Firewall Wizards mailing list archives
RE: Pix and W2K VPN
From: Christoph Puetz <puetzc () yahoo com>
Date: Mon, 3 Dec 2001 12:32:52 -0800 (PST)
Update: Bruce was right - the router LAN Ip settings can be changed. I had only looked under the DHCP tab but found the other section after his suggestion. Thanks! Anyway - decided not to go thru the DMZ but straight thru the firewall into the server and things worked right away (except for a Windows XP client who is unable to browse the network but can use PCAnywhere). Saves me lots of time and makes the boss happy. Thanks! Chris --- Bruce Platt <Bruce () ei3 com> wrote:
Are you sure the "little routers" can't be changed? I ask because we had the same issue here, though not with MS VPN. If it's a Linksys 4 port type, the LAN address can be changed by using the Status tab (I think) on the router config page accessible from your browser. One then has to think through some network allocation issues depending on how many people you have. Do you give each person a /24 like 192.168.25.0? etc. Regards -----Original Message----- From: Christoph Puetz [mailto:puetzc () yahoo com] Sent: Thursday, November 29, 2001 6:29 PM To: firewall-wizards () nfr com Subject: [fw-wiz] Pix and W2K VPN Hello Wizards, I am trying to setup a W2K VPN server have only partially success. If I establish a static route (inside,outside) on the Pix and open port 1723 and gre things work just fine. Problem here: The remote clients use routers at the home offices which only support the basic 192.168.1.x network - unfortunately the same class c IP range I have on my office network and those little routers cannot change theirs. Result: routing at the client side messed up Any idea how to solve this? Same scenario but I use a multihomed server for the W2K vpn - one Nic connecting to the dmz and the other to the inside. However - no matter what I try I am unable to connect to the NIC on the dmz (all ports are open both ways 47/gre and 1723). Any idea why the Pix does not let this go thru (I tried telnet on port 1723 - no luck). I am open for some suggestions as I do not like to place a NIC on the outside of the firewall. Thanks! Christoph PS: W2K SP2 and Pix 515R 4.4 __________________________________________________ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards __________________________________________________ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Pix and W2K VPN Bruce Platt (Dec 01)
- RE: Pix and W2K VPN Christoph Puetz (Dec 04)