|
Home > Archive > VPN > November 2004 > VPN with ADSL
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| lsaiher 2004-09-28, 7:53 am |
| Hello everybody,
I am quite new to VPN and I'm a little bit confused.
I have a LAN which has access to Internet through a nokia ADSL router.
I want to connect to this LAN from a computer which has a dial-ip
access to the Internet.
I think that if I use PPTP I have to configure NAPT and redirect
information sent to ports TCP 1723 and UDP 47 to the W2K server which
I'm going to use as a VPN Server.
Is this correct?
I've heard that using IPSEC is more secure but I don't know if I can
use it. I think that I need a router that can do "IPSEC passthrough",
but I'm not sure.
Any help would be appreciated,
Best Regards,
Luis
| |
|
| This is not an UDP port 47 but an IP protocol 47.
ADSL is not good to provide the Internet services 'cause it's asymmetric.
If you have VPN connections using PPTP, you will need to allow TCP port 1723
and IP protocol port 47 to pass through your firewall. If you are using
L2TP/IPSec, you will need UDP port 500 and IP protocol port 50 to pass
through the firewall. If you are using AH/ESP in your IPSec policies, you
will also need IP protocol port 51 to pass.
SOHO router might have the settings for IPSec pass-through and PPTP
pass-through. Read the router manual.
| |
| David Efflandt 2004-09-28, 8:50 pm |
| On 28 Sep 2004 02:46:28 -0700, lsaiher <lsaiher777@yahoo.com> wrote:
> Hello everybody,
> I am quite new to VPN and I'm a little bit confused.
> I have a LAN which has access to Internet through a nokia ADSL router.
> I want to connect to this LAN from a computer which has a dial-ip
> access to the Internet.
>
> I think that if I use PPTP I have to configure NAPT and redirect
> information sent to ports TCP 1723 and UDP 47 to the W2K server which
> I'm going to use as a VPN Server.
> Is this correct?
The TCP port 1723 is correct, but 47 is a "protocol", not a port (not the
same thing). So you would need something that could direct incoming
protocol 47 to the VPN server.
> I've heard that using IPSEC is more secure but I don't know if I can
> use it. I think that I need a router that can do "IPSEC passthrough",
> but I'm not sure.
IPSEC uses "protocol" 50 (ESP) and UDP port 500 (IKE). Protocol 51 (AH)
is an alternate protocol, but it does not work through NAT (fails if
packets are altered). I have done IPSEC (freeswan) to and through Linux,
but through a broadband router (Linux was my router). I would think that
"IPSEC passthrough" is what it says.
Even an article on msdn.microsoft.com did not know the difference between
ports and protocols. Besides UDP port 500, it "incorrectly" said that
IPSEC used TCP ports 50 and 51, which my /etc/services says are
re-mail-ck (remote mail check) and la-maint (IMP logical address
maintenance). Neither TCP "port" has anything to do with IPSEC.
| |
| SuperPinjaL 2004-11-26, 4:17 am |
| Pls .. correct me if i'm wrong ..
If you use an ADSL router (modem included) and VPN server on your LAN is using your local IP Address so you have to activate port forwarding in your router which port depend on your type of VPN (PPTP or IPSec), but if u have another IP Public .. you just forward your IP public to your local VPN Server (it's better), i think it's enough for configuring the server side (i assumed that u can configure your VPN machine).
in remote side it doesn't matter with the type of connection (Dial up, ADSL, etc). The concern is .. u have to sizing your user because the number of user is influenting the type of VPN Client you use.
if u just need one user :
- dial-up : u just install VPN client in your client machine and configure it using PPP interfaces ( u better set ipx/spx on your protocol and netbios enabled on it).
- Lease Channel (ADSL, etc.. ) : u just install VPN client too (same as above) or if u use ADSL router u just a need router that support VPN passthrough (i think all router is support on it now).
but if u have more than 1 user, neither dial-up and Lease .. u will have to use a router that support VPN passthrough and tunneling support on it .. so the router will make a tunnel for all your client not each client.
pls correct me if i'm wrong ..
thanx
Nuhun ...
quote:
Originally posted by lsaiher
Hello everybody,
I am quite new to VPN and I'm a little bit confused.
I have a LAN which has access to Internet through a nokia ADSL router.
I want to connect to this LAN from a computer which has a dial-ip
access to the Internet.
I think that if I use PPTP I have to configure NAPT and redirect
information sent to ports TCP 1723 and UDP 47 to the W2K server which
I'm going to use as a VPN Server.
Is this correct?
I've heard that using IPSEC is more secure but I don't know if I can
use it. I think that I need a router that can do "IPSEC passthrough",
but I'm not sure.
Any help would be appreciated,
Best Regards,
Luis
|
|
|
|
|