Really need VPN help!

[Guest]

Hi folks, I sure hope someone can help set me straight. I've got some questions about VPNs that are probably going to seem stupid, but I'm losing sleep over it. Anyone who can help would earn my undying gratitude. And if you're local to San Jose or San Francisco, CA, there might be money in it for you... let's talk... because my company is willing to hire a consultant if the problem isn't a simple one. (I hope I'm not violating the use policies of this newsgroup by saying that.)

The background: I'm the sole IT person for a company that runs several medical clinics. Recently I was informed that my top priority was to facilitate remote access between a satellite clinic location in San Francisco and our main clinic in San Jose, where we run Lytec XE software (medical practice-management software) on a Windows Server 2003 box. I inherited this setup and it's not particularly complicated: no active directory, no domain, just a workgroup.

So I concluded that I would need two things for this. A VPN and Microsoft Terminal Services. Terminal Services is up and running and licensed; it's the VPN that is giving me fits.

What I have done so far is:
1) Locally: rebuilt our local LAN by installing a new DSL modem, a new switch, and a Netgear FVS318 router.
2) Remotely: installed SBC Yahoo DSL service and another FVS318 router.

I believe I have configured the routers properly. One runs on 192.168.9.0/24, the other is on 192.168.0.0/24. At both locations we have LAN and WAN access. Next, I set up each router with matching tunnels per the Netgear instructions, and this SEEMS to be working.

But my problem is this: for the life of me, I cannot figure out how to USE these VPN tunnels! I know it's a stupid question, so go easy on me. But to repeat myself a bit: I want the folks at the remote location to be able to click on an icon on their desktops (which are mostly Windows 98 SE machines), establish a VPN connection across the internet to our server, and use terminal services to run Lytec XE.

I feel like I'm so close and yet I really don't know what to do next. Do I need some sort of client software? Should I just be using the "Network Neighborhood" (I think the FVS318 tunnels enable NetBIOS) to browse from 192.168.0.x to 192.168.9.7 (the server) to find the application? Is Terminal Services even necessary?

My boss wanted this a week ago and is making my life rough, so I'm desperate to get this solved. All replies appreciated. And again, if you do this for a living and can help for a fee, please contact me ASAP. I'm all ears. Thanks in advance.

Paul Cerra
IT Manager
Strategic Healthcare Services, Inc.
(408) 729-5800 x318 (M-F 9:00AM-5:30PM)
(650) 271-2056 (Cell Phone - voicemail messages are limited to 30secs in length, sorry)
(e-mail address removed) (best if replying on Sunday 1/18/04)
(e-mail address removed) (best if replying on or after Monday morning 1/19/04)

 

[Guest]

Hi Paul.

As you think your tunnel is up and running between the two routers, I suggest you try to ping the local adresses of your remote site assuming ping is not blocked by any firewall rules.

Should this work, you can simply create a connection in the remote desktop to the 192.168.0.x. You will also need to open port 3389 (if I remember correct) on your router/firewall.

 

[Bill Sanderson]

Paul:

You are probably sitting at 192.168.9.x, right?

From there, can you ping 192.168.0.2, for example?

Can you Remote Desktop to an XP Pro workstation on the 192.168.0.x subnet?

Assuming a machine exists at 192.168.0.2, can they ping 192.168.9.7 ?

If they run Remote Desktop Connection, and put in 192.168.9.7 and hit enter,
what happens?

 

[Mohamed Abdulla]

