VPN with public IP

Hi all,
I have an adsl connection to the internet.
I asked my isp for a fixed ip address.
They assigned me a public ip address and I have my domain now.
My isp provider didn't change my adsl connection, I still get a dynamic ip
address. He gave me a username and password to create a VPN connection to
them. When I connect the vpn my ip changes to the public ip and everything
works fine.
Weird way to give me the ip but it works.

My computer is behind a router, firewall. It used to work fine but now since
the connection is through the vpn my computer is totally exposed.

How can I protect it from communications inside the vpn?
Will it work if I install a firewall in my computer?
Can ISA server help me?
I'm not sure if a firewall can block ports from requests that come from the
vpn. My vpn now is the global internet.

Thanks for any help or suggestion
Diego

Nezorro,
Can you perhaps explain what you are trying to achieve by asking for a fixed
IP and a VPN? And what hardware do you have? It will be easier for someone
to give you an answer,
Anthony -
http://www.airdesk.com



A fixed IP enables you to host services on the internet. When you have a
fixed address, the public DNS can enable people to find your server. Is that
what you want?
Anything on your private network should be protected by your
router/firewall. You need to set up access lists or firewall rules to
determine what passes through. You will use NAT on the router to change your
internal non-routable addresses into a public routable address.
What is the VPN for? You should be able to set rules on the firewall for
this too.
ISA is just one software firewall product.


"netzorro" <(E-Mail Removed)> wrote in message
news:e8%(E-Mail Removed)...
> Hi all,
> I have an adsl connection to the internet.
> I asked my isp for a fixed ip address.
> They assigned me a public ip address and I have my domain now.
> My isp provider didn't change my adsl connection, I still get a dynamic ip
> address. He gave me a username and password to create a VPN connection to
> them. When I connect the vpn my ip changes to the public ip and everything
> works fine.
> Weird way to give me the ip but it works.
>
> My computer is behind a router, firewall. It used to work fine but now
> since the connection is through the vpn my computer is totally exposed.
>
> How can I protect it from communications inside the vpn?
> Will it work if I install a firewall in my computer?
> Can ISA server help me?
> I'm not sure if a firewall can block ports from requests that come from
> the vpn. My vpn now is the global internet.
>
> Thanks for any help or suggestion
> Diego
>

I only want to publish a web site and maybe allow remote desktop
connections.
The web site will allow people to check some db information, the computer
also has a sqlserver.
The OS is Windows 2003

Thanks for any help
netzorro

"Anthony" <(E-Mail Removed)> wrote in message
news:ehuMr$%(E-Mail Removed)...
> Nezorro,
> Can you perhaps explain what you are trying to achieve by asking for a
> fixed IP and a VPN? And what hardware do you have? It will be easier for
> someone to give you an answer,
> Anthony -
> http://www.airdesk.com
>
>
>
> A fixed IP enables you to host services on the internet. When you have a
> fixed address, the public DNS can enable people to find your server. Is
> that what you want?
> Anything on your private network should be protected by your
> router/firewall. You need to set up access lists or firewall rules to
> determine what passes through. You will use NAT on the router to change
> your internal non-routable addresses into a public routable address.
> What is the VPN for? You should be able to set rules on the firewall for
> this too.
> ISA is just one software firewall product.
>
>
> "netzorro" <(E-Mail Removed)> wrote in message
> news:e8%(E-Mail Removed)...
>> Hi all,
>> I have an adsl connection to the internet.
>> I asked my isp for a fixed ip address.
>> They assigned me a public ip address and I have my domain now.
>> My isp provider didn't change my adsl connection, I still get a dynamic
>> ip address. He gave me a username and password to create a VPN connection
>> to them. When I connect the vpn my ip changes to the public ip and
>> everything works fine.
>> Weird way to give me the ip but it works.
>>
>> My computer is behind a router, firewall. It used to work fine but now
>> since the connection is through the vpn my computer is totally exposed.
>>
>> How can I protect it from communications inside the vpn?
>> Will it work if I install a firewall in my computer?
>> Can ISA server help me?
>> I'm not sure if a firewall can block ports from requests that come from
>> the vpn. My vpn now is the global internet.
>>
>> Thanks for any help or suggestion
>> Diego
>>
>
>

