RE: Offsite DC and Exchagne VPN question
As long as the DC is a GC and the AD sites are configured properly, Exchange will be fine. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sam Cayze [mailto:sca...@gmail.com] Sent: Wednesday, January 26, 2011 1:38 PM To: NT System Admin Issues Subject: Offsite DC and Exchagne VPN question So, in theory, if I place a DC and Exch box off-site, I only need to create a VPN tunnel for the DC to talk to the other DC I have on-site, right? The Exchange Box is OK just talking to the one DC on its own private network, right? (On a fundamental standpoint, not redundant standpoint.) -Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Offsite DC and Exchagne VPN question
If the DC is also a GC and your sites are configured correctly you should be good. - Sean On Wed, Jan 26, 2011 at 9:37 AM, Sam Cayze sca...@gmail.com wrote: So, in theory, if I place a DC and Exch box off-site, I only need to create a VPN tunnel for the DC to talk to the other DC I have on-site, right? The Exchange Box is OK just talking to the one DC on its own private network, right? (On a fundamental standpoint, not redundant standpoint.) -Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Offsite DC and Exchagne VPN question
Foiled again! - Sean On Wed, Jan 26, 2011 at 9:40 AM, Michael B. Smith mich...@smithcons.comwrote: As long as the DC is a GC and the AD sites are configured properly, Exchange will be fine. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Sam Cayze [mailto:sca...@gmail.com] *Sent:* Wednesday, January 26, 2011 1:38 PM *To:* NT System Admin Issues *Subject:* Offsite DC and Exchagne VPN question So, in theory, if I place a DC and Exch box off-site, I only need to create a VPN tunnel for the DC to talk to the other DC I have on-site, right? The Exchange Box is OK just talking to the one DC on its own private network, right? (On a fundamental standpoint, not redundant standpoint.) -Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Offsite DC and Exchagne VPN question
Thanks guys! That's what I thought; it's nice to bounce things off other brains. Foiled again! I don't get it :) Did I miss something? -Sam From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Wednesday, January 26, 2011 12:46 PM To: NT System Admin Issues Subject: Re: Offsite DC and Exchagne VPN question Foiled again! - Sean On Wed, Jan 26, 2011 at 9:40 AM, Michael B. Smith mich...@smithcons.com wrote: As long as the DC is a GC and the AD sites are configured properly, Exchange will be fine. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ From: Sam Cayze [mailto:sca...@gmail.com] Sent: Wednesday, January 26, 2011 1:38 PM To: NT System Admin Issues Subject: Offsite DC and Exchagne VPN question So, in theory, if I place a DC and Exch box off-site, I only need to create a VPN tunnel for the DC to talk to the other DC I have on-site, right? The Exchange Box is OK just talking to the one DC on its own private network, right? (On a fundamental standpoint, not redundant standpoint.) -Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Offsite DC and Exchagne VPN question
Michael always beats me to the punch :) - Sean On Wed, Jan 26, 2011 at 9:56 AM, Sam Cayze sca...@gmail.com wrote: Thanks guys! That’s what I thought; it’s nice to bounce things off other brains. Foiled again! I don’t get it :) Did I miss something? -Sam *From:* Sean Martin [mailto:seanmarti...@gmail.com] *Sent:* Wednesday, January 26, 2011 12:46 PM *To:* NT System Admin Issues *Subject:* Re: Offsite DC and Exchagne VPN question Foiled again! - Sean On Wed, Jan 26, 2011 at 9:40 AM, Michael B. Smith mich...@smithcons.com wrote: As long as the DC is a GC and the AD sites are configured properly, Exchange will be fine. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Sam Cayze [mailto:sca...@gmail.com] *Sent:* Wednesday, January 26, 2011 1:38 PM *To:* NT System Admin Issues *Subject:* Offsite DC and Exchagne VPN question So, in theory, if I place a DC and Exch box off-site, I only need to create a VPN tunnel for the DC to talk to the other DC I have on-site, right? The Exchange Box is OK just talking to the one DC on its own private network, right? (On a fundamental standpoint, not redundant standpoint.) -Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Sonicwall SSL VPN question...
We currently run it. It works well, haven't had any issues. The Netxtender which comes with it works much better than the normal SonicWall client for road warriors. You can use it for the external office and road warriors as it is a concurrent license. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: February-02-09 9:59 PM To: NT System Admin Issues Subject: OT: Sonicwall SSL VPN question... I've got an office with limited external IP addresses (just one). Supposedly, the Sonicwall appliances can present OWA and RPC/HTTPS - have any of you configured this? How well does it work? I've got RPC/HTTPS working without the Sonicwall, but they want more functionality, and I'm looking to send a 200 to them, as we're using a 2000 here in HQ. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Sonicwall SSL VPN question...
The only caveat I have found is it doesn't prompt users when their passwords are going to expire. The full client does -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: February-02-09 9:59 PM To: NT System Admin Issues Subject: OT: Sonicwall SSL VPN question... I've got an office with limited external IP addresses (just one). Supposedly, the Sonicwall appliances can present OWA and RPC/HTTPS - have any of you configured this? How well does it work? I've got RPC/HTTPS working without the Sonicwall, but they want more functionality, and I'm looking to send a 200 to them, as we're using a 2000 here in HQ. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
OT: Sonicwall SSL VPN question...
