LISTSERV - HP3000-L Archives

HP3000-L Archives

April 2001, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L April 2001, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: VPN Issues
From:	"TRAPP,RICH (Non-A-Loveland,ex1)" <[log in to unmask]>
Reply To:	TRAPP,RICH (Non-A-Loveland,ex1)
Date:	Mon, 23 Apr 2001 10:24:03 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (88 lines)

Greetings Ken!
   I don't claim to understand this completely, but I've had (and FIXED!)
this same problem.

   It's got something to do with Network Address Translation or (NAT)and IP
Masquerading (IPMASQ).   When VPN is active (on the machine with the
internet connection), ALL packets get encrypted before sending out to the
internet. Even the one's sent on behalf of the other machines sharing the
internet connection (which you don't want encrypted).  

   If you move the VPN client to another machine (not the one with the
actual connection), It usually won't work because it encrypts the packet
(with it's own non-routable IP address), then forwards to the internet
connected box, but this box can't (or doesn't) decrypted the packet to
replace the IP address with it's own, so you usually never get a response
back from the VPN host.

   So here's two options to fixing this issue (one I've tried & another I'd
recommend):

   1) Put a Linux box with up front as the machine sharing the connection.
With some tweaking, you can configure it to the correct IP Masquerading for
your connected PC's.  The advantage of this is you can also make it a nice
firewall and have complete control over what's getting in and out. The
difficult part is you get to learn a LOT about firewalls and configuring
networks on Linux.

   2) The easier solution (IMO): Buy an inexpensive DSL/Router/Firewall box
like the SMC Barracade 4 port (http://www.jandr.com have it for $89 before
$20 rebate from SMC) and let it do all the work. The only configuring is
done via a web page. It's at lot easier than patching the Linux Kernel with
the IP MASQ patches & recompiling & configuring (& trouble shooting..etc.).


   If you'd like more info, send me a note. If you'd really like to get down
& dirty with Linux, I can send you the links I used to get mine working that
way.
  
RAT
 

Rich Trapp <mailto:[log in to unmask]>  

 
Consulting for Agilent Technologies, Loveland, Colorado.

Managed Business Solutions <http://www.mbsnav.com/>  
200 South College Avenue 
Fort Collins, Colorado 80524-2811 
970.679.2221 (voice) 
970.669.3071 (fax) 



-----Original Message-----
From: Ken Nutsford [mailto:[log in to unmask]]
Sent: Monday, April 23, 2001 1:16 AM
To: [log in to unmask]
Subject: VPN Issues


I have been involved in setting up VPN connections on Win95 and 98 PCs to
our remote 9x7 computers connected to the Internet. There are some issues I
have been unable to resolve.

1. The VPN connection is blocked by ZoneAlarm.

2. The VPN connection prevents access to the Internet by IE.

3. The VPN connection prevents access to the Internet by Outlook Express.

The correct ZoneAlarm configuration resolves Item 1 but I have not been
able to establish what it is. Configuration changes to the VPN server would
seem necessary to resolve Items 2 and 3 but that is remotely managed.

How might these issues be resolved?

Thanks,

Ken Nutsford
ASP Group

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU