VPN questions...

[Valhalla1]

I want to setup things so I can establish a VPN connection with the office network and my home network. Cable modem access at home, DSL at office. right now I am sharing both connections with an XP and Win2k ICS box.

q1 - want to setup a vpn "server" at the office. this machine currently is behind a win2k ICS machine. will I need to get a vpn-capable broadband router to replace ICS as the connection sharing method, or can I access a vpn server that is behind an ICS machine?

q2 - at the house, there is a Win XP machine that shares the internet connection to the rest of the network. one of the clients that is behind the XP ICS is a win2k box that I want to "dial in" to the vpn server at the office. Can I access a VPN server from a machine that is behind an ICS machine, or will I need a vpn-capable router at the house as well to share the connection?

q3 - do I have to have Win2k or XP Server on either end (or both ends) of the VPN tunnel? or can XP and 2k pro do everything I need?

q4 - if I am in need of a router, what is a good but inexpensive solution?


[home box]--->[XP ICS]----->*internet*---->[2k ICS]----->[2k VPN host]

 

[vi edit]

First thing to find out is if your cable provider allows VPN traffic. I know that some of them restrict port 1723(I THINK) to prevent people from specifically VPN'ing into work from home.

Need to check into that first.

 

[vi edit]

Also, as simply a suggestion, your best bet may be looking into a firewall/VPN appliance and doing hardware VPN vs. software connection sharing, firewalling, and VPN access.

I know that norton, sonicwall, and several others make such appliances. Probably looking at ~$200-$500 per location.

 

[IgorTs]

a1. Routers with IPSec Pass Through and/ or PPTP Pass Through. VPN access software should be installed on first comp, or you will have to forward some ports or place it on DMZ if you have router.
a2. You can "dial from any computer.
a3. Workstation will work just fine. Server may handle more connections and better setup.
a4. Linksys

additional: always better to have at least a router in NAT protecting your network. ( hardware firewall is definately better).

 

[Valhalla1]

alright, so lets say the ISP doesnt mess with VPN traffic... I should be able to setup Win2k PRO to be a VPN host, with a cheap linksys VPN passthru router (do I need one on both ends?) what vpn access software were u speaking of, is it not built into Win2k pro?


yes? and if the isp does block the traffic on that port can u setup vpn to run on a different port?

 

[IgorTs]

build in VPN is just fine. router at home is not required, but recommended.
i have not tried to use it on different port, don't think it's possible.

 

[Valhalla1]

thanks for the tips... one last question, say I setup the Win2k PRO machine to act as a VPN host, and I place that machine behind a vpn passthru broadband router.. Will I be able to create a VPN tunnel from the house from a machine 192.168.0.5 that is behind an XP ICS machine?

or can I have a permanent VPN connection from the XP box that runs ICS to the office, and then will the client machines behind that ICS box be able to use the VPN tunnel as well?


sorry for all the (probably dumb) questions, vpn is very new to me

 

[IgorTs]

if you have a router why would you use ICS? add a switch(if router is single ported), plug computers there, independent connection.
VPN tunnel from the house from a machine 192.168.0.5 that is behind an XP ICS machine will work, not sure about second option.