|
Posted by glgxg on January 10, 2006, 2:32 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Matty wrote:
>> I have done a lot of reading but think I am missing some fundementals.
>> If someone could set me straight on these points it would help me a
>> lot....
>>
>> Am I right in thinking that to use a VPN from a remote location to a
>> Server then that server must have a been assigned a purchased static IP
>> address to an external interface (by purchased I mean registered with
>> whatever organisation, a class A,B, or C ip address?). To elaborate,
>> if I was to try and use Windows 2000 SBS as the server for the VPN,
>> then this server would need to two physical network cards - one with
>> the external ip address that the world can see (the purchased static
>> ip) and an internal one that it routes to.
>>
>> If I used a router instead then the router would have this purchased IP
>> address?
>>
>> Is it because you need a static IP on either a router/external server
>> interface that you could never VPN between two "home" machines that are
>> assigned IP addresses from ADSL modems by there ISP? Or am I mistaken
>> and provided one of the machines had VPN server software and one had
>> client then they could establish a VPN?
>>
>> After all that, it might be clearer if I indicate the specific job...
>>
>> What I would like to do is VPN from 3 "home" ADSL connections to an
>> office machine running SBS 2000. The business doeshave it's own domain
>> so I think it has a "purchased" IP (but am curious if this is
>> nescessary?) Am I better off using the Windows VPN with routing and
>> remote access (In which case I need another network card?) or puchasing
>> a VPN capable router?
>>
> You can away without a fixed address if you use a vpn router that
> supports dynamic dns, then users connect to the dynamic dns name and
> should the IP address change the router updates the dynamic dns server
> of this fact.
> If you go down the windows route can can use a single nic in the server,
> keep it on the lan and direct the inbound vpn connections to it using
> port mapping on the router.
> simon
Simon is correct. However, if your router does not do this you can still
use a dynamic domain name by installing a DDNS client. Suggest that you
have a look at the following:
http://www.dyndns.com/
http://www.dyndns.com/services/
http://www.dyndns.com/services/dns/dyndns/
http://www.dyndns.com/support/clients/
http://www.dyndns.com/support/clients/hardware/
http://www.dyndns.com/support/kb/archives/why_we_recommend_software_clients.html
Note: the last recommends software clients, and I agree. But I've been
updating my multiple DynDNS domains with hardware for quite some time
(BEFVP41's) and seldom have a problem. The disadvantage (for me) in
using hardware clients is that I typically don't know that the DDNS has
gone down or not been updated until I check the VPN links and find that
they've been disconnected (like this morning :-). I would have noticed
the problem immediately had I been running the software client instead.
That said, I can probably count on 1 hand the times that the VPN's have
disconnected due to failure of the router to update the DDNS over the
past 12 months. I've tried both, and settled on hardware because: 1) I
use an old computer with limited CPU & memory resources, and 2) I'm
lazy... I tend to prefer the set & forget unless it becomes an
operational or security problem.
Added note: The only other problem that I've had using hardware is that
sometimes the dynamic IP that one of the servers sits on doesn't change
for 28 days or more, so I then have to go and force a lease update.
However, DynDNS are kind enough to send me a 5 day notice alerting me of
this each time that it happens.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map