How to use a router provided VPN?

[Marty Hewes]

I've got a T1, a D-Link DI-804HV VPN firewall/router, a
peer-to-peer network and an XP Pro machine that acts as a
workstation and our workgroup server at the office. At
the house, I've got another XP Pro, and a WIN98 SE machine
on another peer-to-peer network behind another DI-804HV.
The DI-804HV can provide encrypted VPN tunnels. I've got
a tunnel defined, complete with IKE and IPSec proposals.
D-Link says I'm finished when I can ping a machine on the
opposite subnet, which I can do. The Router logs also
indicate that the tunnel is up.

So how do I use this? The goal is to be able to run multi-
user software applications on the home computers using the
data that is in the XP Pro box at the office, just like we
would from other peer-to-peer machines at the office.

Now I'm assuming that since the encryption is being done
by the firewall, and I can already ping the far end subnet
machines, this is not a standard Windows type VPN dialled
connection, which does it's own encryption. I have no
idea how to go about getting Windows to use this tunnel.
I've tried making the workgroup names the same on both
ends and browsing. No luck. How do I map a drive, or
otherwise enable a machine at one end to use data at the
other end? The subnets do not have overlapping IP
addresses. One starts with 192.168.0.1, the other is
192.168.1.1. Will the machines have to have common subnet
addresses?

TIA,
Marty

 

[Guest]

Marty,
If you're setting up a VPN then they both need to be in
the same private ip octet, eg. 192.168.1.1 and
192.168.1.2 also the subnets should be the same.
Personally I always put routers from 1-10 in vpns,
workstations in the 100-200's and printers in the 50's.

Mark

 

[Lanwench [MVP - Exchange]]

Marty,
If you're setting up a VPN then they both need to be in
the same private ip octet, eg. 192.168.1.1 and
192.168.1.2 also the subnets should be the same.

Actually, if both networks are using the same IP network, VPN won't work
AFAIK.

 

[Guest]

-----Original Message-----
Marty,
If you're setting up a VPN then they both need to be in
the same private ip octet, eg. 192.168.1.1 and
192.168.1.2 also the subnets should be the same.
Personally I always put routers from 1-10 in vpns,
workstations in the 100-200's and printers in the 50's.

Mark

What is it that allows browsing to find other machines,
like when trying to define a mapped drive? Is it a matter
of being in the same subnet? The same workgroup name? Is
the browse function done via TCP/IP, or is it maybe an IPX
or NETBIOS function, and those protocols aren't getting
through the VPN? I've got them all enabled.

Right now I'm letting both routers assign most of the I.P.
addresses via DHCP. Do you suppose I should go all fixed
addresses, or have the router on one end do DHCP for both
ends to get all devices into the same subnet?

Thanks a lot,
MArty

 

[Guest]

-----Original Message-----


Actually, if both networks are using the same IP network, VPN won't work
AFAIK.

Any idea what allows one machine to "browse" to another
machine when mapping a drive? That's what I'd like to
do. Is it a workgroup name issue? A subnet issue?

Thanks,
Maty

 

[Lanwench [MVP - Exchange]]

Browsing across WAN connections can be a real PITA. If you're not using a
domain that runs WINS and can't allow NetBIOS traffic across the VPN
connection, you're best served using an LMHOSTS file - won't browse, but
will do name resolution....

See http://support.microsoft.com/?scid=kb;en-us;180094

Since you're using peer to peer networking and want to access workstations,
rather than a server, I'd suggest not using DHCP but use static IPs
instead - or, if you want to use DHCP, use DHCP reservations.