[prev in list] [next in list] [prev in thread] [next in thread]
List: vpn
Subject: RE: VPN Question...
From: "David Bovee" <dbovee () inetsec ! com>
Date: 1999-06-12 1:27:15
[Download RAW message or body]
John,
I suggest that you will have problems with that model, from a security
perspective. However, if you wish to continue your implementation, you must
ensure that the gateway (the first NT4 box mentioned in your scenario) is
allowing packets of the following type through to the proposed PPTP
endpoint:
IP Type 47 (GRE)
TCP destination port 1723 (on the PPTP tunnel server)
I do, however, recommend that you consider something more like this:
INET-----|-------|------------LAN Workstations
| |
| --NT file server, DHCP server, etc.
|
INET gateway and VPN server
This model uses no additional boxes than you have currently allocated, but
importantly moves your private data files to a server that is exclusively
internal. This gives you the ability to use proxy server and/or other
filtering devices on the NT4 gateway providing your Internet connectivity.
Also, unless you're using a WAN Card in your NT4 box, I suggest that you
implement basic, anti-spoof packet filters on your Internet router.
Good luck,
David Bovee
> -----Original Message-----
> From: owner-vpn@listserv.secnetgroup.com
> [mailto:owner-vpn@listserv.secnetgroup.com]On Behalf Of John D. Boshears
> Sent: Friday, June 11, 1999 12:18 PM
> To: vpn@listserv.secnetgroup.com
> Subject: VPN Question...
>
>
> A question for all the VPN experts who might bestow a bit of their
> knowledge to me, a extreme novice in the field of networking...
>
> I have a small LAN running here in the office, with an NT4 Server posing
> as our gateway to the internet, and that machine serves up our web content
> and acts as our primary file server. Now we also have a second NT4 Server
> sitting behing the gateway on our LAN, and we want to set that machine up
> to be our VPN server. It has a valid Internet IP address, and responds to
> pings. Microsoft RAS installed flawlessly, as well as the PPTP protocol.
> However the client fails at all attempts to connect. Is there something
> I'm doing that I shouldn't be?
>
> Thanks,
> John Boshears
>
>
> ****************************************************************
> TO POST A MESSAGE on this list, send it to vpn@listserv.secnetgroup.com
>
> The VPN FAQ (under construction) is available at
> http://kubarb.phsx.ukans.edu/~tbird/FAQ.html
>
> We are currently experiencing "unsubscribe" difficulties. If you
> wish to unsubscribe, please send a message containing the single line
> "unsubscribe vpn your-e-mail-address" to
> owner-vpn@listserv.secnetgroup.com
>
> ****************************************************************
>
****************************************************************
TO POST A MESSAGE on this list, send it to vpn@listserv.secnetgroup.com
The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/FAQ.html
We are currently experiencing "unsubscribe" difficulties. If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn@listserv.secnetgroup.com
****************************************************************
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic