Network gurus only: VPN problem

vinson

Member
Apr 2, 2000
63
0
0
Here are the particulars:
Linksys BEFW11S4 Wireless Cable/DSL Router, set to obtain an IP address automatically, DHCP enabled starting at 192.168.1.100, internal subnet mask of 255.255.255.0, and a DMZ Host set at 192.168.1.2.
Two Win2k systems set to obtain IP addresses automatically.
One Win2k setup as the DMZ host: IP 192.168.1.2, subnet mask of 255.255.255.0, gateway 192.168.1.1 (address of the router), and three DNS entries provided by my ISP.
All three computers work perfectly fine. Each is connected to the LAN and each has a connection to the internet.

Now the problem:
I create a new connection on the DMZ host machine of type VPN over the internet, with all the appropriate information including IP address etc. as shown above but the connection simply times out. To test the VPN I connected the DMZ host machine directly to the Cable Modem then set the VPN connection item to obtain an IP address automatically since I was no longer going through the router. Under this setup the VPN connection worked perfectly so it definitely appears to be some problem occuring at the connecition gets passed between the VPN through the router to the DMZ host. I was under the assumption (obviously the erronous assumption) that a DMZ host would make the router transparent but it appears not. Is what I am trying to do possible? I have heard that it is possible but requires a MUCH more expensive router but I still wonder. There are a lot of settings on the router I do not know enough about to be fooling with. Our two network guys at work (where the VPN resides) have no ideas at this point so I through it out to whoever may be able to provide me with some more definite information.

Thanks in advance for any info you can provide,

Dane R. Vinson
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Im not a network guru, but what the heck.

You are trying to connect to the external ip and not the internal ip right? Yes, its a stupid questions, but start small ;)

DMZ machines get forwarded every port right?
 

IgorTs

Senior member
Dec 4, 2001
421
0
76
DMZ is not fully transparent, on higher lever firewalls you can set what level of security you want to have.
Anyway, make sure on the router to mark IPSec and PPTP Pass Through.
Also another important detail: remote networks has to use different IP range like 192.168.1.x and 192.168.0.x
Good luck, it works for me.
 

vinson

Member
Apr 2, 2000
63
0
0
Thanks for the posts guys.

n0cmonkey: Yes, I had my IP for the VPN connection set to a xxxxxx.com address outside my LAN. And yes I believe DMZ is supposed to pass through all ports that is why I was so confused about the lack of success.

IgorTS: I also had tried several of the different passthrough options of the router without success.

The solution, as it turned out, was embarrassingly simple. A firmware upgrade. I ended up not even having to use DMZ host. After the upgrade DCHP settings just handle it all.

Anyway thanks again,

Dane R. Vinson
 

IgorTs

Senior member
Dec 4, 2001
421
0
76
I used to use Zoneedit.com to host my DNS for free and they offer many dynamic IP updaters. check them out.