RE: Pix and W2K VPN

[Christoph Puetz <puetzc () yahoo com>]

Update:

Bruce was right - the router LAN Ip settings can be
changed. I had only looked under the DHCP tab but
found the other section after his suggestion. Thanks!

Anyway - decided not to go thru the DMZ but straight
thru the firewall into the server and things worked
right away (except for a Windows XP client who is
unable to browse the network but can use PCAnywhere).
Saves me lots of time and makes the boss happy.

Thanks!

Chris


--- Bruce Platt <Bruce () ei3 com> wrote:
> Are you sure the "little routers" can't be changed?
>
> I ask because we had the same issue here, though not
> with MS VPN.  If it's a
> Linksys 4 port type, the LAN address can be changed
> by using the Status tab
> (I think) on the router config page accessible from
> your browser.
>
> One then has to think through some network
> allocation issues depending on
> how many people you have.  Do you give each person a
> /24 like 192.168.25.0?
> etc.
>
> Regards
>
> -----Original Message-----
> From: Christoph Puetz [mailto:puetzc () yahoo com]
> Sent: Thursday, November 29, 2001 6:29 PM
> To: firewall-wizards () nfr com
> Subject: [fw-wiz] Pix and W2K VPN
>
>
> Hello Wizards,
>
> I am trying to setup a W2K VPN server have only
> partially success. If I establish a static route
> (inside,outside) on the Pix and open port 1723 and
> gre
> things work just fine. Problem here: The remote
> clients use routers at the home offices which only
> support the basic 192.168.1.x network -
> unfortunately
> the same class c IP range I have on my office
> network
> and those little routers cannot change theirs.
> Result:
> routing at the client side messed up
> Any idea how to solve this?
>
> Same scenario but I use a multihomed server for the
> W2K vpn - one Nic connecting to the dmz and the
> other
> to the inside. However - no matter what I try I am
> unable to connect to the NIC on the dmz (all ports
> are
> open both ways 47/gre and 1723). Any idea why the
> Pix
> does not let this go thru (I tried telnet on port
> 1723
> - no luck).
>
> I am open for some suggestions as I do not like to
> place a NIC on the outside of the firewall.
>
> Thanks!
>
> Christoph
>
> PS: W2K SP2 and Pix 515R 4.4
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! GeoCities - quick and easy web site hosting,
> just $8.95/month.
> http://geocities.yahoo.com/ps/info1
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


__________________________________________________
Do You Yahoo!?
Buy the perfect holiday gifts at Yahoo! Shopping.
http://shopping.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards