Caveat: I am prepared to bet that this will suck and be slow. 1. Set up station-to-station VPN between the router and the firewall. IPSec or PPTP will be your best bet here. Test with ping between your remote clients and your SMB server.
1a. If that's all too hard or doesn't work, just set up PPTP on your SMB server, configure all the remote clients with a VPN dialup adapter, allow PPTP (TCP 1723, IP Prot 47 (GRE))in through your firewall and do the authentication and stuff on the internal server. Some might point out that this way isn't as secure - they're absolutely right, but if you use strong passwords it's not _all_ that abhorrent. Well, OK, it sort of is. But it will work. I'd do it, if I were desperate, and I'm not a _complete_ idiot. 2. Map drives on the clients, and make sure that the remote clients are in the same workgroup/domain as the server in Canada, and add their usernames to the Canadian domain, with permissions to access the shares. Done. 2a. You could also do this the "daring" way and tell all the clients to look in Canada for their WINS server, and they can then access all the shares and Canadian machines just by browsing the network. Better for maintainability, but entailing much peril, slowness and flakiness. 2b. If your users aren't computer morons, you can get them to access the shares via //ip.address.goes.here/sharename, and then supply user credentials - in which case you don't need to worry about making sure domains etc match. The downside to this approach is that most users are, in fact, computer morons. 3. Whether or not it all works, never tell anyone I gave you this advice. Cheers! -- Ben Nagy Network Security Specialist Mb: +61 414 411 520 PGP Key ID: 0x1A86E304 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gary Ferrer Sent: Friday, March 08, 2002 3:39 AM To: Firewall list Subject: advice Can someone give me some advice as to where to start with this project. I have an SMC Barricade Broadband router in Europe (SMC7004ABR) which supports VPN tunneling via L2TP, PPTP and IPSec pass through. There are Win XP and 98 clients behind this router only. On the other end (here in Canada), I have a Sunscreen lite 3.1 firewall on a Solaris 8 box. Sunscreen has a VPN feature. I want to be able to give the Win clients access to SMB shares behind the Solaris firewall via a VPN. How do I set this up? What software do I need to do this (if any)? Thanks. PS: If anybody can point me to a 'HOWTO' it would be appreciated. Gary Ferrer [EMAIL PROTECTED] _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
