A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

XP VPN.



 
 
Thread Tools Display Modes
  #1  
Old January 20th 05, 10:43 PM posted to uk.telecom.broadband
Clint Sharp
external usenet poster
 
Posts: 550
Default XP VPN.

K, I'm missing something blatantly obvious here, I've set up an XP box
to accept incoming VPN connections which appears to work OK (click on
the Connect to and enter the password, you get a pretty icon in the
systray saying connected) using all the defaults, I have now set up
another XP machine to be the 'client' but cannot 'browse' the remote
network, I can't even connect to a remote share by name. If I ping the
remote machine by name (I.E. SG-2) ping returns the correct remote IP
address (192.168.254.1) but fails to reply to the pings......

WTF is up? I have set up VPN connections before, indeed I have one
working to another site with no problems but that's to a 2K SBS box...
What have I missed?

Both Machines are XP Pro SP1, both routers are EN5861, I assume the
firewall is set up correctly as the tunnel establishes and authenticates
and neither machine is running the network firewall or any other
firewall.
--
Clint Sharp
  #2  
Old January 20th 05, 11:12 PM posted to uk.telecom.broadband
PJB
external usenet poster
 
Posts: 148
Default XP VPN.


"Clint Sharp" wrote in message
...
K, I'm missing something blatantly obvious here, I've set up an XP box
to accept incoming VPN connections which appears to work OK (click on
the Connect to and enter the password, you get a pretty icon in the
systray saying connected) using all the defaults, I have now set up
another XP machine to be the 'client' but cannot 'browse' the remote
network, I can't even connect to a remote share by name. If I ping the
remote machine by name (I.E. SG-2) ping returns the correct remote IP
address (192.168.254.1) but fails to reply to the pings......

WTF is up? I have set up VPN connections before, indeed I have one
working to another site with no problems but that's to a 2K SBS box...
What have I missed?

Both Machines are XP Pro SP1, both routers are EN5861, I assume the
firewall is set up correctly as the tunnel establishes and authenticates
and neither machine is running the network firewall or any other
firewall.


thought only server versions of Windows would accept incoming VPN sessions,
unless some other program is handling the VPN termination?.

could be soooooooooooooo wrong, mind ;-)

P.


  #3  
Old January 21st 05, 05:26 PM posted to uk.telecom.broadband
Clint Sharp
external usenet poster
 
Posts: 550
Default XP VPN.

In message , PJB
writes
thought only server versions of Windows would accept incoming VPN sessions,
unless some other program is handling the VPN termination?.

could be soooooooooooooo wrong, mind ;-)

Yeah, XP will accept a single incoming VPN connection, either PPTP or
L2TP, not looked into the certificate side of it for L2TP though

P.



--
Clint Sharp
  #4  
Old August 4th 05, 05:09 PM posted to uk.telecom.broadband
plumbum
external usenet poster
 
Posts: 1
Default XP VPN.


Even though the following is related to connecting to a Netgear VP
endpoint it may be useful on the XP-VPN-client side:

Windows XP [VPN client] to Netgear, say, DG834G [VPN gateway]
configuration:

Create the DG834G - WinXP IPSec Policy

1. Click Start, click Run, and then type secpol.msc.
2. Right-click “IP Security Policies on Local Computer”, and then clic
Create IP Security
Policy.
3. Click Next, and then enter DG834G - WinXP IPSec Policy as the nam
for your policy.
4. Clear the “Activate the default response rule” check box, and the
click Next.
5. Clear the “Edit properties” checkbox.
6. Click Finish.

Configure Key Exchange Settings

1. Right click on the DG834G - WinXP IPSec Policy you just created an
choose Properties.
2. On the General page, click the Advanced button.
3. Check the “Master key perfect forward secrecy (PFS)” checkbox.
4. Make sure that the key generation time is 3 minutes.
4. Click OK. Click OK again. Apply the settings and click OK.

