XPost: microsoft.public.es.win2000, microsoft.public.win2000.networking   
   From: efflandt@xnet.com   
      
   On 28 Sep 2004 02:46:28 -0700, lsaiher  wrote:   
   > Hello everybody,   
   > I am quite new to VPN and I'm a little bit confused.   
   > I have a LAN which has access to Internet through a Nokia ADSL router.   
   > I want to connect to this LAN from a computer which has a dial-ip   
   > access to the Internet.   
   >   
   > I think that if I use PPTP I have to configure NAPT and redirect   
   > information sent to ports TCP 1723 and UDP 47 to the W2K server which   
   > I'm going to use as a VPN Server.   
   > Is this correct?   
      
   The TCP port 1723 is correct, but 47 is a "protocol", not a port (not the   
   same thing).  So you would need something that could direct incoming   
   protocol 47 to the VPN server.   
      
   > I've heard that using IPSEC is more secure but I don't know if I can   
   > use it. I think that I need a router that can do "IPSEC passthrough",   
   > but I'm not sure.   
      
   IPSEC uses "protocol" 50 (ESP) and UDP port 500 (IKE).  Protocol 51 (AH)   
   is an alternate protocol, but it does not work through NAT (fails if   
   packets are altered).  I have done IPSEC (freeswan) to and through Linux,   
   but through a broadband router (Linux was my router).  I would think that   
   "IPSEC passthrough" is what it says.   
      
   Even an article on msdn.microsoft.com did not know the difference between   
   ports and protocols.  Besides UDP port 500, it "incorrectly" said that   
   IPSEC used TCP ports 50 and 51, which my /etc/services says are   
   re-mail-ck (remote mail check) and la-maint (IMP logical address   
   maintenance).  Neither TCP "port" has anything to do with IPSEC.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)