See below:
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 14, 2001 7:32 AM
> To: LEAF
> Subject: [Leaf-user] VPN with W2K client
>
>
> I have reviewed the archives and know that this has been
> requested many times, but I still can't
> quite see the "right" answer.
>
> I have a private (W2K) network with an LRP firewall to the
> Internet (via cable modem). My Internet
> address is via DHCP, but hasn't changed in months, so we will
> call it fixed. I use LRP for firewall,
> masqing and DHCP server (for the private network). LRP also runs
> SSH (for administration from the
> private network only). All is great.
>
> Now I'm greedy. I want to take a laptop to Timbuktu and dial in
> to the Internet. Now I want access to
> my private network. I'm cheap, so I would like to use anything
> that is already part of W2K (e.g. IPSec),
> but I'm also security conscious, so I'm leery of PPTP.
>
> Here are the questions:
>
> 1) I know that W2K supports IPSec encryption and authentication,
> but does it actually support IPSec
> tunneling. All the W2K docs seem to refer to L2TP over IPSec,
> not IPSec tunneling. There is a
> suggestion that W2K does support IPSec tunneling, but I'm really
> not sure. Does it?
Yes with SP2 high-encryption.
>
> 2) Based on the answer to #1, if W2K does support IPSec
> tunneling, am I home free by putting IPSec
> on LRP? How do I set up W2K for this (it seems I WOULN'T use VPN
> connection, I would use dialup
> with IPSec policy???).
Win2K with SP2 can do IPSec, hear is a how-to. I personally didn't get in
running.
http://jixen.tripod.com/#Win2000-Fwan
>
> 3) If W2K doesn't support IPSec tunneling, what mess must I set
> up? L2TP and IPSec on LRP?
> IPSec masqing and L2TP and IPSec on my private network "server"?
I have tested using SSH Sentinel Beta as the IPSec client to LRP (EigerStein
Beta2 w/IPSec kernel), but just found out when it goes GA, there will not be
a single license version available, only bulk and OEM licensing. As an
alternative I'll probably use PGPvpn (commercial version) instead, the free
version only does host to host, not host to subnet.
>
> 4) If this is too troublesome, does it simplify things to say
> that I only have to reach one computer
> (the "server") on the private network?
Since the server is behind LRP I don't think it will make a difference. I
haven't done it, but another option would be to have LRP forward the VPN
traffic to the Win2K box and make the VPN connection Win2K to Win2K.
>
> TIA
>
>
> Keith Laidlaw
> Manager of Engineering
> Dakins Engineering Group Ltd.
> tel: (905) 814-6024
> fax: (905) 814-6029
>
>
>
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
