Re: BEFSX41 VPN
From: Leythos (void_at_nowhere.lan)
Date: 05/10/05
- Next message: Duane Arnold: "Re: Is a cheap router secure enough for small business"
- Previous message: Walter Roberson: "Re: BEFSX41 VPN"
- In reply to:(deleted message) Curt Will: "BEFSX41 VPN"
- Next in thread: Vanguard: "Re: BEFSX41 VPN"
- Reply: Vanguard: "Re: BEFSX41 VPN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 May 2005 00:11:27 GMT
In article <Y3VydHdpbGw=.3c237e2620289d8220883ee77e1d8b97@
1115682797.nulluser.com>, curtwill-no-spam@privacyport.com.invalid
says...
> I'm considering setting up a VPN from my work to my home computer. I'm
> wondering about Linksys BEFSX41 as the router/vpn endpoint.
>
> Anyone know if the following setup will work?
>
> Home conntection will listen for connection from work 100% of the time.
> Home network connects to Cox cable system
> Router has dynamic address managed through dyndns.org (this currently works
> fine)
> Setting up 3DES, SHA-1 with perfect forward secrecy
>
> Work connection is behind a Cisco firewall. I don't have any more details
> (e.g. I don't know if it is set to allow IPSEC passthrough)
Here is where you need to STOP - it appears that your IT department
already has a security method implemented and that you are not in charge
of the company network.
IPSec pass through does not normally work INBOUND on any real firewall,
meaning it's disabled. Also, outbound VPN connections would also be
disabled except to business partners or CIO's and such.
> BEFSX41 will assume MAC address of my desktop computer for connecting to
> work LAN. My desktop computer will be NAT'd behind the Linksys. Identical
> configuration to the home BEFSX41 with the exception that they use
> different interior LAN subnets (one is 192.168.5.0, other is 192.168.15.0
> and they both have masks of 255.255.255.0)
>
> Prior to connecting to the actual networks I will connect both routers to
> the same switch at home to ensure they connect to each other in the
> simplest network possible-- yes, I know I will have to configure static IP
> addresses for the pseudo-WAN interfaces).
>
> Does this arrangement sound like it has a prayer of working? Any
> suggestions?
Not really, you need to have them setup with two public IP addresses
(one for each, on the WAN side) and then setup the units to call each
others IP. In many cases, the Linksys on the dynamic address will time-
out, even with the keep-alive setting enabled, and the tunnel will die
unless the HOME PC keeps traffic flowing to the company network after
the key lifetime.
What you really need to be doing is asking your company IT people to
help you setup a workable connection.
My guess is that you don't really want to involve them as most IT people
know better than to connect a home users computer to the company
network, unless the company provided the computer and locked it
down/secured it.
-- -- spam999free@rrohio.com remove 999 in order to email me
- Next message: Duane Arnold: "Re: Is a cheap router secure enough for small business"
- Previous message: Walter Roberson: "Re: BEFSX41 VPN"
- In reply to:(deleted message) Curt Will: "BEFSX41 VPN"
- Next in thread: Vanguard: "Re: BEFSX41 VPN"
- Reply: Vanguard: "Re: BEFSX41 VPN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
