Title: Message
You could run a NAT translation against it for using PPTP, I dont think IPSec works with NAT. So I suppose the end result is what vpn product are you using.
-----Original Message-----
From: Robert E Young [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 11, 2001 1:58 PM
To: NT System Admin Issues
Subject: Why does VPN kill my internet websites ?

I appreciate your taking the time to reply it's rude of me to not respond earlier, so I do apologize.

I contact the company VPN from my home/office through  a dual homed W2K Server, it is also the MS Proxy/Firewall and Internet Web Server (multiple internet web sites - notice I did NOT say intranet web sites). It is a member server in an NT domain.)
 
One other thing, my wife needs to also VPN to her company from the same Home-Office as previously described ?
 
Is this possible, s'pose I need to get an actual router instead of the Proxy server ?
 
Thanks........
RE Young
Dallas, TX USA
 
 -----Original Message-----
From: Burgess, Jeffrey [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 06, 2001 7:20 AM
To: NT System Admin Issues
Subject: RE: Can NAT do what I want? Why does VPN kill my websites ?

Steve, What firewall are you using?
 
Robert, Are you initiating your VPN at your Proxy, or from the one WS you want VPN access from?
 
 
-----Original Message-----
From: Robert E Young [mailto:[EMAIL PROTECTED]]
Sent: Sunday, August 05, 2001 9:12 PM
To: NT System Admin Issues
Subject: RE: Can NAT do what I want? Why does VPN kill my websites ?

Not sure what else you need, sounds like you have the bases covered, except you may/may not experience, actually it would be your "users" who would experience the problem I get.
 
I get a single IP from my DSL provider, I have DNS through my domain name provider, with that single IP the rest of the LAN (6 other boxes) can get out to the internet through a MS Proxy/firewall W2K Server that is dual homed (Dual NIC), it also happens to run my business Website. In a lot of way our scenarios are similar. Finally I also connect from my LAN via VPN to the company I contract with.
 
It all works except for one MAJOR problem.
 
The problem I have run into is that when I connect to the company I contract with via VPN, my online business Website becomes unavailable, I also do Web Hosting and it makes ALL the Websites unavailable, (since I am only using the one IP address).
 
I don't think you will have that problem though since you have a block of IP's available to you......not just one.
 
I have not had a chance yet to work through what's going on that would makes that happen, but if there is anyone who does know I would sure like to hear about it.
 
Robert E Young

[Robert E Young] 
 -----Original Message-----
From: Stephen Pruitt [mailto:[EMAIL PROTECTED]]
Sent: Sunday, August 05, 2001 9:39 AM
To: NT System Admin Issues
Subject: Re: Can NAT do what I want?

Hi Robert,
 
This will be a VPN through cable modems, using special hardware and software. The client systems need to communicate with an address that's reachable through the cable provider's network, while though the server actually has a different address because that NIC also has to be within our internal network. There's a solid firewall in place.
 
Steve
-----Original Message-----
From: Robert E Young <[EMAIL PROTECTED]>
To: NT System Admin Issues <[EMAIL PROTECTED]>
Date: Saturday, August 04, 2001 10:45 PM
Subject: RE: Can NAT do what I want?

Ok so now I have a better idea of what you are trying to accomplish........Will the at home users "dialup" to that one server ?
 
How do you intend that they make the connection ?
 
If they are connecting in via the Internet then you might want to check into using VPN for the home users, it can be made to be very safe, it is designed for what you are doing......it is also free with W2K.
 
Need to know how your users will be connection to say anymore. Inet or Dialup ?
 
Robert E Young MCSE
 
 
 

[Robert E Young]  -----Original Message-----
From: Stephen Pruitt [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 04, 2001 8:21 PM
To: NT System Admin Issues
Subject: Re: Can NAT do what I want?

We aren't trying to give all users access through this ISP. Actually it's the other way around - this is to give certain at-home users access to one particular server at our place. The problem is that the server has to have an IP address in our scope, and also be addressable through an address in that ISP's scope. We use the other ISP for our regular Internet connections.
 
Steve Pruitt
-----Original Message-----
From: Robert E Young <[EMAIL PROTECTED]>
To: NT System Admin Issues <[EMAIL PROTECTED]>
Date: Saturday, August 04, 2001 8:47 PM
Subject: RE: Can NAT do what I want?

It is possible to do what you want.
 
If your internal LAN is not too large (LEQ to 200 users), you can use one IP from your ISP (using DHCP) to get to the Internet, that will give you their DNS as well......it will also allow all your users to access the Internet. Are you getting a T1 / DSL / Frame Relay ?
 
Actually there is a lot to do, but it is "doable"
 
There is so much to say it might be better if you were to describe more of what you want to do, and what you have to do it with......include how many users, WAN type etc.
 
Robert E Young MCSE
Dallas, Texas
 
-----Original Message-----
From: Stephen Pruitt [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 04, 2001 7:23 PM
To: NT System Admin Issues
Subject: Can NAT do what I want?

We have a server sitting behind a firewall that's connected to several ISPs. The server needs to have an IP address in our internal subnet, but the same NIC also needs to be reachable through one of the ISPs using an IP address in their scope. They've given us a block of addresses. I was thinking that we could do this with a router connected between the firewall and that ISP, and having it use NAT to translate the ISP-scope IP address to and from the internal address. This is getting beyond my knowledge, so I need advice.
 
If this can work, would anyone suggest a particular router for this task? The traffic volume won't be high, but the unit does have to be highly reliable (or cheap enough to have a spare on hand).
 
If my idea won't work, does anyone have any alternative suggestions?
 
 
Steve Pruitt
 
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Reply via email to