From: veronabusch@gmx.de   
      
   Hi,   
   could you tell me what kind of vpn to use in this Windows TCP/IP   
   network? I read a lot of VPNs last days an have the bad feeling that   
   i've mixed up with all this now. Further down you see my A.), B.) and   
   C.) -understanding of VPNs. ;-)   
      
     1 W2K Adv. Server in local LAN   
       DomainController AD, DNS, WINS no DHCP   
       connected to Internet through DSL-Modem and ISDN-Card   
      
   50 WinXP prof. Workstation in local LAN   
        static IPs   
      
     3 WinXP prof. Notebooks in local WLAN   
        static IPs (reservated)   
      
     4 WinXP prof. Notebooks at home offices   
        connected to internet through whatever kind of DSL-router,   
        56k-modem or ISDN-modem an of course different ISPs.   
      
   The 4 home offices do RAS-DialUp-Connections to the ISDN-Card of the   
   server. But they want to change to VPN to use local dialin and safe   
   money. That's the situation.   
      
   AFAIK this is a so called Remote-Access-VPN what they are looking for,   
   isn't?! Anyway. I would like to set up a new W2K-Server and to order a   
   new DSL-Line (2Mbit) to avoid causing problems in local LAN.   
      
   A.) I could put this new Server (W2K-VPN-SRV) directly to the new   
   DSL-modem. All i need to do is to install a AD, WINS, DHCP, Routing and   
   RAS for VPN (PPTP or L2TP), and of course the PPPoE Connection to the   
   DSL-Line.   
      
   Q 1.) Isn't that pretty risky, cause there is no firewall in W2K Server?   
   Q 2.) If i would like to use IPsec., do i need special Software? AFAIK   
          there is a difference between L2TP (with IPsec.) and IPsec. as an   
          VPN-protocol itself, but i'm not sure?!   
   Q 3.) If i setup a new AD, what do i have to look for, because there is   
          already a DC in the local LAN?   
   Q 4.) If i setup DHCP, and W2K needs DHCP running for it's VPN-Server,   
          am i getting problems with all the other Workstations in the local   
          LAN?   
   Q 5.) I think i can replicate DNS and WINS with the other W2K Server,   
          can't i?   
      
   B.) Is exactly the same as A.) but i put a router between the DSL-Line   
   and the W2K-VPN-Server. I would have a NAT-firewall and a SPI-firewall.   
   Let's say i take the same like i have at home. Netgear WGT624 Wireless   
   Firewall Router. OK, forget about the wireless thing. The Routers spec.   
   tells several VPN-tunnel (Pass-Through, 2 IPSec., and several L2TP and   
   PTPP). In connection with 'Pass-Through' i heard of 'NAT-T'. As you can   
   guess, there a some more questionmarks now.   
      
   Q 6.) What port do i have to forward?   
   Q 7.) What about that protocol 47 (GRE)? I can't find anything about   
          that i my routers docs.   
   Q 8.) If that router is scrap, what kind of (SOHO?)-router should i use?   
   Q 9.) Is it right to switch off the routers DHCP and to just forward   
          every VPN port to the W2K-VPN-Router?   
   Q10.) I've often read about lowering the MTU size, or set a default DMZ.   
      
          Isn't that trying to fix something cause the router just wasn't   
          made to handle VPN?   
      
   C.) Same like B.) but instead of the Wireless Firewall Router WGT624 i   
   put a Firewall/VPN-Router like Netgears FVL328-Router.   
      
   Q11.) Sorry, but where is the difference? Is it that i don't have to put   
          up a VPN-Service through routing and RAS in W2K-VPN-Server?   
   Q12.) And if i do the VPN-Connection with FVL328, do i need a special   
          client software to do a VPN-Connection to FVL328?   
      
   As you can see, i'm not so confirm with that stuff. So i would like to   
   stop here and leave a dirty dozen to you. :-)   
      
   Bye V.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)