VPN

[Sunday]

I have a windows XP Home edition at home and is trying to
connect to a computer running windows 2000 professional in
the office.

I have enabled the VPN to accept connections in the
Windows 2000 professional. When i try to connect from my
XP i get errors. I have a PIX 501 firewall in between. I
have updated my firewall with the below lines. Still i get
the errors.
access-list 101 permit tcp any host 192.168.0.5 eq 1723
access-list 101 permit tcp any host 216.x.x.x eq 1723
access-list 101 permit udp any host 216.x.x.x eq 1723
access-list 101 permit udp any host 192.168.0.5 eq 1723.
Is their any thing i need to do at my XP or Windows 2000
or the PIX for me to enable a VPN connection from my home
to the office.

Thanks
Sunday

 

[Steven L Umbach]

I am not familiar with pix, but you may need to configure your router device at home
to allow pptp passthrough if it has that option and at the office you need to let the
firewall allow port 1723 tcp and protocol 47 GRE or sometimes referred to as pptp
passthrough. I see you have port 1723 configured, so maybe you just have to configure
protocol 47 GRE. The pix will also need to port forward to the proper computer on
your office lan by it's IP address. Also configure your XP home VPN connectoid to use
"pptp" as type of vpn instead of auto as it will try using l2tp first by default. It
may also be helpful to look in the logs of your pix firewall to see what packets are
being dropped/blocked. The link below may be helpful. --- Steve

http://www.microsoft.com/resources/...3/enterprise/proddocs/en-us/sag_vpn_und13.asp

 

[sunday]

Thanks Steven for your quick response.

I have now configured protocol 47 gre in my pix to permit
connections.
I am using a dial up from my home and i dont have any
external router/ firewall setup at home. Should i need to
check for any internal firewall/ router in the XP box at
home. ( If so how do i find it )
I will also try to connect through PPTp instead of auto
when i reach home today.
I use kiwisyslog , hope that may help me to look into the
dropped/ blocked ones once i try this tonight.
I will update you the outcome. In the meantime, if you
have answers on the above. Let me know. Appreciate again
for your response.

Thanks
Sunday

-----Original Message-----
I am not familiar with pix, but you may need to configure your router device at home
to allow pptp passthrough if it has that option and at the office you need to let the
firewall allow port 1723 tcp and protocol 47 GRE or sometimes referred to as pptp
passthrough. I see you have port 1723 configured, so

maybe you just have to configure

protocol 47 GRE. The pix will also need to port forward to the proper computer on
your office lan by it's IP address. Also configure your XP home VPN connectoid to use
"pptp" as type of vpn instead of auto as it will try

using l2tp first by default. It

may also be helpful to look in the logs of your pix

firewall to see what packets are

 

[Steven L Umbach]

OK. The internal ICF firewall in XP should not need any additional configuration for
pptp I believe as it will allow outbound access. If you are using a different
software firewall you may need to configure it, but usually it would prompt you when
it detected a new application trying to access the internet. --- Steve

 

[sunday]

Steve:
I am using a dial up from home. Will that have an impact
on getting a VPN connection. As i read from other forums
that their is a static ip required. Is this static ip
required at home and the office end also or is it only at
the office in my scenario.
Thanks
Sunday

-----Original Message-----
OK. The internal ICF firewall in XP should not need any additional configuration for
pptp I believe as it will allow outbound access. If you are using a different
software firewall you may need to configure it, but

usually it would prompt you when

 

[Steven L Umbach]

Actually a static IP address is not required, but it could make configuring your VPN
connectoid or firewall more difficult in that if you use an IP address to connect to
your vpn server or have a firewall rule configured to allow access from a particular
IP address for port 1723 and protocol 47 if those IP addresses change then
reconfiguration will be required or access will fail. If you configure your firewall
at the office to allow port 1723 tcp and protocol 47 from any IP address that will
allow you more flexibility on the dial up connection from home at the expense of some
security. Just be sure to use a complex password for VPN access. --- Steve

 

[sunday]

Thanks Steve:
I tried yesterday from home and i got a sucessfull vpn
connection. Once the connection was established it showed
a Network Icon down the tray as connected. I was wondering
how could i view or use my files and applications of my
office computer. Should i need to use some other
applications for that , if so which is the one. If not how
could i access this files and applicaitons of my office
from home using this sucessfull connection.

Thanks
Santhosh

-----Original Message-----
Actually a static IP address is not required, but it

could make configuring your VPN

 

[Steven L Umbach]

To use applications, you will probably need a remote control program such as the one
built into XP Pro - Remote Desktop or a third party program such as PC Anywhere. To
access files, you may need to map a share or create a shortcut. Browsing over a VPN
via My Network Places does not usually work well unless you use a wins server or
such. While you are connected to the VPN, try searching for your computer by computer
name in My Network Places which may or may not work. Otherwise try using unc
convention to access your computer such as entering \\xxx.xxx.xxx.xxx in the run box
of your computer while connected to the VPN where the xxx.xxx.xxx.xxx would be the
actual lan IP address of the lan computer you are trying to connect to. That should
show your computer and it's shares which you can then access assuming you have
correct permissions to the share. --- Steve

 

[sunday]

Thanks steve:
I will try tonight from home and let you know the outcome.
Appreciate if you can look into my thread tommorrow also
and see the outcome and respond back if i need further
information on this subject.

Thanks
Sunday

-----Original Message-----
To use applications, you will probably need a remote

control program such as the one

built into XP Pro - Remote Desktop or a third party

program such as PC Anywhere. To

access files, you may need to map a share or create a shortcut. Browsing over a VPN
via My Network Places does not usually work well unless you use a wins server or
such. While you are connected to the VPN, try searching for your computer by computer
name in My Network Places which may or may not work. Otherwise try using unc
convention to access your computer such as entering

\\xxx.xxx.xxx.xxx in the run box