Create the DG834G to WinXP IP Filter List

1. Right-click IP Security Policies on Local Computer, and then clic
Manage IP filter lists and
filter action.
2. Click Add on the Manage IP Filter Lists page.
3. Enter FVS to WinXP IP Filter List the filter list name.Uncheck th
"Use Add wizard".
4. Click Add. The Filter Properties dialog displays.
5. Clear the Mirrored check box (tunnel settings cannot be mirrored).
6. For Source Address, select “A specific IP Subnet”. In the IP addres
box punch in 192.168.12.0 and subnet is 255.255.255.0

7. For Destination address, select “A specific IP Address” and punch i
the IP address of the computer.
8. In the Protocol page ensure that “Any” protocol type is selected.
9. Apply new settings, click OK, and close the IP Filter List dialogs.

Create the WinXP to DG834G IP Filter List

1. Right-click “IP Security Policies on Local Computer,” and then clic
Manage IP filter lists
and filter action.
2. Click Add on the Manage IP Filter Lists page.
3. Enter Winxp to DG834G IP Filter List as the filter list name. Clic
Add. The Filter
Properties dialog displays.
4. Clear the Mirrored check box (tunnel settings cannot be mirrored).
5. For Source address, select “A specific IP Address”. Punch in the I
address of the computer
6. For Destination Address, sselect “A specific IP Subnet”. In the I
address box punch in 192.168.12.0 and subnet is 255.255.255.0
mask.
7. In the Protocol page ensure that “Any” protocol type is selected.
8. Apply new settings, click OK, and click close the IP Filter Lis
dialogs.

Create the DG834G - WinXP Filter Action

1. Right-click “IP Security Policies on Local Computer”, and then clic
Manage IP filter lists
and filter actions. Choose the “Manage Filter Action” page.
– Verify that the clear “Use Add Wizard” option is unchecked and clic
Add.
– Select “Negotiate Security” and click Add.
– Select “Custom” and click Settings.
– Ensure that the “Data integrity and encryption (ESP)” option i
selected.
– Ensure that integrity algorithm is SHA1.
– Ensure that encryption algorithm is 3DES.
– Select “Generate a new key every” 300 seconds for session key.
2. Click OK to save the changes and return to the Filter Actio
Property dialog.
3. Select “Session key perfect forward secrecy (PFS)” option.
– Ensure that “Accept unsecured communication, but always respond usin
IPSec” option is
NOT selected.
– Ensure that “Allow unsecured communication with non-IPSec-awar
computers” option is
NOT selected.
4. Go to the General page and enter DG834G - WinXP Filter Action in th
name field
5. Click Apply to save the new filter action settings, and close th
Manage IP Filter lists and
actions dialog.

Create the DG834G to WinXPTunnel Rule

1. Double click on the “DG834G to WinXP IPSec Policy”.
2. Verify that the “Use Add Wizard” option is clear and click Add.
3. For Connection Type select “All network connections”.
4. For IP Filter List select “DG834G to WinXP IP Filter List”.
5. For Filter Action select “DG834G - WinXP Filter Action”.
6. For Tunnel Setting, select the “The tunnel endpoint is specified b
this IP Address:” radio
button, and enter the IP address of the computer
7. For Authentication Method, click Add, select “Use this string to
protect the key exchange
(Preshared key)”. Use the preshared key that was typed in the router.

Create the Winxp to DG834G Tunnel Rule

1. Double click on the “Winxp to DG834G IPSec Policy”.
2. Verify that the “Use Add Wizard” option is clear and click Add.
3. For Connection Type select “All network connections”.
4. For IP Filter List select “Winxp to DG834G IP Filter List”.
5. For Filter Action select “DG834G - Winxp Filter Action”.
6. For Tunnel Setting select the “The tunnel endpoint is specified by
this IP Address:” radio
button, and from our example enter the IP address of the router
7. For Authentication Method select “Use this string to protect the key
exchange (Preshared
key)”. Type the preshared key typed on the router.
8. Apply the new settings.

Now activate the DG834G - Winxp IPSec Policy. Highlight the “IP
Security Policies on Local Machine,” right-click the “DG834G - Winxp
IPSec Policy” policy, and then click Assign. A green dot appears in the
folder icon next to the policy


--
plumbum
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 11:46 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright ©2004-2019 BroadbanterBanter.
The comments are property of their posters.