EN5861 Filters

I'd like to set my router, which normally has most ports completely
locked down, to let through certain requests from time to time when I
am out on the road so I can effectively tunnel in to my network. As I
don't know the IP address I'll have when operating remotely I had
hoped to use dyndns or similar to setup a link between a domain adress
and an assigned IP number at the point of contact. Trouble is the EN
config only allows IP addresses and not domain names - anyone got any
suggestions for how I might get around this ?

I have a EN5861 which in turn goes into a Qube2 linux firewall, the
other side of wohich is a switch with my LAN on it. The Qube does all
the NAT stuff. I do have one server which is a DMZ and could run
Windows ISA on it and make another bridge if I absolutely had to.

I had also wondered about using tunneling and a suitable client but
wasn't sufficiently convinced this would definitely work or I could
work out how to set it up (and it wasn't free!).

Any suggestions welcomed.

RB

Has your router a static WAN IP? You could VPN in.

Also when you work remotely is it the same subnet you use?

Roland Burr wrote:

> I'd like to set my router, which normally has most ports completely
> locked down, to let through certain requests from time to time when I
> am out on the road so I can effectively tunnel in to my network. As I
> don't know the IP address I'll have when operating remotely I had
> hoped to use dyndns or similar to setup a link between a domain adress
> and an assigned IP number at the point of contact. Trouble is the EN
> config only allows IP addresses and not domain names - anyone got any
> suggestions for how I might get around this ?
>
> I have a EN5861 which in turn goes into a Qube2 linux firewall, the
> other side of wohich is a switch with my LAN on it. The Qube does all
> the NAT stuff. I do have one server which is a DMZ and could run
> Windows ISA on it and make another bridge if I absolutely had to.
>
> I had also wondered about using tunneling and a suitable client but
> wasn't sufficiently convinced this would definitely work or I could
> work out how to set it up (and it wasn't free!).
>
> Any suggestions welcomed.
>
> RB

Yeah the router is on a static IP. I had wondered about VPN and got
some docs from EN but AFAIAA the VPN is an extra-cost module for the
router and I would then need a VPN client too. All I'm really looking
for is something that gives me one step more security that opening up
my router to all incoming 3389 (terminal services) traffic (ie I would
only be protected by my W2K/XP login passwords) - even if I could get
one extra passwrd stage in there I'd be happier...

RB


eusty <steve@I_DONT_LIKE_SPAM.co.uk> wrote in message news:<3fbbf004$0$103$(E-Mail Removed)> ...
> Has your router a static WAN IP? You could VPN in.
>
> Also when you work remotely is it the same subnet you use?
>
> Roland Burr wrote:
>
> > I'd like to set my router, which normally has most ports completely
> > locked down, to let through certain requests from time to time when I
> > am out on the road so I can effectively tunnel in to my network. As I
> > don't know the IP address I'll have when operating remotely I had
> > hoped to use dyndns or similar to setup a link between a domain adress
> > and an assigned IP number at the point of contact. Trouble is the EN
> > config only allows IP addresses and not domain names - anyone got any
> > suggestions for how I might get around this ?
> >
> > I have a EN5861 which in turn goes into a Qube2 linux firewall, the
> > other side of wohich is a switch with my LAN on it. The Qube does all
> > the NAT stuff. I do have one server which is a DMZ and could run
> > Windows ISA on it and make another bridge if I absolutely had to.
> >
> > I had also wondered about using tunneling and a suitable client but
> > wasn't sufficiently convinced this would definitely work or I could
> > work out how to set it up (and it wasn't free!).
> >
> > Any suggestions welcomed.
> >
> > RB

Is pass-thru VPN possible with the EN5861?
"eusty" <steve@I_DONT_LIKE_SPAM.co.uk> wrote in message
news:3fbbf004$0$103$(E-Mail Removed).. .
> Has your router a static WAN IP? You could VPN in.
>
> Also when you work remotely is it the same subnet you use?
>
> Roland Burr wrote:
>
> > I'd like to set my router, which normally has most ports completely
> > locked down, to let through certain requests from time to time when I
> > am out on the road so I can effectively tunnel in to my network. As I
> > don't know the IP address I'll have when operating remotely I had
> > hoped to use dyndns or similar to setup a link between a domain adress
> > and an assigned IP number at the point of contact. Trouble is the EN
> > config only allows IP addresses and not domain names - anyone got any
> > suggestions for how I might get around this ?
> >
> > I have a EN5861 which in turn goes into a Qube2 linux firewall, the
> > other side of wohich is a switch with my LAN on it. The Qube does all
> > the NAT stuff. I do have one server which is a DMZ and could run
> > Windows ISA on it and make another bridge if I absolutely had to.
> >
> > I had also wondered about using tunneling and a suitable client but
> > wasn't sufficiently convinced this would definitely work or I could
> > work out how to set it up (and it wasn't free!).
> >
> > Any suggestions welcomed.
> >
> > RB
>

Yes

Infant Newbie wrote:

