Peer-to-peer VPN behind Firewalls
Moderator: Qbik Staff
5 posts
• Page 1 of 1
Peer-to-peer VPN behind Firewalls
by Ketje » May 12 04 4:23 am
We are trying to set up a peer-to-peer VPN with both ends behind firewalls which are connected to the respective service providers. How do we differentiate between the ISP address and the IP address of the target machine on the LAN behind the firewall?
- Ketje
- Posts: 3
- Joined: May 12 04 4:16 am
by erwin » May 12 04 4:40 pm
Hi there
Are you using WinGate VPN or another type of VPN?
Generally in this scenario the approriate ports that are being used by the VPN (ports 809 tcp/udp by default for WinGate Vpn) will need to be opened up on the firewall and set to forward incoming traffic to the approriate internal machine which is participating on the VPN. (You'll have to check firewall docs to find out how to do this.)
This way if the if the Firewall receives VPN data from across the Internet on these ports it will send it to the correct machine on the LAN.
If you are using WinGate VPN then you will need to set one end up as a host and one end up as the remote joining machine.
When exporting the VPN file from the WinGate host (as per the helpfile) you would specify the external ISP address of the Host end firewall as the destination point for the remote joining machine to connect to.
Then with the appropriate holes configured in the Firewall as I described in the beginning these VPN connection requests will be sent to the approriate Host machine on the LAN.
Hope this helps
Regards
Erwin
Are you using WinGate VPN or another type of VPN?
Generally in this scenario the approriate ports that are being used by the VPN (ports 809 tcp/udp by default for WinGate Vpn) will need to be opened up on the firewall and set to forward incoming traffic to the approriate internal machine which is participating on the VPN. (You'll have to check firewall docs to find out how to do this.)
This way if the if the Firewall receives VPN data from across the Internet on these ports it will send it to the correct machine on the LAN.
If you are using WinGate VPN then you will need to set one end up as a host and one end up as the remote joining machine.
When exporting the VPN file from the WinGate host (as per the helpfile) you would specify the external ISP address of the Host end firewall as the destination point for the remote joining machine to connect to.
Then with the appropriate holes configured in the Firewall as I described in the beginning these VPN connection requests will be sent to the approriate Host machine on the LAN.
Hope this helps
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
by erwin » May 17 04 1:25 pm
Hi Ketje
To have WinGate extend your local area network, if configured properly on each end (i.e if they are allowed to participate in the VPN), it will export routes it knows about (Internal and external).
As I described in my prevous email this is why the port forwarding on the Firewall is important for these packets to know where they are going.
For a better undertanding and overview of the WinGate VPN and how it uses routing you can read our whitepaper here:
http://www.wingate.com/resources.php
Regards
Erwin
To have WinGate extend your local area network, if configured properly on each end (i.e if they are allowed to participate in the VPN), it will export routes it knows about (Internal and external).
As I described in my prevous email this is why the port forwarding on the Firewall is important for these packets to know where they are going.
For a better undertanding and overview of the WinGate VPN and how it uses routing you can read our whitepaper here:
http://www.wingate.com/resources.php
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
by Ketje » May 17 04 6:59 pm
We are not trying to set up LAN extensions but peer-to-peer between 2 machines on different LANs at different locations. Each machine has a local address on its LAN and is not directly connected to the internet (this being acheived via routers and/or gateways). The respective ISP addresses can be determined and given to the remote machine as can, obviously, the internal local LAN address.
- Ketje
- Posts: 3
- Joined: May 12 04 4:16 am
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest