Hello everybody,
I am quite new to VPN and I'm a little bit confused.
I have a LAN which has access to Internet through a nokia ADSL router.
I want to connect to this LAN from a computer which has a dial-ip
access to the Internet.

I think that if I use PPTP I have to configure NAPT and redirect
information sent to ports TCP 1723 and UDP 47 to the W2K server which
I'm going to use as a VPN Server.
Is this correct?

I've heard that using IPSEC is more secure but I don't know if I can
use it. I think that I need a router that can do "IPSEC passthrough",
but I'm not sure.

Any help would be appreciated,

Best Regards,

Luis

[ Post a follow-up to this message ]

This is not an UDP port 47 but an IP protocol 47.
ADSL is not good to provide the Internet services 'cause it's asymmetric.

If you have VPN connections using PPTP, you will need to allow TCP port 1723
and IP protocol port 47 to pass through your firewall. If you are using
L2TP/IPSec, you will need UDP port 500 and IP protocol port 50 to pass
through the firewall. If you are using AH/ESP in your IPSec policies, you
will also need IP protocol port 51 to pass.

SOHO router might have the settings for IPSec pass-through and PPTP
pass-through. Read the router manual.

[ Post a follow-up to this message ]

On 28 Sep 2004 02:46:28 -0700, lsaiher <lsaiher777@yahoo.com> wrote:
> Hello everybody,
> I am quite new to VPN and I'm a little bit confused.
> I have a LAN which has access to Internet through a nokia ADSL router.
> I want to connect to this LAN from a computer which has a dial-ip
> access to the Internet.
>
> I think that if I use PPTP I have to configure NAPT and redirect
> information sent to ports TCP 1723 and UDP 47 to the W2K server which
> I'm going to use as a VPN Server.
> Is this correct?

The TCP port 1723 is correct, but 47 is a "protocol", not a port (not the
same thing).  So you would need something that could direct incoming
protocol 47 to the VPN server.

> I've heard that using IPSEC is more secure but I don't know if I can
> use it. I think that I need a router that can do "IPSEC passthrough",
> but I'm not sure.

IPSEC uses "protocol" 50 (ESP) and UDP port 500 (IKE).  Protocol 51 (AH)
is an alternate protocol, but it does not work through NAT (fails if
packets are altered).  I have done IPSEC (freeswan) to and through Linux,
but through a broadband router (Linux was my router).  I would think that
"IPSEC passthrough" is what it says.

Even an article on msdn.microsoft.com did not know the difference between
ports and protocols.  Besides UDP port 500, it "incorrectly" said that
IPSEC used TCP ports 50 and 51, which my /etc/services says are
re-mail-ck (remote mail check) and la-maint (IMP logical address
maintenance).  Neither TCP "port" has anything to do with IPSEC.

[ Post a follow-up to this message ]

Pls .. correct me if i'm wrong ..
If you use an ADSL router (modem included) and VPN server on your LAN is usi
ng your local IP Address so you have to activate port forwarding in your rou
ter which port depend on your type of VPN (PPTP or IPSec), but if u have ano
ther IP Public .. you just forward your IP public to your local VPN Server (
it's better), i think it's enough for configuring the server side (i assumed
 that u can configure your VPN machine). 

in remote side it doesn't matter with the type of connection (Dial up, ADSL,
 etc). The concern is .. u have to sizing your user because the number of us
er is influenting the type of VPN Client you use. 

if u just need one user :
- dial-up : u just install VPN client in your client machine and configure i
t using PPP interfaces ( u better set ipx/spx on your protocol and netbios e
nabled on it).
- Lease Channel (ADSL, etc.. ) : u just install VPN client too (same as abov
e) or if u use ADSL router u just a need router that support VPN passthrough
 (i think all router is support on it now). 

but if u have more than 1 user, neither dial-up and Lease .. u will have to 
use a router that support VPN passthrough and tunneling support on it .. so 
the router will make a tunnel for all your client not each client.

pls correct me if i'm wrong .. 

thanx 

Nuhun ...


quote:
Originally posted by lsaiher 
Hello everybody,
I am quite new to VPN and I'm a little bit confused.
I have a LAN which has access to Internet through a nokia ADSL router.
I want to connect to this LAN from a computer which has a dial-ip
access to the Internet.

I think that if I use PPTP I have to configure NAPT and redirect
information sent to ports TCP 1723 and UDP 47 to the W2K server which
I'm going to use as a VPN Server.
Is this correct?

I've heard that using IPSEC is more secure but I don't know if I can
use it. I think that I need a router that can do "IPSEC passthrough",
but I'm not sure.

Any help would be appreciated,

Best Regards,

Luis 

[ Post a follow-up to this message ]