Netzorro,
On your router/firewall, inbound traffic should be not allowed by default.
To publish your website you just need to allow traffic to the IP address of
the server on port 80. Everything else remains blocked.
You should be using NAT, so on the router you set a static NAT to convert
the internal IP address of the web server to the external fixed IP address.
Depending on the type of router, you can also forward all port 80 traffic to
one address.
I don't know what type of VPN your ISP has given you. If you are connecting
from outside and can connect to your whole network, that would be right. The
VPN is only protected by the username and password, unless you apply a
client certificate or two-factor authentication.
You don't really need the VPN in this case. You could just make an RDP
connection to the server. But if it works, fine.
You don't need more than a simple router/firewall to allow access to port
80. You certainly don't need ISA.
Hope that helps,
Anthony -
http://www.airdesk.co.uk






"netzorro" <(E-Mail Removed)> wrote in message
news:ebZs8%(E-Mail Removed)...
>I only want to publish a web site and maybe allow remote desktop
>connections.
> The web site will allow people to check some db information, the computer
> also has a sqlserver.
> The OS is Windows 2003
>
> Thanks for any help
> netzorro
>
> "Anthony" <(E-Mail Removed)> wrote in message
> news:ehuMr$%(E-Mail Removed)...
>> Nezorro,
>> Can you perhaps explain what you are trying to achieve by asking for a
>> fixed IP and a VPN? And what hardware do you have? It will be easier for
>> someone to give you an answer,
>> Anthony -
>> http://www.airdesk.com
>>
>>
>>
>> A fixed IP enables you to host services on the internet. When you have a
>> fixed address, the public DNS can enable people to find your server. Is
>> that what you want?
>> Anything on your private network should be protected by your
>> router/firewall. You need to set up access lists or firewall rules to
>> determine what passes through. You will use NAT on the router to change
>> your internal non-routable addresses into a public routable address.
>> What is the VPN for? You should be able to set rules on the firewall for
>> this too.
>> ISA is just one software firewall product.
>>
>>
>> "netzorro" <(E-Mail Removed)> wrote in message
>> news:e8%(E-Mail Removed)...
>>> Hi all,
>>> I have an adsl connection to the internet.
>>> I asked my isp for a fixed ip address.
>>> They assigned me a public ip address and I have my domain now.
>>> My isp provider didn't change my adsl connection, I still get a dynamic
>>> ip address. He gave me a username and password to create a VPN
>>> connection to them. When I connect the vpn my ip changes to the public
>>> ip and everything works fine.
>>> Weird way to give me the ip but it works.
>>>
>>> My computer is behind a router, firewall. It used to work fine but now
>>> since the connection is through the vpn my computer is totally exposed.
>>>
>>> How can I protect it from communications inside the vpn?
>>> Will it work if I install a firewall in my computer?
>>> Can ISA server help me?
>>> I'm not sure if a firewall can block ports from requests that come from
>>> the vpn. My vpn now is the global internet.
>>>
>>> Thanks for any help or suggestion
>>> Diego
>>>
>>
>>
>
>

Hi Anthony, really appreciate your help but I didn't explain myself
correctly

My ISP is like any other. I have a router linksys that connects to the
internet using PPPoE.
Also my router filters any packets and my intranet is protected.
I asked my internet provider the service of having a fixed ip address
instead of the dynamic the adsl service provides.
Instead of assign the modem a fixed ip, they told me to choose a computer
from my intranet and create a vpn client
connection to them.
When I do that this computer gets the public fixed ip.

It really works, when the vpn connection is up I can access directly that
computer using the global ip they assigned.

The problem I have, is that when the vpn is up my server is directly
connected to the internet, without any protection.

Since my server creates the vpn connection the router let me send and
receive everything.

And I don't know how can I protect my server from communications.

