lan to wan with a vpn

[QD Steve]

Simple enough, supposedly.
Using a Billion ADSL modem and a Cyberguard VPN SG300, I've tried everthing
in the book to set up PPTP so we can access the network from outside.
According to the manuals of both appliances, everything is set correctly.
The PPTP connection is set correctly on the remote computers. We have a
static IP from our ISP. What am I doing wrong that's stopping me connecting?
Steve Wilkins

 

[Kurt]

A little more info about your setup would be useful. I use a Cyberguard
SG300 as a PPTP VPN server with W2K server as the VPN endpoint to connect
two offices. As you said, the setup was simple and worked as expected. Do
you get the connection shosing as being up? What devices on each network are
you trying to connect to. Do you have routes through the tunnel to the other
end for the devices?

....kurt

 

[QD Steve]

A little more info about your setup would be useful. I use a Cyberguard
SG300 as a PPTP VPN server with W2K server as the VPN endpoint to connect
two offices. As you said, the setup was simple and worked as expected. Do
you get the connection shosing as being up? What devices on each network
are you trying to connect to. Do you have routes through the tunnel to the
other end for the devices?

...kurt

Thanks for your reply.
I am somewhat of a novice with these appliances. What we have (sort of)
figured out so far is the modem has very limited vpn capabilities built in
and there is a conflict between the SG300 and the modem. We could, in fact
run from just the modem alone but security is an issue which needs
addressing and so the SG300 is necessary. I am not sure what you mean by
what devices are we trying to connect to - we are trying to connect to the
office network from home - usually from a laptop. We don't have any routes
the tunnel as we can't get a tunnel working.
Steve Wilkins

 

[Kurt]

Try setting up a PPTP VPN with a Windows box as the vpn "client" (Cyberguard
as VPN server at one end and Windows box at the other end). All you need is
the password set at both ends. Also, if you have a NAT device or firewall,
you'll need to open and/or forward the ports for a pptp vpn to the
appropriate device on the inside (private side) of your LAN.

If the VPN appliance is the default gateway for your network hosts, you
shouldn't need a route. If not, you'll need to add a static route at the
default gateway device that points traffic destined for the other end of the
tunnell to the VPN appliance. Also, the two private networks must be on
different subnets (they can't both be 192.168.0.0/24 - **Ya, I know he can
bridge, but just trying to keep it simple).

ComputerA 192.168.1.100
gateway 192.168.1.1
|
|
Cyberguard (Private) - 192.168.1.1
Cyberguard (Public) - 200.1.2.3
|
WAN cloud
|
DSL Modem (Public) 201.3.2.1
"vpn pass-thru" enabled
DSL Modem (Private) 192.168.2.1
|
|
ComputerB 192.168.2.100
gateway 192.168.2.1

ComputerB should be able to establish a VPN connection to the Cyberguard
using its public IP address. Once the tunnel is up, computerB should be able
to ping the Cyberguard private interface, computerA, and other computers on
the 192.168.1.0 network. ComputerA will be able to ping computerB, but not
other hosts on the 192.168.2.0 network, because only computerB has a
path/route through the tunnel.

I would suggest a Cyberguard at both ends, each set up as the default
gateway for the local LAN. That will provide 2-way LAN-to-LAN connectivity.

Note: I believe the Windows PPTP VPN port is TCP 1723, but be sure to check
me on that one.

....kurt

 

[QD Steve]

Note: I believe the Windows PPTP VPN port is TCP 1723, but be sure to
check me on that one.

...kurt

Thanks for the detailed reply. You pinpointed the problem, there was no port
forwarding but its fixed now and everthing works fine.
Steve Wilkins.