I've got an office with limited external IP addresses (just one). Supposedly, the Sonicwall appliances can present OWA and RPC/HTTPS - have any of you configured this? How well does it work? I've got RPC/HTTPS working without the Sonicwall, but they want more functionality, and I'm looking to send a 200 to them, as we're using a 2000 here in HQ. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
VPN question
Hi guys If you have a client establish a VPN connection to the Microsoft VPN during the process whats encrypted. Is it A. client B. Server C. Connection D. All of the above Dr Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.peergroupinc.com http://www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: VPN question
What's the protocol being used? PPTP, IPSec,? On Fri, Jun 6, 2008 at 9:29 AM, Dennis Rogov [EMAIL PROTECTED] wrote: Hi guys If you have a client establish a VPN connection to the Microsoft VPN during the process whats encrypted. Is it A. client B. Server C. Connection D. All of the above Dr Dennis Rogov Senior Network Analyst THE *P**eer* GROUP *an informed medical communications company* 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: VPN question
Both side have to agree or the connection will not establish. From: Dennis Rogov [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:29 AM To: NT System Admin Issues Subject: VPN question Hi guys If you have a client establish a VPN connection to the Microsoft VPN during the process whats encrypted. Is it A. client B. Server C. Connection D. All of the above Dr Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.peergroupinc.com http://www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: VPN question
I see but that still doesn't answer my question whats encrypted through the process. Dr Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.peergroupinc.com http://www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] From: Tom Strader - NCBPAC Systems Administrator [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:38 AM To: NT System Admin Issues Subject: RE: VPN question Both side have to agree or the connection will not establish. From: Dennis Rogov [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:29 AM To: NT System Admin Issues Subject: VPN question Hi guys If you have a client establish a VPN connection to the Microsoft VPN during the process whats encrypted. Is it A. client B. Server C. Connection D. All of the above Dr Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.peergroupinc.com http://www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: VPN question
If using PPTP - nothing is encrypted (except for the MSCHAPv2 exchange for authentication). You're using MS's flavor of a GRE tunnel which does not provide any flavor of encryption - only Data Origin authentication, Anti-replay protection, Data pattern confidentiality, and Data Integrity. I do believe there are provisions within MS's specification that will provide some sort of encryption for the data payload... you just have to be savvy enough to enable them. I'll have to look that one up. If using IPSec - depends on what flavor of IPSec protocol your using (transport vehicle such as ESP or AH). If using AH, you're in the same boat as PPTP above. If using ESP in Tunnel Mode, then *all* traffic between the two hosts (as specified by the split-tunnel/proxy lists) is encrypted. ESP in Transport Mode will not provide Data pattern confidentiality (but still provides the other services listed above including encryption) as it reuses the original IP header. Hope this helps, Aaron From: Sherry Abercrombie [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:31 AM To: NT System Admin Issues Subject: Re: VPN question ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: VPN question
Standard PPTP Dr Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.peergroupinc.com http://www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] From: Sherry Abercrombie [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:31 AM To: NT System Admin Issues Subject: Re: VPN question ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: VPN question
So I am assuming the answer nothing is encrypted... with PPTP Dr Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.peergroupinc.com http://www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:46 AM To: NT System Admin Issues Subject: RE: VPN question If using PPTP - nothing is encrypted (except for the MSCHAPv2 exchange for authentication). You're using MS's flavor of a GRE tunnel which does not provide any flavor of encryption - only Data Origin authentication, Anti-replay protection, Data pattern confidentiality, and Data Integrity. I do believe there are provisions within MS's specification that will provide some sort of encryption for the data payload... you just have to be savvy enough to enable them. I'll have to look that one up. If using IPSec - depends on what flavor of IPSec protocol your using (transport vehicle such as ESP or AH). If using AH, you're in the same boat as PPTP above. If using ESP in Tunnel Mode, then *all* traffic between the two hosts (as specified by the split-tunnel/proxy lists) is encrypted. ESP in Transport Mode will not provide Data pattern confidentiality (but still provides the other services listed above including encryption) as it reuses the original IP header. Hope this helps, Aaron From: Sherry Abercrombie [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:31 AM To: NT System Admin Issues Subject: Re: VPN question ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: VPN question
Only the initial authentication exchange - which uses protocols outside of PPTP to authenticate (MD5, CHAP). Technically, you're not even encrypting the exchange... just sending an MD5 hash across the wire of your password for verification. From: Dennis Rogov [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:47 AM To: NT System Admin Issues Subject: RE: VPN question So I am assuming the answer nothing is encrypted... with PPTP Dr Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.peergroupinc.com http://www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:46 AM To: NT System Admin Issues Subject: RE: VPN question If using PPTP - nothing is encrypted (except for the MSCHAPv2 exchange for authentication). You're using MS's flavor of a GRE tunnel which does not provide any flavor of encryption - only Data Origin authentication, Anti-replay protection, Data pattern confidentiality, and Data Integrity. I do believe there are provisions within MS's specification that will provide some sort of encryption for the data payload... you just have to be savvy enough to enable them. I'll have to look that one up. If using IPSec - depends on what flavor of IPSec protocol your using (transport vehicle such as ESP or AH). If using AH, you're in the same boat as PPTP above. If using ESP in Tunnel Mode, then *all* traffic between the two hosts (as specified by the split-tunnel/proxy lists) is encrypted. ESP in Transport Mode will not provide Data pattern confidentiality (but still provides the other services listed above including encryption) as it reuses the original IP header. Hope this helps, Aaron From: Sherry Abercrombie [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:31 AM To: NT System Admin Issues Subject: Re: VPN question ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
another VPN question
Establishing a Virtual Private Networking (VPN) is possible with Windows 2003 Server's RRAS services. It is most often used to connect branch offices to a primary location in addition to giving mobile users secure connectivity to a central location. When should VPN access NOT be used? A. When using applications that require the use of Remote Procedure Call (RPC) service B. when traffic is synchronous such as voice and video transmissions C. when the branch office or mobile user is more than 3000 miles from the central location D. None of the above I think A is the best answer for this one. Comments? Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.peergroupinc.com http://www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: another VPN question