I hope I made mysefl clear this time

Thanks
netzorro



"Anthony" <(E-Mail Removed)> wrote in message
news:%23CF1%(E-Mail Removed)...
> Netzorro,
> On your router/firewall, inbound traffic should be not allowed by default.
> To publish your website you just need to allow traffic to the IP address
> of the server on port 80. Everything else remains blocked.
> You should be using NAT, so on the router you set a static NAT to convert
> the internal IP address of the web server to the external fixed IP
> address. Depending on the type of router, you can also forward all port 80
> traffic to one address.
> I don't know what type of VPN your ISP has given you. If you are
> connecting from outside and can connect to your whole network, that would
> be right. The VPN is only protected by the username and password, unless
> you apply a client certificate or two-factor authentication.
> You don't really need the VPN in this case. You could just make an RDP
> connection to the server. But if it works, fine.
> You don't need more than a simple router/firewall to allow access to port
> 80. You certainly don't need ISA.
> Hope that helps,
> Anthony -
> http://www.airdesk.co.uk
>
>
>
>
>
>
> "netzorro" <(E-Mail Removed)> wrote in message
> news:ebZs8%(E-Mail Removed)...
>>I only want to publish a web site and maybe allow remote desktop
>>connections.
>> The web site will allow people to check some db information, the computer
>> also has a sqlserver.
>> The OS is Windows 2003
>>
>> Thanks for any help
>> netzorro
>>
>> "Anthony" <(E-Mail Removed)> wrote in message
>> news:ehuMr$%(E-Mail Removed)...
>>> Nezorro,
>>> Can you perhaps explain what you are trying to achieve by asking for a
>>> fixed IP and a VPN? And what hardware do you have? It will be easier for
>>> someone to give you an answer,
>>> Anthony -
>>> http://www.airdesk.com
>>>
>>>
>>>
>>> A fixed IP enables you to host services on the internet. When you have a
>>> fixed address, the public DNS can enable people to find your server. Is
>>> that what you want?
>>> Anything on your private network should be protected by your
>>> router/firewall. You need to set up access lists or firewall rules to
>>> determine what passes through. You will use NAT on the router to change
>>> your internal non-routable addresses into a public routable address.
>>> What is the VPN for? You should be able to set rules on the firewall for
>>> this too.
>>> ISA is just one software firewall product.
>>>
>>>
>>> "netzorro" <(E-Mail Removed)> wrote in message
>>> news:e8%(E-Mail Removed)...
>>>> Hi all,
>>>> I have an adsl connection to the internet.
>>>> I asked my isp for a fixed ip address.
>>>> They assigned me a public ip address and I have my domain now.
>>>> My isp provider didn't change my adsl connection, I still get a dynamic
>>>> ip address. He gave me a username and password to create a VPN
>>>> connection to them. When I connect the vpn my ip changes to the public
>>>> ip and everything works fine.
>>>> Weird way to give me the ip but it works.
>>>>
>>>> My computer is behind a router, firewall. It used to work fine but now
>>>> since the connection is through the vpn my computer is totally exposed.
>>>>
>>>> How can I protect it from communications inside the vpn?
>>>> Will it work if I install a firewall in my computer?
>>>> Can ISA server help me?
>>>> I'm not sure if a firewall can block ports from requests that come from
>>>> the vpn. My vpn now is the global internet.
>>>>
>>>> Thanks for any help or suggestion
>>>> Diego
>>>>
>>>
>>>
>>
>>
>
>

OK, now I understand.
Really I think you should try to see if you can get a business broadband
service with a proper fixed IP for the router.
With the service you have, you should be able to protect the server a little
with the VPN client settings. You can't protect it on the router as it can't
be inspected. On the VPN client, you should have advanced options to filter
the traffic for only port 80 and 3389 (RDP) inbound on the VPN connection.
You may be able instead to set up the VPN client on that linksys, or on
another model of router. You could also set up a computer with the VPN
client with two NICs and acting as a router and firewall to your network,
but it is a complicated and expensive alternative to getting a proper fixed
IP.
Hope that helps,
Anthony -
http://www.airdesk.co.uk