> Is pass-thru VPN possible with the EN5861?
> "eusty" <steve@I_DONT_LIKE_SPAM.co.uk> wrote in message
> news:3fbbf004$0$103$(E-Mail Removed).. .
>
>>Has your router a static WAN IP? You could VPN in.
>>
>>Also when you work remotely is it the same subnet you use?
>>
>>Roland Burr wrote:
>>
>>
>>>I'd like to set my router, which normally has most ports completely
>>>locked down, to let through certain requests from time to time when I
>>>am out on the road so I can effectively tunnel in to my network. As I
>>>don't know the IP address I'll have when operating remotely I had
>>>hoped to use dyndns or similar to setup a link between a domain adress
>>>and an assigned IP number at the point of contact. Trouble is the EN
>>>config only allows IP addresses and not domain names - anyone got any
>>>suggestions for how I might get around this ?
>>>
>>>I have a EN5861 which in turn goes into a Qube2 linux firewall, the
>>>other side of wohich is a switch with my LAN on it. The Qube does all
>>>the NAT stuff. I do have one server which is a DMZ and could run
>>>Windows ISA on it and make another bridge if I absolutely had to.
>>>
>>>I had also wondered about using tunneling and a suitable client but
>>>wasn't sufficiently convinced this would definitely work or I could
>>>work out how to set it up (and it wasn't free!).
>>>
>>>Any suggestions welcomed.
>>>
>>>RB
>>
>
>

please, please gimme links??

thanks


"eusty" <steve@I_DONT_LIKE_SPAM.co.uk> wrote in message
news:3fbcc048$0$64663$(E-Mail Removed) ...
> Yes
>
> Infant Newbie wrote:
>
> > Is pass-thru VPN possible with the EN5861?
> > "eusty" <steve@I_DONT_LIKE_SPAM.co.uk> wrote in message
> > news:3fbbf004$0$103$(E-Mail Removed).. .
> >
> >>Has your router a static WAN IP? You could VPN in.
> >>
> >>Also when you work remotely is it the same subnet you use?
> >>
> >>Roland Burr wrote:
> >>
> >>
> >>>I'd like to set my router, which normally has most ports completely
> >>>locked down, to let through certain requests from time to time when I
> >>>am out on the road so I can effectively tunnel in to my network. As I
> >>>don't know the IP address I'll have when operating remotely I had
> >>>hoped to use dyndns or similar to setup a link between a domain adress
> >>>and an assigned IP number at the point of contact. Trouble is the EN
> >>>config only allows IP addresses and not domain names - anyone got any
> >>>suggestions for how I might get around this ?
> >>>
> >>>I have a EN5861 which in turn goes into a Qube2 linux firewall, the
> >>>other side of wohich is a switch with my LAN on it. The Qube does all
> >>>the NAT stuff. I do have one server which is a DMZ and could run
> >>>Windows ISA on it and make another bridge if I absolutely had to.
> >>>
> >>>I had also wondered about using tunneling and a suitable client but
> >>>wasn't sufficiently convinced this would definitely work or I could
> >>>work out how to set it up (and it wasn't free!).
> >>>
> >>>Any suggestions welcomed.
> >>>
> >>>RB
> >>
> >
> >
>

It's a $199 extra cost option from Efficient Networks - you can order
activation keys based on your router serial number at their site.

RB

"Infant Newbie" <(E-Mail Removed)> wrote in message news:<bpj7th$lh3$(E-Mail Removed)>...
> please, please gimme links??
>
> thanks
>

that is for the vpn module - all i wanted was pass-thru vpn. The command
line interface document has a system vpnpassthru command which when enabled,
allows multiple concurrent VPN's. I was hopimg for a link showing its use.

bart
http://www.meshcode.net
"Roland Burr" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) m...
> It's a $199 extra cost option from Efficient Networks - you can order
> activation keys based on your router serial number at their site.
>
> RB
>
> "Infant Newbie" <(E-Mail Removed)> wrote in message
news:<bpj7th$lh3$(E-Mail Removed)>...
> > please, please gimme links??
> >
> > thanks
> >

Just enable it and it will pass the VPN traffic. AFAIK the command is
only for multiple connections, I've had a single VPN going without the
command enabled.



Infant Newbie wrote:

> that is for the vpn module - all i wanted was pass-thru vpn. The command
> line interface document has a system vpnpassthru command which when enabled,
> allows multiple concurrent VPN's. I was hopimg for a link showing its use.
>
> bart
> http://www.meshcode.net
> "Roland Burr" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) m...
>
>>It's a $199 extra cost option from Efficient Networks - you can order
>>activation keys based on your router serial number at their site.
>>
>>RB
>>
>>"Infant Newbie" <(E-Mail Removed)> wrote in message
>
> news:<bpj7th$lh3$(E-Mail Removed)>...
>
>>>please, please gimme links??
>>>
>>>thanks
>>>
>
>
>

So getting back to my original question Would this give me what I'm
after ? I have XP on my laptop with which I travel and the machine I
want to connect to is a desktop running XP Pro.

Do I not have to open any specific ports up to allow VPN connections
across the router as passthru ?

Presumably the fact that my target XP desktop is NATted beyond the
Qube firewall box renders this a problem ? My alternative is I have a
box which is sitting directly off the router on which I could put
W2KAS or WS2003 and I could put an extra NIC in it and run ISA or
something - does ISA have specific VPN support ? (I wouldn't
particularly mind leaving that box wide open)

There must be a cheap solution to this that gives me an acceptable
level of security. Alternatively, has anyone actually configured VPN
proper on teh EN5861 and run a VPN client through it ?

RB

eusty <steve@I_DONT_LIKE_SPAM.co.uk> wrote in message news:<3fbea59a$0$109$(E-Mail Removed)> ...
> Just enable it and it will pass the VPN traffic. AFAIK the command is
> only for multiple connections, I've had a single VPN going without the
> command enabled.