Well.. you can nix C. And 99% sure you can nix B. When I TS from home to my web servers, I use VPN. so I would say A. From: Dennis Rogov [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:02 AM To: NT System Admin Issues Subject: another VPN question Establishing a Virtual Private Networking (VPN) is possible with Windows 2003 Server's RRAS services. It is most often used to connect branch offices to a primary location in addition to giving mobile users secure connectivity to a central location. When should VPN access NOT be used? [ Leave Test ] A. When using applications that require the use of Remote Procedure Call (RPC) service B. when traffic is synchronous such as voice and video transmissions C. when the branch office or mobile user is more than 3000 miles from the central location D. None of the above I think A is the best answer for this one. Comments? Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: another VPN question
I would argue that 'A' is a load of crap b\c RPC will function fine over a VPN, as long as the traffic is allowed. How many times have you VPN'ned from wherever and looked at event logs remotely via the computer management MMC? Well, that RPC based traffic (and a favorite MS interview question in Charlotte). Shook From: Jacob [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:10 AM To: NT System Admin Issues Subject: RE: another VPN question Well.. you can nix C. And 99% sure you can nix B. When I TS from home to my web servers, I use VPN... so I would say A. From: Dennis Rogov [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:02 AM To: NT System Admin Issues Subject: another VPN question Establishing a Virtual Private Networking (VPN) is possible with Windows 2003 Server's RRAS services. It is most often used to connect branch offices to a primary location in addition to giving mobile users secure connectivity to a central location. When should VPN access NOT be used? [ Leave Test ] A. When using applications that require the use of Remote Procedure Call (RPC) service B. when traffic is synchronous such as voice and video transmissions C. when the branch office or mobile user is more than 3000 miles from the central location D. None of the above I think A is the best answer for this one. Comments? Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: another VPN question
Yep, that is a protocol filtering issue and has nothing to do with VPN. D, none of the above is the correct answer. The point of the question is that MS 2003 RRAS's are great and can do anything you want! From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:17 AM To: NT System Admin Issues Subject: RE: another VPN question I would argue that 'A' is a load of crap b\c RPC will function fine over a VPN, as long as the traffic is allowed. How many times have you VPN'ned from wherever and looked at event logs remotely via the computer management MMC? Well, that RPC based traffic (and a favorite MS interview question in Charlotte). Shook From: Jacob [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:10 AM To: NT System Admin Issues Subject: RE: another VPN question Well.. you can nix C. And 99% sure you can nix B. When I TS from home to my web servers, I use VPN... so I would say A. From: Dennis Rogov [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:02 AM To: NT System Admin Issues Subject: another VPN question Establishing a Virtual Private Networking (VPN) is possible with Windows 2003 Server's RRAS services. It is most often used to connect branch offices to a primary location in addition to giving mobile users secure connectivity to a central location. When should VPN access NOT be used? [ Leave Test ] A. When using applications that require the use of Remote Procedure Call (RPC) service B. when traffic is synchronous such as voice and video transmissions C. when the branch office or mobile user is more than 3000 miles from the central location D. None of the above I think A is the best answer for this one. Comments? Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] www.peergroupinc.comhttp://www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: another VPN question
VPNs introduce latency. Typically not noticeable, but still there. I believe the correct answer is (B). A VPN will add jitter to voice and video. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:17 AM To: NT System Admin Issues Subject: RE: another VPN question I would argue that 'A' is a load of crap b\c RPC will function fine over a VPN, as long as the traffic is allowed. How many times have you VPN'ned from wherever and looked at event logs remotely via the computer management MMC? Well, that RPC based traffic (and a favorite MS interview question in Charlotte). Shook _ From: Jacob [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:10 AM To: NT System Admin Issues Subject: RE: another VPN question Well.. you can nix C. And 99% sure you can nix B. When I TS from home to my web servers, I use VPN. so I would say A. From: Dennis Rogov [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:02 AM To: NT System Admin Issues Subject: another VPN question Establishing a Virtual Private Networking (VPN) is possible with Windows 2003 Server's RRAS services. It is most often used to connect branch offices to a primary location in addition to giving mobile users secure connectivity to a central location. When should VPN access NOT be used? [ Leave Test ] A. When using applications that require the use of Remote Procedure Call (RPC) service B. when traffic is synchronous such as voice and video transmissions C. when the branch office or mobile user is more than 3000 miles from the central location D. None of the above I think A is the best answer for this one. Comments? Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: another VPN question
Looks like I have to play with RRAS so I know this stuff.LOL From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:20 AM To: NT System Admin Issues Subject: RE: another VPN question Yep, that is a protocol filtering issue and has nothing to do with VPN. D, none of the above is the correct answer. The point of the question is that MS 2003 RRAS's are great and can do anything you want! From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:17 AM To: NT System Admin Issues Subject: RE: another VPN question I would argue that 'A' is a load of crap b\c RPC will function fine over a VPN, as long as the traffic is allowed. How many times have you VPN'ned from wherever and looked at event logs remotely via the computer management MMC? Well, that RPC based traffic (and a favorite MS interview question in Charlotte). Shook _ From: Jacob [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:10 AM To: NT System Admin Issues Subject: RE: another VPN question Well.. you can nix C. And 99% sure you can nix B. When I TS from home to my web servers, I use VPN. so I would say A. From: Dennis Rogov [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:02 AM To: NT System Admin Issues Subject: another VPN question Establishing a Virtual Private Networking (VPN) is possible with Windows 2003 Server's RRAS services. It is most often used to connect branch offices to a primary location in addition to giving mobile users secure connectivity to a central location. When should VPN access NOT be used? [ Leave Test ] A. When using applications that require the use of Remote Procedure Call (RPC) service B. when traffic is synchronous such as voice and video transmissions C. when the branch office or mobile user is more than 3000 miles from the central location D. None of the above I think A is the best answer for this one. Comments? Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: another VPN question