"netzorro" <(E-Mail Removed)> wrote in message
news:%23$(E-Mail Removed)...
> Hi Anthony, really appreciate your help but I didn't explain myself
> correctly
>
> My ISP is like any other. I have a router linksys that connects to the
> internet using PPPoE.
> Also my router filters any packets and my intranet is protected.
> I asked my internet provider the service of having a fixed ip address
> instead of the dynamic the adsl service provides.
> Instead of assign the modem a fixed ip, they told me to choose a computer
> from my intranet and create a vpn client
> connection to them.
> When I do that this computer gets the public fixed ip.
>
> It really works, when the vpn connection is up I can access directly that
> computer using the global ip they assigned.
>
> The problem I have, is that when the vpn is up my server is directly
> connected to the internet, without any protection.
>
> Since my server creates the vpn connection the router let me send and
> receive everything.
>
> And I don't know how can I protect my server from communications.
>
> I hope I made mysefl clear this time
>
> Thanks
> netzorro
>
>
>
> "Anthony" <(E-Mail Removed)> wrote in message
> news:%23CF1%(E-Mail Removed)...
>> Netzorro,
>> On your router/firewall, inbound traffic should be not allowed by
>> default. To publish your website you just need to allow traffic to the IP
>> address of the server on port 80. Everything else remains blocked.
>> You should be using NAT, so on the router you set a static NAT to convert
>> the internal IP address of the web server to the external fixed IP
>> address. Depending on the type of router, you can also forward all port
>> 80 traffic to one address.
>> I don't know what type of VPN your ISP has given you. If you are
>> connecting from outside and can connect to your whole network, that would
>> be right. The VPN is only protected by the username and password, unless
>> you apply a client certificate or two-factor authentication.
>> You don't really need the VPN in this case. You could just make an RDP
>> connection to the server. But if it works, fine.
>> You don't need more than a simple router/firewall to allow access to port
>> 80. You certainly don't need ISA.
>> Hope that helps,
>> Anthony -
>> http://www.airdesk.co.uk
>>
>>
>>
>>
>>
>>
>> "netzorro" <(E-Mail Removed)> wrote in message
>> news:ebZs8%(E-Mail Removed)...
>>>I only want to publish a web site and maybe allow remote desktop
>>>connections.
>>> The web site will allow people to check some db information, the
>>> computer also has a sqlserver.
>>> The OS is Windows 2003
>>>
>>> Thanks for any help
>>> netzorro
>>>
>>> "Anthony" <(E-Mail Removed)> wrote in message
>>> news:ehuMr$%(E-Mail Removed)...
>>>> Nezorro,
>>>> Can you perhaps explain what you are trying to achieve by asking for a
>>>> fixed IP and a VPN? And what hardware do you have? It will be easier
>>>> for someone to give you an answer,
>>>> Anthony -
>>>> http://www.airdesk.com
>>>>
>>>>
>>>>
>>>> A fixed IP enables you to host services on the internet. When you have
>>>> a fixed address, the public DNS can enable people to find your server.
>>>> Is that what you want?
>>>> Anything on your private network should be protected by your
>>>> router/firewall. You need to set up access lists or firewall rules to
>>>> determine what passes through. You will use NAT on the router to change
>>>> your internal non-routable addresses into a public routable address.
>>>> What is the VPN for? You should be able to set rules on the firewall
>>>> for this too.
>>>> ISA is just one software firewall product.
>>>>
>>>>
>>>> "netzorro" <(E-Mail Removed)> wrote in message
>>>> news:e8%(E-Mail Removed)...
>>>>> Hi all,
>>>>> I have an adsl connection to the internet.
>>>>> I asked my isp for a fixed ip address.
>>>>> They assigned me a public ip address and I have my domain now.
>>>>> My isp provider didn't change my adsl connection, I still get a
>>>>> dynamic ip address. He gave me a username and password to create a VPN
>>>>> connection to them. When I connect the vpn my ip changes to the public
>>>>> ip and everything works fine.
>>>>> Weird way to give me the ip but it works.
>>>>>
>>>>> My computer is behind a router, firewall. It used to work fine but now
>>>>> since the connection is through the vpn my computer is totally
>>>>> exposed.
>>>>>
>>>>> How can I protect it from communications inside the vpn?
>>>>> Will it work if I install a firewall in my computer?
>>>>> Can ISA server help me?
>>>>> I'm not sure if a firewall can block ports from requests that come
>>>>> from the vpn. My vpn now is the global internet.
>>>>>
>>>>> Thanks for any help or suggestion
>>>>> Diego
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

hi,
very weird to get you a static IP. it probably works but not all the time -
if the vpn will go down will not go upline until you or a traffic from inside
will ask for , the outside traffic will not up the vpn.
yes a firewall will protect you, there are some good firewalls.
ISA can be a solution for that, but i think is expensive for what you are
tring to do.

the best way is to ask a static IP for your adsl connection .

