Hi Jei, I currently have a VPN setup between two cities for my company.
The remote pc is a windows 2000 box that dials up to it's local ISP before connecting to head office (where i am) which is connected to the 'net 24/7 via an ADSL connection on a freebsd box which allows the connections through a NATed firewall and redirects to a windows 2000 server with a private IP. It's not really that hard. I'm not sure if you have any sort of linux/bsd'ish type systems in place, but seeing what I did could well point you in the right direction I use ipf and ipnat. You'll need to redirect tcp/1723 and udp/500 from point of entry to your windows 2000 server and allow allow IP PROTOs 47 (GRE), 50 (ESP), 51 (AH) As long as you've got those rules in place, everything should be ok. What did also as an extra step for of protection (maybe someone can tell me how valid this is) but for DHCP i only allow 2 pc's in a certain range, the IP gets assigned once they have authenticated, but only assigns the IP if the MAC addresses from the NICs match up to the MAC address assigned for that IP. On Tue, 8 Jul 2003, Julias P wrote: > > I would like to setup a VPN connection using Windows 2000 Server, to enable > access from the Internet. I have a set of firewalls through which I have > configured port 1723. What security issues do I need to consider and how can > I harden the security around MS Windows 2000 VPN setup, can I install a > personal firewall like ZoneAlarm on the VPN PC, Any links to secure VPN > set-up would help. > > Thanks > > Jei, > > > > DISCLAIMER: The information contained in this communication is confidential > and may be legally privileged or otherwise protected from disclosure. It is > intended solely for the use of the individual or entity to whom it > addressed. if you are not the intended recipient, you are hereby notified > that any disclosure, copying, distribution or taking action in reliance of > the contents of this information is strictly prohibited and may be unlawful. > Commercial Bank of Zimbabwe Limited is neither liable for the complete > transmission of the information contained in this communication, any delay > in its receipt or damage that may be suffered by the unintended recipient. > > > > --------------------------------------------------------------------------- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > ---------------------------------------------------------------------------- > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