Would you guys forward the ports in from the internet to allow external users VPN to the internal network? Or would you be more comfortable with hosted services? On Fri, Jun 6, 2008 at 11:01 AM, Dennis Rogov [EMAIL PROTECTED] wrote: Establishing a Virtual Private Networking (VPN) is possible with Windows 2003 Server's RRAS services. It is most often used to connect branch offices to a primary location in addition to giving mobile users secure connectivity to a central location. When should VPN access NOT be used? A. When using applications that require the use of Remote Procedure Call (RPC) service B. when traffic is synchronous such as voice and video transmissions C. when the branch office or mobile user is more than 3000 miles from the central location D. None of the above I think A is the best answer for this one. Comments? Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: another VPN question
+1 to Smith...The one downfall of VPN is the latency piece. Even in small amounts it can louse up voice communication. +1 to Shook as well, if definitely cant be A, pre 2003 vpn was the only way to get your RPC/MAPI exchange email :) -troy From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:23 AM To: NT System Admin Issues Subject: RE: another VPN question VPNs introduce latency. Typically not noticeable, but still there. I believe the correct answer is (B). A VPN will add jitter to voice and video. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:17 AM To: NT System Admin Issues Subject: RE: another VPN question I would argue that 'A' is a load of crap b\c RPC will function fine over a VPN, as long as the traffic is allowed. How many times have you VPN'ned from wherever and looked at event logs remotely via the computer management MMC? Well, that RPC based traffic (and a favorite MS interview question in Charlotte). Shook From: Jacob [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:10 AM To: NT System Admin Issues Subject: RE: another VPN question Well.. you can nix C. And 99% sure you can nix B. When I TS from home to my web servers, I use VPN... so I would say A. From: Dennis Rogov [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:02 AM To: NT System Admin Issues Subject: another VPN question Establishing a Virtual Private Networking (VPN) is possible with Windows 2003 Server's RRAS services. It is most often used to connect branch offices to a primary location in addition to giving mobile users secure connectivity to a central location. When should VPN access NOT be used? [ Leave Test ] A. When using applications that require the use of Remote Procedure Call (RPC) service B. when traffic is synchronous such as voice and video transmissions C. when the branch office or mobile user is more than 3000 miles from the central location D. None of the above I think A is the best answer for this one. Comments? Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] www.peergroupinc.comhttp://www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: another VPN question
Hmm I would agree with Michael because the question is not if it could be Intialized but when it shouldn't be. I will let you guys know whats the right answer within 24 hours. Dr Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.peergroupinc.com http://www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:23 AM To: NT System Admin Issues Subject: RE: another VPN question VPNs introduce latency. Typically not noticeable, but still there. I believe the correct answer is (B). A VPN will add jitter to voice and video. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:17 AM To: NT System Admin Issues Subject: RE: another VPN question I would argue that 'A' is a load of crap b\c RPC will function fine over a VPN, as long as the traffic is allowed. How many times have you VPN'ned from wherever and looked at event logs remotely via the computer management MMC? Well, that RPC based traffic (and a favorite MS interview question in Charlotte). Shook From: Jacob [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:10 AM To: NT System Admin Issues Subject: RE: another VPN question Well.. you can nix C. And 99% sure you can nix B. When I TS from home to my web servers, I use VPN... so I would say A. From: Dennis Rogov [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:02 AM To: NT System Admin Issues Subject: another VPN question Establishing a Virtual Private Networking (VPN) is possible with Windows 2003 Server's RRAS services. It is most often used to connect branch offices to a primary location in addition to giving mobile users secure connectivity to a central location. When should VPN access NOT be used? [ Leave Test ] A. When using applications that require the use of Remote Procedure Call (RPC) service B. when traffic is synchronous such as voice and video transmissions C. when the branch office or mobile user is more than 3000 miles from the central location D. None of the above I think A is the best answer for this one. Comments? Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: another VPN question
I would go with B as well. Audio and Video might work but it would not very usable because of the latency involved with being tunnelled. Mark -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: 06 June 2008 16:23 To: NT System Admin Issues Subject: RE: another VPN question VPNs introduce latency. Typically not noticeable, but still there. I believe the correct answer is (B). A VPN will add jitter to voice and video. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:17 AM To: NT System Admin Issues Subject: RE: another VPN question I would argue that 'A' is a load of crap b\c RPC will function fine over a VPN, as long as the traffic is allowed. How many times have you VPN'ned from wherever and looked at event logs remotely via the computer management MMC? Well, that RPC based traffic (and a favorite MS interview question in Charlotte). Shook _ From: Jacob [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:10 AM To: NT System Admin Issues Subject: RE: another VPN question Well.. you can nix C. And 99% sure you can nix B. When I TS from home to my web servers, I use VPN... so I would say A. From: Dennis Rogov [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:02 AM To: NT System Admin Issues Subject: another VPN question Establishing a Virtual Private Networking (VPN) is possible with Windows 2003 Server's RRAS services. It is most often used to connect branch offices to a primary location in addition to giving mobile users secure connectivity to a central location. When should VPN access NOT be used? [ Leave Test ] A. When using applications that require the use of Remote Procedure Call (RPC) service B. when traffic is synchronous such as voice and video transmissions C. when the branch office or mobile user is more than 3000 miles from the central location D. None of the above I think A is the best answer for this one. Comments? Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED]www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ ** This email is sent for and on behalf of Inspop.com Limited ** Authorised and regulated by the Financial Services Authority. Registration no. 310635. Inspop.com Limited (also trading as Confused.com) is registered in England and Wales at 2nd Floor, Friary House, Greyfriars Road, Cardiff, CF10 3AE (Reg. No. 03857130 ). Any opinions expressed in this email are those of the individual and not necessarily the company. This email and any files transmitted with it, including replies and forwarded copies (which may contain alterations) subsequently transmitted from the Company, are confidential and solely for the use of the intended recipient. It may contain material protected by attorney-client privilege. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use is strictly prohibited. If you have received this email in error please notify the Information Security Officer by telephone on +44 (0) 29 2043 4200. Please then delete this email and destroy any copies of it. This email has been swept for viruses before leaving our system. Security Warning: Please note that this email has been created in the knowledge that Internet email is not a 100% secure communications medium. We advise that you understand and accept this lack of security when emailing us. Viruses: Although we have taken steps to ensure that this email and any attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. We may
Re: another VPN question
