/group to have access via VPN for specific servers only.

Hacker??? I'm not a hacker but for me everything is hackable, if they want to hack your network they will be able to do it :)
 
Upvote 0 Downvote
Thanks... So my last question would be... Will IP filters will make it harder, will it protect more? From what I see only port 1723 is opened on the internet. IP filters will only make a differences after you have successfully login into the VPN...

Do I understand correctly?

Simon
 
Upvote 0 Downvote
Like I said, you use it to allow/block connection to specific servers/ IP. I use it for a group of users to allow them to connect to one file server, email and citrix
 
Upvote 0 Downvote
Thanks for all the help...

I tested my VPN from home and I always get disconnected. I don't see any bad logs and-or event viewer items...

Any clues why I would always loose the connection.

Thanks
 
Upvote 0 Downvote
What is your VPN server? for w2k3, you have to apply the hotfix
 
Upvote 0 Downvote
My VPN server is windows 2003 STD SP1 fully updated.

I have seen this one but I do not think it applies to me...

My connection drops like clockwork after 3min + or - a few seconds.

I have seen some post here and on the net about some firewall problems related to this ... Still investigating.

any comments?

Thanks
 
Upvote 0 Downvote
Thanks for the info... I have now bypassed the firewall and the problem is gone. But funny enough, now I don't need two rules in the filters to access my servers... I will have to read more, because a lot to me does not make sense...

Thanks,

Simon
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
449
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
337
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
278
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
242
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
318
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top