| Author |
Message |
hongbing zhu
Guest
|
 Posted:
Tue Jan 11, 2005 12:11 pm Post subject:
IPSec & VPN question |
|
|
Hi, all guys:
I really really need your kind help.
Our company is doing a project with a big company(Partner). The partner is a
Telco, which has a VPN behind a Cisco router. It requires our company's
server still use VPN and make a gateway-to-gateway secure tunnel connection
to them.
The problem is that our web server is a stand alone server in data center,
and I cannot assign an internal IP to our server or adding a new NIC to the
server. I have found the document which helps to build a gateway to gateway
secure connection. And I don't think this will help me. Some other guy
advice me that setting up a IPsec tunnel will help us.
Here is the requirement of the Telco(our partner):
--------------------
The configuration on Telco end are as below for site-to-site VPN connection.
Telco Peer IP address: 207.97.104.83
Telco Server IP address: 192.168.55.40 and 192.168.55.21
(Phase 1 connection parameters)
Encryption algorithm (DES or 3DES): 3DES
Hash algorithm (SHA or MD5): SHA
Diffie-Hellman group ID for phase 1(Grp 1 or Grp 2): Group 2
IKE lifetime value: 86400 secs
(Phase 2 connection parameters)
Encryption algorithm (DES or 3DES): 3DES
Hash algorithm (SHA or MD5): SHA
IPSEC lifetime value: 28800 secs
PFS: YES (with DH Group 2)
Preshared Key: xxxxxxxxxxxxxxxxxxxx
Pls note that the IP address range 192.168.51.216/29. Let us know which IP
address is configured for your server. With regards to your current setup,
it looks like to client-to-site vpn. Thus, you have to look into the
site-to-site configuration.
----------------------
Thanks for help.
thanks
hongbing |
|
| Back to top |
|
 |
Dmitry Korolyov [MVP]
Guest
|
| Posted:
Tue Jan 11, 2005 8:05 pm Post subject:
Re: IPSec & VPN question |
|
|
Are you using Windows Server 2003 on your side, first of all? As far as I
recall, in Windows 2000 you were unable to configure L2TP VPN with preshared
keys, you had to use certificates only.
--
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Directory Services
"hongbing zhu" <zhb@i-dns.net> wrote in message
news:eU0CqR69EHA.3592@TK2MSFTNGP09.phx.gbl...
| Quote: | Hi, all guys:
I really really need your kind help.
Our company is doing a project with a big company(Partner). The partner is
a
Telco, which has a VPN behind a Cisco router. It requires our company's
server still use VPN and make a gateway-to-gateway secure tunnel
connection
to them.
The problem is that our web server is a stand alone server in data center,
and I cannot assign an internal IP to our server or adding a new NIC to
the
server. I have found the document which helps to build a gateway to
gateway
secure connection. And I don't think this will help me. Some other guy
advice me that setting up a IPsec tunnel will help us.
Here is the requirement of the Telco(our partner):
--------------------
The configuration on Telco end are as below for site-to-site VPN
connection.
Telco Peer IP address: 207.97.104.83
Telco Server IP address: 192.168.55.40 and 192.168.55.21
(Phase 1 connection parameters)
Encryption algorithm (DES or 3DES): 3DES
Hash algorithm (SHA or MD5): SHA
Diffie-Hellman group ID for phase 1(Grp 1 or Grp 2): Group 2
IKE lifetime value: 86400 secs
(Phase 2 connection parameters)
Encryption algorithm (DES or 3DES): 3DES
Hash algorithm (SHA or MD5): SHA
IPSEC lifetime value: 28800 secs
PFS: YES (with DH Group 2)
Preshared Key: xxxxxxxxxxxxxxxxxxxx
Pls note that the IP address range 192.168.51.216/29. Let us know which IP
address is configured for your server. With regards to your current setup,
it looks like to client-to-site vpn. Thus, you have to look into the
site-to-site configuration.