+1 for B, particularly because the term synchronous is used. On Fri, Jun 6, 2008 at 11:22 AM, Michael B. Smith [EMAIL PROTECTED] wrote: VPNs introduce latency. Typically not noticeable, but still there. I believe the correct answer is (B). A VPN will add jitter to voice and video. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:17 AM To: NT System Admin Issues Subject: RE: another VPN question I would argue that 'A' is a load of crap b\c RPC will function fine over a VPN, as long as the traffic is allowed. How many times have you VPN'ned from wherever and looked at event logs remotely via the computer management MMC? Well, that RPC based traffic (and a favorite MS interview question in Charlotte). Shook From: Jacob [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 11:10 AM To: NT System Admin Issues Subject: RE: another VPN question Well.. you can nix C. And 99% sure you can nix B. When I TS from home to my web servers, I use VPN… so I would say A. From: Dennis Rogov [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:02 AM To: NT System Admin Issues Subject: another VPN question Establishing a Virtual Private Networking (VPN) is possible with Windows 2003 Server's RRAS services. It is most often used to connect branch offices to a primary location in addition to giving mobile users secure connectivity to a central location. When should VPN access NOT be used? [ Leave Test ] A. When using applications that require the use of Remote Procedure Call (RPC) service B. when traffic is synchronous such as voice and video transmissions C. when the branch office or mobile user is more than 3000 miles from the central location D. None of the above I think A is the best answer for this one. Comments? Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] -- ME2 ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: another VPN question
On Fri, Jun 6, 2008 at 11:01 AM, Dennis Rogov [EMAIL PROTECTED] wrote: When should VPN access NOT be used? What is this, you're on Who Wants To Be a Millionaire, and this list is your phone-a-friend? ;-) I clicked the Leave Test button, and nothing happened... -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: VPN question
It depends... http://www.schneier.com/paper-pptpv2.html http://technet2.microsoft.com/windowsserver/en/library/3ef29f05-2890-47a7-98b2-9ee48df8a0e91033.mspx?mfr=true On Fri, Jun 6, 2008 at 7:29 AM, Dennis Rogov [EMAIL PROTECTED] wrote: Hi guys If you have a client establish a VPN connection to the Microsoft VPN during the process whats encrypted. Is it A. client B. Server C. Connection D. All of the above Dr Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] www.peergroupinc.com [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: site-to-site VPN question
You might also want to look into the Hub Network feature of the VPN tunnel, much more secure since all traffic from your branch office will route through the tunnel and out your central office WAN. From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2008 11:40 AM To: NT System Admin Issues Subject: site-to-site VPN question When you implement a site-to-site VPN between firewalls, does this affect routes? Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
site-to-site VPN question
When you implement a site-to-site VPN between firewalls, does this affect routes? Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: site-to-site VPN question
Short answer yes but what are you driving at? If you implement a site-to-site, you have to tell the firewalls to forward the traffic destined for the other site directly to the other firewall, via the tunnel or it will use its default route to the Internet. What type of firewalls are you dealing with? Shook http://www.linkedin.com/in/andyshook From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2008 12:40 PM To: NT System Admin Issues Subject: site-to-site VPN question When you implement a site-to-site VPN between firewalls, does this affect routes? Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: site-to-site VPN question
Sounds like a pretty vague question... any more details available? From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2008 12:40 PM To: NT System Admin Issues Subject: site-to-site VPN question When you implement a site-to-site VPN between firewalls, does this affect routes? Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: site-to-site VPN question
No Standard IPsec VPNs use IP subnet(s) defined in the SA (security association) to determine which packet goes where. Joe Heaton wrote: When you implement a site-to-site VPN between firewalls, does this affect routes? -- Phil Brutsche [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Nokia VPN question
Anyone out there using a Nokia VPN appliance in production? Here's the deal. Just cutover to a Cisco ASA-5510 from a Sonicwall 2040 (enhanced OS) and this one LAN-to-LAN tunnel will not establish phase 2. Settings did not change and everything else is groovy. Is there any feature that is required for these two boxes to swap packets? Pullin' my hair out on this one. Shook ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
FW: Nokia VPN question-SOLVED
Since no one responded, I'll ass-u-me non of you slacker-jacks care but I just want to let the collective know, that this is fixed; I fat fingered an isakmp command in my ASA config Hooray Shook! Shook -Original Message- From: Andy Shook Sent: Wednesday, January 30, 2008 3:53 PM To: 'NT System Admin Issues' Subject: Nokia VPN question Anyone out there using a Nokia VPN appliance in production? Here's the deal. Just cutover to a Cisco ASA-5510 from a Sonicwall 2040 (enhanced OS) and this one LAN-to-LAN tunnel will not establish phase 2. Settings did not change and everything else is groovy. Is there any feature that is required for these two boxes to swap packets? Pullin' my hair out on this one. Shook ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: FW: Nokia VPN question-SOLVED
Well, it didnt make much sense otherwise. ;-) On Jan 30, 2008 6:52 PM, Andy Shook [EMAIL PROTECTED] wrote: Since no one responded, I'll ass-u-me non of you slacker-jacks care but I just want to let the collective know, that this is fixed; I fat fingered an isakmp command in my ASA config Hooray Shook! Shook -Original Message- From: Andy Shook Sent: Wednesday, January 30, 2008 3:53 PM To: 'NT System Admin Issues' Subject: Nokia VPN question Anyone out there using a Nokia VPN appliance in production? Here's the deal. Just cutover to a Cisco ASA-5510 from a Sonicwall 2040 (enhanced OS) and this one LAN-to-LAN tunnel will not establish phase 2. Settings did not change and everything else is groovy. Is there any feature that is required for these two boxes to swap packets? Pullin' my hair out on this one. Shook ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ -- ME2 ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
VPN question
I have a remote user who needs to connect to our corporate LAN over his Internet connection. The corporate end of the connection has already been verified by another user in a different remote office. Thus far the new user has been unable to connect, and as far as I can tell none of his packets reach my server. His office has Internet connectivity provided by a third party, so I asked him to verify with them that they will allow outbound PPTP connections. Their response was that they do not for security reasons. To enable this for his office they want to assign a static IP address (more $ per month) and charge a setup fee (again, more $). I have repeatedly stated that he needs to establish an outbound connection, but they insist that they must open inbound ports (hence the static IP). I'm no firewall expert, nor a PPTP expert, but I'm just not buying their line. Any comments on this topic are appreciated. Michael Ellis Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: VPN question
