From: mike-newsgroup@-DELETETHISPART-.upcraft.com   
      
   kevin wrote:   
   > Hi,   
   >   
   >            i would like to ask a question. Can VPN set with virtual IP ? I   
   > wanted to set a VPN from China to Hongkong, however, ISP of Mainland China   
   > only provided virtual IP to their clients for accessing Internet. Can we use   
   > those IPs to setup a VPN.   
   >   
   > remarks : Hong Kong can fix it's IP   
   >   
   > Thanks for comments.   
      
   Some VPN protocols will tolerate a private ip but they are highly   
   dependent on the support of the firewall doing the network address   
   translation to work.   
      
   The use of a private (virtual) ip indicates that this ISP is using a   
   firewall which means they can block these protocols so there is no way   
   to know if it will work without trying it first.   
      
   PPTP is usually well supported by most NAPT (network address and port   
   translation) implementations but this support can be enabled and   
   disabled in many products.  If they choose to disable support for this   
   protocol then it will not function.   
      
   Some IPSEC vendors have client software which supports NAT traversal   
   mode.  I do not know of any network to network router implementations   
   that use NAT traversal, this feature is usually reserved for single   
   client use, not connections between two entire network segments.   
      
   SSH is a popular protocol that can be used to tunnel traffic between a   
   client and server.  It is not used for network to network connections   
   but it does work through NAPT in most cases unless the ports are   
   specifically blocked.  The port used for SSH can often be changed if you   
   have control over the server configuration.   
      
   L2TP is less likely to work through a NAT connection from what I know   
   than most of these other protocols but I'm not as familiar with it's   
   implementation as I am with the others.   
      
   SSL VPN's are the new thing.  Using the familiar SSLv3 encryption that   
   is built into your browser.  I believe this is only used as a client to   
   server VPN method currently.  The idea is that you do not require any   
   special setup on the client end beyond a supported browser.   
      
      
   If the ISP wants to block VPN use they can block any of these protocols   
   from operating properly.  You might want to talk to the ISP to find out   
   if they have any VPN protocols they can suggest that work through their   
   system or if they have another service that does not use private IP's.   
      
   --   
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)