The Challenge: Make a Win2K/XP or Cisco VPN Client
Work Through An OS/2 (INJOY) Firewall
The Response: With No Help From MS, It Works!
Clearly, with the correct information in hand, it is possible to do almost anything
with computers. Programming the Injoy Firewall was made very difficult by the fact
that there is not really any documentation on how Microsoft's VPN works. It took
a great deal of digging on the web to find how others solved problems with MS VPN.
It was interesting that when I went to the Microsoft support pages to get information,
my requests for search info for MS error messages came up empty. Initial tests were
done with my Win2K machine programmed with my cable modem IP address and connected
directly to the cable modem - no internal lan. Once my office and I were able to
get VPN working from the cable modem the work began in earnest. - Joe
Suttle
Here is the information that makes it all work - even for a Cisco VPN:
There are two tables below with my original Firerule.cnf and the one I have found
that allows everything to work, but without the extra lines of code. Yes, the second
example does work!
- Host Name or IP address of VPN server
- 'Include Windows logon...' unchecked
- Security = 'Typical' and 'require secured password'
- Networking = 'PPPT' and TCP/IP properties set to 'Obtain an IP...' and 'Advanced - General' should have 'Use default...' unchecked (if you check it, you will not be able to use your web browser while the VPN session is connected!); 'DNS' can be left blank; 'WINS' must have the IP address of the office lan (where the VPN server exists); and 'Options' have 'IP security'.
VPVPN47-IN Rule-Status = Enabled,
Comment = "Map incoming IPSEC (GRE Generic Route Encapsulation)",
Source = "209.xxx.xxx.xxx",
Protocol = 47,
Rule-Action = Portmap,
Mapping-Dest-IP = "192.168.100.12"
VPVPN47-OUT Rule-Status = Enabled,
Comment = "Map incoming IPSEC (GRE Generic Route Encapsulation)",
Source = "192.168.100.12",
Protocol = 47,
Rule-Action = Portmap,
Destination = "209.xxx.xxx.xxx"
VPVPN1723-IN Rule-Status = Enabled,
Comment = "Map incoming VPN PORT 1723",
Source = "209.xxx.xxx.xxx",
Service = 1723,
Protocol = UDP,
Rule-Action = Portmap,
Mapping-Dest-IP = "192.168.100.12",
Mapping-Dest-Port = 1723
VPVPN1723-OUT Rule-Status = Enabled,
Comment = "Map outgoing VPN PORT 1723",
Source = "192.168.100.12
Service = 1723,
Protocol = UDP,
Rule-Action = Portmap,
Mapping-Dest-Port = 1723
Destination = "209.xxx.xxx.xxx"
|
IPSEC-IN Rule-Status = Enabled,
Comment = "Map incoming IPSEC - Cisco VPN uses!",
Destination = "current",
Protocol = 50,
Rule-Action = Portmap,
Mapping-Dest-IP = "192.168.100.51",
PLUTO-IN Rule-Status = Enabled,
Comment = "Map incoming ISAKMP - Cisco VPN uses!",
Destination = "current",
Service = 500,
Protocol = UDP,
Rule-Action = Portmap,
Mapping-Dest-IP = "192.168.100.51",
Mapping-Dest-Port = 500,
VPVPN47-IN Rule-Status = Enabled,
Comment = "Map inccoming IPSEC",
Comment = "(GRE Generic Route Encapsulation)",
Source = "209.xxx.xxx.xxx",
Protocol = 47,
Rule-Action = Portmap,
Mapping-Dest-IP = "192.168.100.51",
WEBVPN47-IN Rule-Status = Enabled,
Comment = "Map inccoming IPSEC",
Comment = "(GRE Generic Route Encapsulation)",
Source = "63.xxx.xxx.xxx",
Protocol = 47,
Rule-Action = Portmap,
Mapping-Dest-IP = "192.168.100.51",
|
 |
Sign Our Guestbook |
Problems or comments? Email: webmaster@warpedbox.com |
 |
Apache WebServer |
Embellish |
PM
View |
|
CommuniGate Mail Server |
HomePage
Publisher |
Lotus SmartSuite |
|
Mozilla
for OS/2 |
OS/2
Warp 4 |
Warp
Server e-Business |
|
Adtran
|
Norman
Anti-Virus |
eComstation
|
This page copyright
© 2000-2005 - CJS Enterprises - All Rights Reserved
All trademarks are
the property of their respective owner(s) - Last update December 28, 2006 - 17:40 PST
Assistance provided
by 'JavaScript Bible', 'HTML:
The Complete Reference' and 'Using
HTML 4'