Are both users using the same ISP. Some ISP's drop VPN packets by default. -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: 27 September 2001 14:13 To: NT System Admin Issues Subject: VPN question I have a remote user who needs to connect to our corporate LAN over his Internet connection. The corporate end of the connection has already been verified by another user in a different remote office. Thus far the new user has been unable to connect, and as far as I can tell none of his packets reach my server. His office has Internet connectivity provided by a third party, so I asked him to verify with them that they will allow outbound PPTP connections. Their response was that they do not for security reasons. To enable this for his office they want to assign a static IP address (more $ per month) and charge a setup fee (again, more $). I have repeatedly stated that he needs to establish an outbound connection, but they insist that they must open inbound ports (hence the static IP). I'm no firewall expert, nor a PPTP expert, but I'm just not buying their line. Any comments on this topic are appreciated. Michael Ellis Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: VPN question
Sounds fishy to me. What kind of internet access, and what is the configuration for the remote users internet connection? Dynamic DSL? They shouldn't have anything to do with ports unless they are firewalling you on their end, or they are managing your firewall if you have a firewall onsite. -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:13 AM To: NT System Admin Issues Subject: VPN question I have a remote user who needs to connect to our corporate LAN over his Internet connection. The corporate end of the connection has already been verified by another user in a different remote office. Thus far the new user has been unable to connect, and as far as I can tell none of his packets reach my server. His office has Internet connectivity provided by a third party, so I asked him to verify with them that they will allow outbound PPTP connections. Their response was that they do not for security reasons. To enable this for his office they want to assign a static IP address (more $ per month) and charge a setup fee (again, more $). I have repeatedly stated that he needs to establish an outbound connection, but they insist that they must open inbound ports (hence the static IP). I'm no firewall expert, nor a PPTP expert, but I'm just not buying their line. Any comments on this topic are appreciated. Michael Ellis Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: VPN question
Yea, Like some @Home carriers -Original Message- From: Richard McMahon [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 6:12 AM To: NT System Admin Issues Subject: RE: VPN question Are both users using the same ISP. Some ISP's drop VPN packets by default. -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: 27 September 2001 14:13 To: NT System Admin Issues Subject: VPN question I have a remote user who needs to connect to our corporate LAN over his Internet connection. The corporate end of the connection has already been verified by another user in a different remote office. Thus far the new user has been unable to connect, and as far as I can tell none of his packets reach my server. His office has Internet connectivity provided by a third party, so I asked him to verify with them that they will allow outbound PPTP connections. Their response was that they do not for security reasons. To enable this for his office they want to assign a static IP address (more $ per month) and charge a setup fee (again, more $). I have repeatedly stated that he needs to establish an outbound connection, but they insist that they must open inbound ports (hence the static IP). I'm no firewall expert, nor a PPTP expert, but I'm just not buying their line. Any comments on this topic are appreciated. Michael Ellis Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: VPN question
Who is the ISP? -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 6:25 AM To: NT System Admin Issues Subject: RE: VPN question Sounds fishy to me. What kind of internet access, and what is the configuration for the remote users internet connection? Dynamic DSL? They shouldn't have anything to do with ports unless they are firewalling you on their end, or they are managing your firewall if you have a firewall onsite. -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:13 AM To: NT System Admin Issues Subject: VPN question I have a remote user who needs to connect to our corporate LAN over his Internet connection. The corporate end of the connection has already been verified by another user in a different remote office. Thus far the new user has been unable to connect, and as far as I can tell none of his packets reach my server. His office has Internet connectivity provided by a third party, so I asked him to verify with them that they will allow outbound PPTP connections. Their response was that they do not for security reasons. To enable this for his office they want to assign a static IP address (more $ per month) and charge a setup fee (again, more $). I have repeatedly stated that he needs to establish an outbound connection, but they insist that they must open inbound ports (hence the static IP). I'm no firewall expert, nor a PPTP expert, but I'm just not buying their line. Any comments on this topic are appreciated. Michael Ellis Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: VPN question
Part of the problem is that I have no idea of their configuration. Most of my remote users work out of home offices and use dialup for Internet. This particular user is in an office building where Internet connectivity is provided, but I do not have any details on their architecture. The user is not network savvy enough to figure out any of the details. My real question concerns their insistence that he must have a static IP address and that they need to open _inbound_ ports to allow him to establish an _outbound_ connection to my corporate LAN. Michael Ellis -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:25 AM To: NT System Admin Issues Subject: RE: VPN question Sounds fishy to me. What kind of internet access, and what is the configuration for the remote users internet connection? Dynamic DSL? They shouldn't have anything to do with ports unless they are firewalling you on their end, or they are managing your firewall if you have a firewall onsite. -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:13 AM To: NT System Admin Issues Subject: VPN question I have a remote user who needs to connect to our corporate LAN over his Internet connection. The corporate end of the connection has already been verified by another user in a different remote office. Thus far the new user has been unable to connect, and as far as I can tell none of his packets reach my server. His office has Internet connectivity provided by a third party, so I asked him to verify with them that they will allow outbound PPTP connections. Their response was that they do not for security reasons. To enable this for his office they want to assign a static IP address (more $ per month) and charge a setup fee (again, more $). I have repeatedly stated that he needs to establish an outbound connection, but they insist that they must open inbound ports (hence the static IP). I'm no firewall expert, nor a PPTP expert, but I'm just not buying their line. Any comments on this topic are appreciated. Michael Ellis Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: VPN question