----------------------
Thanks for help.
thanks
hongbing
|
|
|
| Back to top |
|
|
hongbing zhu
Guest
|
| Posted:
Tue Jan 11, 2005 10:27 pm Post subject:
Re: IPSec & VPN question |
|
|
Thanks for reply. I am using windows server 2003 in my side.
can you tell me how to config?
thanks
hongbing
"Dmitry Korolyov [MVP]" <d__k@removethispart.mail.ru> wrote in message
news:uFm0ya#9EHA.3820@TK2MSFTNGP11.phx.gbl...
| Quote: | Are you using Windows Server 2003 on your side, first of all? As far as I
recall, in Windows 2000 you were unable to configure L2TP VPN with
preshared
keys, you had to use certificates only.
--
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Directory Services
"hongbing zhu" <zhb@i-dns.net> wrote in message
news:eU0CqR69EHA.3592@TK2MSFTNGP09.phx.gbl...
Hi, all guys:
I really really need your kind help.
Our company is doing a project with a big company(Partner). The partner
is
a
Telco, which has a VPN behind a Cisco router. It requires our company's
server still use VPN and make a gateway-to-gateway secure tunnel
connection
to them.
The problem is that our web server is a stand alone server in data
center,
and I cannot assign an internal IP to our server or adding a new NIC to
the
server. I have found the document which helps to build a gateway to
gateway
secure connection. And I don't think this will help me. Some other guy
advice me that setting up a IPsec tunnel will help us.
Here is the requirement of the Telco(our partner):
--------------------
The configuration on Telco end are as below for site-to-site VPN
connection.
Telco Peer IP address: 207.97.104.83
Telco Server IP address: 192.168.55.40 and 192.168.55.21
(Phase 1 connection parameters)
Encryption algorithm (DES or 3DES): 3DES
Hash algorithm (SHA or MD5): SHA
Diffie-Hellman group ID for phase 1(Grp 1 or Grp 2): Group 2
IKE lifetime value: 86400 secs
(Phase 2 connection parameters)
Encryption algorithm (DES or 3DES): 3DES
Hash algorithm (SHA or MD5): SHA
IPSEC lifetime value: 28800 secs
PFS: YES (with DH Group 2)
Preshared Key: xxxxxxxxxxxxxxxxxxxx
Pls note that the IP address range 192.168.51.216/29. Let us know which
IP
address is configured for your server. With regards to your current
setup,
it looks like to client-to-site vpn. Thus, you have to look into the
site-to-site configuration.
----------------------
Thanks for help.
thanks
hongbing
|
|
|
| Back to top |
|
|
Eugene Taylor
Guest
|
| Posted:
Tue Jan 11, 2005 10:44 pm Post subject:
Re: IPSec & VPN question |
|
|
Check out this link it tells you how to configure your windows machine to
form a tunnel with a pix
http://www.cisco.com/en/US/customer/tech/tk801/tk703/technologies_configuration_example09186a00800946f5.shtml
"hongbing zhu" <zhb@i-dns.net> wrote in message
news:OZtRAq$9EHA.2676@TK2MSFTNGP12.phx.gbl...
| Quote: | Thanks for reply. I am using windows server 2003 in my side.
can you tell me how to config?
thanks
hongbing
"Dmitry Korolyov [MVP]" <d__k@removethispart.mail.ru> wrote in message
news:uFm0ya#9EHA.3820@TK2MSFTNGP11.phx.gbl...
Are you using Windows Server 2003 on your side, first of all? As far as
I
recall, in Windows 2000 you were unable to configure L2TP VPN with
preshared
keys, you had to use certificates only.
--
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Directory Services
"hongbing zhu" <zhb@i-dns.net> wrote in message
news:eU0CqR69EHA.3592@TK2MSFTNGP09.phx.gbl...
Hi, all guys:
I really really need your kind help.
Our company is doing a project with a big company(Partner). The
partner
is
a
Telco, which has a VPN behind a Cisco router. It requires our
company's
server still use VPN and make a gateway-to-gateway secure tunnel
connection
to them.
The problem is that our web server is a stand alone server in data
center,
and I cannot assign an internal IP to our server or adding a new NIC
to
the
server. I have found the document which helps to build a gateway to
gateway
secure connection. And I don't think this will help me. Some other guy
advice me that setting up a IPsec tunnel will help us.
Here is the requirement of the Telco(our partner):
--------------------
The configuration on Telco end are as below for site-to-site VPN
connection.