Paul, I hope by the time I'm posting this message, you will be having the
issue solved. Any way, just for the reference to your case, i will try to
comment on the setup you have. To plan the connection between the two remote
sites, you have to make sure all the seven layers of the OSI model are all
working to your setup. The first two layers are the Physical & Data Layers.
In your case these are the Internet, which is available through your ISP DSL
connections at both sites. Now next comes the Network Layer (IP Routing). In
this layer the Internet will take care of routing IP packets, but the DSL
routers (which has VPN capabilities), should be correctly configured to
route the packets to the correct next hop. Here, having in mind to establish
Virtual Tunnels end-to-end between the two remote sites over the internet,
the DSL routers should be well configured to route packets with a
destination IP address of (192.168.9.x, or 192.168.0.x) over the established
tunnel, otherwise, the packets should be routed (NATted) to the Internet as
normal Internet access. Up to this point, you should be able to PING LAN to
LAN over the tunnels with no problems. Now that your infrastructure is layed
out, you need to account for application smooth operation. Here, if your
Lytec SW is network aware program, it is not using IP Broadcast (or
Multicast) communication model, and it is a Server-Client Application, then
you have no problem in communications, and no need for terminal services on
your network (just install the client at the remote new site, connect to the
server, and start working). In the worst case, if your software is a
stand-alone one (a one that is not network aware), then you can follow the
scenario suggested by Bill Sanderson, for using your software application
through terminal services (MSFT Remote Desktop, PCAnywhere, RealVNC, ..etc).
If you give more details about the nature of the software application you
are using, it will help understand better the environment. One last note, If
your Software Application uses the Broadcast or Multicast communication
model, then you should configure your DSL routers to account for these facts
(relay IP broadcasts, or route IP Multicast), otherwise, the router will
normally filter any of these types of IP packets, and no communication
(other than Unicast) will occur.

Hi folks, I sure hope someone can help set me straight. I've got some

questions about VPNs that are probably going to seem stupid, but I'm losing
sleep over it. Anyone who can help would earn my undying gratitude. And if
you're local to San Jose or San Francisco, CA, there might be money in it
for you... let's talk... because my company is willing to hire a consultant
if the problem isn't a simple one. (I hope I'm not violating the use
policies of this newsgroup by saying that.)

The background: I'm the sole IT person for a company that runs several

medical clinics. Recently I was informed that my top priority was to
facilitate remote access between a satellite clinic location in San
Francisco and our main clinic in San Jose, where we run Lytec XE software
(medical practice-management software) on a Windows Server 2003 box. I
inherited this setup and it's not particularly complicated: no active
directory, no domain, just a workgroup.

So I concluded that I would need two things for this. A VPN and Microsoft

Terminal Services. Terminal Services is up and running and licensed; it's
the VPN that is giving me fits.

What I have done so far is:
1) Locally: rebuilt our local LAN by installing a new DSL modem, a new

switch, and a Netgear FVS318 router.

2) Remotely: installed SBC Yahoo DSL service and another FVS318 router.

I believe I have configured the routers properly. One runs on

192.168.9.0/24, the other is on 192.168.0.0/24. At both locations we have
LAN and WAN access. Next, I set up each router with matching tunnels per
the Netgear instructions, and this SEEMS to be working.

But my problem is this: for the life of me, I cannot figure out how to USE

these VPN tunnels! I know it's a stupid question, so go easy on me. But to
repeat myself a bit: I want the folks at the remote location to be able to
click on an icon on their desktops (which are mostly Windows 98 SE
machines), establish a VPN connection across the internet to our server, and
use terminal services to run Lytec XE.

I feel like I'm so close and yet I really don't know what to do next. Do

I need some sort of client software? Should I just be using the "Network
Neighborhood" (I think the FVS318 tunnels enable NetBIOS) to browse from
192.168.0.x to 192.168.9.7 (the server) to find the application? Is
Terminal Services even necessary?

My boss wanted this a week ago and is making my life rough, so I'm

desperate to get this solved. All replies appreciated. And again, if you
do this for a living and can help for a fee, please contact me ASAP. I'm
all ears. Thanks in advance.

 

[Todd Holmes]

Hi Paul

I hope this is too late. But I will put in my two cents.

168.192.x.x are non routable IP address. That means you
can't route them over the Internet. So if I understand
your configuration of the Routers. You need to put in the
IP numbers that were supplied to you by your ISP (DSL
service). That will tell the routers where to look on the
internet for the connection. Once the routers establish a
connection with each other then then VPN tunnel will be
established.

After that you should be able to ping 168.192.9.7 from
the remote site. If you can do that you should be able to
browse in Network Neighborhood and see the server. The
rest you can do. You do not need Terminal Service.

On the other hand you can give your Windows Server a
External IP address (one of the ones supplied by your DSL
provider) and then install Terminal Client on all of the
Remote sites computers then tell terminal Client the IP
number of the server (again the External number not the
192.168.9.7) and the client will connect up. This way
would be very fast (faster then VPN) and fairly secure.

Good Luck