It sounds like they are using some kind of proxy which will may require NAT to be opened and brought back in. Although PPTP will work behind a nat firewall. I had a similar issue recently with a client where it turned out the PIX firewall was forwarding pptp packets to a particular box (for some unknown reason) and I couldn't connect from behind it cause the packets would go poof. ADSL/SDSL or cable modem or whatever shouldn't matter. Any ISP that blocks PPTP or VPN tunneling should be considered carefully. In my opinion I would switch out to a real isp. You shouldn't be monitored in that fashion. -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 9:13 AM To: NT System Admin Issues Subject: VPN question I have a remote user who needs to connect to our corporate LAN over his Internet connection. The corporate end of the connection has already been verified by another user in a different remote office. Thus far the new user has been unable to connect, and as far as I can tell none of his packets reach my server. His office has Internet connectivity provided by a third party, so I asked him to verify with them that they will allow outbound PPTP connections. Their response was that they do not for security reasons. To enable this for his office they want to assign a static IP address (more $ per month) and charge a setup fee (again, more $). I have repeatedly stated that he needs to establish an outbound connection, but they insist that they must open inbound ports (hence the static IP). I'm no firewall expert, nor a PPTP expert, but I'm just not buying their line. Any comments on this topic are appreciated. Michael Ellis Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: VPN question
I'm coming in the middle here, so forgive me if this has been stated already...the traffic _does_ need a way to get back to the end user. Port(s) may need to be opened or reconfigured to allow VPN to function correctly. I have run into a similar situation before at a small business where the previous IT person had the firewall far too secure. Just another opinion... Aaron G. Krueger Sr. Network Analyst -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 9:43 AM To: NT System Admin Issues Subject: RE: VPN question Part of the problem is that I have no idea of their configuration. Most of my remote users work out of home offices and use dialup for Internet. This particular user is in an office building where Internet connectivity is provided, but I do not have any details on their architecture. The user is not network savvy enough to figure out any of the details. My real question concerns their insistence that he must have a static IP address and that they need to open _inbound_ ports to allow him to establish an _outbound_ connection to my corporate LAN. Michael Ellis -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:25 AM To: NT System Admin Issues Subject: RE: VPN question Sounds fishy to me. What kind of internet access, and what is the configuration for the remote users internet connection? Dynamic DSL? They shouldn't have anything to do with ports unless they are firewalling you on their end, or they are managing your firewall if you have a firewall onsite. -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:13 AM To: NT System Admin Issues Subject: VPN question I have a remote user who needs to connect to our corporate LAN over his Internet connection. The corporate end of the connection has already been verified by another user in a different remote office. Thus far the new user has been unable to connect, and as far as I can tell none of his packets reach my server. His office has Internet connectivity provided by a third party, so I asked him to verify with them that they will allow outbound PPTP connections. Their response was that they do not for security reasons. To enable this for his office they want to assign a static IP address (more $ per month) and charge a setup fee (again, more $). I have repeatedly stated that he needs to establish an outbound connection, but they insist that they must open inbound ports (hence the static IP). I'm no firewall expert, nor a PPTP expert, but I'm just not buying their line. Any comments on this topic are appreciated. Michael Ellis Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: VPN question
You have the right to call them and figure out what they are doing. It's your solution. Call the ISP and ask them what they are doing for that connection. -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:43 AM To: NT System Admin Issues Subject: RE: VPN question Part of the problem is that I have no idea of their configuration. Most of my remote users work out of home offices and use dialup for Internet. This particular user is in an office building where Internet connectivity is provided, but I do not have any details on their architecture. The user is not network savvy enough to figure out any of the details. My real question concerns their insistence that he must have a static IP address and that they need to open _inbound_ ports to allow him to establish an _outbound_ connection to my corporate LAN. Michael Ellis -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:25 AM To: NT System Admin Issues Subject: RE: VPN question Sounds fishy to me. What kind of internet access, and what is the configuration for the remote users internet connection? Dynamic DSL? They shouldn't have anything to do with ports unless they are firewalling you on their end, or they are managing your firewall if you have a firewall onsite. -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:13 AM To: NT System Admin Issues Subject: VPN question I have a remote user who needs to connect to our corporate LAN over his Internet connection. The corporate end of the connection has already been verified by another user in a different remote office. Thus far the new user has been unable to connect, and as far as I can tell none of his packets reach my server. His office has Internet connectivity provided by a third party, so I asked him to verify with them that they will allow outbound PPTP connections. Their response was that they do not for security reasons. To enable this for his office they want to assign a static IP address (more $ per month) and charge a setup fee (again, more $). I have repeatedly stated that he needs to establish an outbound connection, but they insist that they must open inbound ports (hence the static IP). I'm no firewall expert, nor a PPTP expert, but I'm just not buying their line. Any comments on this topic are appreciated. Michael Ellis Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: VPN question
Perhaps this article will help: http://support.microsoft.com/support/kb/articles/Q150/5/43.ASP I've had experience where some ISPs block PPTP ports, for what reason, I don't know. Maybe it's so they can get more money for some type of special configuration. For my systems, all my cable modem, DSL, and analoge modem, users, even those behind firewalls can get to our VPN Server without problems. Bottom line? I agree, it sounds fishy. Maybe you should speak with their ISP directly and explain what's needed. rod -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 9:13 AM To: NT System Admin Issues Subject: VPN question I have a remote user who needs to connect to our corporate LAN over his Internet connection. The corporate end of the connection has already been verified by another user in a different remote office. Thus far the new user has been unable to connect, and as far as I can tell none of his packets reach my server. His office has Internet connectivity provided by a third party, so I asked him to verify with them that they will allow outbound PPTP connections. Their response was that they do not for security reasons. To enable this for his office they want to assign a static IP address (more $ per month) and charge a setup fee (again, more $). I have repeatedly stated that he needs to establish an outbound connection, but they insist that they must open inbound ports (hence the static IP). I'm no firewall expert, nor a PPTP expert, but I'm just not buying their line. Any comments on this topic are appreciated. Michael Ellis Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: VPN question
