Creating first VPN, seeking guidance

Creating first VPN, seeking guidance
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.vpn  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Creating first VPN, seeking guidance Mike T. 02-11-2007
Posted by Mike T. on February 11, 2007, 8:11 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

I'm trying to set up a VPN connection from the corporate network to my home
network. I need to use a VPN connection because company policy does not
allow the use of Remote Desktop. My home network consists of 3 computers
(all XP Pro) sitting behing a Zyxel Prestige 660HW router/firewall with VPN
capabilities, which in turn sits behind a DSL modem.

I've been reading all over the place and I'm still not clear on the
configuration.

The home network is set up as a workgroup. It's set up behind NAT in the
192.168.1.0/24 block. I have a dynamic IP, but I'm using a dynamic DNS
service (which I'll call blablabla.dyndns.org).

The work computer is part of an AD domain, and uses NAT in the 172.16.0.0/12
range. I don't know the firewall setup, nor do I have any sort of access to
it.

In the VPN/IPSec settings of the router, I've set up the following:

Menu 27.1.1 - IPSec Setup

Index #= 1 Name= blablabla.dyndns.org //not real address
Active= No Keep Alive= No //not yet activated
Local ID type= DNS Content= 12345
My IP Addr= 0.0.0.0
Peer ID type= DNS Content= 12345
Secure Gateway Address= blablabla.dyndns.org
Protocol= 0 DNS Server= 0.0.0.0
Local: Addr Type= SUBNET
IP Addr Start= 192.168.1.0 End/Subnet Mask= 255.255.255.0
Port Start= 0 End= N/A
Remote: Addr Type= SUBNET
IP Addr Start= 192.168.2.0 End/Subnet Mask= 255.255.255.0
Port Start= 0 End= N/A
Enable Replay Detection= No
Key Management= IKE
Edit Key Management Setup= No


In the Key Management Setup:

Menu 27.1.1.1 - IKE Setup

Phase 1
Negotiation Mode= Main
PSK= 12345678
Encryption Algorithm= DES
Authentication Algorithm= MD5
SA Life Time (Seconds)= 28800
Key Group= DH1

Phase 2
Active Protocol= ESP
Encryption Algorithm= DES
Authentication Algorithm= SHA1
SA Life Time (Seconds)= 28800
Encapsulation= Tunnel
Perfect Forward Secrecy (PFS)= None


The router manual isn't much help. I'm planning to create the connection
using the XP client from work. I haven't tried it from work yet (will do it
tomorrow), but does anyone see any glaring errors in the above configuration
that might not cause it to work, so that I can change it today while I'm
still home?

I also plan to be traveling quite a bit in the next few months. Would this
work no matter where I am? (of course, if I'm not inside the company's
network, I have a chance of being able to use RDP).

Thanks,
Mike




other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map