At first glance, I thought this reply was Just Dumb (tm). After all, IIS doesn't have any VPN functionality - it's just a webserver (of questionable merit). I'll get back to the second glance in a while. Your biggest problem is likely to be your NAT. I've actually played with the little NetGear boxes before and the NAT implementation isn't very good - try to get MS network browsing to work via (their) NAT for example. Firstly, since you're using dynamic NAT, that will blow any VPN that uses IP transports other than TCP (there goes PPTP, IPSec etc). Static NAT, or at least a combination of static and dynamic is required for those, since dynamic NAT (as someone succinctly pointed out last time this was kicked around) uses TCP ports to multiplex the connections. Cisco can do it. With your hardware - well, YMMV. Someone posted to one of these lists a while ago looking for a TCP-based VPN solution - that might work. Maybe. Grep the archives and you might have some luck. Now back to IIS. If your main aim is to access files etc, you probably _could_ set up something with IIS. IIS will let your users authenticate using your NT domain stuff, and you could use SSL for encryption. There's even a web connector for Exchange, if that's your email platform. All in all, at the second glance, it didn't sound so dumb. You could at least look into it, I agree. BIG DISCLAIMER: However, I am _not_ recommending IIS, especially not in a public forum where the main focus is security. Then again, I wouldn't call a NetGear router a firewall, either. Cheers, -- Ben Nagy Network Consultant, CPM&S Group of Companies PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520 > -----Original Message----- > From: Myles_Keoughat_private [mailto:Myles_Keoughat_private] > Sent: Tuesday, 5 October 1999 11:37 PM > To: Steven W. Engle > Cc: firewall-wizardsat_private; sengleat_private > Subject: Re: Looking for a PVN-only server to put behind the firewll > > > Have you looked into MS IIS? It sounds like you're a MS shop > and if that's the > case IIS would be a great fit. > > > > Looking for recommendations for a private virtual network "server" > (95/98/NT software or "network appliance") to place on the internal > network side of a firewall. > > Objective is to have external/Internet users, via software on their > Win 95/98/NT laptop / PC and their standard connection to the > Internet, to be able to mount shares being made available by the > corporate NT server on the internal network. The firewall would allow > external connections to tunnel through it to the internal VPN server. > The VPN server would handle authentication, data encryption / > decryption, addressing / routing, etc. > > The way I see it, the remote user's PC/Laptop would appear as a node > on the internal network and would have access to all devices on the > internal network. > > So far all the solutions I have found are associated with full blow > firewalls - this is not an option due to cost and skill constraints > on part of the end user organization. All that is needed is a > PVN-only solution with maintenance limited to add/deleting users and > delivering software to remote end users. > > BTW: The "firewall" is a NetGear RH348 ISDN Router with Dynamic NAT > turned on. It supports tunneling one external IP address (the > router's) to an internal network IP address. > > Thanx! > -- > Steven W. Engle Voice: (281) 333-9085 > Diversified High Technologies, Inc. Fax: (281) 333-9087 > 1350 NASA Road One, Suite 105 http://www.dhtinc.com/ > Houston, TX 77058 mailto:sengleat_private > > > >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:42:29 PDT