I had the same issue on my network. I had to route all incoming pptp packets to my vpn server from my dsl router. You need to route all incoming tcp packets on port 1723 to your vpn server. _ Don Collier Network Administrator Intermap Technologies Inc. Voice: 303-708-0955 x-207 Fax:303-708-0952 [EMAIL PROTECTED] www.intermaptechnologies.com -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 7:43 AM To: NT System Admin Issues Subject: RE: VPN question Part of the problem is that I have no idea of their configuration. Most of my remote users work out of home offices and use dialup for Internet. This particular user is in an office building where Internet connectivity is provided, but I do not have any details on their architecture. The user is not network savvy enough to figure out any of the details. My real question concerns their insistence that he must have a static IP address and that they need to open _inbound_ ports to allow him to establish an _outbound_ connection to my corporate LAN. Michael Ellis -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:25 AM To: NT System Admin Issues Subject: RE: VPN question Sounds fishy to me. What kind of internet access, and what is the configuration for the remote users internet connection? Dynamic DSL? They shouldn't have anything to do with ports unless they are firewalling you on their end, or they are managing your firewall if you have a firewall onsite. -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:13 AM To: NT System Admin Issues Subject: VPN question I have a remote user who needs to connect to our corporate LAN over his Internet connection. The corporate end of the connection has already been verified by another user in a different remote office. Thus far the new user has been unable to connect, and as far as I can tell none of his packets reach my server. His office has Internet connectivity provided by a third party, so I asked him to verify with them that they will allow outbound PPTP connections. Their response was that they do not for security reasons. To enable this for his office they want to assign a static IP address (more $ per month) and charge a setup fee (again, more $). I have repeatedly stated that he needs to establish an outbound connection, but they insist that they must open inbound ports (hence the static IP). I'm no firewall expert, nor a PPTP expert, but I'm just not buying their line. Any comments on this topic are appreciated. Michael Ellis Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: VPN question
Can I ask what you did to sort out the problem? I want to start using VPN at my office but am not sure about how to get it working...as the firewall is giving me a lot of problems/denial messages Regards Davidt -Original Message- From: Krueger, Aaron G. - Lonesome [mailto:[EMAIL PROTECTED]] Sent: 27 September 2001 15:52 To: NT System Admin Issues Subject: RE: VPN question I'm coming in the middle here, so forgive me if this has been stated already...the traffic _does_ need a way to get back to the end user. Port(s) may need to be opened or reconfigured to allow VPN to function correctly. I have run into a similar situation before at a small business where the previous IT person had the firewall far too secure. Just another opinion... Aaron G. Krueger Sr. Network Analyst -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 9:43 AM To: NT System Admin Issues Subject: RE: VPN question Part of the problem is that I have no idea of their configuration. Most of my remote users work out of home offices and use dialup for Internet. This particular user is in an office building where Internet connectivity is provided, but I do not have any details on their architecture. The user is not network savvy enough to figure out any of the details. My real question concerns their insistence that he must have a static IP address and that they need to open _inbound_ ports to allow him to establish an _outbound_ connection to my corporate LAN. Michael Ellis -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:25 AM To: NT System Admin Issues Subject: RE: VPN question Sounds fishy to me. What kind of internet access, and what is the configuration for the remote users internet connection? Dynamic DSL? They shouldn't have anything to do with ports unless they are firewalling you on their end, or they are managing your firewall if you have a firewall onsite. -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:13 AM To: NT System Admin Issues Subject: VPN question I have a remote user who needs to connect to our corporate LAN over his Internet connection. The corporate end of the connection has already been verified by another user in a different remote office. Thus far the new user has been unable to connect, and as far as I can tell none of his packets reach my server. His office has Internet connectivity provided by a third party, so I asked him to verify with them that they will allow outbound PPTP connections. Their response was that they do not for security reasons. To enable this for his office they want to assign a static IP address (more $ per month) and charge a setup fee (again, more $). I have repeatedly stated that he needs to establish an outbound connection, but they insist that they must open inbound ports (hence the static IP). I'm no firewall expert, nor a PPTP expert, but I'm just not buying their line. Any comments on this topic are appreciated. Michael Ellis Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: VPN question
In my situation, I just needed to A) allow traffic on port to be accepted as incoming and B) forward the traffic to the vpn server boxthat was it. Not sure how much help that's going to be for you, but it really was that simple. Aaron G. Krueger Sr. Network Analyst -Original Message- From: David Thomas [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 11:34 AM To: NT System Admin Issues Subject: RE: VPN question Can I ask what you did to sort out the problem? I want to start using VPN at my office but am not sure about how to get it working...as the firewall is giving me a lot of problems/denial messages Regards Davidt -Original Message- From: Krueger, Aaron G. - Lonesome [mailto:[EMAIL PROTECTED]] Sent: 27 September 2001 15:52 To: NT System Admin Issues Subject: RE: VPN question I'm coming in the middle here, so forgive me if this has been stated already...the traffic _does_ need a way to get back to the end user. Port(s) may need to be opened or reconfigured to allow VPN to function correctly. I have run into a similar situation before at a small business where the previous IT person had the firewall far too secure. Just another opinion... Aaron G. Krueger Sr. Network Analyst -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 9:43 AM To: NT System Admin Issues Subject: RE: VPN question Part of the problem is that I have no idea of their configuration. Most of my remote users work out of home offices and use dialup for Internet. This particular user is in an office building where Internet connectivity is provided, but I do not have any details on their architecture. The user is not network savvy enough to figure out any of the details. My real question concerns their insistence that he must have a static IP address and that they need to open _inbound_ ports to allow him to establish an _outbound_ connection to my corporate LAN. Michael Ellis -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:25 AM To: NT System Admin Issues Subject: RE: VPN question Sounds fishy to me. What kind of internet access, and what is the configuration for the remote users internet connection? Dynamic DSL? They shouldn't have anything to do with ports unless they are firewalling you on their end, or they are managing your firewall if you have a firewall onsite. -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:13 AM To: NT System Admin Issues Subject: VPN question I have a remote user who needs to connect to our corporate LAN over his Internet connection. The corporate end of the connection has already been verified by another user in a different remote office. Thus far the new user has been unable to connect, and as far as I can tell none of his packets reach my server. His office has Internet connectivity provided by a third party, so I asked him to verify with them that they will allow outbound PPTP connections. Their response was that they do not for security reasons. To enable this for his office they want to assign a static IP address (more $ per month) and charge a setup fee (again, more $). I have repeatedly stated that he needs to establish an outbound connection, but they insist that they must open inbound ports (hence the static IP). I'm no firewall expert, nor a PPTP expert, but I'm just not buying their line. Any comments on this topic are appreciated. Michael Ellis Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
