|
Posted by Mike Drechsler - SPAM PROTECTE on November 14, 2005, 2:44 pm
If you were Registered and logged in, you could reply and use other advanced thread options
KraftyDood wrote:
> Hi,
>
> I have a problem that I just can't solve. I've contacted my ISP,
> NETGEAR, etc., and even brought in someone who claimed to be a
> networking expert. No-one has been able to help me solve or understand
> this problem.
>
> I have a static ip addresss from my internet service provider (SHAW),
> and on my server I am developing a web application. I can access my web
> server via the static ip from an outside computer - up until I start a
> VPN client (Nortel) running on my server. After that I just get
> timeouts when trying to access the server from an outside computer. I
> need to run the VPN on my server because it needs to access a database
> on a government network. With the VPN running on my server, I can
> still access the server via the static ip address from another computer
> on my LAN though (when I am using a router).
This is working properly. The Nortel VPN client is configured to cut
off access to external computers when the VPN link is active to prevent
your computer from becoming a conduit for a hacker to gain entry to the
remote network via your computer. (In a case made public this actually
happened to a Microsoft programmer working from home)
The Administrator of the Nortel VPN router would need to change settings
to allow "split tunnelling".
> I've tried this going directly to the cable modem, or through a router
> - same thing happens.
>
> Other strange things: If I just connect my computer to the cable
> modem, the default ip address I am assigned is not the static ip
> address I was assigned by shaw - I need to go into my TCP/IP settings
> and manually set the static ip address I want. Is this normal?
>
> Also, even before I run a VPN client on my server, I cannot PING my
> static ip address (though shaw says it is working) from my LAN (when I
> am using a router) or from an outside computer - I just get timeout.
Shaw static IP's work like this. You manually assign the static IP they
give you into your equipment. If you turn on DHCP (automatic)
addressing then you will get one of their dynamic IP's. I don't see why
you are concerned about it.
> When I run the Nortel VPN Client, it shows an Assigned Ip Address. I
> can access my server through this Ip Address from anywhere, but this
> doesn't really do me any good - I need to be able to access my server
> using my static ip address.
>
> Am I just missing something about how VPN works, or is there a setting
> somewhere I am missing, or maybe the cable modem (Motorola Surfboard
> SB5100) has limitations I am not aware of.
>
> I really would appreciate any help.
>
Yes, you are missing something about how VPN works. It is not a problem
with your cable modem, with Shaw, or your software. The Nortel VPN
client forces your default route to change to become the remote VPN
router when you are connected so that ALL traffic to the Internet is
sent through the VPN link. In a command prompt type "route print". Try
this before and after connecting to the VPN and see the difference.
If you want to connect these two sites you might consider running a
branch office style VPN tunnel between a VPN router at your site to the
remote VPN router. This will give you more control over routing. The
VPN client is not really designed for anything other than remote client
access. It's not a way to build interconnected networks on an ad-hoc
basis like you seem to be attempting to do. The "government network"
would also want to set up appropriate network firewall rules on the
remote side so that only connections to the database ports you require
will get through and nothing else to prevent the surface area that can
be attacked if your machine was compromised.
--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map