Dragos CAMARA
MCSA Windows 2003 server


"netzorro" wrote:

> Hi all,
> I have an adsl connection to the internet.
> I asked my isp for a fixed ip address.
> They assigned me a public ip address and I have my domain now.
> My isp provider didn't change my adsl connection, I still get a dynamic ip
> address. He gave me a username and password to create a VPN connection to
> them. When I connect the vpn my ip changes to the public ip and everything
> works fine.
> Weird way to give me the ip but it works.
>
> My computer is behind a router, firewall. It used to work fine but now since
> the connection is through the vpn my computer is totally exposed.
>
> How can I protect it from communications inside the vpn?
> Will it work if I install a firewall in my computer?
> Can ISA server help me?
> I'm not sure if a firewall can block ports from requests that come from the
> vpn. My vpn now is the global internet.
>
> Thanks for any help or suggestion
> Diego
>
>
>

Thanks Anthony and Dragos
I will set first the settings on the vpn cliente.
If I install isa server (I already have) I will have one intranet network
and one external network.
I don't think I can set restrictions from communications inside the vpn

Thanks for your help
I think using another computer with 2 nics to stablish the vpn and route the
rest of the network is the solution
Thanks
netzorro

"netzorro" <(E-Mail Removed)> wrote in message
news:e8%(E-Mail Removed)...
> Hi all,
> I have an adsl connection to the internet.
> I asked my isp for a fixed ip address.
> They assigned me a public ip address and I have my domain now.
> My isp provider didn't change my adsl connection, I still get a dynamic ip
> address. He gave me a username and password to create a VPN connection to
> them. When I connect the vpn my ip changes to the public ip and everything
> works fine.
> Weird way to give me the ip but it works.
>
> My computer is behind a router, firewall. It used to work fine but now
> since the connection is through the vpn my computer is totally exposed.
>
> How can I protect it from communications inside the vpn?
> Will it work if I install a firewall in my computer?
> Can ISA server help me?
> I'm not sure if a firewall can block ports from requests that come from
> the vpn. My vpn now is the global internet.
>
> Thanks for any help or suggestion
> Diego
>

Its a pleasure, good luck with it
Anthony


"netzorro" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks Anthony and Dragos
> I will set first the settings on the vpn cliente.
> If I install isa server (I already have) I will have one intranet network
> and one external network.
> I don't think I can set restrictions from communications inside the vpn
>
> Thanks for your help
> I think using another computer with 2 nics to stablish the vpn and route
> the rest of the network is the solution
> Thanks
> netzorro
>
> "netzorro" <(E-Mail Removed)> wrote in message
> news:e8%(E-Mail Removed)...
>> Hi all,
>> I have an adsl connection to the internet.
>> I asked my isp for a fixed ip address.
>> They assigned me a public ip address and I have my domain now.
>> My isp provider didn't change my adsl connection, I still get a dynamic
>> ip address. He gave me a username and password to create a VPN connection
>> to them. When I connect the vpn my ip changes to the public ip and
>> everything works fine.
>> Weird way to give me the ip but it works.
>>
>> My computer is behind a router, firewall. It used to work fine but now
>> since the connection is through the vpn my computer is totally exposed.
>>
>> How can I protect it from communications inside the vpn?
>> Will it work if I install a firewall in my computer?
>> Can ISA server help me?
>> I'm not sure if a firewall can block ports from requests that come from
>> the vpn. My vpn now is the global internet.
>>
>> Thanks for any help or suggestion
>> Diego
>>
>
>

--
Dragos CAMARA
MCSA Windows 2003 server


"netzorro" wrote:

> Thanks Anthony and Dragos
> I will set first the settings on the vpn cliente.
> If I install isa server (I already have) I will have one intranet network
> and one external network.
> I don't think I can set restrictions from communications inside the vpn
>

Yes you can do that.

> Thanks for your help
> I think using another computer with 2 nics to stablish the vpn and route the
> rest of the network is the solution
> Thanks
> netzorro
>
> "netzorro" <(E-Mail Removed)> wrote in message
> news:e8%(E-Mail Removed)...
> > Hi all,
> > I have an adsl connection to the internet.
> > I asked my isp for a fixed ip address.
> > They assigned me a public ip address and I have my domain now.
> > My isp provider didn't change my adsl connection, I still get a dynamic ip
> > address. He gave me a username and password to create a VPN connection to
> > them. When I connect the vpn my ip changes to the public ip and everything
> > works fine.
> > Weird way to give me the ip but it works.
> >
> > My computer is behind a router, firewall. It used to work fine but now
> > since the connection is through the vpn my computer is totally exposed.
> >
> > How can I protect it from communications inside the vpn?
> > Will it work if I install a firewall in my computer?
> > Can ISA server help me?
> > I'm not sure if a firewall can block ports from requests that come from
> > the vpn. My vpn now is the global internet.
> >
> > Thanks for any help or suggestion
> > Diego
> >
>
>
>