VPN Help would be appreciated.

[PlatinumGold]

2 machines behind NAT boxes. Client is on a cable modem behind a NAT box. Server is on a T-1 behind a NAT box.

now, it seems rather simple for me to connect to the external IP of the NAT box. My question would be, how do I get the Client to find the server behind the NAT box. wouldnt the server have an Internal IP?

 

[n0cmonkey]

I think you would need to forward the ports your vpn is using to that server.

 

[lowtech1]

You need to forward the external IP (ethernet device/card) to the internal IP on your NAT/Router/Firewall box.
Let say that you have N (north) and S (south) sites in your organization.

North Firewall:
Ext - 100.100.100.1/29 bits
GW - 100.100.100.6
Int - 192.168.1.1/24

South Firewall:
Ext - 50.50.50.224/27 bits
GW - 50.50.50.224
Int - 192.168.2.1/24

Now you have 2 sub nets 192.168.1.x, and 192.168.2.x.

North internal subnet 192.168.1.x
|
|
GW 192.168.1.1
|
Port Forward
|
Ext 100.100.100.1
|
|
|
|
World Wide Web - VPN Tunel
|
|
|
|
Ext 50.50.50.224
|
Port Forward
|
GW 192.168.2.1
|
|
South internal subnet 192.168.2.x



You can also do VPN with Proxy Arp, but need the additional Peers & Broadcast in the equation.

 

[PlatinumGold]

lowtech

would i do the port forwarding at the NAT box? also if i do a port forwarding, is that only for incoming from a specific IP or is that for everything.

 

[lowtech1]

Port forwarding is at the NAT box.

Your NATs box have 2 NIC cards...one NIC for external and the second one for internal.

Forward the External IP (real IP from ISP provider) to the internal IP (192.168.x.x or 10.10.x.x).

Let say that you have 192.168.1.254/24 is the server, and 192.168.2.2/24 is the client and you want to use PPTP.

0/0 - any address/from any subnet.



North internal subnet 192.168.1.x (.2~.254 can be use because .1 is used for the Gateway/internal NIC of the NAT box).
|
|
GW 192.168.1.1 (N NAT box interal network address)
|
Port Forward (alow 0/0 to access 192.168.1.254 through TCP protocal @ port 1723, and protocal 47 for port forwarding . or tcp_1723 & protocal 43 if NAT)
|
Ext 100.100.100.1 (N NAT box exteral network address)
|
|
|
|
World Wide Web - VPN Tunel
|
|
|
|
Ext 50.50.50.224 (S NAT box external network address)
|
Port Forward ( 0/0 to access 192.168.2.2 tcp_1723 & protocal 47, or tcp_1723 & 43 if NAT)
|
GW 192.168.2.1 (S NAT box interal network address)
|
|
South internal subnet 192.168.2.x


Or you could specifide and address instead of 0/0.

In the case above you could use:
North NAT box: alow 50.50.50.224 to access 192.168.1.254 tcp_1723 & protocal 47, or tcp_1723 & 43 if NAT.
South NAT box: alow 100.100.100.1 to access 192.168.2.2 tcp_1723 & protocal 47, or tcp_1723 & 43 if NAT.

You might want to look into some kind of network security if you are opening your network though WAN. (look up IPsec)