|
You
could run a NAT translation against it for using PPTP, I dont think IPSec works
with NAT. So I suppose the end result is what vpn product are you
using.
I
appreciate your taking the time to reply it's rude of me to not respond
earlier, so I do apologize.
I contact the
company VPN from my home/office through a dual homed W2K Server, it is
also the MS Proxy/Firewall and Internet Web Server (multiple internet web
sites - notice I did NOT say intranet web sites). It is a member server
in an NT domain.)
One other thing,
my wife needs to also VPN to her company from the same Home-Office as
previously described ?
Is this possible,
s'pose I need to get an actual router instead of the Proxy server
?
Thanks........
RE
Young
Dallas, TX
USA
-----Original
Message-----
From: Burgess, Jeffrey
[mailto:[EMAIL PROTECTED]]
Sent: Monday, August 06, 2001 7:20
AM
To: NT System Admin Issues
Subject: RE: Can NAT do what
I want? Why does VPN kill my websites ?
Steve, What firewall are you using?
Robert, Are you initiating your VPN at your Proxy, or from the one WS
you want VPN access from?
Not sure what else you need, sounds like you have
the bases covered, except you may/may not experience, actually it would be
your "users" who would experience the problem I get.
I get a single IP from my DSL provider, I have
DNS through my domain name provider, with that single IP the rest of the
LAN (6 other boxes) can get out to the internet through a MS
Proxy/firewall W2K Server that is dual homed (Dual NIC), it also
happens to run my business Website. In a lot of way our scenarios are
similar. Finally I also connect from my LAN via VPN to the
company I contract with.
It all works except for one MAJOR
problem.
The problem I have run into is that when I
connect to the company I contract with via VPN, my online business Website
becomes unavailable, I also do Web Hosting and it makes ALL the Websites
unavailable, (since I am only using the one IP
address).
I don't think you will have that problem though
since you have a block of IP's available to you......not just
one.
I have not had a chance yet to work through
what's going on that would makes that happen, but if there is anyone who
does know I would sure like to hear about it.
Robert E Young
[Robert E
Young]
-----Original
Message-----
From: Stephen Pruitt
[mailto:[EMAIL PROTECTED]]
Sent: Sunday, August 05, 2001
9:39 AM
To: NT System Admin Issues
Subject: Re: Can
NAT do what I want?
Hi Robert,
This will be a VPN through cable modems,
using special hardware and software. The client systems need to
communicate with an address that's reachable through the cable
provider's network, while though the server actually has a different
address because that NIC also has to be within our internal network.
There's a solid firewall in place.
Steve
-----Original
Message-----
From: Robert E Young <[EMAIL PROTECTED]>
To:
NT System Admin Issues <[EMAIL PROTECTED]>
Date:
Saturday, August 04, 2001 10:45 PM
Subject: RE: Can NAT
do what I want?
Ok so now I have a better idea of what you
are trying to accomplish........Will the at home users "dialup" to
that one server ?
How do you intend that they make the
connection ?
If they are connecting in via the Internet
then you might want to check into using VPN for the home users, it can
be made to be very safe, it is designed for what you are doing......it
is also free with W2K.
Need to know how your users will be
connection to say anymore. Inet or Dialup ?
Robert E Young MCSE
[Robert E Young] -----Original
Message-----
From: Stephen Pruitt
[mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 04,
2001 8:21 PM
To: NT System Admin Issues
Subject:
Re: Can NAT do what I want?
We aren't trying to give all users
access through this ISP. Actually it's the other way around - this
is to give certain at-home users access to one particular server at
our place. The problem is that the server has to have an IP address
in our scope, and also be addressable through an address in that
ISP's scope. We use the other ISP for our
regular Internet connections.
Steve Pruitt
-----Original
Message-----
From: Robert E Young <[EMAIL PROTECTED]>
To:
NT System Admin Issues <[EMAIL PROTECTED]>
Date:
Saturday, August 04, 2001 8:47 PM
Subject: RE: Can
NAT do what I want?
It is possible to do what you
want.
If your internal LAN is not too large
(LEQ to 200 users), you can use one IP from your ISP (using DHCP)
to get to the Internet, that will give you their DNS as
well......it will also allow all your users to access the
Internet. Are you getting a T1 / DSL / Frame Relay
?
Actually there is a lot to do, but it is
"doable"
There is so much to say it might be
better if you were to describe more of what you want to do, and
what you have to do it with......include how many users, WAN type
etc.
Robert E Young MCSE
Dallas, Texas
We have a server sitting behind
a firewall that's connected to several ISPs. The server needs to
have an IP address in our internal subnet, but the same NIC also
needs to be reachable through one of the ISPs using an IP
address in their scope. They've given us a block of addresses. I
was thinking that we could do this with a router connected
between the firewall and that ISP, and having it use NAT to
translate the ISP-scope IP address to and from the internal
address. This is getting beyond my knowledge, so I need
advice.
If this can work, would anyone
suggest a particular router for this task? The traffic volume
won't be high, but the unit does have to be highly reliable (or
cheap enough to have a spare on hand).
If my idea won't work, does
anyone have any alternative suggestions?
Steve Pruitt
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
|
