Hello all,

I have a client that is running a small network at home. she has a Windows 2000 machine with two Network cards to share a cable modem connection to her other computers ( three or four PCs) She is trying to access our network at work through VPN and she is unable to connect unless she connects directly to the cable modem bypassing the Windows 2000 built-in proxy server. Any suggestions on how to avoid this??

THANKS,

Greg

Possibly your issue might be a port is being blocked but to make things easy i would bypass the dual network card setup and got the easy way with a router, your vpn connection should work beautiful then, otherwise you are going to have to investigate a possible port blockage on the internet gateway......

Some VPN connections embed the PC's IP address into the packet, which is then compared to the connection's IP once it gets to the other end. In this situation, it's simply not possible for the VPN to work. The NAT-ed PC will always have a private IP that doesn't match the connection's public IP that the other end sees. The only way to make it work is to have the PC use the public IP directly...

Hopefully it's not that. It may just be a port/protocol forwarding issue. A software reconfiguration or a hardware router may fix this, though some routers don't like to forward "non-web" stuff like VPNs use. Just a warning. Look for notes about VPN compatibility if you want to be 100% sure.

ok.. i hapen to be a VPN network guy at work...

so...

At work what is she connecting to?

win2k VPN RAS
Cisco router
VPN hardware device (Cisco VPN constrator 3000 for example)

What NAT settigs do you use at work?

What NAT settings do you use at Home?

if they match... thier is your 1st problem

both sides of the VPN cant have similar private networks.

(work and home both can have the 192.168.0.x / 255.255.255.0 networks)

as for the proxy....

port 47 is for GRE
prot 50 is for AH
port 51 is for ESP
port 500 is for IKE
port 1723 is the VPN traffic

sample linux firewall rules
-----------------------------------
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT
iptables -A INPUT -p TCP -s 0.0.0.0/0 --source-port 1723 -j ACCEPT
iptables -A OUTPUT -p TCP -d 0.0.0.0/0 --destination-port 1723 -j ACCEPT
------------------------------------

now if you go get the Linksys cable/dsl router with built in 4 port switch the you need not config any ports. there is a check box in the setup for VPN passthrough and IPsec passthrough. just rember to change the Network from default of 192.168.0.x or 192.168.1.x on your home linksys to something like 192.168.10.x so as not to confuse your router or the router at work. (if work uses a similar network setup, which is common at small offices)

FAQ for users!!!
-------------------------
Q: When I connect to the VPN my MIRC/FTP connection is dropped

A: When you connect to the VPN a new route is added to your routing table, this can cause traffic to start using a different route and can break existing network connections.

Q: When I connect to the VPN I get a message saying my password is recognised but I am not authorized for dialup access.

A: This means you are not registered to use the VPN service