Telco Peer IP address: 207.97.104.83
Telco Server IP address: 192.168.55.40 and 192.168.55.21
(Phase 1 connection parameters)
Encryption algorithm (DES or 3DES): 3DES
Hash algorithm (SHA or MD5): SHA
Diffie-Hellman group ID for phase 1(Grp 1 or Grp 2): Group 2
IKE lifetime value: 86400 secs
(Phase 2 connection parameters)
Encryption algorithm (DES or 3DES): 3DES
Hash algorithm (SHA or MD5): SHA
IPSEC lifetime value: 28800 secs
PFS: YES (with DH Group 2)
Preshared Key: xxxxxxxxxxxxxxxxxxxx
Pls note that the IP address range 192.168.51.216/29. Let us know
which
IP
address is configured for your server. With regards to your current
setup,
it looks like to client-to-site vpn. Thus, you have to look into the
site-to-site configuration.
----------------------
Thanks for help.
thanks
hongbing
|
|
|
| Back to top |
|
|
hongbing zhu
Guest
|
| Posted:
Wed Jan 12, 2005 3:06 pm Post subject:
Re: IPSec & VPN question |
|
|
Thanks for the reply.
But I cannot open the link. Can you copy&paste the content here?
thanks
hongbing
"Eugene Taylor" <ewtaylor2001@fake.com> wrote in message
news:eMpu53$9EHA.3756@TK2MSFTNGP14.phx.gbl...
| Quote: | Check out this link it tells you how to configure your windows machine to
form a tunnel with a pix
http://www.cisco.com/en/US/customer/tech/tk801/tk703/technologies_configuration_example09186a00800946f5.shtml
"hongbing zhu" <zhb@i-dns.net> wrote in message
news:OZtRAq$9EHA.2676@TK2MSFTNGP12.phx.gbl...
Thanks for reply. I am using windows server 2003 in my side.
can you tell me how to config?
thanks
hongbing
"Dmitry Korolyov [MVP]" <d__k@removethispart.mail.ru> wrote in message
news:uFm0ya#9EHA.3820@TK2MSFTNGP11.phx.gbl...
Are you using Windows Server 2003 on your side, first of all? As far
as
I
recall, in Windows 2000 you were unable to configure L2TP VPN with
preshared
keys, you had to use certificates only.
--
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Directory Services
"hongbing zhu" <zhb@i-dns.net> wrote in message
news:eU0CqR69EHA.3592@TK2MSFTNGP09.phx.gbl...
Hi, all guys:
I really really need your kind help.
Our company is doing a project with a big company(Partner). The
partner
is
a
Telco, which has a VPN behind a Cisco router. It requires our
company's
server still use VPN and make a gateway-to-gateway secure tunnel
connection
to them.
The problem is that our web server is a stand alone server in data
center,
and I cannot assign an internal IP to our server or adding a new NIC
to
the
server. I have found the document which helps to build a gateway to
gateway
secure connection. And I don't think this will help me. Some other
guy
advice me that setting up a IPsec tunnel will help us.
Here is the requirement of the Telco(our partner):
--------------------
The configuration on Telco end are as below for site-to-site VPN
connection.
Telco Peer IP address: 207.97.104.83
Telco Server IP address: 192.168.55.40 and 192.168.55.21
(Phase 1 connection parameters)
Encryption algorithm (DES or 3DES): 3DES
Hash algorithm (SHA or MD5): SHA
Diffie-Hellman group ID for phase 1(Grp 1 or Grp 2): Group 2
IKE lifetime value: 86400 secs
(Phase 2 connection parameters)
Encryption algorithm (DES or 3DES): 3DES
Hash algorithm (SHA or MD5): SHA
IPSEC lifetime value: 28800 secs
PFS: YES (with DH Group 2)
Preshared Key: xxxxxxxxxxxxxxxxxxxx
Pls note that the IP address range 192.168.51.216/29. Let us know
which
IP
address is configured for your server. With regards to your current
setup,
it looks like to client-to-site vpn. Thus, you have to look into the
site-to-site configuration.
----------------------
Thanks for help.
thanks
hongbing
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in